📖
Web3 Encyclopedia
  • Welcome aboard!
  • Source
  • 😀Evolution from Web 1.0 to Web 3.0
    • Web 1.0 Web 2.0 Web 3.0
    • Key Features
    • Current Limitations
    • Future of Web 3.0
    • Learn: What Is Web3?
    • Learn: Will Every Brand Have a Web3 Strategy?
    • Learn: Big Ideas in 2023
    • Learn: The Web3 Paradox: Why Scaling Usage Alone Won't Lead to Mass Adoption?
    • Learn: Is Web3 A Marketing Buzz or Tech Revolution?
    • Learn: What is the relationship between blockchain and Web3?
    • Learn:Empowering Women in Web 3.0: The Role and Contributions of Women in Blockchain, DeFi, and dApp
    • Learn: Web 3.0 and the Future of E-Commerce
    • Learn: 12 ways ecosystem projects can attract more developers
    • Learn: How Web3 is Impacting Education?
    • Learn: Web3 And The Future Of Digital Advertising
    • Learn: Web3’s impact on personalization, trust and engagement
    • Learn: Web3-Powered Identity Management -- Unlocking the Benefits of Decentralization
    • Learn: Why Web2 companies fail in Web3 while others made it?
    • Learn: To Identify or Not in a Web3 World?
    • 🤫[Insider Series] McKinsey x Web3
    • TL;DR 👀
  • 💲Blockchain Fundamentals
    • Why is Blockchain So Popular?
    • Introduction to Blockchain
    • Blockchain Misconceptions
    • Blockchain vs Bitcoin, Database, Cloud
    • Consensus Mechanism
    • Public and Private Keys
    • Hash Functions and Cryptography
    • Sharding
    • Types of Blockchains: PoW, PoS and Private
    • Understanding Cryptocurrency
    • Coins vs Tokens
    • Blockchain Trilemma
    • Legality
    • Learn : Google’s Cloud Based Blockchain Node Service
    • Learn: How Blockchain, Digital assets, and Web3 Unlock Financial Inclusion Globally
    • Learn: Will Chinese-Made Crypto Soar Higher?
    • Learn: What Does MiCA Mean for Crypto in Europe?
    • Learn: Unraveling the Intricacies of Blockchain Forensics and Asset Tracking
    • Learn: Promising blockchain use cases in healthcare industry
    • Learn: The Role of Blockchain in Authenticating and Provenance Art
    • Learn: Blockchain-Based Digital Identity: Benefits, Risks, and Implementation Challenges
    • Learn: The Future of Energy Supply Chains
    • Learn: Revolutionizing smart contracts and cryptocurrency
    • Learn: Nigeria goes blockchain
    • Learn: A Game Changer for Online Gaming?
    • Learn: Is blockchain technology ready for high-storage applications?
    • Learn: Will Blockchain Technology Mark a Turning Point in Fraud Prevention?
    • Learn: Why ZK-rollups need data availability?
    • Learn: How will generative AI disrupt blockchain?
    • Learn: A New Blockchain for Generative AI?
    • TL;DR 👀
  • 🏟️Web3 Utilities
    • Decentralized Applications (dApps)
    • Cross-chain Bridges
    • DAO
    • Artificial Intelligence
    • Learn: Is Community-building Essential for Web3 Startups?
    • Learn: ‘Decentralization Theater’
    • Learn: Crypto and AI- A yay or nay combination?
    • Learn: Dissecting the DAO
    • Learn: What is motivating Lido DAO to rise?
    • Learn: How to Turn Your Community Into a DAO?
    • Learn: The Key to Decentralized Decision Making
    • Learn: How Web 3.0 can disrupt the supply chain industry?
    • TL;DR 👀
  • 🪙Bitcoin
    • What is Bitcoin
    • Bitcoin's Blockchain Technology
    • UTXO Model and Transaction Fees
    • Bitcoin Mining and Mempool
    • Learn: What is bitcoin mining?
    • What are Hard Forks and Soft Forks
    • What is SegWit and the Lightning Network
    • Bitcoin Ecosystem
    • Can Bitcoin be Destroyed? Game Theory and Network Attacks
    • Learn: Crypto token supplies explained
    • Learn: What is crypto tax-loss harvesting, and how does it work?
    • Learn: Can Crypto Go Green? How to Invest in Eco-Friendly Cryptocurrencies
    • Learn: Why Did FTX Collapse? Here’s What to Know.
    • Learn: How Sam Bankman-Fried swindled $8 billion in customer money?
    • Learn: How much is Bitcoin worth today?
    • Learn: The Costs of Running a Bitcoin Node In Nigeria
    • Learn: Has 2022 Left Any Crypto Positives?
    • Learn: How Crypto Exchanges Can Be Free of Risk?
    • Learn: Greed, Lies and FTX: Is Crypto a Force for Good or Evil?
    • Learn: Is Crypto a Cultural Movement?
    • Learn: What are the consequences of crypto’s ongoing regulatory process?
    • Learn: Beyond the Crash and Embracing NFTs?
    • Learn: Understanding crypto bag holders and their mindset
    • Learn: Inscriptions: Just A Fad, Or A Real Threat To Bitcoin Becoming Decentralized Money?
    • Learn: How Bitcoin Ordinals Can Change the Future Of Mining?
    • Learn: What is a supernet?
    • Learn: Bitcoin Miners Celebrate 10 Years Since First ASIC, What Changed Since Then?
    • Learn: Bill Vs. CBDC – Why This US Congressman Wants To Block The Fed From Issuing A Digital Dollar?
    • Learn: Why Bitcoin Will Blow People’s Minds In 2025?
    • Learn: How the Howey Test Sheds Light on Cryptocurrency's Regulatory Gray Area
    • Learn: Cryptocurrency vs AI: A Complex Debate
    • Learn: Where the U.S. Government Went Wrong in Regulating Crypto?
    • Learn: The Nostr Privacy Paradox
    • Learn: Do algorithmic stablecoins have a future as centralized coins are under scrutiny?
    • Learn: Is Bitcoin Set To Revolutionize The Financial World With Its Superior Purchasing Power?
    • Learn: What is Shibarium, and what does it mean for Shiba Inu?
    • Learn: What is a crypto dusting attack?
    • Learn: Is the Adoption of Central Bank Digital Currencies (CBDCs) the Future?
    • Learn: How Artificial Intelligence Could Revolutionize Crypto?
    • Learn: What’s next for EU’s crypto industry as European Parliament passes MiCA?
    • Learn: Why the EU Has MiCA and the U.S. Has Securities Law Confusion?
    • Learn: Six New Projects Looking to Mitigate Bitcoin Mining’s Energy Footprint
    • Learn: Who on Crypto Twitter chose not to pay for a blue checkmark?
    • Learn: What is the wash-sale rule in Crypto?
    • Learn: What is Pepecoin and can it flip memecoins Dogecoin and Shiba Inu?
    • Learn: Can you recover stolen Bitcoin from crypto scams?
    • Learn: What the ‘anti-mining bill’ means for the crypto industry in Texas?
    • Learn: Does the US have a crypto ‘tax loophole’ problem?
    • Learn: How users can stay protected?
    • Learn: How Crypto Revolutionize Cheaper and Faster Transactions?
    • Learn: Can NFTs and CFDs be BFFs?
    • Learn: A PR expert’s tips for memecoin projects
    • Learn: Why politicians aren't convinced about the Digital Euro?
    • Learn: How A 90-Year Old TA Theory Predicted The Sudden Bitcoin Boom?
    • Learn: Social Trading Platforms and CFDs: A New Paradigm in Investment
    • Learn: How could the Chinese economic crisis impact Bitcoin and crypto?
    • Learn: How do they compare: Bitcoin IRA vs. traditional IRA?
    • Learn: Why Tokenized Assets Are Safer During a Banking Crisis?
    • TL;DR 👀
  • 🛢️Ethereum
    • Bitcoin vs Ethereum
    • What can Ethereum do?
    • What is Ether (ETH)?
    • What's Unique About ETH?
    • What are Smart Contracts?
    • Energy Consumption?
    • Ethereum Virtual Machine (EVM)
    • Pros & Cons of Smart Contracts
    • Decentralized Applications (dApps)
    • Ethereum Token Standards (ERC-20, ERC-721 and ERC-1155)
    • Evolution of Ethereum
    • How to Get Your First Ethereum
    • Learn: Next Ethereum Upgrade — Shanghai Upgrade
    • Learn: Tipping Scale for Crypto Adoption: Usability vs. Accessibility
    • Learn: Major Publicly Traded U.S. Bitcoin Miner Files For Chapter 11 – Impact On The Market?
    • Learn: 5 altcoin projects that made a real difference in 2022
    • Learn: How Tether Can Be a More Stable Stablecoin?
    • Learn: Are the Ethereum Killers Still Deadly?
    • Learn: What Ethereum Tech Trends Are Weathering the Bear Market?
    • Learn: How Ethereum’s token burns are making it a deflationary cryptocurrency?
    • Learn: A few things to know about Ethereum's Shanghai Upgrade
    • Learn: The Role of Enterprise Ethereum
    • Learn: Understanding Layer 2 Scaling Solutions for the Ethereum Network
    • Learn: The Battle of Giants: Bitcoin vs Ethereum
    • Learn: Cryptography, Smart Contracts and Distributed Networks
    • Learn: The Memecoin Grift and How It Threatens Ethereum Culture
    • Learn: What Is Ethereum’s ‘Data Availability' Problem, and Why Does It Matter?
    • TL;DR 👀
  • 👛Wallet
    • What is a Blockchain Wallet?
    • Hardware / Software Wallet
    • How to Get Your First Cryptocurrency
    • Setting up Metamask Wallet
    • Learn: How to connect the Avalanche network to MetaMask?
    • Learn: How to pass on your crypto when you die?
    • Learn: What are hierarchical deterministic (HD) crypto wallets?
    • Learn: Pros and Cons of Digital Wallets
    • Learn : How Web 3.0 Wallets Are Redefining Digital Asset Security?
    • Learn: Open source: Buzzword or real security for crypto wallets?
    • TL;DR 👀
  • 🌕New & Rising Protocols
    • Binance
    • NEAR
    • Solana
    • Fantom
    • Polygon
    • Cardano
    • Polkadot
    • Cosmos
    • Harmony
    • Cronos
    • Optimism
    • Terra
    • Who Will Win the L1 Wars?
    • Learn: New Layer 1 Blockchains Are Expanding the DeFi Ecosystem But No Eth Killers Yet
    • Learn: Is an Increased Focus on Layer-2 Scaling and ZK Technology Justified?
    • Learn: What Are the Stakes in the SEC vs. Ripple Case?
    • Learn: What is The Graph, and how does it work?
    • TL;DR 👀
  • 📈Decentralized Finance (DeFi)
    • CEX vs DEX
    • CeFi vs DeFi
    • Algorithmic Stablecoins
    • Airdrop
    • Liquidity Pool
    • Impermanent Loss
    • Swapping
    • Wrapped Token
    • Arbitrage Opportunities
    • Staking
    • Yield Farming
    • Total Value Locked (TVL)
    • Gas Fees
    • Lending & Borrowing
    • Useful Tools
    • Activity: Uniswap & Pancake Swap
    • Learn: Automated Market Makers (AMMs) in DeFi
    • Learn: Crypto Moving towards ESG: What Is Regenerative Finance (ReFi)
    • Learn: What Is dYdX? Understanding the Decentralized Crypto Exchange
    • Learn: It's A Wrap - DeFi in 2022
    • Learn: Why DeFi should expect more hacks this year?
    • Learn: The Security Challenges of DeFi
    • Learn: The Promising Future of Decentralized Social Media on Web 3.0
    • Learn: Can CBDCs, Tokenized Deposits, Stablecoins and DeFi Coexist?
    • Learn: The Increasing Popularity of DeFi and Its Potential to Disrupt Traditional Finance
    • Learn: The future of DeFi is ReFi
    • Learn: DeFi aggregation
    • TL;DR 👀
  • 🙈Non-Fungible Token (NFT)
    • What are NFTs?
    • Case Study
    • Storage
    • Who are the Players?
    • NFT Marketplace
    • NFT Useful Resources
    • Activity: Mint Your Own NFT
    • Learn: How You Can Prevent Hackers From Stealing Your NFTs?
    • Learn: What Is an NFT Floor Price?
    • Learn: Should Bored Ape buyers be legally entitled to refunds?
    • Learn: China’s view of NFTs different from rest of the world’s
    • Learn: NFTs IRL: How Digital Collectibles Are Forging Offline Experiences
    • Learn: How NFT Brands Can Cut Through The Noise
    • Learn: How Web3 disrupts the music sector?
    • Learn: Unlockable content in NFTs
    • Learn: Why Meta Matters in NFTs?
    • Learn: Should NFT Marketplaces Become Centralized?
    • Learn: Hermès vs. MetaBirkins: The NFT Case That Could Have Major Trademark and Artistic Consequence
    • Learn: What are phygital NFTs, and how do they work?
    • Learn: What is NFT ticketing and how does it work?
    • Learn: Why Solana NFT marketplace is seeing less active users?
    • Learn: NFTs and Intellectual Property
    • Learn: How AI Is Changing Artistic Creation and Challenging IP Laws?
    • Learn: The Future of NFTs: Exploring Dynamic NFTs and Their Versatile Use Cases
    • Learn: NFTs in the event and ticketing industry
    • Learn: What is NFT rarity, and how to calculate it?
    • Learn: What happens to your NFTs when you die?
    • Learn: Dogecoin-Like Spike in Milady NFTs After Elon Musk’s Tweet, But Will It Last?
    • Learn: What are NFT royalties, and how do they work?
    • Learn: How developers aim to store crypto inside NFTs?
    • Learn: Generative Art NFTs: What Are They & Why Are They So Popular?
    • TL;DR 👀
  • 💗Metaverse
    • What is the Metaverse?
    • Metaverse Economy
    • Metaverse Companies
    • GameFi
    • Learn: Are We in the Metaverse Yet?
    • Learn: Can the Metaverse exist without blockchain?
    • Learn: Can the Metaverse Facilitate Sustainable Growth of Defi Systems?
    • Learn: What is the role of biometrics in the metaverse?
    • Learn: Can metaverse be the future court?
    • Learn: Metaverse Fashion Is on the Rise, but for Whom?
    • Learn: Sustainability in the Metaverse: Challenges and Opportunities
    • Learn: How To Build A Responsible Metaverse?
    • Learn: What is a VTuber, and how do you become one?
    • Learn: How proof-of-identity provides human experiences?
    • Learn: The “Metaverse” Next Frontier for Business: Impact And Challenges
    • Learn: The 5 Biggest Misconceptions About The Metaverse
    • Learn: Why culture and ownership are critical to the metaverse?
    • TL;DR 👀
  • 👾Career in Web3 (coming soon)
    • Developers
    • Moderators
    • Community Managers
    • UI/ UX Designers
    • Digital Fashion Designers
  • 🌱Sustainability (Coming Soon)
    • Industry Effort
    • Co-author
Powered by GitBook
On this page
  • Will going open-source help?
  • Are open-source wallets the future?
  1. Wallet

Learn: Open source: Buzzword or real security for crypto wallets?

Open-sourcing crypto wallet designs offers some benefits, but there are trade-offs as well.

PreviousLearn : How Web 3.0 Wallets Are Redefining Digital Asset Security?NextTL;DR 👀

Last updated 1 year ago

Last month, hardware crypto wallet manufacturer Ledger announced its “Ledger Recover” program designed to allow customers to back up their seed phrases to the cloud and link it with their real-world identity.

The announcement from the crypto community, as many saw it as opposing the ideals of blockchain security and the decade-old mantra of keeping custody over one’s own keys.

Ledger responded swiftly, assuring customers that their seed phrases were safe and that the Ledger Recover program was opt-in. But the entire saga has led to a growing demand for open-source hardware wallets, which could enable the community to rule out any hardware or software backdoors.

Just a week later, Ledger announced that it was accelerating its open-source roadmap. But what does an open-source hardware wallet mean? What are the benefits? And crucially, are they actually securer than their closed-source counterparts?

What your hardware wallet isn’t

First, it’ll help to clear up some misconceptions surrounding hardware wallets.

Your wallet doesn't store crypto.

A lot of people think hardware wallets are used to store cryptocurrencies, but in reality, they’re used to store your private keys. All cryptocurrencies exist on the blockchain, and your private keys prove you own your tokens. This is why it’s important to keep your private key, well, private.

Your spare phone isn't a hardware wallet.

Hardware wallet manufacturing is complicated — and for good reason. People use these devices to secure millions of dollars worth of digital assets, and ensuring the safety of customer funds is crucial to building and maintaining a successful hardware wallet brand.

For this reason, various hardware wallet components are typically proprietary, meaning they cannot be purchased or inspected outside of buying a device and tearing it down. Some wallets even have built-in tamper protection to prevent this. Phones use far more accessible parts, making it a lot easier for an attacker to study and break.

Hardware wallets are not 100% secure

No device or software is completely invulnerable to attack. Accidentally interacting with a malicious smart contract can be catastrophic, and even the most secure wallet can’t protect you from rug pulls or phishing attacks. Hardware wallets are not digital bank vaults — they’re more like keys to a secure public lockbox. They’re a tool to help you store and access your assets securely and are only ever as safe as you are.

Will going open-source help?

If wallets were built with publicly available source code, mass individual audits could prevent malicious actors from getting their way — or at least that’s the claim. But manufacturing hardware wallets requires a lot more trust than one may think, and not just for the manufacturer.

Other businesses in the supply chain have reasonable opportunities to insert their own backdoors, and these devices have complex supply chains. Most hardware wallet companies rely on contract manufacturers, which tend to rely on supply chains originating in China.

Another supposed advantage of open-source hardware wallets is increased compatibility and greater community involvement in development. However, making code publicly available makes it easier for hackers to scour it for vulnerabilities. And since the wallet would be made using publicly available components, it would be easier for scammers to create fake wallets that can steal your funds.

Nicolas Bacca, co-founder and vice president of Innovation Lab at Ledger, told Cointelegraph that the biggest challenge facing open-source hardware wallets is creating a way for users to easily verify whether their device is genuine with strong guarantees. Most reputable manufacturers allow you to check the device serial number on their website to confirm its legitimacy. Would you trust every business in an open-source hardware wallet’s supply chain?

“It’s important to remember that an open-source hardware wallet will almost always rely on closed-source components,” said Bacca. “The only way to really know how secure it is is to try to break it and reverse engineer it.” With closed-source wallets, this isn’t possible.

“Until now no wallet has ever released firmware with a proven backdoor. If the firmware is open, it is scrutinized around the world. In closed-source wallets, that is never possible,” Vipul Saini, co-founder and chief technology officer of hardware wallet firm Cypherock, told Cointelegraph.

He believes that operations involving the generation and utilization of private keys should be made open-source. “That is where major backdoors, like kleptographic attacks and predictive random numbers, can be easily established,” he said.

This wouldn’t be noticed by code auditors since the backdoor could be inserted, while the code is being loaded onto the device.

Are open-source wallets the future?

As centralized exchanges continue their efforts to rebuild trust with the crypto community, people are being encouraged to store their coins in hardware wallets more than ever before. If the open-source movement gains more traction, the ability to verify that your device hasn’t been tampered with is critical, and this isn’t easy without an intermediary.

One solution is encouraging open-source hardware wallet producers to comply with the Open Source Hardware Association (OSHWA) criteria and obtain CERN’s Open Hardware Licence. But as examples like the 2008 global financial crisis showed, licenses and certifications can only guarantee so much.

From unclear incentive structures to restricted testing in predefined circumstances, it’s important to address the limitations of certification organizations. The movement could also lead to a stampede of companies capitalizing on the “open-source” buzzword, hiding their proprietary elements behind sub-standard certifications.

Closed-source manufacturers use proprietary chips to enforce strong root-of-trust guarantees, but what would a pure open-source wallet employ? The reality of the market is that security evaluations are more nuanced than a simple dichotomy of open source vs. closed source.

At the end of the day, consumers want the securest option that requires them to trust the least number of people.

In April 2022, a white hat hacker from Ledger’s security team a vulnerability similar to a backdoor in the seed generation of Trust Wallet, a Binance-owned open-source software wallet. With off-the-shelf chips, any party in the supply chain could modify the code that loads the bootloader, a critical part of ensuring the customer receives a device with genuine firmware.

“Given this limitation, it’s not possible to build a robust chain of trust for open-source hardware wallets, which considerably limits their distribution and safe use by the largest number of users,” he added. “The ‘many eyes’ paradigm doesn’t really work for security code, with the best example of this being the .”

“OSHWA helps provide proper labels, define and certify what is open hardware,” said Bacca, stating that it doesn’t help secure against attacks, but it’s useful to avoid dubious marketing claims. Bacca also mentioned a few existing vendors that to be open-source without having an open-source license, or with proprietary code with their open-source codebase.

This article first appeared in Cointelegraph, by

👛
caught
Heartbleed OpenSSL exploit
claimed
mixed in
Anupam Varshney
was met with heavy pushback
Wallet, Bitcoin Wallet, Hardware Wallet, Mobile Wallet, Private Keys