Knowing when a breach has taken place is extremely important - nobody in an organization will begin to react appropriately if everything appears to be running smoothly. Unfortunately, it can be quite difficult to actually detect, at least until it's too late.
Our hot wallet sure is running low! Time to top up.
This idea is pretty focused on any cryptocurrency service, so it may not be for everyone. As usually, I'm not responsible for any lost funds, street credit, PR nightmares or lost sleep.
What if we gave them what they were looking for?
We know that both malware authors and manual attackers are looking for that golden wallet.dat file, or anything else that resembles a private key. Bitcoin is a technology that is both incredible and an incredible target.
There is certainly technology out there to detect breaches, but it can still be difficult to assess when information has leaked or a system has been infected. Some organizations wait for decoy email accounts to get hit with spam, others try to perform deep packet inspection within their network, monitoring for signatures of confidential data. This idea is really just another tool in the arsenal.
I'm going to be lazy today and just release the idea. If people like it, I can start putting something more formal together.
The Coin Canary
- Generate a wallet for each system and populate a small amount of coin
- Assign each system a wallet, keeping track of which goes where.
- Install, hide, incorporate said key into each system somehow. The more logical it looks the better.
- Setup an external system to monitor the blockchain and create alerts once coins move (some services already offer this)
- Create a Key Compromise Policy / Disaster Recovery Plan to inact once an alert occurs
This plan isn't failsafe, but those sweet, sweet coins may just be too tempting to pass up.