Bitcoin: Offline wallets vulnerable to security attacks and can leak private keys

Bitcoin wallets in cold storage (stored offline), which is thought to be the most reliable way of protecting the digital currency from hackers, are also vulnerable to security attacks, according to research.

CoinDesk, citing a security researcher, reported that a wallet in cold storage could leak its private keys to an attacker, who then could reverse-engineer the private keys from "as little information as a single transaction issued by that wallet".

Stephan Verbücheln, a researcher at Humboldt University's Institute for Computer Science in Berlin, said in his research paper that the cold storage wallets are vulnerable to hacking attacks even if they were maintained on an air-gapped machine without an internet connection, or even in space.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker," CoinDesk quoted Verbücheln as saying.

So-called offline wallets were thought to be secure as their private keys are not transmitted to attackers due to the absence of an internet connection.

Verbücheln's paper noted that an attacker may create a compromised version of the Elliptic Curve Digital Signature Algorithm (ECDSA), which is used in Bitcoin protocol to ensure funds can only be spent by their rightful owners.

The compromised ECDSA helps the attacker to compute the private key, according to the paper.

"He can now store the extracted private keys and watch the addresses' balance. He can use them to steal money at any point in time," Verbücheln said.

Nevertheless, this type of attack is difficult to carry out on a large scale, according to Verbücheln.