Hardware wallet startup NGRAVE embodies the entrepreneurial crypto journey. It incorporated a series of major technological breakthroughs into an all-in-one custody solution.
The security of crypto assets is an enigma. A litany of exchange hacks and fraudulent scams have marred one of crypto’s most salient characteristics – self-custody. Cypherpunk ethos saturates the industry built on maxims like “don’t trust, verify” and “trusted third parties are security holes“, but achieving the holy grail of secure asset management remains elusive.
According to CipherTrace, a renowned cybersecurity and blockchain forensics firm, fraud, hacks, and other crypto thefts have already totaled more than $1.3 billion so far this year. The formidable number comes despite many striking technological breakthroughs in the industry, and if the trend continues, 2020 could be crypto’s most laden year of thievery to date. But there’s a caveat worth distinguishing: the sums of funds stolen from hacks and thefts are on the decline, while fraud and misappropriation continue to grow. Why?
Many users may still neglect good security practices, like leaving funds on third-party wallet apps or exchanges. Still, the underlying security of hardware wallets and cold storage solutions are improving. Pair those advances with hard lessons learned in asset management practices by exchanges (e.g., conditional transfer models), and that $1.3 billion in stolen assets doesn’t seem so surprising.
If anything, it proves that marginal increases in security technology and best practices of exchanges are forcing malicious parties to become more creative. As a result, they’ve turned their attention towards large-scale Ponzi schemes (e.g., PlusToken), cutting-edge DeFi swindles (like recently with Balancer Labs), and age-old confidence scams.
But it wasn’t always this way, as NGRAVE CTO, Xavier Hendrickx, will tell you first-hand. Back in the wild west of crypto, which many early participants consider the years encircling the Mt. Gox days, hackers were much bolder. Their targets? The biggest exchanges and largest liquidity pools of user assets.
Security was at a premium, and everyone knew it.
Victims of Multiple Hacks & the Spark for a Solution
The Mt. Gox hack is an infamous event in crypto lore where hackers absconded with more than 850K BTC in 2014 from the eponymous exchange, worth around $7.8 billion at the current Bitcoin price. The scale and severity of the attack was a wake-up call for a middling industry of hobbyists and early crypto enthusiasts. Back then, ASIC mining was in its infancy, the Ponzi scheme BitConnect wouldn’t be launched for another three years, and Mt. Gox was handling over 70 percent of BTC transactions globally.
Hendrickx entered the crypto scene in 2013 amid Mt. Gox’s reign among the few available exchanges. A year later, he was one of the many victims of the Mt. Gox hack. Like a bad trade or failed business, losses from hacks are the type of stark lesson that sticks with you, and you grow and learn from them.
For Hendrickx, his loss didn’t deter him from furthering his pursuit of knowledge in the crypto market, however. He later became involved with Swarm City, which raised 76K ETH with an ICO in 2016. However, in the Summer of 2017, the 44K remaining ETH from the ICO was stolen due to a bug in the multisig smart contract used by Swarm City. It was another hard lesson in blockchain and crypto security. It would come to make Hendrickx acutely conscious of crypto’s security woes – a notion compounded by his white-hat efforts with SwarmCity to save multiple projects from the infamous Parity hack in 2017.
Months later, Hendrickx would launch NGRAVE alongside co-founders Ruben Merre (CEO) and Edouard Vanham (COO). Vanham, an IT management and consulting professional, was a mutual acquaintance of Hendrickx and Merre, who ended up introducing the two and kindling the idea of a crypto-infused business collaboration. Merre, a polyglot and mathematical connoisseur, left his impressive job leading a financial institution’s algorithmic trading and investment platform development for NGRAVE, excited about the potential to revolutionize crypto asset security.
The trio’s goal? Solve the enigma of security in crypto. NGRAVE is their cutting-edge solution.
Breakthroughs to Stem the Tides of Hacking
A mixture of personal experiences and ambition to tackle crypto’s elephant in the room, the security of private keys, pushed the NGRAVE trio to incorporate a series of major technological breakthroughs into an all-in-one custody solution. In April 2018, the team asked themselves:
“Which solution in the market would we fully entrust with our very first till our very last bitcoin or other cryptocurrencies?”
Two months later, and NGRAVE was working with some of the leading nanochip manufacturers and cryptography experts in the world to design a hardware cold wallet product from scratch. Initially, they pitched a functional prototype to IMEC, a renowned microchip and nanotechnology R&D firm, with success. Their early efforts were soon followed by the onboarding of famed cryptographer, Jean-Jacques Quisquater.
The gravity of NGRAVE’s prototype for its flagship product, NGRAVE Zero, was the inclusion of primarily two breakthroughs in the cold wallet’s design.
First, NGRAVE Zero is among some of the first fully air-gapped cold wallets, meaning that its connection to WiFi and other networks (e.g., Bluetooth, cellular) is severed. No USB cables are necessary, which removes the digital attack surface of the wallet from Internet probing. NGRAVE cleverly deploys one-way QR codes as a way of communicating and broadcasting transactions to the Bitcoin network via its native app.
The innovation is critical since infiltrating hardware wallets remotely usually entails probing chokepoints where the device connects to the Internet.
For example, most hardware wallets today require USB cables to plug into the computer. The devices have security defenses against unwanted intrusions from malicious parties using enclosed HSMs, but security is a persistently evolving conflict. The Internet simply furnishes too many avenues for hackers to glean an advantage over a wallet’s defenses if it is exposed to the Internet.
Some prominent vulnerabilities from connecting offline devices via a USB to an online computer include Stuxnet, an infamous computer worm discovered in 2010 that could bypass air-gapped devices via infected USB drives. But Internet-based weaknesses in security models can also come directly from crypto protocols themselves.
The most recent example threat is Trezor’s announcement of a firmware update to protect against a vulnerability in Bitcoin’s Segwit transactions. In such an attack, a hacker could use malware to trick a user into signing a transaction twice, thus diverting the funds away from the intended destination. Basically, the user unknowingly signs a transaction with ridiculously high fees, causing them to lose their funds.
For wallets like NGRAVE Zero, the idea is to remove USB-oriented and digital attack surfaces entirely.
Hardware wallet providers, such as Ledger and Trezor, have publicly disclosed vulnerabilities of each others’ wallets amid increasing competition in the hardware wallet market. And while most of the disclosed vulnerabilities are physical attacks (e.g., side-channel attacks), remote attacks are more likely as physical access to devices layers more challenges onto potentially base actors.
But security is also more than simply derived from outside threats. In fact, users themselves are a principal source of lost funds. According to research from CoinMetrics, more than 1.5 million BTC are assumed to be lost. Many of the lost Bitcoins are a direct outcome of users losing passwords, seed generation phrases, PINs, and the actual storage devices.
The broader problem is that using cold wallet solutions isn’t intuitive for users passively interested in Bitcoin. Remembering and storing private keys is hard, and if they are lost, then the funds are lost forever. It’s been the source of many headaches among startups in the crypto market for years.
NGRAVE worked around the solution by creating NGRAVE Graphene, a dual steel-plated backup model using a 64 hexadecimal equivalent of the common 24-word mnemonic backup phrases. The goal is to split the key into two parts so that hackers cannot gain access to the wallet with just one copy. But more importantly, the backup seed can be recovered if one of the steel plates happens to get lost.
Providing users with a recovery avenue (when they’re hesitant to use hardware devices because of the tenuous backup phrase design) is highly appealing. And it’s probably why NGRAVE’s Indiegogo crowdfunding campaign was so successful.
With leading experts throwing their support behind the platform and a functional prototype ready for production, NGRAVE turned to crowdfunding to finance the first product launch of Zero. The results were compelling, as NGRAVE Zero became the most successful hardware wallet round in the market, pulling in more than $430K.
For the NGRAVE team, it was a massive success. A viral pandemic precluded any physical seminars showcasing the product, and it was still a knockout fundraise. With the money and support from a community to bring NGRAVE Zero to life now, Hendrickx, Merre, and Vanham are rushing to bring their product to market.
In an industry rife with scams, hacks, and misappropriation of funds, they believe they have the all-in-one cold wallet that the industry deserves after its bruised past. The competition is fierce, but the looming hackers are even more dangerous. Will air-gapped hardware wallets be the end-all solution to crypto-asset security?
Only time will tell, but for Hendrickx, it marks a moment of significant progress from those wild west days of Mt. Gox – where self-custody was the doctrine, but security vulnerabilities were the reality.
Upending the narrative of crypto security woes would be a major feat for the NGRAVE trio, and an embodiment of the common crypto investor’s journey. Maybe then one of crypto’s largest stigmas can be left in the past.