top of page
Writer's pictureinfo-custonomy

The Hidden Vulnerabilities of Hardware Wallets: The Urgency to Use MPC Wallets in Organizations

Updated: Aug 2, 2023





Hardware Wallets: A Closer Look at the Risks


Hardware wallets have become the go-to devices for many organizations due to their ability to store digital asset's private keys offline, ostensibly offering a secure method of storage resistant to online hacking attempts. However, recent events have put the security of these devices under intense scrutiny.


The cybersecurity firm Unciphered recently claimed to have hacked into the Trezor T hardware wallet. They allege to have used an "unpatchable hardware vulnerability with the STM32 chip that allows us to dump the embedded flash and one-time programmable (OTP) data." If proven accurate, this revelation exposes significant vulnerabilities in hardware wallets and could severely compromise the safety of digital assets stored within them. It’s a wake-up call to all organizations using hardware wallets for their digital asset storage. The key takeaway is that an attacker with physical access to the device could potentially exploit these vulnerabilities, leading to substantial financial losses and reputation damage.



The Promise of Multi-Party Computation (MPC) Wallets


In light of the inherent risks associated with hardware wallets, it's essential for organizations to explore more secure alternatives, such as Multi-Party Computation (MPC) wallets. Instead of a single key held within one device, MPC wallets decentralize the keys across multiple devices or parties. This system enhances security by creating a system where no single point of failure exists. Even if one device is compromised, an attacker cannot gain full access to the assets.


MPC wallets aren’t just secure, they are also user-friendly. They offer ease of use without compromising on the security aspect, an ideal combination for organizations. The flexibility of these wallets allows them to be adapted to various blockchain applications, making them a more versatile solution compared to hardware wallets.



The Imperative of Co-signing Services in Organizations


Most MPC solution providers, such as Custonomy, provide a co-signing service where they only allow the signing of transactions after pre-set company policies and approval workflows have been fulfilled. This adds an extra layer of security and compliance as each transaction sent from the MPC address must adhere to your organization's governance. It's a critical feature, providing assurance that collaborative procedures are in place within your organization, making it an excellent solution for hot wallet daily use.



The Market Demand for MPC Cold Storage Solutions


The rising market demand for more secure digital asset storage options signals the need for solutions like MPC cold storage. In this system, keys are decentralized across various offline hardware storage devices, each with a separate cold storage procedure. This decentralization process significantly reduces the risk associated with a single point of failure.


Moreover, the ability of these systems to perform offline signing pushes security further. Transactions can be signed in an offline environment, enhancing protection from potential online threats. Given these benefits, it's clear that an MPC cold storage solution is an absolute necessity for organizations managing cold storage, offering a seamless blend of security, efficiency, and governance.



Why Organizations Must Embrace MPC Wallets


In conclusion, the apparent vulnerabilities of hardware wallets mandate a shift towards more robust solutions like MPC wallets. Their inherent decentralized structure and the additional security measures they provide make them an absolute necessity in today's volatile cybersecurity landscape. The sooner organizations transition to MPC wallets, the better they can protect their digital assets and the interests of all stakeholders involved.

39 views0 comments

Comments


bottom of page