The competition in the cutting-edge hardware wallet market is heating up. NGRAVE’s recently successful fundraise on the popular crowdfunding platform, Indiegogo, is another signal that the opportunity for advanced storage and asset management solutions is profound.
The crypto security market has come a long way since its immature days of Mt. Gox and web wallet storage services. The market has turned into a hyper-competitive space for tinkering with innovative nanochip and self-custody designs previously unexplored. Part of the significant lure to the hardware wallet market is the steadily increasing interest of both retail and institutional investors to crypto assets.
With a diminishing amount of BTC moving every year, demand is apparent for secure, long-term storage devices.
USB-connected hardware storage solutions with complex user-interfaces are no longer sufficient to meet the evolving market demand. Institutions want complex multi-sig and conditional transfers. Users want an all-in-one storage product. Both want premium security -- the type that comes with peace of mind that funds won’t end up on CipherTrace’s next report on stolen assets.
For their part, NGRAVE’s team of Ruben Merre, Xavier Hendrickx, and Edouard Vanham saw an opportunity to fuse several technological breakthroughs into an appealing cold wallet. Roughly $423K in crowdfunding later and the market is signaling a demand for the type of wallet NGRAVE Zero offers.
Backup Phrases & A Unique Background of Circumstances
Before 2020, doomsday preppers and long-term Bitcoin hodlers seemed ridiculous for fire and corrosive resistant backup seeds to their hardware wallets, piles of guns, and strict adherence to the use of Wasabi and Samourai CoinJoins as a means to preserve privacy. But then 2020 happened, and they don’t seem so crazy anymore.
Jameson Lopp, the CTO of Casa and popular Bitcoin figure, even provides an entertaining blog series on “metal seed storage stress tests.” Subjecting a variety of metallic hardware wallet recovery storage devices to extreme conditions like heat and acidic corrosion, users of various products can be assured that what the label says about the sturdiness of the device is accurate.
To the average Bitcoin user, the tests may sound unreasonable at first glance, but when you choose to rely on a hardware wallet to “be your own bank,” durability cannot be overdone. Otherwise, you will end up like the owners of several million BTC that lost the private keys to their assets along with the backup phrases.
The notion of private keys and recoverable backup phrases has been a sticking point for many users entering crypto too.
For example, the complexity of alphanumeric private keys is reminiscent of early email addresses. Newcomers are turned off by the idea of having to store a mnemonic backup phrase as the only recovery method for their assets.
Some non-hardware wallets on Ethereum, such as Argent, have removed the need for private keys, seed phrases, and transaction fees entirely. But apps like Argent do not serve institutions or long-term crypto hodlers well, as it does not sever the elephant in the room -- the attack surface of the Internet.
Various solutions, such as injecting a third-party into a multi-layered security model (e.g., Casa) to recover lost keys are gaining traction, but a self-recoverable backup phrase -- what users desire -- has remained elusive. The so-called “coldest wallet” NGRAVE Zero, complete with GRAPHENE and catered to the Lopp-style crowd with a distinct twist is about to solve that issue: users can recover lost keys using the 64-hexadecimal “perfect key” model, where the key can be split into two parts and retrieved if lost.
The Endemic Problem of Internet Connectivity
Many of the exposed vulnerabilities to hardware wallets, such as market leaders Ledger and Trezor, involve physical tampering of the devices via a mechanism like side-channel attacks or sophisticated methods for probing the power usage to extract the PIN of the device.
However, for most anonymous holders of crypto assets, along with custodians like exchanges that house their devices in secure facilities, there is a more immediate threat than physical theft -- the Internet.
The more sophisticated a system, the more attack vectors can be realized by probing some of its overlooked security gaps. The Internet is the mother of complex systems. And it represents a consistently evolving threat for Internet-connected hardware devices.
For example, even if a hardware wallet device is connected to a computer via a USB plug, it is exposed to the Internet. Most of the leading hardware wallet providers house the internal functions (e.g., transaction signing and seed generation) within hardware security modules (HSMs) isolated from the Internet. Still, their integration with third-party developers can present problems.
In particular, malware on the user’s computer can enable a hacker to swap out the legitimate hardware wallet interface with a duplicate (unbeknownst to the user) containing the hacker’s crypto address instead of the user’s. This has been a problem for several providers in the past, which they have addressed, but it points to the inherent vulnerability of a device exposed to the Internet. Problems can also exist within the crypto protocols themselves, such as the recent vulnerability in SegWit disclosed by Trezor to its users for a third-party malware issue.
But how do you navigate around the Internet if crypto transactions need to be broadcasted to other nodes in the network? One of the answers is air gapping, aimed at the total removal of the digital attack surface. At a high level, air-gapping is basically severing the connection of a device from the public Internet or LAN.
An air gapping-based wallet introduced by NGRAVE does not connect to WiFi, Bluetooth, cellular, or any other network. Instead, the device deploys one-way QR codes in a manner that allows transactions to be broadcast from and received on the device without exposing critical functions like transaction signing or seed generation to the Internet.
For institutions storing vast troves of client funds, air-gapped wallets represent a major step towards maintaining premium security while not sacrificing the flexibility of funds. If a client wants to move funds rapidly during a period of market volatility, an institution can rely on it to quickly move funds without having to go through a custodian. For instance, some solutions can even function as a temperature agnostic (e.g., hot/cold delineation) tool where funds can be converted between offline and online rapidly. This enables users, such as institutions, to operate with efficiency during volatile market periods, which are common in crypto.
On the contrary, custodians in the industry typically offer several conditional transfer steps, network verification, and physical security of the devices holding client assets, but the process of releasing funds can be cumbersome.
Using an offline generated account-model, paired with biometric security institutions can rely more heavily on their own custody solutions without the additional costs of a custodian.
As the hardware wallet competition continues to ramp up, look for more impressive developments to come out of the market. After all, cryptocurrencies have induced a veritable golden age in cryptography.
It’s only a matter of time before further breakthroughs in nanochip manufacturing, cutting-edge privacy advances, and creative thinking converge on a market with enormous potential, but also one that carries a heavy burden -- the security of a new generation of digital assets.