By Rohan Agarwal, Cypherock
Are there enough hardware wallets of the current generation to ensure the security of your cryptocurrencies?
Since the debacle of FTX, the concept of self-custody has become the talk of the industry, prompting more individuals to move funds from centralized services and into wallets, especially hardware wallets.
Wallets are at the core of the web3 world since all activity across DApps are forever interlinked with the wallet address. Since cryptocurrencies and NFTs are linked with wallets, exploiting wallet information has become a common practice amongst hackers and scammers within web3. Oftentimes, one would hear of a seed phrase compromise through phishing or the loss of the wallet due to a device being lost or a password is forgotten.
To further the adoption of web3, wallet technology and security will need to evolve as well. Since the debacle of FTX, the concept of self-custody has become the talk of the industry, prompting more individuals to move funds from centralized services and into wallets, especially hardware wallets. So, why do individuals choose hardware wallets, and are hardware wallets the safest option?
Hardware wallets are physical devices that are responsible for securely storing and managing the private key, which grants access to all of your cryptocurrencies and NFTs. The private key of the wallet can be thought of as an account password which would grant immediate access and control to the cryptocurrencies associated with the wallet.
Hardware wallets are preferred primarily because these devices are not connected to the internet. Not being an internet-connected device reduces the potential attacks that could occur online. As mentioned previously, private keys are crucial in having control over your cryptocurrencies and NFTs.
With hardware wallets, during the initial setup of the wallet, the private key of the wallet is created within the device itself. Since private key generation and storage happen offline, users are protected from any sniffing attacks that may potentially compromise a mobile or computer.
Additionally, hardware wallets serve somewhat like a two-factor authentication mechanism when you are completing transactions. The usual transaction flow requires the user to verify the address of the assets being sent. The computer being an internet-connected device could fall privy to attacks such as the clipboard attack, or screen spoofing — where faulty information is displayed on your screen.
In this attack, the information that is copied on the computer or mobile is replaced with malicious information — in the case of a transaction, the address of the attacker. Hardware wallets usually interface with either a mobile or desktop application and have a screen where the accurate information for the destination address can be verified. This way, before sending an asset, users can verify the true destination of where they will be sending funds and avoid losses and theft.
Even though hardware wallets tend to be the safest option for your cryptocurrencies and NFTs, they are not perfect. Most hardware wallets today tend to protect the private key of the wallet by storing it on a proprietary chip inside the device called a secure element.
Secure elements usually require NDAs to be signed on behalf of the company, therefore forcing companies to be closed-source. Being closed source puts the onus of maintaining security on the company and could lead to potential backdoors that attackers could exploit and compromise hardware wallets. As web3 expands, open-source technology will push innovation further as information becomes publicly verifiable and replicable.
Wallets today, regardless of software or hardware, use a seed phrase recovery system to recover funds in case access to the wallet-associated device is lost. A seed phrase is a representation of the wallet private key which is human readable.
Private keys tend to be hard to remember, or backup because they tend to be long strings of alphanumeric characters. Therefore, seed phrases were introduced to represent the private key in a more easy-to-understand format. Seed phrases tend to be 12/18/24 words long and are a combination chosen from a 2048-word list, outlined in BIP39.
Here is an example of a 12-word seed phrase: “Cat country fluid flush poem pioneer rally drum emotion series sign prevent”.
These words will tend to represent the private key of the wallet and grant anyone with access to the seed phrase access to the wallet. Currently, the most popular methods of backing up seed phrases tend to be on laptops, paper or metal sheets (seed phrase backups). Each of these backup methods could be compromised via hacking, theft or damage.
As with the entire web3 space, there are major leaps that are being made in the wallet space with the introduction of MPC and seedless wallets. Frontier tech aside, a popular existing solution to the hardware wallet drawbacks is to use a multi-signature wallet (multi-sig).
In a multi-sig wallet, multiple wallets are associated with one address, and a threshold of signatures is required, for example, a multi-sig wallet could have 3 signatories, and require 2 signatures to approve a transaction.
Multi-sig wallets can also be problematic since not all of the blockchains support multi-sig today, and different blockchains have different multi-sig implementations, which have suffered breaches in the past. Additionally, the user experience of multi-sig wallets can be complex and may not be suited for an individual crypto investor.
The development of seedless wallets and multi-party computation (MPC) wallets (for example, the Cypherock X1 hardware wallet) have made strides in improving overall privacy and security. In the case of seedless wallets, the utilization of technologies such as Shamir Secret Sharing to remove the single points of failure with private key management, and implement a solution that never exposes the seed phrase to the user, thereby reducing the overall attack surface for the wallet holder.
With newer, security-enhanced solutions such as MPC and seedless wallets gaining popularity, securing one’s crypto and NFT holdings will be simpler and safer.
As web3 adoption continues to grow, wallet infrastructure will need to improve. At present, hardware wallets provide a great solution for crypto holders to improve their overall security, but they must recognize the shortcomings of the current paradigm. With newer, security-enhanced solutions such as MPC and seedless wallets gaining popularity, securing one’s crypto and NFT holdings will be simpler and safer.
You can see this list here.
1 | Trezor hardware wallet, the official online store | ||
2 | Ledger hardware wallet, the official online store | ||
3 | KeepKey hardware wallet, the official online store | ||
4 | BitBox02 hardware wallet, the official online store | ||
5 | CoolWallet hardware wallet, the official online store | ||
6 | ELLIPAL hardware wallet, the official online store | ||
7 | D'CENT hardware wallet, the official online store. | ||
8 | SafePal hardware wallet, the official online store | ||
9 | SecuX hardware wallet, the official online store | ||
10 | BC Vault hardware wallet, the official online store | ||
11 | BitLox hardware wallet, the official online store | ||
12 | Keystone hardware wallet, the official online store | ||
13 | ProKey hardware wallet, the official online store | ||
14 | NGRAVE hardware wallet, the official online store | ||
15 | Keevo hardware wallet, the official online store | ||
16 | GridPlus hardware wallet, the official online store | ||
17 | Ballet hardware wallet, the official online store | ||
18 | OPOLO hardware wallet, the official online store | ||
19 | Foundation (Passport) hardware wallet, the official online store | ||
20 | ImKey hardware wallet, the official online store | ||
21 | Tangem hardware wallet, the official online store | ||
22 | HashWallet hardware wallet, the official online store | ||
23 | Material Bitcoin hardware wallet, the official online store | ||
24 | ShieldFolio hardware wallet, the official online store | ||
25 | OneKey hardware wallet, the official online store | ||
26 | Blockstream Jade hardware wallet, the official online store | ||
27 | Cypherock hardware wallet, the official online store | ||
28 | Keepser hardware wallet, the official online store | ||
29 | NEXA hardware wallet, the official online store |