The IRS is developing methods to hack hardware wallets: Ledger, Trezor.

ledger trezor hardwallet cryptocurrency

The IRS, or rather its digital forensics division, is asking contractors to develop solutions for hacking cryptocurrency wallets that might be of interest to investigations. The security of hardware wallets presents a challenge for investigators. The document states that agencies may have a hardware wallet as part of a case, but cannot access it if the suspect disobeys. This means that the authorities cannot effectively “investigate the movement of currencies,” and hardware wallets can “prevent confiscation and refund” of funds. It is important to note that the IRS does not require a one-time solution, but rather tools that it can reliably use in many cases in the future.

IRS wants to help hack cryptocurrency hardware wallets

As more investors and criminals switch to hardware wallets to protect their funds, the IRS is looking for new methods to access these wallets during criminal investigations. According to a document posted on the agency’s website in March this year, the IRS is seeking help to hack cryptocurrency hardware wallets.

Many cryptocurrency investors store their cryptographic keys, which provide ownership of their funds, with the exchange they use for transactions or on a personal device. Some, however, want a little more security and use hardware wallets – small physical disks that securely store user keys that are not connected to the Internet. The document states that the tax agency’s law enforcement arm, IRS Criminal Investigation, and in particular its digital forensics arm, is now asking contractors to suggest solutions for hacking cryptocurrency wallets that might be of interest to investigations.

“The decentralization and anonymity provided by cryptocurrencies have helped create an environment for storing and exchanging something of value outside the traditional purview of law enforcement and regulatory organizations,” the document says. “There is a piece of this cryptographic puzzle that continues to elude organizations – millions, perhaps even billions of dollars exist in cryptocurrency wallets.”

Advertisement

The security of hardware wallets is a concern for investigators. The document states that agencies may have a hardware wallet as part of a case, but may not have access to it if the suspect disobeys. This means that the authorities cannot effectively “investigate the movement of currencies” and can “prevent confiscation and refund” of funds.

This is why the IRS wants researchers and contractors to come up with solutions for cracking hardware wallets. It is important to note that the IRS does not need a one-time solution, but rather tools that it can reliably use in many cases in the future.

“The clear result of this contract is to turn cybersecurity research into measurable, repeatable, consistent digital forensics processes that can be taught and followed in a digital forensics lab.” – says the document.

Are you researching cryptocurrency wallet vulnerabilities? We would love to hear from you. You can safely contact Lorenzo Franceschi-Bicchierai at Signal on +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de or email lorenzofb@vice.com

According to Andrew Tierney, a security researcher who conducted research on cryptocurrency hardware wallets, the desire for a reusable tool makes a lot of sense, but that is what makes this request so difficult.

“Hardware wallets are now really secure enough after they’ve been carefully researched. You may be able to find problems in some, but it will be very difficult to have ready-made exploits to work against many of them, ”- Tierney, who is also known as Cybergibbons, told Motherboard in an online chat. “Another problem, of course, is that there are actually no funds in the wallet. Only keys. If the owner knows that he is attacking him and can act, funds can be moved. ”

Advertisement

According to cryptocurrency research firm Chainalysis, about 20 percent of all bitcoins in existence, or more than $ 100 billion, are locked in wallets.

“SO MUCH lost bitcoins, this is like the 21st century of shipwrecks with treasure on board,”

Adrian Sanabria, expert on cybersecurity.

The IRS recently announced its intention to track and crack down on cryptocurrency fraud even more thoroughly than it has in the past. In March, the agency announced Operation Hidden Treasure, which aims to uncover undeclared cryptocurrency revenues.

The document does not mention this operation, and it is unclear if it is associated with it or not. Regardless, as more and more criminals choose hardware wallets to protect their illicit bitcoins, the federal authorities clearly need methods to access them to find key evidence. However, for some there may be simpler and cheaper solutions.

“It seems overkill,” Nicholas Weaver, senior fellow at the International Institute of Computer Science at the University of California, Berkeley, told Motherboard in an online chat. “For most of these devices, the choice ‘Either give us the password or rot in jail for disrespect’ may be enough.

This post is also available in: Русский

Leave a Reply

Your email address will not be published. Required fields are marked *