A Hardware Wallet that’s peer’s envy and owner’s pride
In first half of 2021 cryptocurrency users have doubled to 220 million. This exponential growth is fueled by a bull run that pushed cryptocurrency market cap to over $2 Trillion. With ethical hackers breaking the security of every wallet out there, the need for a next generation device is more than ever. NatiVault (NV) stays native to your computer and delivers unprecedented convenience and value.
In 2020 the hardware wallet market was worth over $200 million, and expected to approach $900 million in 5 years. Over a dozen hardware wallets compete for a market share in this exponentially growing segment of the blockchain economy.
What is a hardware wallet?
A hardware wallet is a type of cryptocurrency wallet where you can store your private keys in a secure physical device. The cryptocurrencies stored in the wallet are kept offline, meaning that they can’t be hacked. However, cryptocurrencies per se are never stored within the hardware wallet itself, they always live on the blockchain. The hardware wallet merely stores your private key. That private key opens the lock to your address on the blockchain where your assets actually reside. Since the blockchain is everywhere, all you need is your private keys to interact with your tokens. The private keys being similar to a password manager for crypto, and a seed phrase as being like the master password. A seed phrase is a series of words generated by your cryptocurrency wallet that give you access to the crypto associated with that wallet. All your hardware wallet does is handshake the transaction and authenticate that you are the owner of the assets. Hence, your seed phrase is the MOST IMPORTANT part of this whole wallet business.
Is it indeed much a do about nothing?
If securing the seed phrase is all that the hardware wallets do, isn’t writing the seed phrase on a piece of paper and keeping it locked away in a vault, all that you need to do? Well, even if you own a hardware wallet, you have to do that anyway. If hardware wallets are only as secure as the seed phrase on that piece of paper, then why so much fuss over this high tech device? One claiming to be more secure than the other. The answer, unfortunately isn’t that their security is unhackable, but CONVENIENCE and VALUE.
All hardware wallets are hackable!
So much is published about how vulnerable hardware wallets can be.
While, some of such critique comes from vested interests — one vendor demonstrating another vendor’s vulnerabilities, at least a couple of non-stakeholder third-party reports are worth discussing in some detail.
An ethical hacking report from Kraken Security Labs demonstrates how they cracked the Trezor wallet in 15 minutes using a glitching device that a savvy hacker can easily source for extracting the Trezor hardware wallet’s encrypted seed by attacking the device’s STM32 microchip.
Another, elaborate research comes from a firm specializing in breaking down hardware wallets. At the 35th Chaos Communication Congress in Leipzig, Germany, security researchers Thomas Roth, Dmitry Nedospasov, and Josh Datko from WALLET.FAIL, demonstrated several ways to establish that no hardware wallet can escape from the brut force of a determined and technically resourceful attacker. Their hour-long presentation on their reverse engineering skills is an eye-opener (please check the Wallet.fail video).
These ethical hacking initiatives definitely bring awareness to the consumers and advance our understanding and knowledge of cryptocurrencies and their safekeeping. They do significantly advance the state-of-the-art.
But, is the extrapolation of their reverse engineered findings under highly improbable settings to real world scenarios fair to the Ledgers and Trezors of the hardware wallet world?
We don’t think so.
Advocating a basic paper wallet over hardware wallet is one thing, expecting a hardware wallet to deliver the moon is quite another. There’s an unwritten law in commerce:
A product is supposed to work under conditions it is designed to operate, nothing more, nothing less.
Shouldn’t Caveat Emptor apply to hardware wallet vendors? Are hardware wallets designed to leave owner’s custody and let hackers do anything they want to do with the gadget behind their backs? Well, no rational mind would think so. But, the problem is not that the Kraken team or Wallet.Fail team was able to hack the Ledger / Trezor devices, the problem is that these hardware wallets do not explicitly void the device warranty, the moment it is stolen or lost, escaping the device owner’s custody. Reverse engineering can rip apart just about any gadget, why only hardware wallets take the brunt?
Beyond State-of-the-art: Convenience & Value
With sevens years on the market, hardware wallet segment of the cryptocurrency industry is fairly mature, and ready to take the state-of-the-art to the next level. If hardware wallets can only be as secure as paper wallets, where does the state-of-the-art go from here?
We do believe the next generation hardware wallets will have to deliver a new level of convenience and value, keeping security to at least the level already achieved. What could be more convenient than keeping it handy right where your cryptocurrency activity happens?
We introduce to the crypto industry, a radically new paradigm in cybersecurity, convenience and value, by bringing and keeping the hardware wallet secure where it actually belongs, where it is NATIVE— the computer that handles your cryptocurrency. Yes, no risk of being stolen or lost, if your NatiVault (NV) hardware wallet permanently remains integrated into your computer. But, isn’t the soul purpose of a hardware wallet is to keep it offline and away from your connected computer? Offline, sure, but does it have to be away and segregated from your network connected computer? Not anymore. Zero Vulnerability Computing (ZVC) is the new breakthrough that makes it possible. But before we discuss ZVC in greater detail, let’s look the value NV’s novel business model delivers.
NV is not only competitively priced, it is first hardware wallet that integrates a robust and profitable tokenomics model that not only renders the device virtually free, but exploits the DeFi opportunities for long term gains (See Tokenomics).
What is ZVC?
Basically, two evil necessities have survived the history of computers:
First is the permissions that computer mandatorily grants 3rd party applications, which bad actors often misuse to create attack surface and vulnerabilities;
Second is the in-computer storage for user’s personal data.
The former is exploited by remote installation of malware, and the latter by stealing data using authentication faking techniques. In legacy computers neither attack surface can be completely eliminated, nor can a connected device hold data offline, rendering fool-proof cybersecurity impossible.
ZVC challenges the impossible with 2 radical concepts:
-Supra Operating System (SOS) software that completely obliterates the attack surface (US patent application 63/202,188, May 31, 2021), and,
-In-Computer Offline Storage (ICOS) hardware that isolates data in cold storage within the connected device itself (US patent application 63/228,122, August 1, 2021).
Both these design attributes together deliver double whammy to hackers, and render the NV device cyber secure with unprecedented convenience.
NV is not just a hardware wallet, but it is a proof of a new paradigm in computing that has the potential to signal a new epoch in the history of computers. As such, it may also be relevant as a collectible of significant future value. To capitalize on that value, our business model also mints NFT to be auctioned as a rare collectible celebrating the dawn of a new paradigm in computing.
As far as testing / validating the ZVC technology is concerned, experiments are underway at Europe’s premier research facility at IMEC, funded under a grant by European Commission’s Horizon 2020 program.
Lessons learnt from Ledger & Trezor hacks
NatiVault’s design is not just revolutionary in advancing the state-of-the-art in cybersecurity, but guided by the lessons learnt from the vulnerabilities in currently available hardware wallets. Those lessons prepare us to cover the following four bases that define the attributes of a next generation hardware wallet:
1. Supply Chain Hacks:
An insidious and increasingly common form of hacking is known as a “supply chain attack,” a technique in which an adversary slips malicious code or even a malicious component into a trusted piece of software or hardware. A Chinese hacking group known as Barium carried out at least six supply chain attacks over the past five years. The costliest cyberattack in history was a supply chain hack that cost $10 billion to economies across Europe, Asia and America.
Most hardware wallets on the market leave enough room for an adversary to compromise the device even before it reaches the customer. WALLET.FAIL team demonstrated that an attacker with physical access to a Ledger hardware wallet can physically manipulate the device without the end-user noticing.
“Since The Ledger Nano S case does not provide any sort of tamper evidence, it is susceptible to being opened and manipulated….. As this vulnerability requires a physical redesign to the Ledger case, this bug is unlikely to be fixed.” WALLET.FAIL
An open source hardware device design is actually available on GitHub for Ledger hacker’s convenience.
The compact, solid state, tiny form factor and minimalist design of NV hardware wallet with no moving parts makes supply chain hacks virtually impossible.
2. Chip level attack / PCB-Level attack:
Chip/PCB can be easy targets for reverse engineering, cloning, malicious insertion, side-channel attacks, and piracy. This mode requires proximity or physical access to the device. With the right tool, there’s no product that cannot be reengineered and rendered vulnerable in an expert hand.
Virtually all of the WALLET.FAIL evidence that concludes: “All hardware wallets are hackable,” comes from their reverse engineering attempts to craft chip level attacks against Ledger and Trezor, the most popular, and presumably most secure in the hardware wallet marketplace. In a world where vulnerabilities are discovered and exploited with 350,000 new malicious programs daily, expecting a fairly secure hardware to be resilient in the most unlikely and hypothetical situations that would never be replicated in real world scenario that the product is designed for, is quite a stretch.
Nevertheless, NV’s minimalist solid-state design transcends its design attributes from hardware to software, and deploys ZVC to obliterate the attack surface and improve its resilience to hack attacks. However, as a term of usage, the NV device is voided and becomes non-functional, as soon as the authorized user loses the custody of the device, detaches from the host computer, or uses for an unauthorized purpose voiding its warranty. And, just as we cancel a lost or stolen credit card, the NV device is immediately deactivated, and a replacement device shipped to its rightful owner. Hence, in a real world situation, there’s no question of reverse engineering or hacking a device that’s already killed the moment its owner reports the device lost or stolen.
3. Firmware Attacks:
Firmware attacks may or may not require physical access. The Wallat.Fail team though used physical access to successfully attack the Ledger and Trezor firmware. As explained in the previous paragraph, proximity reengineering attacks on the firmware can only be countered by killing the device and replacing it with a new one.
For remote initiated firmware attacks, the NV hardware wallet deploys a patent-pending ZVC Supra OS (SOS) architecture that obliterates or obfuscates the attack surface present on the computing device. Such attack surface is a result of the inherent design of all legacy hardware and software that grants 3rd party permissions allowing applications to run. Bad actors exploit those permissions for creating attack surface vectors such as malware, ransomware, etc. Since NV hardware wallet is a single purpose device, the SOS script is programed to ban all 3rd party permissions without exception.
4. Server-End Attacks:
Last year, Ledger’s database was breached, resulting in the names, mailing addresses, and phone numbers for 272,000 customers being released online by hackers. The hackers gained access to the information when they penetrated Ledger’s databases and the stolen information was posted at Raidforums, a site for sharing hacked databases. While, the hack did not cause any asset losses to the Ledger customers, but it did made them victims of targeted spamming from marketers, spammers and fraudsters.
NV will stay in full compliance with GDPR. The users’ asset always remain on the blockchain, and their private keys and seed phrase locally encrypted in their devices. Moreover, any personally identifiable information (PII) required for customer registration is moved offline as soon as user registration is accomplished.
What makes ZVC technology a game changer?
As explained earlier, historically computer’s have evolved with the following mandatory design attributes without exception:
- Permissions to 3rd parties for running their applications, and,
- A Non Volatile Memory (NVM) to store user’s personal data.
Both of these attributes are actually also the principle cause of almost all cybersecurity breaches that cause trillions in loses every year. We demonstrate that ZVC potentially neutralizes both of them with SOS and ICOS (as described above) respectively without making computers dysfunctional. If this is reproduced and implemented in all the diverse computing environments, it will open up a new epoch in the history of computers. ZVC-powered NV device, therefore, isn’t just a hardware wallet, but a testament, and a potentially valuable memento that commemorates the new paradigm for future computing.
NV’s place in NFT marketplace?
Non-fungible tokens took the art world by storm earlier this year with a virtual artwork by Beeple selling for $69 million. This was followed by Jack Dorsey’s auction of his first tweet for $2.9 million. NFTs are a type of digital asset designed to show someone has ownership of a unique virtual item, such as online pictures and videos or even sports trading cards. The next bastion for NFTs is the tangible assets that become rare with time. NV hardware wallet has that potential to become one of those exclusive collectible assets in the world over time. Collectibles will always involve a leap of faith. That’s not to say that NV isn’t at least as much a leap of faith as the Beeple art or the Dorsey tweet was.
NatiVault’s future is in its Tokenomics!
In addition to harvesting its NFT potential as a collectible of future value, NatiVault will have its own native currency -NV, making it the first hardware wallet, to not only offer 100% cash back to the early adaptors, but let them reap all the benefits that the DeFi economy has to offer, and also govern the future of NV (please review the NV White Paper). Yes, we indeed designed NV to be:
Peer’s envy, owner’s pride.