Wallets are used to store and manage blockchain-based digital assets such as cryptocurrencies and non-fungible tokens (NFTs) and their corresponding cryptographic materials. Strong wallet security is a fundamental aspect of a good security posture for blockchain users and blockchain-based applications. Therefore, wallet software testing is strongly recommended in cases where a client is developing or modifying wallet software

Wallets can be “hot” (connected to a network) or “cold” (offline). The private keys that authorize transactions may either be held by the owner of the wallet (a “non-custodial” wallet) or by a trusted third party such as a cryptocurrency exchange (a “custodial” wallet). Non-custodial wallet software typically falls under two categories – full or lightweight. Lightweight wallets rely on third-party servers to maintain a copy of the blockchain and query those servers for information necessary to produce transactions, whereas full wallets rely on a locally running blockchain node for the same information. Because most public blockchains have large public ledgers, mobile wallet applications are typically lightweight wallets.

Possible attacks against cryptocurrency wallets include targeting the wallets’ handling of malformed data, attacking the user interface or user experience to support phishing attacks, introducing a backdoor in wallet source code, and taking advantage of insecure key management. How the wallet interacts with the blockchain should also be examined: Does the wallet contact blockchain nodes directly, if so, which node(s)? If not, are they communicating with a blockchain service of some type (e.g., an Electrum server), and has that service been tested?

1.1     Components Tested

• User interface
• RPC interface
• Connection to 3^rd party nodes/services
• Transaction handling/parsing
• Software dependencies
• Wallet software download distribution

1.2     Attack Surface

The following is a brief and exemplary list of some of the major attack surfaces for blockchain wallet software:

User interface / User Experience

Security at the user interface is necessary for components which experience heavy user interaction and control valuable assets. The user interface should be free of issues which can be exploited to produce unexpected visual artifacts that obscure destination addresses, and the user experience should be free of complex steps which may be abused by attackers to misdirect funds.

Remote Procedure Call Interface

Many noncustodial wallets allow remote operation of the wallet through the remote procedure call (RPC) interface. RPC interfaces map to “authentication” in the diagram above. Typically, access to the RPC interface is controlled via authentication mechanisms such as a username and password. If this authentication mechanism is compromised due to an exploited vulnerability in the remote computer, the wallet will also be compromised.  Any software which leverages the RPC interface should be tested for security bugs using an application security test.

Key Management

Wallet software should support and be configured to encrypt private keys to digital assets at rest by default.  The encryption routine should utilize known, tested algorithms in common use. For custodial wallets/accounts, access to customer keys or assets by employees should be impossible without following customer access procedures.

Interactions with Nodes and Third-Party Services

Wallets should not be configured to solely trust one source of blockchain data but should receive data from and cross-check with multiple sources to validate the current state of the blockchain. All data from these sources should be parsed safely and dropped if it does not conform to the published standard.

Transaction Data / Handling

Wallets should parse incoming or outgoing transactions and transaction metadata safely and dropped if it does not conform to the published standard.

Software Distribution

If code or executables are posted publicly to a web application for download, then that application and website itself becomes a target. See the application security section of this document for more information.

DevOps

Can an attacker impact the source code for the wallet? This includes third-party software dependencies used to build the software or provide functionality at runtime. See the DevOps section of this document for DevOps testing practices.