Updated: Apr 6, 2019
It needs to be easier to use, it needs to be super secure and private, it needs to be accessible all the time and ultra portable.
It has been an interesting journey for us from when we got the bug for distributed ledger technologies until now when we are about to launch ExtoWallet. Our voyage began in 2016 when we started dreaming about digitizing cash for 3Bil unbanked, many of whom have adopted mobile payments but still rely on cash transactions due to network coverage issues and ubiquity. This is a different topic though and one we will get into when we announce ExtoPay which tackles this problem directly. Central to solving this problem was storing value off network in a tamper resistant fashion which involved identical requirements for implementing a Hardware Crypto Wallet. These requirements were: tamper resistant hardware and software that would provide for public-private cryptographic key management, secure transaction authorizations, trusted hardware which was immune to supply chain attacks, hardware and firmware design that was immune to malware or other attacks and most important ease of use. Our team is a motley crew of seasoned ultra low power semiconductor designers, image processing and biometrics experts, networking and cryptology experts and some who have worked on payment solutions in the past. All off us think we are UX guru's and though we have made great strides to make a small form factor card even have a user interface this still room to improve. Suffices to say that every aspect of this diverse team was required to develop Exto Wallet. We are excited to finally be ready to launch a pre-order campaign soon and engage and broaden the community of users and enthusiasts who have been helping us so far with feature requests. In future blogs we will peel the wrappers on ExtoWallt and begin showing you all how it works and why as our goal is to improve it with your feedback. In this blog though we want to focus on crypto custody.
Crypto Custody Trends:
BitCoin and other Distributed Ledger Technologies (DLT)s have made cryptocurrencies and other tokenized assets a revolutionary store of value. The attributes of such digital stores of value promise to enable tokenization of many other assets and put asset owners in a position of unprecedented control of their assets. Along with this control comes a significant custodial responsibility where convenient access for fast transactions and security have to be balanced by the holder; be it the individual owner, an exchange that holds assets on behalf of the owners, or some other 3rd party custodial service. There are varying needs by various constituencies ranging from “open money” advocates to institutional investors and some that are in between. ExtoWallet aims to improve security and convenience for all these constituencies.
Since the launch of Bitcoin early adopters would primarily manage their assets through self- custody via software wallets that secured the individual’s private keys on personal computers or mobile devices. These devices are a smaller target for malicious attacks but leave users vulnerable to phishing attacks, man-in-the-middle attacks, SIM swapping and other methods of stealing users private keys or masking their transactions through false user interfaces and sending transactions to addresses other than those chosen by users.
Users must maintain impeccable operational security habits to keep their PC or mobile devices clean from any malware. Many crypto owners have lost significant holdings falling victim to such attacks.
For self-custody asset holders, best practices have been to use hardware wallet solutions such as Ledger, Trezor and CoolWallet, which have shown users are less likely to fall victim to attacks. Yet these hardware wallets lack the convenience and immediate accessibility of mobile wallets, or are difficult to use due to limited input and display features. Their designs are not tamper-resistant and if physically lost or stolen, allow users’ private keys to be extracted through various methods demonstrated by ethical hackers.
Multi-signatures are a good means of securing assets but they are difficult to set up and have not been implemented well for everyday consumers.
Exchanges enable asset holders or their advisors to access trading and liquidity, but holding one’s assets on exchanges makes them a significant target of attacks that have led to multiple billions in value being lost. Exchanges don’t have uniform operational security standards and their custodial services are not regulated or audited like traditional none crypto asset custodians. Aside from server attacks, the users’ sign on to these Exchanges is another vulnerability, which many are attempting to address with hardware-based Universal 2nd Factor (U2F) authentication via standards like FIDO.
3rd Party Custodians
Institutional investors and tokenization of other assets besides cryptocurrencies which will invest via regulated advisors will require audited 3rd party custodians. Several 3rd party custodians have emerged for institutional and larger asset holders and offer higher security than exchanges. Many are audited and utilize air gapped and cold storage methods for securing larger asset holdings. However, accessibility is limited and slow due to use of such methods and most importantly they are not viable or affordable for smaller asset holders. New generations of 3rd party custodians are attempting to secure assets using hardware security modules, multi signatures, and biometrics by their employees and advisors to make such custodial services hot and connected all the time addressing the accessibility gaps.
ExtoWallet powered by Ethernom’s Biometric Smart Cards brings biometric/ multi-factor authentication security of an HW wallet to individuals while giving them an option for Multi-Signatures. It provides FIDO/U2F and options for partial self-custody for Exchange users.
Future integration with 3rd party custodians will provide for better accessibility without compromising security while offering a wider spectrum of advisor/ owner participation in multi-signature authorizations. We also aim to remove the need for self-custodians to store passphrase by enabling online back up services through high security 3rd party custodial services.
We will start sharing with you the details of how ExtoWallet works in our next post. Sign up and help us make ExtoWallet all you need it to be.