You bought a hardware wallet - great work!
But hold on, what risks are actually being mitigated? โ
And what risks are not being mitigated? โ
๐A ๐งตfrom a cyber security architect
Many people misunderstand the risks that a hardware wallet mitigates. This is dangerous and leads people to a false sense of security towards their blockchain assets.
Which brings me to the first and most important, albeit bland, point of this thread...
Risk management starts with risk assessment ๐ต๏ธ
You should not implement controls without first understanding the risks that you are trying to mitigate
Once the risks are understood, you should seek controls to mitigate those risks
Once controls are implemented, test them
Let's talk about risks and how we might categorise them.
We have a useful model in security called the CIA triad - Confidentiality, Integrity, and Availability.
All risks will align with at least one of these principles and they are foundational to security risk management
Confidentiality - ensuring that data are kept private
Integrity - ensuring that data are correct, authentic, and reliable
Availability - ensuring that data are available when needed
Now that we've had a quick cyber security primer, let's get back to hardware wallets!
RISK #1
Seed phrase / private key theft - Confidentiality risk.
The main goal of a hardware wallet is to provide a safe mechanism for interacting with the blockchain, while mitigating the risk of an unauthorised entity gaining access to your seed phrase / private keys
A hardware wallet mitigates the risk of this unauthorised access by storing the private keys in an environment that is specifically designed to keep these secrets secure. This is the sole purpose of the device and all other functionality is secondary to this one purpose.
The device that you are using right now to read this thread, is VERY insecure in comparison. Storing your keys on a wallet on this device is a bad idea as the attack surface is significantly higher. Your keys are exposed to a slew of potential malware and phishing attacks.
Just in case you missed it, because this is important -
A HARDWARE WALLET DOES NOT IMPLICITLY SECURE A SEED PHRASE
If your backup (you do have a backup, right?) is compromised, a malicious actor can use the private keys to access your assets regardless of your hardware wallet
RISK #2
Man-in-the-middle signature - Integrity risk
This isn't a risk that is explicitly designed for, it's more of a bonus control. There is a risk that your wallet software on your PC/phone could be compromised and have you sign an unexpected transaction that looks legitimate
The malware would display the correct function while taking your signature and applying it to a separate illegitimate transaction.
If you are only using a software/hot wallet, you will be none the wiser.
If you are using a hardware wallet, it will always show the actual transaction on your screen as you sign it.
This is one of the reasons why I recommend @gridplus Lattice1 as it has the capability to show you what you are signing in human readable form (not hex)
And that's it for the list of risks that a hardware wallet DOES mitigate.
What risks does it not mitigate?
Well, the list is long, but here are a few -
NFT / ETH drains on fake mint sites (you are approving these with your hardware wallet) - Integrity
Seed phrase backup theft - Confidentiality
Seed phrase loss due to lack of backup - Availability
Losing staked NFTs due to contract hack - Availability
NFT swap scams - Integrity
The list goes on and will continue to grow. Hit me with a reply if you would like insight into any other risks that didn't make this list!
Ok, so we understand the risks/controls and have bought an appropriate hardware wallet and set it up. You said that now we have to test the control?
YES
Attempt a transaction from your software wallet without your hardware wallet connected. Does the transaction succeed?
If it does, your software wallet is holding your keys and you are still at risk.
You need to transfer your assets to an address that is derived from the seed phrase that ONLY lives on your hardware wallet.
YOU SHOULD NEVER IMPORT THIS PHRASE INTO A SOFTWARE WALLET
Many people have asked for help with their wallet behaving in an odd manner to find that they had imported the seed phrase from their hw wallet into M3tamask.
If you have done this you are NOT SAFE. Create a new seed phrase on your hw wallet and transfer your assets ASAP
And lastly, PLEASE stop referring to hardware wallets as "basically 2FA". They are in no way 2FA and this implies controls that hardware wallets do not provide...
like two factors of AUTHENTICATION.
But let's leave that for another thread ๐
If you've enjoyed this thread, please follow for more posts about blockchain security from a cyber security professional!
Please let me know if you have any particular subjects that you would like me to cover in future threads ๐
Also, if you like the look of the @gridplus, I would appreciate the use of my affiliate link - t.co/vg9hVcVkK8 (back in stock in May)
And if you are looking for a great alternative to M3tamask, check out @0xFrame. It is an amazing wallet.
4lteredBeast.eth | aussiebloke.eth ๐ฆ๐บ ๐ฎ๐ฆ๐
@4lteredBeast
Cybersecurity professional, blockchain aficionado, producer and rapper. @6529collections | @pepecoins maxi