IRS’ Criminal Investigators Want Help Breaking into Physical Crypto Wallets


The agency’s digital forensics unit is looking for a small business to help make routine processes out of some nascent research into related hardware hacking techniques.

Cybersecurity researchers are learning how to embed codes into physical devices used to manage digital wallets for the cryptocurrency typically used in ransomware transactions, and investigators want to nail down a process for hacking them, according to a request for proposal from the Internal Revenue Service.

“A body of research has begun to emerge on the cybersecurity of hardware cryptographic wallets. The research is frequently showcased at cybersecurity conferences for the purpose of increasing the security of cryptowallets as well as reporting exploits to the manufacturers of these devices,” reads a request for proposal from the IRS’ criminal investigations unit. “Since hardware cryptographic wallets contain digital data–public and private cryptographic keys–these small hardware computing devices may provide crucial data in investigations.”

Offers are due Monday in response to the RFP, which comes in the wake of first-ever sanctions the Treasury Department issued on a cryptocurrency exchange. Officials cited the use of the cryptocurrency ecosystem by ransomware criminals and promised to continue leveraging the financial mechanism in the space. The Criminal Investigations team is the IRS’ law enforcement arm and collaborates with partners like the FBI, which helped inform the sanctions action.

The use of physical devices to manage encryption keys offers an opportunity for the digital forensics experts at IRS to better trace and retrieve ransoms but they want help, specifically with the hardware side of things. And they also want training materials and processes so they can reliably exploit weaknesses in the devices going forward.   

“The contractor shall combine the leading-edge cybersecurity research available on the topics of embedded hardware exploitation with the disciplined, established science of digital forensics,” according to the RFP. “Established exploitation, reverse engineering and digital forensic techniques shall be used to accomplish these tasks including software and firmware analysis, hardware reverse engineering, integrated circuit identification and research, removal of integrated circuit packages and components, deconstruction of printed circuit boards and integrated circuit packages for the express purpose of identifying consistent, repeatable exploitation techniques against a given device.”

The RFP, which outlines delivery deadlines and details security and other requirements necessary for consideration, is set aside for a small business and will become inactive in 15 days.