Brahma Wallet: New Generation of Decentralized Wallet

In the blockchain domain, one of the hot issues besides the technology itself is investing in cryptocurrencies. The risk of investing in cryptocurrencies not only comes from the market but also the risk of managing your assets. However, the Wallets in the existing market are not a completely open source and not completely decentralized. The Wallet is closely related to the user’s asset. There is a growing demand for a completely open source and fully decentralized secure Wallet.

First of all, it is important to understand the basic concept of the Wallet. A cryptocurrency wallet is a management tool for the keys (public and private keys). It stores the public and private keys which can be used to receive or spend the cryptocurrency. Ethereum is an open-source, public, blockchain-based distributed computing platform and operating system featuring smart contract (scripting) functionality. The current mainstream Ethereum wallets include imToken and MyEtherWallet.

MyEtherWallet is a popular web-based wallet for storing and transmitting the cryptocurrency ether (ETH). It is an open source project with no database behind it. It stores no information. All wallet private keys and passwords are held by the user. Even if the MyEtherWallet website is out of service, everyone can use their private key to retrieve their ETH and tokens from other wallets.

Never the less, under this situation, there are still potential risks in MyEtherWallet. On April 24th, MyEtherWallet suffered a DNS attack. The hackers hijacked the domain name system registration server and redirected MyEtherWallet’s users to a phishing site. This directional technology originated ten years ago is to destroy the Internet’s routing system. So what exactly is this DNS hijacking attack?

DNS is the abbreviation of Domain Name System. It is a core service of the Internet. It is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. DNS attacks can be divided into DDOS attacks against DNS servers and DNS hijacking against users. For the simple example, originally you would like to visit Brahma OS’s website at https://www.brahmaos.io/. After you enter the domain name, it will be returned to you by facebook’s server IP, then naturally you go to the facebook page. In terms of the process, DNS hijacking starts with the hijacking of the DNS. For example, the DNS server address in your router is modified to be a malicious DNS server. Then the hosts file can be modified. If you want to resolve the IP of https://www.brahmaos.io/, the system will first access the hosts file to see if there is an associated binding. When the system detects that the domain name in the hosts file is not resolved, it will be sent to the local DNS server for parsing. Before the parsing, the cache will first be checked for existence. If not, the parsing request will be sent to the next DNS server. After the results are returned, the result of parsing the domain name is saved in the cache to facilitate the next parsing. Finally, the mapping relationship in the DNS server cache is modified, which is also known as cache poisoning attacks.

The main problem of MEW is the DNS hijacking attack. This is related to the service guarantee and browser security of the MEW itself. Will the same situation happen on Brahma Wallet? The answer is no.

Brahma Wallet’s goal is not to involve any centralized server, and does not require services such as DNS domain name resolution. Brahma Wallet will not steal or transmit any keystore, private key, mnemonic, and other information in the user’s wallet over the network. Users can directly look at the source code, package, and install, and verify accordingly.

Recently, Brahma Wallet has improved the display of account information, and can back up the wallet by exporting the private key and keystore file; the transfer experience is also optimized. A smart contract for acquiring token lists and token queries was published on the Rinkeby test network. Wallet Logo and startup pages have also been updated. Now it has been able to support the switch between Chinese and English versions, support the switching of the main network (mainnet) and various test networks (Ropsten, Kovan, Rinkeby, INFURAnet, etc.), hoping to bring a better experience to users in the near future. More information can also be found at Brahma Wallet’s GitHub source address: https://github.com/BrahmaOS/wallet

We hope that users of Brahma OS no longer have to worry about finding a secure wallet. The built-in Brahma Wallet is better able to adapt to the system. For users, the most important thing is security and privacy, and one-stop management of digital assets. Brahma OS provides a platform and will build a good ecosystem for the development community and DApp developers.