“Ask-Me-Anything” Transcript with Veronica Wong, SafePal’s CEO
The AMA is transcribed from the live event in Harmony’s Telegram on the 18th of October. The questions were requested and put forth by the Harmony community members in real-time! The questions were answered by SafePal’s CEO Veronica Wong!
SafePal earlier has announced integration with Harmony Protocol blockchain and its native ecosystem token $ONE. Currently, there are three open initiatives for Harmony community members- unique discount code for acquiring your S1 Hardware wallet, a giveaway of 10 S1 Devices, and the #HODL & Earn campaign rewarding those who will stake $ONE with up to 10% additional tokens!
AMA Session is Live!
Thanks for joining us for today’s AMA session with SafePal’s CEO, @Veronica520. SafePal is the first hardware wallet to full support native ONEs and we will be entering today’s session on wallets, safety, security, and BinanceLabs.
Don’t forget there we will be giving away $150 worth of $ONEs and a branded wallet, which can be won just by tweeting your question and tagging our official account on twitter, @harmonyprotocol
Thanks for joining us, Veronica.
NOTICE
This group may be muted intermittently to give our guest room to answer questions. If you find yourself suddenly unable to post a question, just PM any of the admins and they will relay the query here
Sonny | Harmony CM
To kick off with our first question, @KoenApps wants to know if there are there any plans to enable the use of HW wallets on binance.com CEX?
Veronica Wong | SafePal CEO
SafePal is already integrated with Binance DEX in late July, enabling all crypto users to hold and trade on DEX with a SafePal wallet. :)
Sonny | Harmony CM
@EtienneR sent us a question earlier and wanted to know if your code was audited (severally) and if the result(s) can be shared
Veronica Wong | SafePal CEO
Good question. We are now working with a prestigious security team from EU to audit the codes, the project started a few weeks ago so I’m afraid there isn’t much to share right now. Before we launched the project, we’ve worked with 3 security companies in the hardware+software penetration on the hardware wallet and the App. For your reference.
Sonny | Harmony CM
Speaking of security, @Micabytes has a checklist of questions they want addressed chief amongst which is how safe is safepal and if you describe how its security works?
Veronica Wong | SafePal CEO
Yes I appreciate all questions related to security. I think that is why SafePal is here and why it’s so special.
SafePal S1 adopts multi-security-schemes, including:
1) Communications: it adopts encrypted QRcode communication. There is no USB cable, bluetooth, NFC, WiFi or any other radio frequencies inside.
2) Dual-chip architect: S1 is embedded with dual chips, one of which is a EAL5+ secure element, solely for the protection of private key.
3) True random number generator: this is a mechanism to make sure the private key is indeed random and unique.
4) Multiple sensors: including but not limited to voltage sensor, light sensor, frequency sensor and etc. Once there are according attacks (such as brutal attack) detected, the self-destroy mechanism will be initiated and the private key and asset details will be erased.
More security details can be found here: https://docs.safepal.io/security-features
Sonny | Harmony CM
@KoenApps is back again and he’s asking “I’ve seen some services at the time of sign-up see ask questions to make the user aware of safety / scams. (Genre “if someone claiming to be from our project asks to send money, will you”.) Only after 5 correct (& explained on mistake) sign-up is allowed. Is this something you will consider? Are there any other initiatives that you would take to raise general awareness on safety / scams?”
Veronica Wong | SafePal CEO
Thanks for the pin-pointed question. Yes one of our long-term vision is to raise the awareness of common crypto users and guide them toward a more sophisticated future of keeping their own money safe.
We are now trying several directions(welcome to suggest more if you find any other thing useful):
1. #SAFE101 article series: sharing practical tips and suggestions when it comes to keeping your own money safe;
2. Strong guidelines in the product user interface. users hints like “Do not send A coin to a B address” can be seen in many places in the SafePal S1 and SafePal App, reminding all users to be aware when they are transacting or trading their crypto
3. Some other campaigns such as “Security master awards”, awarding those novice users who can master the most knowledge out of crypto custody(still under designing)
Sonny | Harmony CM
@ItsBhaskar wants further clarification on the claim that “SafePal requires no internet no NFC” and wants to know how transactions are approved. He also wants to know if desktop support will be provided
Veronica Wong | SafePal CEO
Great question. This is the most frequent question being asked by new users coming to our community, about “what do you mean by no internet nor NFC or something like that”.
When we are talking about SafePal wallet, there are two parts in it: 1) The SafePal S1 hardware wallet(a credit-card shaped device) and 2) the SafePal App.
The S1 device is for keeping your private key safe and signing each ‘going-out’ transaction, while the SafePal App will be responsible for creating a transaction/order, broadcasting onto blockchain and drawing data off the blockchain, etc.
Veronica Wong | SafePal CEO
When you need to send some money, you will need to create the transaction on the App, sign it with the S1 device, and then the App will broadcast the transaction on blockchain.
Veronica Wong | SafePal CEO
The App and the S1 device ‘talk’ via encrypted QRcode.
https://www.youtube.com/watch?v=5eRPAlEcp2s
Sonny | Harmony CM
Following up on this, @VoIodymyrZV also wants clarification saying “I saw one line on your website “Self destroy & Key Erasing Mechanism” protecting your assets from any hacking, so how does it work and What is the concept of this mechanism in protecting funds and how this happens without any connectivity on Safepal S1 wallet?”
Veronica Wong | SafePal CEO
Since there is no internet, bluetooth, NFC, WiFi antenna or other radio frequencies adopted on SafePal S1, then S1 is immune from online attack or a long-distance attack. Other than these types of attack, S1 will still face with short-distance attack such as brutal attack(cracking the device open and read data from it), bootloader attack(attack from the firmware), and other similar attacks. These attacks will require the attacker to physically hold the device and initiate such hacking techniques.
Inside the S1 wallet, there are multiple sensors detecting all malicious attacks mentioned above. Once detected, these sensor initiate lock-down mechanism and informing the secure element to initiate self-destroy mechanism. The secure element, which holds the private key, will erase all key data, preventing the hacker from getting hold of the seed.
Sonny | Does Not PM/DM
Speaking of firmware, @josectheone wants to know If this is an off-line wallet how can there be added new coins in the future, by firmware updates or will be needed to replace the actual wallet?
Veronica Wong | SafePal CEO
SafePal S1 supports firmware upgrade, so users will be able to upgrade and add new coins by upgrading the device with new firmware. We put a lot of security considerations onto this part, including but not limited to:
1. Security suffix: it’s a combination of 3 characters(letters and numbers) used to prevent attacking scenario where someone besides the user resets the hardware wallet without the owner noticing it.
2. Downgrade limitation: SafePal only supports firmware upgrade rather than downgrade, thus to protect any potential attacks from the lower version.
3. Secure upgrade procedure: SafePal S1 is embedded with a firmware verification program that examines the genuineness of every uploaded firmware. And the device only runs official firmware released through SafePal official website. If there is any malicious firmware loaded to the device, the device will show warnings.
https://docs.safepal.io/security-features/software-security/firmware-security
Sonny | Harmony CM
Still on security, @C10NU7 says “I know the crypto chip is smart and top security but, is there any reason to worry when you download the free app for IOS or Android phone, i mean isn’t there a small possibility to get a malware if the app is compromised and your device it will be destroyed”
Veronica Wong | SafePal CEO
Interesting question.
1) SafePal App is only available on Google Play, App Store and official website. We strongly recommend our users to download from legitimate resources.
2) Even if the App is composed, it won’t be able to create a valid transaction nor to decrypt the encrypted QRcode from the S1 hardware wallet, thus putting no threat on the crypto assets. S1 and the App use our own-designed signing mechanism.
3) There is a 1.3' IPS screen on the SafePal S1. Users will be able to double-check every transaction on his/her own wallet, preventing any faking transactions.
Sonny | Harmony CM
Security really seems to be a hot button topic for our community with @VoIodymyrZV saying “As you are using EAL 5+ FINANCIAL GRADE CHIP IN S1 WALLET so please explain the unique and important features of the ship in terms of security and funds?”
Veronica Wong | SafePal CEO
Rescued response: There are many details to talk about regarding the secure element(SE). I’ll pick the following as the most important ones:
1. The qualification of EAL5+: . EAL is widely adopted to evaluate whether an IT product or system can provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction). It is also widely adopted in the financial industry, where most of the debit cards and credit cards are using EAL4+ standard, one level lower than EAL5+.
2. Multiple sensors rooted inside the SE: a long list of such sensors can be found here: https://docs.safepal.io/security-features/hardware-security/independent-crypto-element
3. Self-destroy mechanism: which was mentioned above.
4. Others: such as RAM protection, BUS encryption, algorithm authentications. Detailed descriptions can be found in the link attached.
Sonny | Harmony CM
Getting back to @Micabytes, they want to know what cryptocurrency SafePal can support as of now?
Veronica Wong | SafePal CEO
Sonny | Harmony CM
@redrose2 wants to know if you plan to launch community voting for list coin on hardware wallet?
Veronica Wong | SafePal CEO
All currencies supported by SafePal can be found on our website. www.safepal.io.
For now we are supporting 3–6 blockchains each month. What’s more, we encourage the community to vote for their favorite cryptocurrencies. Each month we will pick the top 1–2 most popular currencies and add them in the coming version.
The 1st round of September voting has been announced on the blog.
Sonny | Harmony CM
Still on community event, @AMLCU says “Is there any plan/program to put a bounty for people to hack or find vulnerabilities in SafePalS1? Don’t you think that would help improve your product?” he also follows up with “It seems Safepal S1 can be the ideal secure interface for Defi, services, is there any plan to offer those services & products directly from the wallet (without the app)? Or that would comprise the security of the wallet?”
Veronica Wong | SafePal CEO
For the first question: Yes a bounty program is under discussion and organization. We will surely keep everyone posted. We rely on the feedback and power from the community. Security is an endless war, and a bounty program is a must-have from where we can grow stronger.
For the second question: Since SafePal is a decentralized wallet, it is indeed a perfect match with DeFi. We have been considering this direction, and also we’ve been paying close attention to the progress of Harmony because DeFi and NFT are also their scoops of range. Right now, though, the focus will be more on security enhancement and multi-currency support. We will surely come up with new features when our users tell us to.
Sonny | Harmony CM
@KlAnEK wants to know if the wallet will support cold/smart contract staking and if it also supports cryptocurrency forks.
Veronica Wong | SafePal CEO
I missed one questions from here, about the desktop. To be honest desktop is not in recent dev plan because what we mean to provide is mobile crypto management service. Will surely consider if many users come to us asking for this feature.
Veronica Wong | SafePal CEO
yes we support forks. It simply takes some time to go with developmental work.
As for staking, yes it’s planned but not coming soon. Because per mentioned we will focus on security and currency support first. Staking would come after that.
Veronica Wong | SafePal CEO
Don’t think there is a rush to publish every trendy feature because we prefer to build a solid foundation first.
Sonny | Harmony CM
The self-destruct feature is of keen interest to @KoenApps, who says “if there’s a self-destroy feature, are the funds recoverable in some way by the genuine user ? (Regardless if it was an attack or if the device simply got damaged Because if no recovery option, there’s an entirely different attack : purposely make someone lose their funds”
Veronica Wong | SafePal CEO
Great question. So long as you hold your correct mnemonic phrase, you can recover your assets from a new SafePal S1 wallet anytime.
Veronica Wong | SafePal CEO
If an S1 hardware wallet is lost, we usually suggest the user to recover the wallet with his/her mnemonic phrase on a new wallet, and then move all the money to a new place directly.
Veronica Wong | SafePal CEO
That’s why we sometimes suggest our users to buy 2 S1 wallets, for cases like this.
Sonny | Harmony CM, @sam_cryptotrader also has a security-based question saying “As Hardware wallets are Electronic Devices, So, How SafePal Hardware wallets Prevents Scripting and auto-authorising Viruses or screen mirroring from Hardware device ?”
Veronica Wong | SafePal CEO
The S1 hardware wallet is 100% offline. Cyber attacks won’t be effective on it. Scripting, auto-authorising viruses will require internet access to the device at least. But on S1 there isn’t such a problem.
Veronica Wong | SafePal CEO
It’s the same difficulty of infecting a computer without internet cable with online viruses .
Sonny | Harmony CM
@chiliua starts off with a compliment saying “Hi! Looking at the relatively low price of a SafePal, I can say that you’re somewhere breaking the stereotype that a quality thing should be expensive. Not that I’m complaining about it, no))…but how reasonable is the SafePal price? How did you achieve it and what is your future pricing strategy? Thanks!”
Veronica Wong | SafePal CEO
Thanks for the insightful question. We didn’t talk about pricing strategy much, but indeed the $39.99 retail price reveals our ambition to break the stereotype of ‘low price is equal to low quality’. We think a reasonable price is a guarantee that enables more crypto users to access a better and safer solution. We will be keeping the same strategy in the long run.
As for how we achieve it, it’s mostly related to our background. Our hardware team is led by experts with over 15 years experience in hardware design, development and production. We know every detail of building a great hardware with a reasonable price. In our last hardware project, we successfully sold our products to over 50 countries globally. That’s a strong foundation. We are not starting from 0.
Veronica Wong | SafePal CEO
For example we brought at least 10 hardware wallets in our office. I have to say the BOM cost of many of these wallets are 1/10 of their retail price, sometimes even lower…
Veronica Wong | SafePal CEO
while the security level might not be ideal as we expected.
Sonny | Harmony CM
Following up on the above, @Micabytes is asking if the availability of the wallet is worldwide and how much is the cost of the device.
Veronica Wong | SafePal CEO
SafePal S1 is available on Amazon and our homepage www. safepal.io . We are opening up local sales channels in global countries so you will be seeing local retailers selling SafePal soon. The retail price is $39.99. And you can enjoy free shipment worldwide if you buy 2 or more.
Sonny | Harmony CM
@ObaCrow wants to know if there will be another wallet in the future like an “isafe2”
Veronica Wong | SafePal CEO
Sure thing. One of our business philosophies is that” there won’t be ONE perfect product fitting all types of users”. We will be developing various product lines fitting different types of users. Welcome to stay tuned!
Sonny | Harmony CM
@josectheone is back with a question about biometric sensors like fingerprints and if the company is looking to integrate such features into sending transactions down the line
Veronica Wong | SafePal CEO
We discussed about this way back in 2017, and decided not to adopt it for several reasons:
1) The power consumption of adding this feature will be ridiculously high. The charging cycle will be much shorter, which could be painful for daily use.
2) Fingerprint is not equal to security, to be honest. If you google, you can easily find Samsung cellphone being hacked via fingerprint service. We are much more cautious about this part.
3) Cost of this feature is also another consideration, but not as important as the 2nd reason.
Veronica Wong | SafePal CEO
Building a secure and enjoyable hardware wallet means to balance among hardware, software, power control, cost and more factors like them.
Sonny | Harmony CM
Back to @Micabytes, who now want to know what the special features or advantages of SafePal from its competitor are
Veronica Wong | SafePal CEO
Depends on whom you are comparing to.
For software wallet, the advantage of owning a hardware wallet is quite obvious. SafePal is decentralized, so we are not managing your money nor running away with your crypto. SafePal S1 is offline and adopts multi-layers of security architect, so no one is going to mess around your assets.
For other hardware wallets, SafePal S1 stands out with its unique communication mechanism(encrypted QRcode), attractive user interface(sign with a simple scan, etc), reasonable price line($39.99), and most importantly advanced security level(per described in above messages).
Sonny | Harmony CM
@VoIodymyrZV is curious about the partnership and investor ecosystem, asking “What you think, why BINANCE and Binance Labs invested in your platform and how you are seeing this partnership in long-term success and adoption for Safepal in the crypto community?”
Veronica Wong | SafePal CEO
Binance and Binance Labs have invested in many blockchain segments, such as layer 1, layer 2, security team, dapps and so on. I think the wallet is a market segment that a blockchain giant like Binance cannot miss, because it’s the direct entrance to blockchain ecosystem, with the great potential of connecting unlimited services built in the ecosystem. I think Binance invested us mostly because 1) Both parties share the same long-term values. We are user-oriented and want to build tangible solutions rather than giving a fancy presentation; 2) We are not starting with 0. We have a proven track record in hardware and software. 3) The segment of crypto custody faces a lot of pain points and challenges, and we are the best solution to solve them.
Veronica Wong | SafePal CEO
We are working closely with Binance team and bring the community with more surprises. Meanwhile, we are clear that user-orientation is our core spirit. We will strongly attach our value to the user feedback and community consensus.
Sonny | Harmony CM
We are now down to our final two questions and they are (after screening so many others):
Sonny | Harmony CM
The first is from @VoIodymyrZV who is asking “One question regarding the shipment of product — How they are maintaining the security of product during the shipment …is there any service partnership with any courier facility for better transportation of SafePal wallet ?”
Veronica Wong | SafePal CEO
No, we didn’t consider such special carrier facility because, regarding different customs policies in different countries, we have to choose according to logistic partner for different destinations;
Actually the root of this question is that we should build the product strong enough against these supply-chain-attack scenarios, rather than relying on
the protection of any external power.
For such attack scenarios, we have built a device authentication mechanism into the wallet. Once the user receives the wallet, he/she would have to take a few steps to authorize and activate the device first.
Veronica Wong | SafePal CEO
Intro of it here: https://docs.safepal.io/security-features/hardware-security/device-authentication-mechanism
Sonny | Harmony CM
And the final question goes to @KoenApps, who asks “What do you perceive as the greatest problem/threat to blockchain security? And how would you mitigate it ?”
Veronica Wong | SafePal CEO
I think there are 2 threats that we should pay attention to:
1) The problem of centralized services
In the blockchain world, once you entrust your crypto to a centralized third party, that’s no different from mining a bomb for yourself. We have seen way too many cases like this. The cumulative crypto losses due to centralized exchange hacks in 2017–2018 have reached $882 million.
2) User’s awareness of security
It would be surprising if I tell you that most of the crypto losses are due to human factors. Even if blockchain technology puts the right of assets back to people’s hands, not everyone is educated or knowledgeable enough to manage their own crypto assets.
Veronica Wong | SafePal CEO
For the 1st question, SafePal is a decentralized wallet. We don’t get hold of user’s assets.
Veronica Wong | SafePal CEO
For the 2nd question, I think that’s a common problem that each blockchain company should try to tackle. I personally would suggest establishing a “Blockchain Security League” between these companies, sharing all the security knowledge and know-how of teaching novice users to manage their crypto assets in the right manners.
Sonny | Harmony CM
And that’s a wrap folks!
Our most sincere thanks go to @Veronica520 for gracing us with her presence and accommodating us into her busy schedule. We also want to thank the community for tuning in and making this event quite the action-packed ONE!
And we’re still accepting questions. Feel free to PM us or tag any admin here
Veronica Wong | SafePal CEO
Thank you to Harmony community. It’s a pleasure to join and answer all these insightful questions.
