NGRAVE
Published in

NGRAVE

Crypto’s Box Of Pandora, & How To Keep It Closed

How To Protect Yourself Against The Biggest Threat To Your Crypto.

Pandora holding Crypto’s Box of Pandora with a Bitcoin floating inside.

1. The Box

We have all heard the mythological tale about the “Box” of Pandora. Greek mythology goes about narrating that Prometheus steals fire from Heaven, upon which Zeus — King of Gods — takes vengeance by presenting Pandora to Prometheus’ brother Epimetheus (their parents must have liked those last syllables). Unfortunately for Pandora, she can’t resist the urge of opening up the (literally translated) “jar” containing sickness, death, and many other unspecified evils. Closing the box as fast as she can, Pandora can however salvage one thing only to be kept safe in the box: Hope (or more pessimistically: deceptive expectation).

Well, here I am today to give you the bad news: the world of Cryptocurrencies actually has a Pandora’s Box of its own. I’m also here to tell you though that there is a solution. And no, I’m not Zeus (although he’s a friend of mine).

Great. So without further ado, I hereby present to you Crypto’s Box of Pandora: the online connection. As soon as you establish one, you are opening up all avenues for hackers to try and steal your crypto. The only thing a remote hacker needs is you setting up a line to a connected device, that same line through which the adversary can then try to attack you. We sometimes call those lines attack vectors. There are different degrees to which you can have that Pandora’s box open. It can be slightly opened, e.g. when using a relatively secure cryptocurrency hardware wallet with USB or Bluetooth. You can also have that box laying there wide open spreading allegoric crypto diseases, for example if you have all your bitcoin stashed on an online exchange.

“Crypto Thefts, Scams and Fraud May Exceed $4.25 Billion for the Year 2019” — CipherTrace

2. The Private Key

But so what is the real underlying problem here anyway? What are these hackers trying to steal that you so persistently have to keep away from them? Good question. Glad you asked. Every crypto wallet consists of two things: a private key and a public key. You can consider the public key as your “address” or “account” on the blockchain. When you request a payment from someone, they will send the funds to your public key. The private key on the other hand, is the secret cryptographic password that grants the party who knows the value of the key, complete ownership of any funds on the associated public key. So if you have crypto on one or more public keys, it is imperative that you protect the associated private keys as much as possible*. Away from prying eyes, away from the internet where all sorts of eyes lurk. And maybe we can extend the metaphor with the internet itself as another mythological creature called Argus, supposedly some guy with around one hundred eyes. Now tell me I’m wrong: the last thing you want is having that individual eyeballing you with his one hundred eyes after you open the Box of Pandora, right? Especially if it concerns your crypto.

*To get a better understanding of why the private key is so incredibly important, read further here about the Private Key Paradox.

3. The Solution

Conclusion: keep your secret access key(s) to your crypto accounts offline. This means you don’t only have to generate them offline — if you generate them online, they have already been exposed and you are at risk — but you also have to keep them offline whenever you are signing transactions or managing your wallet in any way.

Now, just to point out a precarious situation: crypto exchanges generally have the Box of Pandora wide open. Yes, they are online. But even worse, they give you as a user a bunch of public keys, a password, maybe two-factor authentication; BUT: they do not give you ANY private key. They keep these to themselves. That is why there are so many exit scams. The exchanges simply have all the keys to everyone’s crypto. You as a user never really own any of it. You are merely a proxy to your own accounts, through your password. And that’s the dangerous thing about it: either these exchanges vanish from one day to the next, or they get hacked by somebody else, who then can steal your funds as they now have the private keys.

Irish Cryptocurrency Exchange Bitsane exit scam of 246K users. NGRAVE blog exhibit.
Exhibit A: In June 2019, the Irish crypto exchange Bitsane pulled an exit scam on 246,000 users. The subtitle says it for us: don’t keep your crypto on an exchange. (source: TheNextWeb.com)

Therefore, again, you have to generate your private keys offline, and keep them there. This is however easier said than done today, as there aren’t many solutions available to help you with this.

Canadian cryptocurrency exchange QuadrigaCX losing access to all crypto funds on the exchange due to mysterious death of CEO.
It’s not only hackers you need to be afraid of. In February 2019, the CEO of Canadian crypto exchange QuadrigaCX mysteriously deceased. He was also the only one with the private key that gave access to all the funds on the exchange. As such, around $190M was frozen, never to be returned to the exchange’s users ever again.

Lucky for you, there is at least one solution. And it is called the NGRAVE ZERO. At NGRAVE, we have effectively pulled up an offline “WALL” between you and the online attackers. A wall that can’t be breached. And behind which your private keys are not only generated, but also protected during whichever action you undertake when it comes to managing your wallet.

The NGRAVE ZERO is a 100% Offline Crypto Hardware Wallet. Private keys are generated offline & never exposed afterwards.
The NGRAVE ZERO is a 100% Offline Crypto Hardware Wallet. It generates your private keys offline & never exposes them afterwards. The ZERO is immune to online attack vectors. The picture showcases the back-side of the device, with fingerprint sensor and camera. Learn More.

More on that in the next blog post.

#StayCold

Ruben (CEO of NGRAVE)

PS: Don’t forget to clap and follow!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
NGRAVE

We moved to our new blog! Find the latest articles at www.ngrave.io | The World’s Most Secure Cryptocurrency Hardware Wallet | #TheColdestWallet