What the ‘Meltdown’ and ‘Spectre’ CPU Flaws Mean for Cryptocurrency

Recently leaked computer vulnerabilities Meltdown and Spectre offer yet another reminder of how hard the digital age makes it to keep private information – even cryptocurrency private keys – safe.

Unveiled Wednesday, the widespread hardware vulnerabilities simultaneously impact Intel, ARM and AMD computer chips, which power the vast majority of the world’s computers, mobile devices and servers, making it possible to steal private data such as passwords, financial information or just about anything stored on any device that uses one of these chips.

Where this is important for cryptocurrency in particular is, hackers can potentially use the specific attack vector to pinch the private keys that allow users to control their bitcoins on the blockchain.

Popular Mechanics called it a “horrific” bug, contending it’s “hard to zero in on the most troubling part of this flaw,” while an informational page authored by security researchers remarks that you’re “most certainly” impacted by the bug.

And though there’s no evidence that any passwords have been compromised, experts say it wouldn’t be surprising if hackers or the NSA have been exploiting the attack.

If you’re already following best practices for cryptocurrency storage, then you’re probably fine. But if not, or if you’re a newer user, experts say it’s important to keep private keys on a safe device.

“Better safe than sorry,” said Bitcoin Core developer Bryan Bishop told CoinDesk, adding:

“An attacker who has knowledge of a sufficiently powerful vulnerability can theoretically force your CPU to reveal secret data such as private keys used to control your bitcoin.”

Attack vectors

It’s important to note that the advice to store private keys on a secure device is nothing new. (Crypto developers have long warned against storing private keys on laptops or other devices that interact with the internet.)

But the reasons why might not be obvious for newer users. Even though bitcoin and other cryptocurrencies are secure protocols, they must interact with the open internet and regular computers. In short, storing private keys so close to the internet can potentially expose users to hacks and theft.

And the new CPU vulnerabilities make the situation even worse, as a chain of actions can lead to error and compromise.

“If the protected memory problem is real, then a browser plugin or even a website may access your private keys,” said Bitcoin Core contributor Jonas Schnelli.

The full details of the issue aren’t yet public, so it’s unclear what the precise attack vectors are. Still, others suggested a similar impact could be likely.

“To get hit by this attack, all you would have to do is click a link by accident and maybe you end up on a website that serves a bad ad with the malware code that steals your data,” Bishop added.

And while these scenarios might sound far-fetched, most of today’s malware pry on similar vulnerabilities that have yet to be patched. It’s just impossible to know who and when they’ll actually hit…

Read Full: What the ‘Meltdown’ and ‘Spectre’ CPU Flaws Mean for Cryptocurrency