Bankless - Ledger CTO on How NOT to Lose Your Crypto
Episode Date: February 28, 2023Charles Guillemet is the CTO at Ledger with a highly experienced background in cryptography and hardware security. In today’s episode, Charles walks through all levels of security. No matter if ...you’re just beginning your wallet security journey or if youre a veteran, this episode will teach you something new about all things crypto and wallet security. ------ 📣 MetaMask Learn | Learn Web3 with the Leading Web3 Wallet https://bankless.cc/ ------ 🚀 JOIN BANKLESS PREMIUM: https://newsletter.banklesshq.com/subscribe ------ BANKLESS SPONSOR TOOLS: 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://bankless.cc/kraken 🦄UNISWAP | ON-CHAIN MARKETPLACE https://bankless.cc/uniswap ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 👻 PHANTOM | #1 SOLANA WALLET https://bankless.cc/phantom-waitlist ------ Topics Covered 0:00 Intro 5:52 CTO of Ledger 8:35 Private Keys 17:25 Avoiding Bad Entropy 23:11 Private Keys & Seed Phrases 29:00 Mistakes Storing Seed Phrases 36:55 Securing Your Seed Phrase 45:00 Overengineer Wallet Security 47:55 Cold vs. Hot Wallets 54:22 Benefits of Hot Wallets 58:47 Smart Contract Risk 1:06:45 Allowances 1:11:30 Allowance Access 1:14:00 Blind Signing 1:18:00 Solution to Blind Signing 1:21:38 Resources to Learn More 1:22:22 Closing & Disclaimers ------ Resources: Charles Guillemet https://twitter.com/P3b7_ Ledger https://twitter.com/Ledger ----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research. Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Bankless Nation, welcome to this critically important episode of Bankless, where we are going to talk about your wallet and you.
How to set up a wallet and not lose all of your money.
What does it mean to securely store your own crypto assets in the world of Web 3?
And in order to tell the story, we're bringing on a security expert.
This is going to be an episode with Charles Giume, who is the CTO of Ledger.
He's got a background in cryptography and hardware security and overall knows all of the best practices to setting up your.
your private keys, your seed phrase, your hardware wallet, your hot wallet.
And make sure that when you put money into those things, that the money stays there and does the
things that you want it to as you navigate the wild, wild west of crypto.
As we all know, at bankless, we want people to be their own banks, but we are not naive at all
in that this is a big deal. It is a big deal to store your own money.
It is a big deal to self-custody assets.
It scares a lot of people.
It is intimidating.
And it should be because of how big of a deal it is.
But thankfully, we have people like Charles at Ledger and other teams working on the world of private key management to help us navigate the world of self-custody safely and securely so that we have all of the best that Web3 has to offer while while while while while while while while still not losing our funds.
We'll cover subjects in this episode like how to set up your seed phrase, how to set up your private keys, how to have and manage a cold wallet.
In what ways is it appropriate to have a hot wallet?
How should you have a hot wallet cold wallet system?
What about the entropy for creating a private keys?
What's blind signing?
What is transaction simulation?
How should I not get fished?
What are smart contract allowances?
And when should I be concerned?
And when should I be okay with it?
And overall, what is the future of wallet security and private key management as we
progress into the frontier?
So I hope this episode for all of you beginners out there who are still nervous about self-custody
and being your own bank, that this episode can give you some practical advice for how to do
that and also some peace of mind that this is actually the right way to go.
And for the veterans out there, there's still going to be some nuances and nuggets that you're
going to learn, I promise.
So let's go into this episode with Charles, the CTO of Ledger, and we are going to teach you
all about how to practice good private key management in this crazy world of Web 3.
Let's get into it.
But first, a moment to talk about some of these fantastic sponsors that make the show possible.
Cracken has been a leader in the crypto industry for the last 12 years.
Dedicated to accelerating the global adoption of crypto, Cracken puts an emphasis on security
transparency and client support, which is why over 9 million clients have come to love
Cracken's products. Whether you're a beginner or a pro, the Cracken U.S. is simple, intuitive,
and frictionless, making the Cracken app a great place for all to get involved and learn about
crypto. For those with experience, the redesigned Cracken Pro app and web experience is
completely customizable to your trading needs, integrating key trading features into one seamless
interface. Cracken has a 24-7-365 client support team that is globally recognized. Cracken
support is available wherever, whenever you need them, by phone, chat, or email. And for all of you
NFTers out there, the brand new Cracken NFT beta platform gives you the best NFT trading experience
possible, rarity rankings, no gas fees, and the ability to buy an NFT straight with cash. Does your
crypto exchange prioritize its customers the way that Cracken does? And if not, sign up with Cracken
at Cracken.com slash bankless. The Phantom wallet is coming to Ethereum. The number one wallet
on Solana is bringing its millions of users and beloved UX to Ethereum and Polygon.
If you haven't used Phantom before, you've been missing out.
Phantom was one of the first wallets to pioneer Solana staking inside the wallet and will be offering
similar staking features for Ethereum and Polygon.
But that's just staking.
Phantom is also the best home for your NFTs.
Phantom has a complete set of features to optimize your NFT experience.
Pin your favorites, hide your uglies, burn the spam, and also manage your NFT sale listings
from inside the wallet.
course a multi-chain wallet, but it makes chain management easy, displaying your transactions
in a human-readable format with automatic warnings for malicious transactions or fishing websites.
Phantom has already saved over 20,000 users from getting scammed or hacked.
So get on the Phantom Waitlist and be one of the first to access the multi-chain beta.
There's a link in the show notes, or you can go to phantom.com slash waitlist to get access in
late February.
Hey, Bankless Nation, if you're listening to this, it's because you're on the free Bankless
RSS feed.
Did you know that there's an ad-free version of Bankless?
that comes with the bankless premium subscription?
No ads, just straight to the content.
But that's just one of many things
that a premium subscription gets you.
There's also the token report,
a monthly, bullish, bearish, neutral report
on the hottest tokens of the month.
And the regular updates from the token report
go into the token Bible.
Your first stop shop for every token
worth investigating in crypto.
Bankless premium also gets you
a 30% discount to the permissionless conference,
which means it basically just pays for itself.
There's also the Airdrop Guide
to make sure you don't miss a drop,
in 2023, but really, the best part about Bankless Premium is hanging out with me, Ryan, and the rest of
the Bankless team in the Inner Circle Discord only for Premium members. Want the Alpha? Check out Ben
the analyst DGENPIT, where you can ask him questions about the token report. Got a question?
I've got my own Q&A room for any questions that you might have. At Bankless, we have huge things
planned for 2023, including a new website with login with your Ethereum address capabilities,
and we're super excited to ship what we are calling Bankless 2.0 soon TM. So, if you're
If you want extra help exploring the frontier, subscribe to Bankless Premium.
It's under 50 cents a day and provides a wealth of knowledge and support on your journey West.
I'll see you in the Discord.
Bankless Nation, I am here with Charles Guillaume, who is the CTO at Ledger with a background in cryptography and hardware security
before coming into the world of crypto. Charles, welcome to the show.
Hi, David. Nice to meet you. And thanks for having me today.
So, Charles, you have a tough job.
The world of crypto is a world of self-custody, being your own bank, going bankless.
This is one of the main core drivers as to how this world works.
The concept of private keys, everything that we talk about bankless, everything that we talk about in the world of crypto, comes down to do you own your own private keys.
It seems to be the center focal point of this whole industry.
So that you, as the CTO of a hardware wallet company, you have a tough job.
job. When you wake up in the morning, how does it, does, do you feel weight on your shoulders
to make sure that this world is safe? It's a good question. To be honest, I sleep pretty well
just because we are spending a lot of time and energy to do the things right. When you are
in security, you know that there is nothing like bulletproof, like impossible to break.
This is, this is not something that exists in the security world. But,
what you can do is always improve.
Security is not something static.
This is a journey.
And you have to make sure you implement everything possible
to always raise the bar for security.
And this is what we are trying to do at Leisure.
So Charles, we're going to walk through a number of subjects
in which we see beginners trip up with
when it comes to maintaining their own private keys.
I think people coming into the world of crypto,
they're used to not having options that might accidentally steal all of their money.
Like usually when they're navigating the Web 2 space, Venmo or Wells Fargo,
if they do something wrong, that's not a problem.
They can, there's somebody to talk to.
That's not the same in this world.
And so people sometimes get intimidated about having their own private keys
because that means that there are buttons that they can press that nuke their whole like savings
or send their savings to like the wrong person.
And so I want to make some content with you this morning, this morning that we're recording,
to make sure to educate people about all the choices that they need to make and if they are going to be their own bank.
You ready to get started?
Let's go.
All right.
So the three overarching categories, Charles, is a wallet.
How do I set up a wallet?
How do I maintain my private keys?
And how do I use this wallet in the world of Web3 in ways that are safe and secure and aren't going to be at risk?
So that's the first one.
And then we'll get into, okay, now that I have my wallet set up,
what are the risks of me using my wallet out in the wild?
And this goes into conversations of fishing.
How do I make sure I don't get fished?
And then also smart contracts.
And so, like, how do I make sure that the smart contract that I want to use is safe?
So these are the three overarching topics that we'll want to go into.
But, of course, it all begins with setting up a wallet, setting up your own bank.
And so the first very big, big and first very big.
point into this world is how does one safely establish a set of private keys?
We all want to be our own bank, therefore we need our own private keys, but we can't just have
a post-it note on the side of our computer that has what our private keys are.
How does one do this and why is this so important?
Yeah, key generation, this is an important piece.
Everything starts with that.
And self-custody means you own your crypto.
You are your own bank.
You don't ask the permission to anyone to spend your money to hold your NFT.
Like you are on your own and you are the power over your assets.
So everything starts with that because your cryptos are on the blockchain.
So owning crypto means being the only one to know your secret to have this knowledge
and to be able to prove that you own this knowledge.
And to do so in terms of cryptography, this is what we call digital signature.
With a digital signature, I'm able to prove that I know my secret key
without revealing any information about my secret key.
So this is why a secret key is very important.
And it's even more important for blockchain because of immutability.
If ever an attacker gets an access to my key,
he will be able to sign a transaction, drain my wallet,
And there was no central entity where I could complain and say, oh, that was not me.
I didn't want to do this transaction.
This is not something possible.
Right.
This is the difference between our private keys and Wells Fargo is this concept of immutability.
If you accidentally make a bad transfer with Wells Fargo, you can call them up and get them to reverse it.
If you make a bad transfer on Ethereum, it is immutable.
It is one way.
Exactly.
And this is a big paradigm shift.
And this is something everyone needs to keep in.
mind. So you have a big power, but also big responsibility, as someone famous said. But everything,
everything starts with key generation. So you need to make sure your keys are randomly generated.
That means randomly means several different things, but that means they have a high level of
entropy, like the zero and one of the bits that forms this private key must be evenly distributed,
let's say. And also that it's very difficult to guess them. The space for private keys is very wide.
It's two power, 256 bits. So this is something very, very wide. If you try to pick randomly a new key
every millisecond during several times the age of the planet, you won't be able to find mine.
The space is very wide. But in order to be sure, you're not. To be sure,
secret key is secure, you must be sure that it's generated evenly in this very wide space.
So this is something very important.
So can we just pause and I want to make sure I understand that?
Private keys, they're really, really long string of randomly generated characters.
And because there are so many characters like A through Z, zero through nine, it creates what
you're calling it and like an almost an infinitely wide possible.
set of private keys. There are more private keys than there will ever be need for that number of
private keys. Like every single, what you're saying is like if one human generated one private key
every single millisecond, that would still be an infinitesimely small number of private keys
in comparison to the whole possible set of private keys. But your point about emphasis on
random generation is that, okay, great, we have this massive, total possible number of private
keys that are out there. But if we're going to generate one, the way that we need to generate one
doesn't need to have patterns to it because then it would actually constrain the available,
the practical supply of private keys if there were nuances in how we actually devied,
derived the private key. Is that my understanding, this correct? Yeah, your understanding is
really good. You explain even better than me. So if your key,
generation is not good, is not evenly distributed.
And actually, it happened a few times in the past.
I remember the profanity tool.
Maybe you remember this tool.
This is a tool which is able to generate vanity address,
so address on lithium that starts with some zero.
And in order to do that, you just have to generate plenty of keys,
derive the private key in order to get an address.
And as soon as the address starts by the number of zero that you would like,
then it's a hit, you keep the seed, and that's your seed.
You can do that in a good way, in a secure way,
but the way profanity was implemented was not good,
because instead of generating keys, which are like 256 bits of randomness,
that was only 32 bits.
That was just a small bug in the random code generation in the cast.
Like if you know a little bit like a C language,
the cast is when you change the size of your type.
Let's forget about that, but just the space of keys was not 2 power 256,
that was 2 power 32.
And this space is very small, actually, with a good copy.
you can generate all possible proof-onity keys, and this is something that has been done, and a few wallets have been drained because of that.
I also have another story in mind, like BCI wallet. This one is a little bit old for OG, maybe they will remember.
And BCI wallet was using random.org as a source of randomness to create new wallet and new set of private keys.
keys and at some point random.org simply changed the API and when the wallet was requesting for a new random number, you obtained a 404.
So instead of having a good large number, you got four or four, four or four all the time.
So that was a big fail in the space because plenty of people were generating wallets with
404 as a C, which is definitely not a large quantum number.
Okay, so these are just two different stories about how people have tried to finesse some
private key generation in order to, for the first example, was for a vanity address.
Some people for funzies, they like to have their Ethereum address start with
0-0-0-0-0 for fun. And there are ways to generate an address, but if you're not careful, you
accidentally reduce the entropy that goes into this private key generation and you go from this
very, very secure space of almost an infinite number of possible private keys and an infinite
number of ways of deriving those private keys and it really just constrains it. And so the stories
that you're telling me now is really all about the mistakes that people have made with not allowing
enough entropy in the private key generation that makes it susceptible to outside recreation of those
private keys. Is that the takeaway message we should have? Exactly. And as soon as an attacker,
you understood the mistake, then you can simply generate seats and drain wallet because you know
the keys of your victim. And as a hacker, like you're not doing this one at a time. You have
written a bot that will do this extremely quickly and at very high scales, right? Yeah, exactly.
then as soon as you understood the issue,
it's just a matter of optimizing the code.
You can use GPU to be faster and faster.
But as soon as you know, the mistake, it's just a matter of time.
And an opportunity cost, like how much does it cost to generate all the skis,
how much money I can earn by joining this wallet.
And unfortunately, it's always on the hot-decker side
when there was this kind of vulnerability.
Sure.
Okay, so say I'm a brand new user and I just heard this story right now, how do I not fall into that trap?
How do I, if I'm using Ledger or the Metamask or any other wallet, how do I know whether or not I'm falling victim to bad entropy or not?
It's quite difficult to have good guarantees on the entropy of your seed.
I can explain how we are generating random number on the Jure products.
So we are using TRNG for true random number generator.
So inside our devices, like we have a secure element.
And inside this secure element, there is a dedicated piece of hardware,
which is called the TRNG.
And it's specialized at generating random.
And it goes through independent certification.
And there is a dedicated certification for random number generation quality,
which is called AIS 31 or EAL5 plus certification.
So long story short, that means does TRNG go through different statistical tests,
entropy model with some mathematical evidence that must be provided to the evaluator.
Also, on the hardware itself, there was some online test
because there was a risk that during the evaluation,
like everything was fine with the random number,
generator, but whenever you use it for any reason, it doesn't work properly anymore.
So there is a dedicated test that verify some basic properties about the TRNG when it runs,
and it allows to detect a potential defect.
And on top of that, we are adding some cryptographic post-processing retreatment.
So even if the entropy would be low from the TRNG, this cryptographic retreatment allows to
amplify the entropy
in case.
So when I say
that I think we have one
of the best setup in terms of
generating random keys.
But the problem I see
is you as a user
you have to trust us a little bit
when you do that.
I think it's the best idea to do that, like
trusting us by generating
your secret.
But if ever you don't
want to trust us, you don't have to,
because it's possible to import your own key inside the device.
Something possible also would be to generate a key on your device,
generate another key on something that you trust more,
and then simply exhort them and doing so.
You have the quality of randomness that is inside the secure element,
plus you don't really have to trust us.
This is something you can do.
Okay.
So is it true that with modernness,
wallet.
Definitely with Ledger,
and this is really the product
that Ledger's building is security
to the nth degree
to the point that the customers
don't have to think about it.
Would it be true that
with Ledger and other wallets
like Metamask,
like the entropy saw a problem
at the retail level.
If you're not doing anything crazy
is largely solved.
Yeah, totally.
When it comes to Metamask,
if you don't use the hardware,
because if you use Metamask,
I think it's a great product,
But it's not that great when it comes to securing your private keys.
So what you should do is using a ledger device and connected to Metamask
so that you have the great connectivity that offers Metamask
with the security provided by ledger devices.
Because if your keys is secured in Metamask only,
that means any kind of malware running on your browser or on your computer,
more generally, would be able to simply explain.
extract your seed.
And this is not something you would like.
And to your point, I don't really know how the seed is generated within Metamask,
if you generate it in a software manner.
And generally speaking, the computer are not that good to generate keys.
I think it could be acceptable, but storing them in your software wallet is not a good idea
from my standpoint.
Certainly.
And this gets us into the.
subject matter of hot and cold wallets, which I want to talk about a hot and cold wallet system,
but really just to tie a bow on this part of the conversation, you're saying that computers
are making a private key inside of my own computer is less secure versus like inside of a ledger
because ledger has that unique dedicated part of the hardware wallet that is meant to do this.
And so while computers are great, there are risks with doing it inside of a computer.
sometimes the entropy is not so great
or the verifiability of the entropy is not so great
and also you are connected to the internet
which is the big one
but there are benefits
of having a hotware wallet as well
and again we'll go into that
is there anything else you want to add
before we tie about on this conversation
no I think it's a great summary
so yeah first of all
generating your privacy on software
could be a little bit tricky
because there is no reliable way
and uniform way to generate
it's good secret on computers and it's the same for your mobile phone.
Even if on mobile is a little bit better because you can use a strong box on Android
and the key store on iPhone, you can leverage this for a kid generation.
And for storing them, definitely it's not a good way to do that.
Okay, so say I've just got my first ledger, I've written down these 12 to 20,
for words that come out of the ledger, which is your seed phrase.
Actually, can we talk about that?
There's the difference between a private key and a seed phrase.
And I think we need to unpack this before we go into the next conversations,
which is where do I write down my seed phrase?
What's the difference between a private key and a seed phrase?
The seed phrase is a human readable way of your master's secret, let's say.
And so it's a sequence of 24 words.
And there's 24 words directly to translate to,
a string of 0 and 1, of 256 such bits.
And from this seed, this phrase, we will generate different private key per blockchain
and per account.
So you have one master secret which allows to generate private key for every single account
and every single blockchain.
So this is the difference between this two.
Okay, so a master password. I really like that. 24 words, all human readable, words like fox, magic, elephant, like random words that are basic words. There's a list of 24 of them. How does that, how does those words actually come to create private keys and public wallets? Like, is there like an algorithm that pulls out these things out of the seed phrase?
Yes, there was an algorithm which is standardized.
So first of all, there's 24 words are taken from a dictionary of 2048 words.
Each word has a number and an index.
So if you take the first word, which is abandoned,
the index is 0,000, like 110.
And so you will get those 24 words, put it in a stream.
string way, like in a bit representation.
And then you have binary representation
of your master secret.
There was some redundancy at the end of your C phrase
just in case you miss type one word.
You can verify this.
Let's forget that.
And from this 24, this 256 bits master secret,
you will derive private keys
and to do so, we are using one-way function.
One-way function with the hash function, for instance.
And the idea is that from your seed phrase,
you can completely deterministically generate your private keys
for your Ethereum account.
But the opposite is not possible.
Like when you, if ever, you know your private keys,
there was no way to go back to your master secrets,
while the master secret to private key is.
is something possible with one-way function.
Okay, so my seed phrase will allow me to make and derive a list of private keys,
like almost, endlessly, an endlessly long list of private keys.
And then one of those, if I know one of those private keys,
I cannot go backwards to create the list of words.
It is a one-way only.
So if you know the private key, you don't know any of the other private keys
that your seed phrase will create.
You only know that one private key,
but your seed phrase will create any private key
that's dedicated by that seed phrase.
And also you said something that it also works
across any blockchain.
How does my seed phrase work on both Ethereum and Bitcoin
and Solana?
How does that work?
The difference is just the way of derivating
the Master Secret to different blockchain.
And then there was a dedicated field
in the derivation which specifies which chain you are derivating to
plus an other index which account.
This is the basic idea.
Okay, so my 24 seed phrase words are the entropy,
and then there is a unique derivation path using that same source of entropy
to a specific blockchain.
So like my 24 words, abandon, elephant, magic, spell, whatever,
these are not my words.
So that's just, that is just entropy.
And then you add this one more component, a derivation path,
and then you get entropy for Bitcoin and entropy for Ethereum,
entropy for Solana.
That's how that works.
Exactly.
Okay.
So, like, is every single character in a C-phrase word relevant?
Like, so for the word, I know that a word elephant is a word in this,
in this dictionary.
Does the derivation path or the entropy need every single letter in the word elephant or is they only need a few of them?
So as I mentioned, this is not really the letter which is important, but like each word correspond to an index in the dictionary.
So in elephant, what is important is not the fact that this is the E-L-E, no, no, what is important is the index of elephant within the dictionary.
Okay, so there's this common dictionary that the crypto world has.
has determined is the dictionary that we use.
And we can't add, we can't add or remove any words from that dictionary because it has to be
standardized.
So there's this like standardized dictionary that we use.
It's got a very large number of words.
And each word has like a specific serial number attached to it.
And then the ordering of those serial numbers creates all the entropy that we need in order
to be secure.
Exactly.
You said it very well.
Cool.
Awesome.
Well, you're walking me through this.
This is great.
Okay, cool. So now we've covered entropy. We've covered seed phrases. We need to write down our seed phrases because 24 words, it's not a super high number of words, but I mean, I can't remember 24 words of a specific order. So people usually write these words down. Yeah, don't try. We'll talk about why that's a bad idea. But people usually just write these pieces of, write these words down and then they store them somewhere. Can you talk about the mistakes or the mistakes that people make and what they should do in order to securely write down their words?
Yeah, definitely.
So the common mistake we see is like people want to digitize their 24 words.
And they are quite innovative when it comes to finding new way to digitize their 24 words.
Something that we see quite often is that they are taking a picture of the 24 words with their phone.
And when you do that, like you have inside your photo album of your Android phone,
there is a photo which contains your 24 words.
Maybe you have noticed,
but sometimes you install some random application
and they just ask you to grant access to your photo.
You say yes.
As soon as you say yes,
that means this application,
which is completely random,
can get an access to your 24 words.
And for an attacker,
it's very easy to put a piece of code
which will simply scan your photos
and try to figure out
if there is a list of 24 words inside.
So this is something trivial and this is already happening.
So there are some bots out there which are simply leveraging this very common vulnerability
trying to find if there is in your photo a photo of your 24 words.
So this is a common mistake.
Another one is to write your 24 words in an email.
So this is something that could happen also.
Like some people draft an email and put.
their 24 words in the email.
I don't know why they do.
They are doing that, but it happens sometimes.
And again, if there is a malware on your computer,
if someone has an access to your mail,
if there are plenty of ways to access to those 24 words,
or simply you want to write them down in your block note
or in any file on your computer, like all these cases,
if you do that, you end up.
up with the same security as if it was, if you were using a software wallet and, and this is,
this is completely not secure against like a malware. Right. And I think that, that is really the
punchline that it becomes the same security as a software wallet. So the takeaway here is that any
form of digitization of your seed phrase opens up your risks to the scale of the internet. The internet's a
hostile place. There are people out there in many different ways trying to snap some of your
valuable data or whatever. And so, like, there's a, there's a chasm that you cross when you go
from writing down your seed phrase with pen and paper to writing down your seed phrase on some
digital form that is connected to the internet. And so, like, there's almost like a binary amount
of difference where, like, one, it's like, oh, pen and paper, you're totally secure when it's
related to the internet because it's not on the internet.
Oh, did you write that down in the note section of your iPhone?
Did you email that to yourself?
Did you take a screenshot of that thing?
Did you store it in Google Drive?
Like, if you cross that chasm to having that on a computer, on the internet somewhere,
then like you're opening yourself to a long tail of risk that you don't even know how to account for.
Would you say this is accurate?
Yeah, definitely.
I think we have no idea of the potential of attackers.
I'm in the space, like in security space for a long time since I'm 12, I think.
And I saw the potential of attackers growing very significantly.
And now there was a market around the vulnerability.
Like you can buy and sell vulnerabilities.
And they are quite expensive now.
When I started selling vulnerability was not even a thing.
And when it started with the bug bounty program where the vendors got quite upset when people were publishing vulnerabilities.
And then they started to incentivize a security researcher to pay bounties and to give them vulnerabilities before publishing them.
And after that, we started to see some market around vulnerabilities.
And as of today, if you go on zerojum.com, for instance, this is a market where you can buy and sell critical vulnerabilities, and they are quite expensive.
For instance, I think the most expensive one should be zero-click and zero-day remote code execution on Android or on iPhone.
And I think it's around two millions.
And this kind of vulnerability allows, like, any attacker to get the full control of your mobile phone without you doing anything.
Like, this is the, this is the kind of vulnerability.
And these are, like, these vulnerabilities are sold, like, not every day because this one is quite tricky.
But very often, very often we see attackers leveraging this kind of vulnerability to simply to do money or to spy on people.
because this is often also related to government.
And with crypto, we are entering a new era where the opportunity cost is really interesting.
Like, if ever as an attacker, I'm able to drain all the wallets, all the software wallet of every single users in the world just by buying a vulnerability.
Like, then two million is nothing.
Like this is where we are entering with like with crypto and this security market.
pockets. Okay, so let me check a behavior that I have about myself with you. Sometimes I open up a
brand new crypto wallet just to experiment with it. And it makes me write down a seed phrase before I
get into the wallet. And then it tests me to make sure that I actually wrote it down. And so I take a
screenshot of that seed phrase because of out of convenience. And then I fill in the seed phrase because
it's testing me in order to open up the wallet. And then I can open up the wallet. And then I play
with it. And then that seed phrase is still in my photos. And I know that. But I'm not going to use
this wallet. I'm just testing this out. Maybe I'll throw like $10 in there to like try it out.
Like I'm, I'm okay, right? Like I haven't violated any rule if I know that I'm not going to
store a lot of large amount of money in that wallet. I think you said, you said everything.
If you are sure that like you won't put any valuable on this wallet, and when I say valuable,
that could be like monetary value,
but also like emotional value.
Sometimes you really like this NFT
because you have an emotional connection with it,
even if it's worth nothing.
If you are not in this situation,
if you are completely okay with losing everything that is on this wallet,
there is no debate.
You can be unsafe.
But you have to be very cautious,
not mixing up like your,
the wallet
for which you have
valuable on it and the
wallet test, which is two different
things. Okay, so
I've written down my seed phrase.
I've done a good job to do
it either through a ledger or a
source of entropy I know is secure
and I've gotten my 24 words
and they're written down physically on a piece
of paper. What do I do
with that piece of paper? How do I make sure my
seed phrase is actually secure?
On this, I
Always a little bit reluctant with giving an advice.
What is important is for you to question yourself.
Like, who?
Do you want to be the only one having access to these 24 words to your friends?
Do you also want your wife to be aware of those 24 words?
You have to question yourself.
What happens if my maid's...
finds there's 24 words.
What happens if someone comes at home with a gun?
Like should be in a position where I could give my 24 words.
Like this is about your OPSEC and your OPSEC is very personal.
So the first thing is to make sure that it's in a safe place.
Like not on your desk or otherwise like you are putting on your desk potentially a lot of value.
But you have to question yourself and to find out what is the best.
Opus sec for you.
Like if ever my ledger wallet
fails, like it's broken
because you have put it in a washing
machine. How long
do you need to recover
your wallet in
one new device?
If you're completely okay with
like your one week to do
that, maybe you
might be able to hide it
outside
of your house.
Maybe you would like to cut it into,
but I think there is different trade-off,
and I won't give you mine,
but I just try to give you what other question
you have to ask yourself,
and then you will be able to find out the best option for you.
So your answer to this question,
where should I store my seed phrase,
isn't actually an answer,
it's perhaps another set of questions,
which is, like, do you live alone?
If yes, do you want to be the only person in control of your private keys?
If yes, then, okay, I guess you can keep your private keys at home.
Do you have a roommate?
How much do you trust that roommate?
Like, how long have you known them?
Do they know that you have private keys?
Do you have a family?
Do you have kids?
Do your kids, might they accidentally find your private keys and not know what it is
and accidentally eat it because they're that young?
Who knows?
Do you have a dog that might eat your private keys?
You have a maid that comes and cleans your house.
and they are going to be next to your private keys.
Do you have a place, another home, another family member that's not where you live
and you can use their place to store your private keys?
Do you trust them?
So really your answer is to like, oh, you actually have to look inwards and start to answer
these questions for yourself more than you actually having a prescribed answer for us.
Exactly.
Also, you can take into account the scenario where your house gets fire.
What happens if it happens?
Like if your device and your 24 words are the only way to access to your friends and your house is burning, what happens for you?
This is the kind of thing you have to ask yourself.
And depending on your answer and your appetite to risk and your convenience and so on, you will have a different answer for storing your 24 words.
Okay, Charles, I want to run by.
this is actually a personal setup that I've had in the past and then I've changed it and then I've brought it back. So this is something I've done in the past where I have a ledger with me and I do not have the private keys for that ledger with me. I only have the ledger with me. And so like this makes if my, if the place where my private keys are goes and is lit on fires, has a fire and those private keys are destroyed. I only have.
the ledger, but then I would hear the news of that fire, and then I would transfer the money
from my ledger to a new set of private keys and I would be okay. Does that make you nervous at all?
If there is a moment in time where the private keys are gone from the world, but I still
have access to my ledger, does that make you nervous?
Not that much because you have a backup just because of this reason. If ever one of the
two backups is not, you don't have access to it anymore, that you have, you have, you have, you
another option. But maybe you would like to have another backup. This is always a trade of
what you are appetite to risk, what's your impact on the on the UX and so on. But maybe we could
mention quickly the plausible deniability feature we have on ledger devices. So you have this 24 words that
we were referring to before, but there is a functionality which is specified by the standard,
the B. 39 standard, where you can add an additional word.
Actually, it's a passphrase.
You can add a passphrase to your 24 words.
And this passphrase creates a completely new wallet.
And one idea is to use this functionality for plausible deniability reason.
So you have your 24-word wallet where you put like 10 bucks on it.
And you have this 25th word which create a new wallet.
And if ever someday someone threatened you to give all your wallet,
then you will show him your wallet containing only the 24 words.
And you will see, oh, there was only 10 bucks.
And maybe he will drain your wallet.
But it's a way to have plausible deniability because there was a hidden wallet.
Oh, that's really cool.
Okay, so let me run through this again.
So a seed phrase is 24 words.
but in the BIP 39 standard, which is the standard of how the dictionary standard that we were talking about earlier,
there is an additional mechanism to add a 25th word, which can be like a password, like maybe the normal password to your computer,
although not suggesting that.
And then that basically adds another word to the point where like all of the entropy is brand new again.
And so you have two wallets, actually.
You have the wallet that you need the 24 seed phrase words to get access.
access to. And that is your plausible deniability wallet. You put like a something in there just to
satisfy your attacker. And then the real wallet is those 24 words plus one more word, which you
might maybe keep in your head. And that is your actual wallet with all of your money. And so it's like
an extra secret key and lock to open up a much bigger safe rather than this dummy safe.
This is the right way to describe this? Yeah, you described it very well. And
with that you can you can think of like new setup to store your 24 minutes because like there
was there is new there was a new mechanism which allows more flexibility more optioned so this is
something you can consider but this is not something i recommend to new users because like it's
more for poor user because it can be a little bit confusing and so on so i for a new user i definitely
we recommend using the regular 24 weird seat phrase, storing it in a piece of paper in a safe place,
like keep it simple.
And then as soon as you get more comfortable with this secret with self-sovereignty and self-custody,
then the 25th real option can be considered, I think.
Okay.
Is it possible, Charles, to over-engineer a wallet security?
Have you ever seen someone like try and make a fort Knox and they accidentally like create a system that's too complicated and they lose their money?
Is it possible to overdo it?
Yeah, definitely.
This is why I start with saying this like newcomers shouldn't use this complex feature because I think it's more an advanced feature.
And like the kind of mistake you could do is the following.
You not you write back your 24 words on the piece of paper.
then you choose a strong passphrase for as a 25th word and you you you you don't write it down otherwise you defeats a little bit of the purpose you you try to remember it and you simply simply forget it and that's it you have completely lost access to your wallet forever so this is the kind of the kind of thing that could happen and also i'm thinking about
Luke Jr., the guy on the Bitcoin.
He overthrought, I think, his Opesex setup.
And I think it's easy to say this when he lost his money.
But I think sometimes it's more simple to use like off-the-shelf security solution
because there was a lot of investment and people we try to make it simple and secure.
on his hand, what he tried to do was really complex and he didn't want to trust anyone.
So this is a different set of constraints.
But at the end, it ended with the loss of his money, which is quite unfortunate, let's say.
Yeah.
Yeah.
So maybe to summarize, like, it is admirable to try and create a self-custody setup
that you built yourself because if you build yourself,
then no one, how can anyone attack it if you built yourself?
But I think the counter argument would be like the off-the-self solutions are,
there's a lot of investment into the product and the product is to not have any sort of vulnerability.
So also don't discount the value of an off-the-shelf solution too.
Yes.
If you want to do better than what we do, you are actually competing with,
a company of 800 employees, which is here for
seven or eight years, and which is formed by
like global specialist in security.
So you are competing against leisure when you are trying to do
your own security solution. Maybe you can do better, that's, it's difficult.
Okay, but the last subject I think we should go into
before we talk about some more virtual stuff like smart contracts and fishing is
a cold wallet, hot wallet system.
Can we quickly talk about how do you define a cold wallet,
how do you define a hot wallet?
And is it appropriate to have both?
And in what scenarios would you have both?
Yeah.
So I think the debate of temperature of wallet is a long story debate.
From my standpoint, I would define like hot wallet
as a wallet where you want to make plenty of transaction,
possibly like automatically, this kind of thing,
while a cold wallet is a wallet where you have more governance,
and when doing transaction takes more time.
So the cold wallet is a wallet where you will do typically very few transactions,
where a hot wallet will be a wallet where you will do more and more transaction.
And when you think about that, like exchanges,
have this mechanism, like out wallet and cold wallet.
Like when at the end, an exchange is,
an exchange has plenty of Bitcoin, plenty of Ethereum,
and stores maybe 90 or 95% of all this Bitcoin and Ethereum in a cold wallet,
that they typically don't do much transaction on it,
like maybe one or two transactions per week.
While they also have like 5% of their holding,
in a hot wallet. And the hot wallet is typically more, is doing plenty of transaction. When you are
funding Ethereum on an exchange, you are sending your money to a hot wallet. And when you are
withdrawing from the exchange, you are withdrawing from the hot wallet. And they are trying to make
sure they always keep the same threshold, 90%, 10%, something like this, because the hot wallet is quite
automatic, like everything is done automatically without any control and governance.
There might be some automatic heuristic to make sure that there was no one trying to
withdraw everything from the hot wallet. But it's essentially automatic because you don't
want someone to validate the transaction of you when you want to withdraw, like what is
from your favorite exchange. So this is the trailer they are putting
in place,
meaning the hot wallet is very automatic
with low level of security
because it's very difficult to have something
very secure with automated process.
While the cold wallet is more secure,
but with less transaction
and more governance around the use of the cold wallet,
typically they will say,
okay, the cold wallet can only do transaction
to the hot wallet,
like the weight list addresses.
And if they want to do transaction to another wallet,
they will probably need to gather five approval out of seven,
like this kind of thing that can be implemented at the wallet level for the,
for the cold world.
So this is how.
And quite often, like exchanges got hacked,
but when they got, this is only the hot wallet.
It happens quite often.
And they try to have insurance.
in order to cover or safe funds, if you are thinking about Binance, in order to cover the loss.
But this is something that happens quite often.
And if you want to do something quite similar with your individual experience in Web 3,
so as I was mentioning before, you have your holding, which is valuable for you,
whether it is an emotional value or monetary value that you put,
on your cold wallet.
And typically, you don't use often this cold wallet because this is your valuable.
This is your saving.
This is the NFT you like a lot.
So you just want to keep them secure.
So you put them in your wallet.
You have a long pincode.
You can even put this in a secure place because you don't need it quite often.
And also you want to do some digital things on NFT, on Defi, with a smaller portion of your wealth.
And it can involve some blind signing, which I strongly don't recommend to do that.
And for that, you might want to have a second wallet, but I still recommend using a hardware wallet device for a hot wallet where you will pay less attention to the transaction you sign, to the transaction you sign, to the approval, the allowance that you put on your NFC or ERC.
And if you want to do some defy, DGEN thing stuff, I would recommend splitting both wallet and do what I mentioned.
The worst that you could do is to mixing what you want to be cold with what you want to be hot.
If you do that, the big risk is to sign a transaction where you are drained from everything from your wallet.
But it was a little bit long answer, but I try to explain a little bit of difference between you.
No, I think that's great.
I think really the TLDR is, again, the world of crypto is being your own bank.
So you should think about your wallet set up as like a bank.
And a bank has a vault in the back that's hard to get to.
And then they have like tellers in the front or like a cashier in the front.
and if a bank robber comes in,
your setup should be that they can really only get to the hot wallet first
and they can't get to the vault in the back.
Ideally, they can't even come in.
But if they do get in,
they only can access the funds in the cashier.
They can't access the funds in the vault
because the vault is behind a door.
And so think of your hot wallet as like the cash in the cashier's like teller desk
and then your coal storage as like all of the money that's in the vault
and it's way harder to get to.
But Charles, you said something in that description that I want to unpack a little bit.
You said exchanges or cold wallets often only ever send money to the hot wallet, not other things.
And this is actually something that I think Kevin Rose is now doing, now that he got fished because of his NFTs.
There's like this idea of if you do have a cold storage wallet, if in order to be maximally secure, that cold storage wallet should only ever say,
send funds to and from a single other hot wallet.
Can you explain the benefits and why people do this?
When you do that, you are sure that the only transaction that you will sign from your
code wallet is a simple transfer, which is always well supported by our wallet.
And when you do a transfer, there was no much risk on your wallet.
There was no waste.
You understand everything from the beginning to the end of the transaction.
You send this very NFT to this very address.
You verify everything on the device, and then it arrives on your hot wallet.
And then you will need probably to create some allowance
because you want possibly to sell it on an open-see or this kind of thing.
But when you start to do that, you might sign like off-chain transaction,
you might sign a complex smart contract interaction.
Sometimes they are not always well supported by the device,
but it won't have any impact on your cold wallet
because the asset is not on your cold wallet anymore,
but it's on your hot wallet.
I think it's a good way to, a good practice to do that.
Uniswap is the largest on-chain marketplace
for self-custody digital assets.
Uniswap is of course a decentralized exchange, but you know this because you've been listening to bank lists.
But did you know that the Uniswop web app has a shiny new Fiat on-ramp?
Now you could go directly from Fiat in your bank to tokens in Defi inside of Uniswap.
Not only that, but Polygon, Arbitrum, and Optimism, Layer 2s are supported right out of the gate.
But that's just Defi. Uniswap is also an NFT aggregator, letting you find more listings for the best prices across the NFT world.
With Uniswap, you can sweep floors on multiple NFTs,
and Uniswop's universal router will optimize your gas fees for you.
Uniswap is making it as easy as possible to go from bank account to bankless assets across Ethereum,
and we couldn't be more thankful for having them as a sponsor.
So go to app.uniswop.org today to buy, sell, or swap tokens and NFTs.
Arbitrum 1 is pioneering the world of secure Ethereum scalability
and is continuing to accelerate the Web 3 landscape.
Hundreds of projects have already deployed on Arbitrum 1,
producing flourishing defy and NFT ecosystems.
With a recent addition of Arbitrum Nova,
gaming and social daps like Reddit are also now calling Arbitrum home.
Both Arbitrum 1 and Nova leverage the security and decentralization of Ethereum
and provide a builder experience that's intuitive, familiar, and fully EVM-compatible.
On Arbitrum, both builders and users will experience faster transaction speeds
with significantly lower gas fees.
With Arbitrum's recent migration to Arbitram Nitro,
it's also now 10 times faster than before.
Visit Arbitrum.io,
where you can join the community,
dive into the developer docs,
bridge your assets,
and start building your first app.
With Arbitrum,
experience Web3 development
the way it was meant to be.
Secure, fast, cheap, and friction-free.
How many total airdrops have you gotten?
This last bull market had a ton of them.
Did you get them all?
Maybe you missed one.
So here's what you should do.
Go to Earnify and plug in your Ethereum wallet,
and Earnify will tell you,
if you have any unclaimed airdrops that you can get.
And it also does poaps and mintable NFTs.
Any kind of money that your wallet can claim,
Earnify will tell you about it.
And you should probably do it now because some air drops expire.
And if you sign up for Earnify,
they'll email you anytime one of your wallets
has a new air drop for it
to make sure that you never lose an air drop ever again.
You can also upgrade to Earnify premium
to unlock access to airdrops that are beyond the basics
and are able to set reminders for more wallets.
And for just under $21 a month,
it probably pays for itself with just one air drop.
So plug in your wallets at Earnify and see what you get.
That's E-A-R-N-I.
And make sure you never lose another air drop.
And so this conversation is getting into the world of smart contract risk.
So we're beyond the risk of private keys and beyond the risk of like how is our wallet set up.
And now it's the risk of smart contract wallets.
And so many people, the way that they build their NFT portfolio is they have an NFT vault.
and that vault is just for long-term storage of their NFTs.
And importantly, they never actually sell NFTs through the vault.
If they want to sell an NFT, they send that NFT to the hot wallet.
And that hot wallet then in order to make a sale has to go to something like OpenC or any NFT marketplace.
And it has to give that NFT marketplace permission to move that NFT because that's how a marketplace works.
So if you want to sell your NFT, you have to give a marketplace permission to move it in the event of a sale.
But then you're starting to open up that wallet to the risks of allowances is the word you use, allowances.
And so you want to ideally contain all of your allowances to a single wallet so that when you know that you send your NFT back to your cold storage wallet,
your cold storage wallet hasn't made any allowances.
It is literally a vault.
And so you can use that vault word appropriately and not like a vault but with 17 different backdoors into it.
And so that's that's kind of this setup.
Is this all right?
Yeah, definitely.
The way I like to think like security and this is something I always keep in mind when we build new products and so on.
Like there are three main security properties that we want to fulfill with our solution.
The first one is like kid generation.
We talked about that like in a secure area.
by a secure TRNG.
Then whenever you want to sign transaction,
like the cryptography must take place within the enclave.
Like the secure key,
the key must never leave the enclave, basically,
since the second property.
And the third one is, as a user,
you want to be able to have a human-reliable way
to understand what you are about to consent.
And for that, first of all,
we have the trusted display on our,
devices, you have a dedicated display which shows you what you are about to consent.
And this is really important because if you blindly sign for any transaction, maybe you
will simply transfer your NFT, but maybe some smart contract will drain all your wallet.
This is something you have to keep in mind.
This is very important.
So for that, we have the concept of clear signing.
So first of all, this interaction happens on the trusted display of the device.
But secondly, the idea is for the device to be able to understand what it is about to sign.
And for that, this is what we call the smart contract interaction.
So we have developed some framework allowing to a different data to be integrated within the Java
and to be able for the device to understand what it is about to.
to consent. But sometimes it's a little bit more tricky, and this is where allowance and access
permission comes. So basically, allowance and or access permissions allow a third party to have
the right to perform transaction of a certain amount of your tokens, with ERC20, or directly to your
NFT. And all of this is possible without giving the privacy of your wallet. This is a, you don't
to give your privacy, but you give a smart contract to a third party permission to access to
your part of your wallet, whether it is your EST 20 or a specific NFT.
But this is always, this always must be handled with care because, for instance, as you were mentioning,
when you interact with a secondary NFT marketplace, you will need to allow the marketplace to access to
a certain NFT.
And then you will do off-chain signatures.
This is how OpenC is working.
So off-chain signature is a regular signature as for transaction.
But the difference is it's not committed on-chain directly for various reasons.
But I think it's a good...
The transaction is signed, but it's not broadcasted.
So you sign a message and then you give it to OpenC and OpenC just holds on.
to it for a little bit.
Exactly.
So for OpenC, this is quite simple.
You will sign a transaction, a message saying, I'm okay to sell on my NFT for this amount.
And a buyer will see your listing on OpenC and will sign a message saying, I'm okay
to buy this NFT for this amount.
And then you have to sign message and you bundle this message in a big, in a, in a
in the smart contract interaction, in an Ethereum transaction,
and you submit this on-chain,
and the OpenC smart contract will say,
okay, there's two things match,
so it's possible to do the exchange.
So this is how OpenC work schematically.
But the problem is with off-chain signature,
they are vulnerable to what we call in security talk to,
like time of check and time of use.
Often when you enforce some governance, you want the governance to be applied whenever you check it.
When it's off-chain signature, you check something at some point in time that might be executed a long time after.
So maybe in the past you wanted to sell your NFT for 0.1 e and you forgot about it, but an attacker get this signature.
and a long time after,
buys your punk for 0.1 East.
This is something which happened for OpenC in the past.
So this is first an issue,
and I think this design is driven by the fees.
We would like to do everything on-chain,
saying I'm listing my NFT on-chain.
I'm okay to sell it for this amount,
and I'm okay to buy it for this amount.
All those messages should be on-chain and published to everyone.
But OpenC is not doing that because of the price of fees for Ethereum.
And I think it's a bad practice.
And we are in a point where we have this DAPS which builds interesting application
and they decide to enforce part of the rules of chain.
But this is not the purpose of blockchain.
Blockchain must enforce the rules.
This is the purpose of blockchain.
This is the purpose of our smart contract.
And I think we should spend more energy on like solving the scalability challenges for Ethereum,
including fees and associated fees rather than building non-secure experiences on L1.
So I think this kind of design shows us that we are targeting like
short-term revenue opportunity,
rather than thinking long-term.
Because if you think long-term,
what needs to be solved
is the fees and the scalability of Ethereum
and not this kind of hack
which leveraged L1.
That would be my two-scent about us.
Yeah, and this is really all about
just the way that OpenC and other NFT platforms works
in order to save and route around extra gas fees
is that you sign a message
saying I approve of this NFT being sold given these parameters and then you give that
transaction to OpenC and they just custody that trend that that that note for a long time and
maybe you set the time parameter on that it's like and this transaction is valid for indefinitely
and so like all of a sudden you have this outstanding note that you've given to OpenC
and they custody that note and you've given up control over that thing and so there
There's other various instances where something like this might happen,
but this is all boiling back to the world of allowances.
And so can we just go back to the concept of allowances
and talk about how people need to think about allowances
and the wallet that they use doing their high activity,
high-t touch, high-frequency, defy, NFT stuff?
Yeah, so again, allowances and access permission
that allows a third party
that could be OpenC
that could be Compound
For instance, when you do
lending or borrowing on compound
you provide your grant access
to compound to compound
to use your funds
which are your ERC20
which are in your wallet.
When you use OpenC
and you grant OpenC
you approve, you sign an approval
to OpenC
like OpenC will have an access
to OpenC smart contract, more specifically,
will have an access to your NFT to do a transfer.
We think it's okay because everything is defined
in the smart contract of OpenC.
So you can, if you are tech savvy
and you have time, you can verify what is in OpenC
smart contract and understand in which condition
OpenC can use your NFT.
But yeah, the department is.
The problem is that when you do that, an attacker can leverage this allowance in order to buy your NFT for a cheap price, for instance, and so on.
So that's why I think it must be handled with care.
And if you don't need to sell your NFT, if you don't need to do anything with your NFT,
there is absolutely no reason to grant allowance to anyone.
But you must revoke every single approval that you have on your NFT and on your ESC20 if it's the case as well.
And there was a website called revoke.com, which allows you to list all your assets and to check which one is, for which one there was an allowance and so on.
And because allowance are on-chain signature.
Okay, so I want to check my understanding about this.
So again, going back to first principles, we get to be our own bank.
We have our own highly secure bank vault that we are setting up.
We're doing a good job setting it up because we're doing proper entropy, proper private key storage, all the things that we've talked about so as far.
But we now, okay, so now we have this vault that's super secure that has our money in it.
But we want to go do some defy things.
So we will go to Compound, like you said, and we'll allow Compound, which is a smart contract to access a specific token in our wallet.
And so we've created a door into our vault, and that door goes to compound and gives compound allowances over certain tokens in our wallet.
Now, I want to unpack the difference here because sometimes we can give allowances that do a very narrow set of things that are probably completely safe and secure, as in giving allowances to compound smart contracts or maybe even a more simple smart contract than compound is not really adding any new risk.
because the contract itself has only a very narrow set of things that it can do.
And it's not actually, it's provably because of what's in the smart contract not going to steal from you.
As in like, it can only do a very small set of things and all of those things are we are totally okay with.
And there's no third party human who can change that.
And that's just, but that is just one smart contract.
There's another world where like we approve and give allowances to another smart contract.
And that smart contract is totally vulnerable.
and can totally be changed and the rules can change.
Can you help us unpack and navigate
what the difference is between giving smart contract A
versus smart contract B, how one can be secure,
how one can be vulnerable?
Can you guide us through this conversation?
Yeah, this one is difficult, difficult to answer.
But what you said is totally correct.
Like giving allowance is not bad per se.
Sometimes you need it to access to compound.
Sometimes you need it to sell,
your favorite NFT to OpenC.
My message is more, if you don't need it, don't allow anything.
There is no reason to open a window.
Like, don't need it, don't grant access to anyone.
And when it comes to like selecting the different smart contract
and understanding what smart contract and what kind of access you would like to give them,
it's a little bit difficult.
So first of, reputation is something that you could,
you could take into account.
When you use compound,
you can trust compound, I think.
When you use uniswap,
you can trust you uniswap.
And so when you sign this
kind of allowance, this contract
can be trusted.
When it's a completely new
smart contract that has
been deployed like yesterday,
maybe you should
think about that.
So maybe it's not
that good.
Also, when you
when quite often this is like fishing like some people ask you to contact you by DM
and they simply ask you to sign this indirectly to sign this very message or to do this
allowance to this smart contracts but I think like again there was some signs like people
reaching out to you asking you to do something maybe it's a little bit fishy also there was
something I say quite often like when it's when it's
When it seems too good to be true, maybe this is the case.
Maybe it's too good to be true.
And this is something I keep in mind quite often.
Because almost all the time, like fishing people are just making you think that you will earn more money than usual.
And then you get tricked and then you sign a transaction that gives full access to a smart contract,
which is held by the attacker simply.
So, yeah, you will be to do, you will have to be cautious
and to question yourself, keep calm.
This kind of thing I think is important in this wild west.
Charles, I think the last question I want to ask about
is a phrase that you used earlier, which is blind signing.
What is blind signing?
Why is it bad?
And how should people think about blind signing in order
to maintain safety in Web 3.
For me, blind signing is simply signing a message without understanding what it means.
When you do that, maybe you are about to do a very good trade and it's good for you,
but maybe you are giving away all your holdings, like all your holding.
This is possible.
This is something possible.
When you blind sign, maybe you grant access to a malicious contract to all your wallet.
to all your Ethereum wallet,
and the smart contract will simply empty all your wallet.
So this is something you have to keep in mind.
When you blind sign, you are taking a lot of risk.
So going back to our previous conversation,
if you're blind sign,
you probably should do that on a hot wallet
where there is only what you are okay, ready to lose
if there is an issue.
Don't do that with your main wallet.
Because if you do that with your main wallet,
you might lose everything.
So I personally, I'm almost never blind sign.
Like for me, this is always a big issue, like signing something.
I don't understand completely.
But if ever I do, I do that with a completely new wallet.
And I'm like, if ever I'm, if ever it goes wrong, that's not a big deal because,
because this is not valuable NFT.
This is the way we should see it when you blind sign.
So I would say like I think most of people's activity in like doing defy stuff is blind signing.
As in like when they go and maybe I need to understand what blind signing is a little bit more.
But like say I've just opened up a brand new wallet.
I go to app.uniswap or uniswap.com or uniswop.
Which is the URL.
And then I just immediately give allowances to spend my USDC.
And it goes to Metamask.
I hit approve.
It goes to my ledger.
And I just hit approve.
because I've done this a thousand times before
in different wallets. Did I just blind sign
on you to swap? Is that what I just did?
It depends what is written on your device.
If you do that this way,
I don't know if you have a clear signing on your device.
But for instance, if you go on parasywap,
I'm sure of power swap,
and you are using your device
and you are about to trade, like to exchange
one Ethereum against
one red USDT, like 1,000 USDT.
On your device,
it will be written like you are about to swap one Ethereum against 1000 USDT.
You appear with that and then you consent.
But if you only have a hash to sign, like this is a complete blind sign.
If you have the address of the smart contract plus the amount involved,
then you can be sure that there is only this amount that it is, it is, it is, it is,
that is at risk.
So it's a little bit less blind,
but you don't understand fully what is about to happen
because you don't really know what kind of method
of the smart contract is called.
So between blind signing and completely clear signing,
there are plenty of shade of gray.
And our target, us at Leger,
is to provide as much information to the user
so that it can consent
in an informed way.
And this is not something easy.
That's why we have built platforms
that are in DAPS to make sure
their interaction are well supported.
But I think the DAPS ecosystem
grow faster than the different interaction, I would say.
Yeah, and this is really a multifaceted solution space,
as in there is no one clear solution to blindsigning.
But I would imagine maybe a couple of solutions
that come off the top of my head are hardware wallets that have larger screens so that we can
put more words on them so people can read more words. But then also transaction simulation is a new
frontier in this world where we need systems to help simulate a transaction so that the output
of the transaction we're about to sign for can be displayed to us so that we can understand
what that outcome is. So those are the first two like solutions that I'm sure are non-trivial
to work on. Are there any others? And just overall, what is there your philosophy on how we solve
the blind signing problem?
I know, it's a good segue because we are working on both. We are working on the feature
which will be called Web3 Check. So we are working on Ledger Connect. Leisure Connect will be an extension
and mostly iOS first and Safari after allowing you to connect your device to Safari and iOS.
And with Leisure Connect, you will have a feature called
Webthrough Check.
And Web3 Check will implement various heuristic in order to give you an idea of the risk
that you could take signing this transaction.
Also compute predictive balances and so on.
This is the kind of feature that will be implemented in Web3 Check.
This is the first thing.
And the second thing, having a device with a wider screen with better UX, this is also
something we are working on.
It's more than working on.
We have announced it at Leger Open and it's called Leisure Stacks.
And finally, there is the support at the operating system level of the smart contract interaction.
And for that, we have, what we did so far is to open our stack, our technical stack and allow different data to implement their interaction within our Aethium app.
But then it's a matter of doing it.
making sure the developer ecosystem is, as everything it needs to actually implement these features in our ASEM app.
Beautiful. Charles, thank you so much for walking me through so many of these subjects.
Are there any other subjects that we haven't touched on that listeners should definitely know about
when it comes to maintaining security in Web 3?
No, there are pleasure.
I'm sure this list can go on and on and on.
Yeah, this is an infinite subject.
But I think we have covered most of the important thing, like kid generation is something very important.
Second, like making sure that your secret never leaves the enclave, like the second feature.
And the third one, which is the most complex one, how as a user you can understand what you are about to consent,
like the clear signing plus trusted display.
Those are the important things.
And also different good practices with hot wallet, cold wallets, good practices.
Also, we touch a little bit on allowance.
Again, don't give allowance if you don't need to.
Maybe you might want to revoke them.
Don't ever share your 24 words.
And think about your OPSEC for storing your 24 words.
I won't give you my OPESC, but you should think about yours.
That would be my summary in one minute.
Charles, thank you so much.
If people are looking to learn more about these subjects,
do you have any resources or any top of the rabbit hole,
top of rabbit holes that people should go down?
We have a podcast series on ledger, which is on the ledger.
This one is quite interesting.
There are plenty of educational content.
And yeah, there are plenty of resources online.
Stefan Levera, I like what he does a lot also, very oriented in Bitcoin, but quite interesting as well.
What else?
Yeah, there are plenty of things online, which is good quality, and bankless is one of them.
Of course, listen bankless.
I appreciate that.
Charles, thank you so much for helping me guide some of these crypto-newbies down the rabbit hole of security in Web3.
It's a crucially important topic.
So thank you for everything that you're doing over at Ledger to make this easy.
for us.
Yeah, thank you for having me.
Cheers.
Bankless Nation, you know the deal.
Risks and disclaimers.
ETH is risky.
Crypto is risky.
DFI is risky.
Managing your own private keys is risky, but it's also why we are here.
You could lose what you put in.
We are headed west.
This is the frontier.
It's not for everyone, but we are glad you are with us on the bankless journey.
Thanks a lot.
Hey, we hope you enjoyed the video.
If you did, head over to Bankless HQ right now to develop your crypto investing skills
and learn how to free yourself front of you.
to free yourself from banks and gain your financial independence. We recommend joining our daily
newsletter, podcasts, and community as a bankless premium subscriber to get the most out of your
bankless experience. You'll get access to our market analysis, our alpha leaks, and exclusive
content, and even the bankless token for airdrops, raffles, and unlocks. If you're interested in
crypto, the bankless community is where you want to be. Click the link in the description to become
a bankless premium subscriber today. Also, don't forget to subscribe.
to the channel for in-depth interviews with industry leaders, Ask Me Anythings, and weekly
roll-ups where we summarize the week in crypto and other fantastic content.
Thanks everyone for watching and being on the journey as we build out the Bankless Nation.