Attacking and Defending Blockchains - From Horror Stories to Secure Wallets

Explore a comprehensive review of blockchain security failures and risk mitigation strategies in this Black Hat conference talk. Delve into various wallet types, including hot, cold, online, mobile, desktop, paper, and hardware wallets, and understand their strengths and vulnerabilities. Learn about typical setups for individuals and receive recommendations for secure practices. Examine the relationship between exchanges and wallets, and investigate the concept of "warm" wallets. Analyze notable blockchain bugs and attacks, such as the Bitcoin overflow, Ethereum reentrancy, Zerocoin multi-spend, Lisk account hijack, Parity wallet bug, IOTA's hash function issues, Bitgrail withdrawals, Batch Overflow, and Verge vulnerabilities. Gain insights into BIP32 tools and their implications for blockchain security.

Intro
What's a wallet
Hot vs. Cold
Different types of wallets
Online wallet
Online interfaces
Mobile wallet
Desktop wallet
Paper wallet
Hardware wallet: not perfect
Typical setup for individuals
Recommendations
Exchanges and wallets
Exchanges and hardware wallets?
"Warm" wallets
Are blockchains secure?
Blockchain bugs?
Multiple targets
Attackers goals
Bitcoin overflow (CVE-2010-5139)
Ethereum reentrancy (a.k.a. DAO bug)
What happened? (simplified)
Lessons and solutions
3. Zerocoin multi-spend
Lisk account hijack
Parity wallet bug
IOTA's hash function
Bitgrail withdrawals
Batch Overflow
Verge
BIP32 tools (pt. 1)