Life-altering sums of money change hands every minute on Ethereum yet there is a great deal of confusion about security best practices.
This week EasyFi lost $6 million in assets because the project admin keys were stored on a MetaMask hot wallet and a team member’s computer was compromised. This is reminiscent of the NXM hack in December 2020, but potentially worse because it appears the wallet seed may have been stolen since the admin was storing it in a web browser.
If you use Ethereum for more than just occasionally sending assets to and from a centralized exchange, the Lattice1 is the best choice there is for securely transacting every day.
Not just a very good choice. The best choice.
The combination of the Lattice1 and the GridPlus MetaMask extension lets you continue using your favorite dapps and tools just like you do now, but with added peace of mind because you’ll never need to use a hot wallet again.
What’s Different Here?
Millions of people use MetaMask. It’s a great tool and the de facto choice for interacting with Ethereum and other EVM compatible chains. But as the hacks mentioned earlier demonstrate, if you secure a non-trivial amount of crypto with MetaMask you should protect yourself by pairing it with a hardware wallet.
Just a month ago that team released a very important feature that makes this option even more compelling: the ability to simultaneously link multiple hardware wallet accounts. This is a bit more convenient for legacy hardware wallets, but the Lattice1 takes full advantage of this new capability.
There are two critical differences that make the GridPlus and MetaMask combo an unrivaled way to securely use Ethereum.
The first is that the Lattice1 makes it easy to quickly use all these linked accounts at the same time and with the ease you experience using MetaMask hot wallets. Signing requests for all accounts are pushed to the Lattice1’s touchscreen and they are labelled with the HD path for that request so you know which account you’re signing for.
No USB cables, no keying in your PIN with your thumbs, no need for tens or hundreds of button presses to sign a large transaction with hardware.
The second critical factor is that the Lattice1’s screen is drawn by the hardware security module (HSM). That might sound deep in the weeds to many, but it’s important. It means that even if your computer is compromised, there is no way for a hacker to misrepresent what you’re signing.
Improved readability on a secure screen combined with the other unique security features offered by the Lattice1 give you a fighting chance against sophisticated attacks like the one that targeted Hugh Karp of Nexus Mutual and led to an $8M loss even when he was using a Ledger hardware wallet.
In that incident an attacker gained remote access to Hugh’s computer and replaced MetaMask with a compromised version. The attacker’s version of MetaMask displayed one thing on his computer screen but actually passed through an altered signing request.
Why didn’t his Ledger protect him then? Because the signing transaction showed up on his device as a long multi-screen hexadecimal string. So he hit approve. It’s a safe bet that most people using a legacy hardware wallet are not carefully verifying these strings each time they approve. With a Lattice1 the user can easily compare what their computer says they’re signing with what they’re actually approving.
This is why the screen being drawn by the HSM is critical: you know what you’re signing even when your phone or computer have been hacked. Both the HSM and its electrical connection to the display are encased in anti-tamper security mesh that will erase your secrets if an attacker with physical possession of your device attempts to crack it. This mesh is essentially a tripwire that will cause the secure enclave to self-destruct if tampered with.
While no device provides perfect security assurances, the Lattice1 will equip you with a better set of tools to easily keep yourself safe.
How Do I Set Up My Lattice1 To Do All This Cool Stuff?
It’s as easy as installing the GridPlus MetaMask extension and selecting “Connect Hardware Wallet” from the menu.
During setup you’ll pair MetaMask with your Lattice1 then you can simply check off addresses from the provided list to simultaneously connect as many you would like.
Upgrading from a legacy wallet like a Ledger? No problem, our v0.10.5 firmware release will let you easily import their non-standard derivation paths and use your existing addresses right away in MetaMask.
Stepping up from a Trezor? Their products used the standard path so you can import without even worrying about any of that.
Importing any older hardware wallet’s seed like this instantly grants you best-in-class hardware security with the convenience of a hot wallet for all of your addresses.
Yeah, But Why Is It A Fork?
I spend a lot of time listening to GridPlus customers and the question I’m asked every day without fail is: “When will you have official MetaMask support?”
The answer is once they move all hardware wallets from native support to their new Snaps plugin framework releasing some time this summer — but if you actively use Ethereum you should not wait. This is already the most convenient way to securely use Ethereum today and without placing your assets in a hot wallet. The changes in the open-source GridPlus fork are small and isolated to simply including Lattice support in addition to the other hardware wallet options.
When you can switch to the official MetaMask release this year it’ll take just a few clicks to install and pair your active addresses — no need to even enter a seed phrase if you’re not using software addresses as well.
But It’s Connected to… THE INTERNET! �
The Lattice1 is an always-on device, but your private keys are not exposed to the outside world.
The Lattice1 contains two completely separate environments: a general compute environment (GCE) and a secure compute environment (SCE). They are not directly connected — instead there is a size limited mailbox for passing through signing requests and signatures. Only one environment can connect at a time.
Separating out the SCE from a general purpose system yields many security benefits over legacy wallets:
- There is no remote contact with the SCE.
- There is no accessible factory or engineering debug features.
- Limited signing payloads to a fixed memory size eliminates overflow attacks.
- A supply chain attack would have to span three continents and involve multiple governments.
The secure mailbox protects your assets from remote attacks and the anti-tamper mesh protects them from physical attacks.
The bottom line is that this is cold storage and the Lattice1 reduces risk compared to legacy hardware wallets.
How The Lattice1 Evolves From Here
There’s still a lot more we’re building to give the users a better, more secure experience. Here’s a sample of what’s coming this year:
- Improved signing request readability: we’re working towards automating ABI decoding and in firmware v0.10.5 we’ll have full support for the EIP-712 human readable messaging standard.
- Ensuring robust support for all emerging Ethereum L2 standards.
- Expanded permissioned base signing for subscriptions and spending on the go without taking your private keys around in your pocket.
- Easy hardware multisig using GridPlus SafeCards.
- More chains! The next firmware update will include a feature to let users add their own assets by specifying asset parameters. This means projects won’t have to wait for us to add support, anyone will be able to.
- BLS signing to support the Ethereum roadmap, Filecoin, ZCash, and more.
- More integrations with the tools you already know and use every day.
Keep In Touch and Up To Date
Want to help set the bar for blockchain hardware security? We’re growing quickly and are currently looking to hire multiple people for the following roles: Full Stack Developer, Embedded Firmware Engineer, and Software Engineer. Check our Careers page for more details.