Secure Your Crypto: Is the current generation of hardware wallets enough?
To further the adoption of web3, wallet technology and security will need to evolve as well. Since the debacle of FTX, the concept of self-custody has become the talk of the industry, prompting more individuals to move funds from centralized services and into wallets, especially hardware wallets. So, why do individuals choose hardware wallets, and are hardware wallets the safest option?
What makes hardware wallets safe?
Hardware wallets are physical devices that are responsible for securely storing and managing the private key, which grants access to all of your cryptocurrencies and NFTs. The private key of the wallet can be thought of as an account password which would grant immediate access and control to the cryptocurrencies associated with the wallet.
Hardware wallets are preferred primarily because these devices are not connected to the internet. Not being an internet-connected device reduces the potential attacks that could occur online. As mentioned previously, private keys are crucial in having control over your cryptocurrencies and NFTs.
With hardware wallets, during the initial setup of the wallet, the private key of the wallet is created within the device itself. Since private key generation and storage happen offline, users are protected from any sniffing attacks that may potentially compromise a mobile or computer.
Additionally, hardware wallets serve somewhat like a two-factor authentication mechanism when you are completing transactions. The usual transaction flow requires the user to verify the address of the assets being sent. The computer being an internet-connected device could fall privy to attacks such as the clipboard attack, or screen spoofing — where faulty information is displayed on your screen.
In this attack, the information that is copied on the computer or mobile is replaced with malicious information — in the case of a transaction, the address of the attacker. Hardware wallets usually interface with either a mobile or desktop application and have a screen where the accurate information for the destination address can be verified. This way, before sending an asset, users can verify the true destination of where they will be sending funds and avoid losses and theft.
What are the current challenges with hardware wallets?
Even though hardware wallets tend to be the safest option for your cryptocurrencies and NFTs, they are not perfect. Most hardware wallets today tend to protect the private key of the wallet by storing it on a proprietary chip inside the device called a secure element.
Secure elements usually require NDAs to be signed on behalf of the company, therefore forcing companies to be closed-source. Being closed source puts the onus of maintaining security on the company and could lead to potential backdoors that attackers could exploit and compromise hardware wallets. As web3 expands, open-source technology will push innovation further as information becomes publicly verifiable and replicable.
Wallets today, regardless of software or hardware, use a seed phrase recovery system to recover funds in case access to the wallet-associated device is lost. A seed phrase is a representation of the wallet private key which is human readable.
Private keys tend to be hard to remember, or backup because they tend to be long strings of alphanumeric characters. Therefore, seed phrases were introduced to represent the private key in a more easy-to-understand format. Seed phrases tend to be 12/18/24 words long and are a combination chosen from a 2048-word list, outlined in BIP39.
Here is an example of a 12-word seed phrase: “Cat country fluid flush poem pioneer rally drum emotion series sign prevent”
These words will tend to represent the private key of the wallet and grant anyone with access to the seed phrase access to the wallet. Currently, the most popular methods of backing up seed phrases tend to be on laptops, paper or metal sheets. Each of these backup methods could be compromised via hacking, theft or damage.
How can users address these challenges to keep their crypto secure?
As with the entire web3 space, there are major leaps that are being made in the wallet space with the introduction of MPC and seedless wallets. Frontier tech aside, a popular existing solution to the hardware wallet drawbacks is to use a multi-signature wallet (multi-sig).
In a multi-sig wallet, multiple wallets are associated with one address, and a threshold of signatures is required, for example, a multi-sig wallet could have 3 signatories, and require 2 signatures to approve a transaction.
Multi-sig wallets can also be problematic since not all of the blockchains support multi-sig today, and different blockchains have different multi-sig implementations, which have suffered breaches in the past. Additionally, the user experience of multi-sig wallets can be complex and may not be suited for an individual crypto investor.
The development of seedless wallets and multi-party computation (MPC) wallets have made strides in improving overall privacy and security. In the case of seedless wallets, the utilization of technologies such as Shamir Secret Sharing to remove the single points of failure with private key management, and implement a solution that never exposes the seed phrase to the user, thereby reducing the overall attack surface for the wallet holder.
As web3 adoption continues to grow, wallet infrastructure will need to improve. At present, hardware wallets provide a great solution for crypto holders to improve their overall security, but they must recognize the shortcomings of the current paradigm. With newer, security-enhanced solutions such as MPC and seedless wallets gaining popularity, securing one’s crypto and NFT holdings will be simpler and safer.
The author is Founder & CEO, Cypherock
(Disclaimer: Recommendations, suggestions, views and opinions given by the experts are their own. These do not represent the views of Economic Times)
Read More: Secure Your Crypto: Is the current generation of hardware wallets enough?
Disclaimer:The information provided on this website does not constitute investment advice, financial advice, trading advice, or any other sort of advice and you should not treat any of the website’s content as such. NewsOfBitcoin.com does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.