I don’t click on any links. I’m safe, right?
Softwallets, also known as online wallets and hotwallets such as Metamask, Coinbase and Blockchain.com, are used by many involved in the crypto space for a variety of different reasons and tasks. But do they offer the ultimate in security when it comes to storing crypto assets?
The simple answer is - no, they don’t, as they are located either online or on connected devices such as laptops and smartphones. These days connected devices can be hacked with relative ease.
Pegasus spyware developed by the NSO Group exploit vulnerabilities in Android and iOS devices. This spyware monitors all activities of the device over time and infiltrates personal messaging within SMS, WhatsApp, Signal and phone conversations. The malware extracts personal information stored in software wallets on devices and are thereby able to access the crypto within the wallet.
However, “zero-day” and “zero-click” attacks are not limited to Pegasus spyware. “Zero-day” attacks are where spyware is planted surreptitiously in an app unknown to the spyware producer/vendor using a vulnerability in the app software. “Zero-click” attacks are where software vulnerabilities are exploited without requiring the target to click on a link.
A combination of the two above methods can give a hacker almost complete access to someone’s computer or smartphone. The general notion that if one avoids clicking on hyperlinks within suspicious emails one is safe from being hacked is an obsolete concept. Whilst softwallets are required for various tasks in the crypto space, they are certainly advised against for longer term storage of crypto as these are Web3 digital assets based on Web2 devices.
How does a Ledger hardware wallet protect my assets?
- Hardware Wallets are offline: Hardware wallets, also known as cold wallets, are offline devices i.e. not directly connected to the internet via smart devices that can be accessed by malware. This inherently provides a layer of protection.
- Ledger Wallets protect against malware by design: Ledger Wallets sign for transactions independently. The cryptographic private key never leaves the device i.e. they are never sent to or exchanged with the the app, web page or exchange during a transaction.
- On-device authentication of every transaction: In softwallets, transactions are authenticated on smart devices, which can be accessed by malware to obtain passwords and seed phrases or swap/ modify addresses. In Ledger hardware wallets, every transaction is authenticated and signed for by the owner within the hardware wallet itself, independently and offline. So even if a hacker has access to the victim’s computer, a hardware wallet provides maximum security against loss of digital assets.