Oct 29, 2019
Crypto’s Box Of Pandora, & How To Keep It Closed
How To Protect Yourself Against The Biggest Threat To Your Crypto.
Note: Intended for reader level: beginner — intermediate.
1. The Box
We have all heard the mythological tale about the “Box” of Pandora. Greek mythology goes about narrating that Prometheus steals fire from Heaven, upon which Zeus — King of Gods — takes vengeance by presenting Pandora to Prometheus’ brother Epimetheus (their parents must have liked those last syllables). Unfortunately for Pandora, she can’t resist the urge of opening up the (literally translated) “jar” containing sickness, death, and many other unspecified evils. Closing the box as fast as she can, Pandora can however salvage one thing only to be kept safe in the box: Hope (or more pessimistically: deceptive expectation).
Well, here I am today to give you the bad news: the world of Cryptocurrencies actually has a Pandora’s Box of its own. I’m also here to tell you though that there is a solution. And no, I’m not Zeus (although he’s a friend of mine).
Great. So without further ado, I hereby present to you Crypto’s Box of Pandora: the online connection. As soon as you establish one, you are opening up all avenues for hackers to try and steal your crypto. The only thing a remote hacker needs is you setting up a line to a connected device, that same line through which the adversary can then try to attack you. We sometimes call those lines attack vectors. There are different degrees to which you can have that Pandora’s box open. It can be slightly opened, e.g. when using a relatively secure cryptocurrency hardware wallet with USB or Bluetooth. You can also have that box laying there wide open spreading allegoric crypto diseases, for example if you have all your bitcoin stashed on an online exchange.
An astounding example of a historic hack via USB is the Stuxnet virus, that spread unnoticed via USB flash drives, effectively circumventing “air-gapped” (=offline) USBs. The virus remained dormant in most computers, but when certain conditions were fulfilled, it “woke up”. In Stuxnet’s case, the virus came into action when it entered the isolated network of Iranese Nuclear centrifuges. It reportedly ruined almost one fifth of these centrifuges, even though these where kept as offline as possible, all because of the use of a perceived safe and very simple USB.
“Crypto Thefts, Scams and Fraud May Exceed $4.25 Billion for the Year 2019” — CipherTrace
2. The Private Key
But so what is the real underlying problem here anyway? What are these hackers trying to steal that you so persistently have to keep away from them? Good question. Glad you asked. Every crypto wallet consists of two things: a private key and a public key. You can consider the public key as your “address” or “account” on the blockchain. When you request a payment from someone, they will send the funds to your public key. The private key on the other hand, is the secret cryptographic password that grants the party who knows the value of the key, complete ownership of any funds on the associated public key. So if you have crypto on one or more public keys, it is imperative that you protect the associated private keys as much as possible*. Away from prying eyes, away from the internet where all sorts of eyes lurk. And maybe we can extend the metaphor with the internet itself as another mythological creature called Argus, supposedly some guy with around one hundred eyes. Now tell me I’m wrong: the last thing you want is having that individual eyeballing you with his one hundred eyes after you open the Box of Pandora, right? Especially if it concerns your crypto.
*To get a better understanding of why the private key is so incredibly important, read further here about the Private Key Paradox.
3. The Solution
Conclusion: keep your secret access key(s) to your crypto accounts offline. This means you don’t only have to generate them offline — if you generate them online, they have already been exposed and you are at risk — but you also have to keep them offline whenever you are signing transactions or managing your wallet in any way.
Now, just to point out a precarious situation: crypto exchanges generally have the Box of Pandora wide open. Yes, they are online. But even worse, they give you as a user a bunch of public keys, a password, maybe two-factor authentication; BUT: they do not give you ANY private key. They keep these to themselves. That is why there are so many exit scams. The exchanges simply have all the keys to everyone’s crypto. You as a user never really own any of it. You are merely a proxy to your own accounts, through your password. And that’s the dangerous thing about it: either these exchanges vanish from one day to the next, or they get hacked by somebody else, who then can steal your funds as they now have the private keys.
Therefore, again, you have to generate your private keys offline, and keep them there. This is however easier said than done today, as there aren’t many solutions available to help you with this.
Lucky for you, there is at least one solution. And it is called the NGRAVE ZERO. At NGRAVE, we have effectively pulled up an offline “WALL” between you and the online attackers. A wall that can’t be breached. And behind which your private keys are not only generated, but also protected during whichever action you undertake when it comes to managing your wallet.
More on that in the next blog post.
#StayCold
Ruben (CEO of NGRAVE)
PS: Don’t forget to clap and follow!
Follow our social media:
Follow Ruben’s social media:
