IRS’ plans for cracking cryptocurrency wallets
- By Shourjya Mookerjee
- Sep 17, 2021
Over the past decade, the emergence and rapid adoption of cryptocurrencies have led many to hold their assets in cryptowallets, purpose-built software and devices that store the public and private cryptographic keys to track ownership of cryptocurrencies so users can send, receive and store digital currency.
While cryptocurrencies and wallets are legal, they are often used in ransomware attacks, where criminals demand payment in virtually untraceable Bitcoin. Even if a hardware cryptowallet -- one of the most secure wallet types that is often used for storing large amounts of cryptocurrency -- is submitted as evidence in a criminal investigation, law enforcement has no way to access the data if its owner is unwilling or unable to unlock the wallet.
Now, the IRS’ Criminal Investigation unit will be working to unlock cryptocurrency wallets so investigators can more easily track the movement of cryptocurrencies and potentially recover stolen assets and prevent theft of digital currency.
IRS will be working with VTO Inc., a Colorado-based firm specializing in device forensics, to research and develop techniques for gaining access to cryptowallets by exploiting hardware, software and firmware vulnerabilities that may exist in the secure devices.
The IRS’s goal is to develop a body of research on cryptographic wallet exploitation, leveraging digital forensics for firmware analysis, hardware reverse engineering techniques and deconstruction of printed circuit boards and integrated circuit packages among others. It expects to build a consistent and repeatable process for gaining access to existing and future wallets that can be taught and followed in a digital forensics laboratory.
VTO will first be tasked with exploiting a single device type, or specific model, and showing how it can compromise the integrity of the cryptowallet protections and seize its contents. Once this practice can be applied consistently, VTO will work on exploiting a variety of wallets to identify trends in exploitation techniques and any variables that are consistent across different devices.
Through this work with VTO, the IRS will have “device-specific acquisition/exploitation processes, guide, and training for each device topic for utilization in a digital forensics laboratory.”
Read more about the project here.
Shourjya Mookerjee is an associate editor for GCN and FCW. He is a graduate of the University of Maryland, College Park, and has written for Vox Media, Fandom and a number of capital-area news outlets. He can be reached at [email protected] – or you can find him ranting about sports, cinematography and the importance of local journalism on Twitter @byShourjya.