Last week, two substantial software flaws were unearthed to the technological public to much alarm. The vulnerabilities, dubbed Meltdown and Spectre by their finders, exploit weaknesses in the computer processors (CPUs) used in most of the world’s PCs, smartphones, and data hubs. These developments have raised questions the world over about the security of private data, leaving the cryptocurrency community wondering what this may mean for the safety of personal wallet funds and exchange reserves.
Together, Meltdown and Spectre attacks can affect processing chips produced by Intel, AMD, and ARM, and its discoverers have called them “the worst GPU bugs ever found.” According to the researchers who discovered the flaws, the attacks can steal information from services and applications that a computer’s GPU processes:
“These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”
Michael Schwarz, one of the vulnerabilities’ discoverers, illustrates how Meltdown works in a visual tweet:
These vulnerabilities could have unfortunate consequences for cryptocurrency investors and enthusiasts. As one CoinKorea post points out, “the biggest problem is that if an attacker exploits the vulnerability, it can not be blocked by encryption or vaccination.” As such, encrypted wallets may offer little protection against such hacks, even if cryptocurrency investors are taking the utmost precautions.
The vulnerabilities could present obstacles to exchanges, too, as they already have. Last week, Bittrex tweeted that wallet functions were restricted while Microsoft was overhauling its Azure cloud service to protect against the security flaws. Bittrex, like many exchanges, uses the cloud to store hot wallet reserve funds for its customers. Keeping a ledger of private keys in such a centralized place has raised eyebrows within the community, as cloud services are just as vulnerable to Meltdown and Spectre as personal devices.
Despite news surfacing for the public just last week, CEO Brian Krzanich revealed in a CNBC interview that Intel was “made aware of this issue a while back from researchers at Google.” According to a Google Cloud blog post, Project Zero, one of Google’s tech research teams, knew of the vulnerabilities as early as June of last year.
Some might say that seven months ago is more than “a while back” as Krzanich’s statement suggests. To make matters more complicated, Krzanich reportedly sold off $24mln worth of Intel stocks and options in November. After the sell-off, the CEO was left with 250,000 shares, the bare minimum as per his employment agreement with the company.
A company spokesperson held that “Brian’s sale is unrelated” to Meltdown and Spectre and that Krzanich “continues to hold shares in line with corporate guidelines.”
Additionally, if you’re worried about the security of your funds, it’s best to never leave a substantial sum of funds on an exchange for an extended period of time.
When handling your funds personally, there are a number of storage options that offer enhanced security compared to software and web wallets. If you want your funds completely divorced from technological breaches, a paper wallet is a safe bet–just make sure you backup your private keys and keep it in a secure place with little risk for damage. Moreover, hardware wallets like the Ledger Nano S provide excellent security against malware, hackings, and system vulnerabilities.
Featured image from Shutterstock.
Last modified (UTC): January 11, 2018 14:31