Non-MPC Custodial Platforms and Hardware Wallet: Why They are Not as Safe as You Think
Updated: Jul 14
Digital asset custodial platforms have been a popular way for users to store their cryptocurrency holdings securely. These platforms offer a level of convenience and accessibility that makes them appealing to many investors. However, the reality is that holding your assets on a non-MPC digital asset custodial platform can be risky.
The primary issue is that these custodial platforms require you to relinquish control of your private keys, which means that you are entrusting your assets to a third party. To date, cold wallets or centralized vaults were seen as the safest option for storing cryptocurrency. However, hackers have evolved and found ways to overcome these security measures, which has led to a wave of attacks on custodial platforms. This creates a great vulnerability to the ecosystem, resulting in millions of dollars worth of losses. As a result, many users have become wary of these wallet platforms and only keep a small portion of their funds on them for trading purposes while choosing to self-custody their private key via cold wallet.
However, while cold wallets are theoretically as safe as you can get due to their lack of connectivity, they can still be breached if individual investors and companies make mistakes. For instance, they may share their private keys or recovery seeds with the wrong party either accidentally or on purpose. Moreover, the sacrifice of convenience (Using a wallet provider) in exchange for extra security (Self-custody) may also be a great concern for many. When the market crashes and you urgently need to access your funds to move things around, by the time you can open your safety deposit box where you keep your seed phrase, it might be too late. Nowadays, people have no choice but to choose between 1. Secure wallet but hard to maintain 2. User-friendly wallet but less secure, and most often, centralized. Luckily, at nativ we provide a crypto wallet where we balanced these choices for you! Before we deep dive into the product, let’s see possible vulnerabilities of a hardware wallet and centralized vaults.
Example of vulnerabilities
Phishing, malware, and supply chain attacks
Investors need to be aware of the many ways a hacker can compromise the private key, such as falling for phishing scams online or over the phone, unknowingly installing malware or ransomware on personal devices, or leaving their recovery paper wallet in an unsecured location. Additionally, physical tampering threats are a concern, such as supply chain attacks where wallets can be compromised before they even reach the customer, as seen in the Ledger incident, including other man-in-the-middle threats.
Security during transfer isn’t guaranteed
Digital assets stored in a cold wallet are only secure while they're in the device, but once they're moved to a hot wallet to complete a transaction, they become vulnerable to attack. This is a significant problem as it increases the risk of compromise during transfer.
Detecting and fixing hardware vulnerabilities is a challenging task. In the world of cryptocurrency, hardware vulnerability exploits become increasingly common in 2019-2020, and by the time they're discovered, it's often too late. Hackers have already stolen user funds. Resolving these issues can take months, if not years, which only adds to the risk for investors.
In light of these vulnerabilities, MPC-based solutions offer a new approach to securing digital assets, using advanced cryptography techniques to distribute trust among multiple parties, making it much more difficult for attackers to compromise security.
That is to say, while typical non-MPC digital asset custodial platforms may seem like a convenient way to store your cryptocurrency, they come with inherent risks. Yet, hardware wallets are a safer alternative but are not foolproof, and users are compromising convenience while using them. On the other hand, nativ users can have it both ways, combining top-tier private key keeping technology with a smooth UX/UI experience. No seed phrase needed! —Just 6 digit pin and you’re good to go!
Since the threat landscape continues to evolve, it is crucial to stay informed about new security measures to protect your digital assets effectively, such as the MPC-based solution that is implemented in our recently-released “nativ” crypto wallet. Want to know how it works? Learn how we integrate MPC technology into nativ wallet here!
MPC sound convincing? Interested to be the one to try out? Check out our MPC-enabled crypto wallet at nativpay.com!