![]() I have not seen any proof that it was the case. And given how inexpensive some hardware wallets are, there is really no excuse to have hundreds of thousands or millions of dollars "on" a software wallet. That shows that so many people do not understand at all wallet security and the reason for using hardware wallets. Personally I would never have more than $100 "on" a hot / software wallet, even an opensource one. ![]() I just cannot believe that some people had enormous funds secured by Atomic Wallet. This is obviously something you cannot guarantee on any software wallets, even if opensource. > Atomic wallet always said your key never leave your wallet, ![]() The fact that a software wallet is opensource does not make them much safer, they are still inherently unsafe by nature. Hardware wallets are always much safer than software wallets because they make such exploits quasi impossible. the wallet app is installed or updated, it could be malicious or include some malicious code. on the computer or phone they run on) has access to their seed or private keys, either by breaking the encryption used to store them, or simply by accessing them during the brief moment they are decrypted, when a transaction is signed.Īnother reason (maybe used in this Atomic Wallet hack) is a "supply chain hack", i.e. Mixing Open Source code and a strong of root of trust with a smartcard platform brings the best possible protection for your assets - the smartcard guarantees the integrity of the running code, including protection against physical and supply chain attacks, and Open Source guarantees verifiability.Ītomic wallet is a software wallet, and all software wallet are, by their nature, unsafe, for several reasons: We plan to make it available shortly as part of our accelerated Open Source roadmap ( ) There's still some gap we need to fill here - the initial application you interact with when you boot your Ledger Device is not open source yet. And the integrity of the application code is guaranteed by the smartcard being hard to tamper. On top of that, all our applications are Open Source (see and our developer portal ) - when you run an application on a Ledger device, you can verify that the only way it communicates with the outside world is through the transport (USB, BLE) interface initialized by the application itself. ![]() We take extra measures against supply chain attacks by using smartcards, which establish a strong root of trust between the chip manufacturer and Ledger, and have over 40 years of history of being hard to tamper. Supply chain attacks are not really fixable by using an Open Source license - not for software if automatic updates are enabled on the platform (you'd see there's a problem but much too late, which is likely the case here) and absolutely not for hardware wallets you don't build yourself (you still depend on an initial code loaded by the manufacturer to load your own code) I don't think the root cause of Atomic Wallet hack has been published yet, but it seems more likely to be a well thought supply chain attack (attackers pushing a malicious application) than an exit scam. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |