pull down to refresh

Sorry this is a genuine question; I'm not answering it.
I'm wondering if it's an attack vector for a wallet that has access to your x/y/zpub to "mine" addresses similar enough to yours that you wouldn't notice.
The attack might work like this: The wallet works fine for months. But in the background, the adversary is mining receive addresses that share, let's say the first ten and last ten characters (out of I think 38 distinct characters in a segwit address). I think this is more than most people check (I hear often "I look at the last few"). It then gives you a malicious receive address and collects on it. It fakes your "balance" in the wallet so you think you have it.
Alternatively it could wait until it detects you are consolidating, and above a certain threshold, then it does the address swap.
127 sats \ 1 reply \ @freetx 8 Jun
The last 5 (?) digits of an address are a checksum. So best practice is compare first 5 chars of address and last 5 chars (ignoring middle chars)...if first/last match then its statistically strongly probable that the address is correct.
reply
Oh I should have known that. Makes perfect sense.
reply
27 sats \ 1 reply \ @tomlaies 8 Jun
No no, it's a valid question. And shows that you already have a feel how phishing-esque attacks work.
The answer is that your attack description should fail when the wallet checks the malicious receive address. It should easily realize that it isn't derived from your secret keys.
Guessing public addresses helps an attacker nothing. Guessing secret keys would - but this would be far more unlikely than finding an individual piece of sand on earth: not gonna happen.
reply
The hardware wallet doesn't "know" that you are sending to yourself. As far as it knows, you're creating a standard transaction. Unless it checks for exactly this type of attack (are the addresses similar enough to be suspicious?)
reply
26 sats \ 0 replies \ @fiksn 8 Jun
Generating an address with chosen prefix and/or suffix is done by randomly choosing a private key and checking what the outcome is. It's similar as mining: every character more is exponentially more expensive, you don't have any difficulty adjustments tho. According to https://github.com/kangaderoo/vanitygen vanity address generator it's like 45 seconds for 4 chars of course depending on your hardware.
The attack actually works in that way that a similar address as yours sends you some small amount and then when you next time try to send to yourself you mistakenly send to that address. Of course this address reuse is already a problem on itself. I doubt attackers use more than one hour to generate those.
There is a valid use case for having just xpubs for instance for your point of sale device. In that case a malicious wallet could indeed give out wrong addresses. But there is no reason to even mimic addresses similar to the correct ones.
reply
10 sats \ 1 reply \ @sudonaka 8 Jun
If you are using a compromised wallet then you are using a compromised wallet. No “mining” required.
You can verify this by only using open source wallets and also generating a matching address list in multiple softwares
(BlueWallet and Sparrow for example)
reply
I am assuming a hardware wallet that is not compromised, with software that is compromised.
That is exactly what I do-- generate and compare lists. But I think the clever attack vector would be to wait for several months before the attack. Let the user start trusting the software, as they use up those first 20 or so addresses they compared.
I'm sure it's not a common attack vector. But I'm curious about the math of generating/mining similar addresses, how feasible it is and how much time and power it takes.
reply
Mining a Bitcoin receive address that shares specific characters with another address is not a feasible attack vector due to the immense computational difficulty involved. The cryptographic algorithms used in Bitcoin address generation are designed to prevent such collisions, making this type of attack impractical with current technology. Instead, attackers are more likely to focus on other vulnerabilities, such as phishing, malware, or exploiting weak passwords.
reply