With the advent of decentralised digital currencies powered by blockchain technology, a new era of peer-to-peer transactions has commenced. The rapid growth of the cryptocurrency economy has led to increased use of transaction-enabling wallets, making them a focal point for security risks. As the frequency of wallet-related incidents rises, there is a critical need for a systematic approach to measure and evaluate these attacks, drawing lessons from past incidents to enhance wallet security. In response, we introduce a multi-dimensional design taxonomy for existing and novel wallets with various design decisions. We classify existing industry wallets based on this taxonomy, identify previously occurring vulnerabilities and discuss the security implications of design decisions. We also systematise threats to the wallet mechanism and analyse the adversary's goals, capabilities and required knowledge. We present a multi-layered attack framework and investigate 84 incidents between 2012 and 2024, accounting for $5.4B. Following this, we classify defence implementations for these attacks on the precautionary and remedial axes. We map the mechanism and design decisions to vulnerabilities, attacks, and possible defence methods to discuss various insights.

翻译：随着基于区块链技术的去中心化数字货币的出现，点对点交易的新时代已经开启。加密货币经济的快速增长促进了交易支持钱包的广泛使用，使其成为安全风险关注的焦点。随着与钱包相关事件频发，亟需一种系统化的方法来量化和评估这些攻击，从以往事件中汲取教训以增强钱包安全性。为此，我们针对现有及新型钱包提出了一种多维设计分类法，涵盖多种设计决策。基于该分类法，我们对现有行业钱包进行分类，识别已出现的漏洞，并探讨设计决策的安全影响。我们系统化梳理了针对钱包机制的威胁，分析了攻击者的目标、能力及所需知识。我们提出了多层攻击框架，并调查了2012年至2024年间发生的84起事件，涉及金额达54亿美元。在此基础上，我们从预防和补救两个维度对这些攻击的防御实施方案进行分类。通过将机制和设计决策映射至漏洞、攻击及可能的防御方法，我们深入探讨了多种见解。