Fun

News Feed - 2023-06-28 10:06:00

Anupam Varshney10 hours agoOpen source: Buzzword or real security for crypto wallets?Open-sourcing crypto wallet designs offers some benefits, but there are trade-offs as well.479 Total views1 Total sharesListen to article 0:00AnalysisJoin us on social networksLast month, hardware crypto wallet manufacturer Ledger announced its “Ledger Recover” program designed to allow customers to back up their seed phrases to the cloud and link it with their real-world identity.


The announcement was met with heavy pushback from the crypto community, as many saw it as opposing the ideals of blockchain security and the decade-old mantra of keeping custody over one’s own keys.


Ledger responded swiftly, assuring customers that their seed phrases were safe and that the Ledger Recover program was opt-in. But the entire saga has led to a growing demand for open-source hardware wallets, which could enable the community to rule out any hardware or software backdoors.


Just a week later, Ledger announced that it was accelerating its open-source roadmap. But what does an open-source hardware wallet mean? What are the benefits? And crucially, are they actually securer than their closed-source counterparts?What your hardware wallet isn’t


First, it’ll help to clear up some misconceptions surrounding hardware wallets.


Your wallet doesn"t store crypto.


A lot of people think hardware wallets are used to store cryptocurrencies, but in reality, they’re used to store your private keys. All cryptocurrencies exist on the blockchain, and your private keys prove you own your tokens. This is why it’s important to keep your private key, well, private.


Your spare phone isn"t a hardware wallet.


Hardware wallet manufacturing is complicated — and for good reason. People use these devices to secure millions of dollars worth of digital assets, and ensuring the safety of customer funds is crucial to building and maintaining a successful hardware wallet brand.


For this reason, various hardware wallet components are typically proprietary, meaning they cannot be purchased or inspected outside of buying a device and tearing it down. Some wallets even have built-in tamper protection to prevent this. Phones use far more accessible parts, making it a lot easier for an attacker to study and break.


Hardware wallets are not %100 secure


No device or software is completely invulnerable to attack. Accidentally interacting with a malicious smart contract can be catastrophic, and even the most secure wallet can’t protect you from rug pulls or phishing attacks. Hardware wallets are not digital bank vaults — they’re more like keys to a secure public lockbox. They’re a tool to help you store and access your assets securely and are only ever as safe as you are.Will going open-source help?


If wallets were built with publicly available source code, mass individual audits could prevent malicious actors from getting their way — or at least that’s the claim. But manufacturing hardware wallets requires a lot more trust than one may think, and not just for the manufacturer.


Other businesses in the supply chain have reasonable opportunities to insert their own backdoors, and these devices have complex supply chains. Most hardware wallet companies rely on contract manufacturers, which tend to rely on supply chains originating in China.


Recent: Bitcoin 2023 in Miami comes to grips with ‘shitcoins on Bitcoin’


Another supposed advantage of open-source hardware wallets is increased compatibility and greater community involvement in development. However, making code publicly available makes it easier for hackers to scour it for vulnerabilities. And since the wallet would be made using publicly available components, it would be easier for scammers to create fake wallets that can steal your funds.


Nicolas Bacca, co-founder and vice president of Innovation Lab at Ledger, told Cointelegraph that the biggest challenge facing open-source hardware wallets is creating a way for users to easily verify whether their device is genuine with strong guarantees. Most reputable manufacturers allow you to check the device serial number on their website to confirm its legitimacy. Would you trust every business in an open-source hardware wallet’s supply chain?


“It’s important to remember that an open-source hardware wallet will almost always rely on closed-source components,” said Bacca. “The only way to really know how secure it is is to try to break it and reverse engineer it.” With closed-source wallets, this isn’t possible.


“Until now no wallet has ever released firmware with a proven backdoor. If the firmware is open, it is scrutinized around the world. In closed-source wallets, that is never possible,” Vipul Saini, co-founder and chief technology officer of hardware wallet firm Cypherock, told Cointelegraph.


He believes that operations involving the generation and utilization of private keys should be made open-source. “That is where major backdoors, like kleptographic attacks and predictive random numbers, can be easily established,” he said.


In April 2022, a white hat hacker from Ledger’s security team caught a vulnerability similar to a backdoor in the seed generation of Trust Wallet, a Binance-owned open-source software wallet. With off-the-shelf chips, any party in the supply chain could modify the code that loads the bootloader, a critical part of ensuring the customer receives a device with genuine firmware.


This wouldn’t be noticed by code auditors since the backdoor could be inserted, while the code is being loaded onto the device.


“Given this limitation, it’s not possible to build a robust chain of trust for open-source hardware wallets, which considerably limits their distribution and safe use by the largest number of users,” he added. “The ‘many eyes’ paradigm doesn’t really work for security code, with the best example of this being the Heartbleed OpenSSL exploit.”Are open-source wallets the future?


As centralized exchanges continue their efforts to rebuild trust with the crypto community, people are being encouraged to store their coins in hardware wallets more than ever before. If the open-source movement gains more traction, the ability to verify that your device hasn’t been tampered with is critical, and this isn’t easy without an intermediary.


One solution is encouraging open-source hardware wallet producers to comply with the Open Source Hardware Association (OSHWA) criteria and obtain CERN’s Open Hardware Licence. But as examples like the 2008 global financial crisis showed, licenses and certifications can only guarantee so much.


“OSHWA helps provide proper labels, define and certify what is open hardware,” said Bacca, stating that it doesn’t help secure against attacks, but it’s useful to avoid dubious marketing claims. Bacca also mentioned a few existing vendors that claimed to be open-source without having an open-source license, or with proprietary code mixed in with their open-source codebase.


Recent: How security, education and regulation can mitigate rising crypto scams


From unclear incentive structures to restricted testing in predefined circumstances, it’s important to address the limitations of certification organizations. The movement could also lead to a stampede of companies capitalizing on the “open-source” buzzword, hiding their proprietary elements behind sub-standard certifications.


Closed-source manufacturers use proprietary chips to enforce strong root-of-trust guarantees, but what would a pure open-source wallet employ? The reality of the market is that security evaluations are more nuanced than a simple dichotomy of open source vs. closed source.


At the end of the day, consumers want the securest option that requires them to trust the least number of people.# Bitcoin Wallet# Business# Wallet# Adoption# Hardware Wallet# Mobile Wallet# Private KeysAdd reactionAdd reactionRelated NewsWho invented NFTs?: A brief history of nonfungible tokensA brief history of the internetGirlfriends, murdered kids, assassin androids — is AI cursed?Crypto phishing scams: How users can stay protectedAtomic Wallet says hack affected 1% of active users, but investors claim otherwiseBitcoin evangelist Joe Hall tells The Agenda why he thinks BTC will conquer the world

News Feed
Ordinals drive ‘positive momentum’ in Bitcoin innovation — Franklin Templeton
Ezra Reguerra1 hour agoOrdinals drive ‘positive momentum’ in Bitcoin innovation — Franklin TempletonWhile the asset manager explained the potential of Ordinals, it also noted that they could lose value and are not
2024-04-04 16:50 PM
Crypto community slams WazirX’s 'socialized losses' plan after hack
Amaka Nwaokocha10 hours agoCrypto community slams WazirX’s "socialized losses" plan after hackAs WazirX navigates this crisis, the firm faces the challenge of rebuilding trust with its user base and the broader crypto
2024-08-03 22:50 PM
Meta denies claim more than half of Facebook crypto ads are scams
Stephen Katte2 hours agoMeta denies claim more than half of Facebook crypto ads are scamsAustralia’s competition watchdog has claimed 58% of crypto ads on Facebook are scams; Meta says the data is old and unreliable.12
2024-08-16 15:00 PM
William Suberg9 hours agoBTC price pullback after $35K? Bitcoin funding rates turn ‘grossly positive’Bitcoin may see a deeper retracement at the hands of positive funding rates and a lack of bid liquidity below BTC p
2023-10-24 23:46 PM
Arizona primary involving crypto Super PAC’s $1.3M is a squeaker
Turner Wright5 hours agoArizona primary involving crypto Super PAC’s $1.3M is a squeakerThe primary between two Democrats in Arizona’s 3rd Congressional District will likely go to a recount, with money from crypto in
2024-08-06 03:35 AM
Bitcoin.com Acquires Japanese Blockchain Developer 03 Labs
Bitcoin.com has acquired Japanese blockchain developers O3 Labs and will absorb the team, the company announced Monday. The deal, which began in talks a few months ago and closed re
2019-10-22 17:30 PM
World’s largest pension fund explores diversifying into Bitcoin
Helen Partz1 hour agoWorld’s largest pension fund explores diversifying into BitcoinJapan’s Government Pension Investment Fund, the largest pension fund in the world, is willing to learn more about Bitcoin as a poten
2024-03-19 16:29 PM
Circle Issues Update Amid Stablecoin Volatility; Firm Is Prepared to ‘Stand Behind USDC and Cover Any Shortfall’
Circle Issues Update Amid Stablecoin Volatility; Firm Is Prepared to "Stand Behind USDC and Cover Any Shortfall" On Saturday, March 11, 2023, Circle Financial updated the public ab
2023-03-12 09:00 AM
Osprey Vies for Control of Grayscale’s Bitcoin Trust; Tron’s Justin Sun Offers to Invest Up to $1B on DCG Assets
Osprey Vies for Control of Grayscale"s Bitcoin Trust; Tron"s Justin Sun Offers to Invest Up to $1B on DCG Assets Following charges by the U.S. Securities and Exchange Commission ag
2023-01-15 02:30 AM
Argentina’s Peso Plunges After Central Bank Tightens Foreign Exchange Controls: Citizens Discuss Bitcoin Adoption
Argentina’s Peso Plunges After Central Bank Tightens Foreign Exchange Controls: Citizens Discuss Bitcoin AdoptionThe Argentine peso plunged by more than 10% shortly after the coun
2020-09-18 23:36 PM
Marathon Digital, Kenyan government discuss crypto policy, energy use
Derek Andersen6 hours agoMarathon Digital, Kenyan government discuss crypto policy, energy useThe Kenyan president announced the talks at an American business summit in Nairobi attended by the U.S. commerce secretary.477
2024-05-07 02:44 AM
Dogecoin Whales Bought 210 million DOGE During Recent Correction – Bullish Signal?
Este artículo también está disponible en español. Dogecoin has seen choppy price action over the past few weeks, reflecting the broader market’s indecision. After r
2024-12-13 01:00 AM