Scott - Ruben flew here from Belgium to have this conversation with you. I have known Ruben for quite a long time. As I have said before, this is the actual wallet that I use, and it is, in my opinion, far superior to any other product on the market. I can honestly say that I have tried most of them.
The topic today is hardware wallets and security. Your hardware wallet may not be as cold as you think, and it can be daunting and scary. Seeming a really clickbait title, but it is not because there are a lot of points of failure for most hardware wallets.
What concerns did you have with other hardware wallets that you were looking to solve?
Ruben - If anybody is interested, you can look at the open frame prototype. We are live in shipping, so these things basically ship the next day if you order one, but it is always good to see what is inside the wallet. So here you can see an open hardware wallet. Our hardware wallet is called ZERO. NGRAVE is the company name, and ZERO is the product.
In your crypto life journey, you have to start somewhere. The start is: ‘How do you create a good private key that will protect all your crypto?’ When we started building this company, we realized that our competitors at the other hardware wallets, and even Bank solutions, do not really make good keys. So already on the first level of an offline hardware device needs to create your keys. We needed to revamp the key generation process. On that level, we invented something that we have patented, and we call it the ‘Perfect Key’.
What is the Perfect Key? What issues do previous strategies for creating Keys have?
Ruben - Your hardware wallet will create 256 zeros and ones in computer language. In 2014, luckily, somebody came around and said: “why can we make that simpler?”. And the 12 or 24-word Seed Phrases became a reality.
Now you could say that the logical evolution of that is this Perfect Key. With 24 words Seed Phrases, a lot does not add up. Once you make a backup and somebody finds those 24 words, they have your key. Once you lose that backup, you have no way of recovering it. You even have no choice at the level where the wallet would create your 24 words. They will always give you a key. They will tell you to write it down. So there are many risks involved in receiving a key from any third-party where you need to put all your money on. The Perfect Key sort of resolves all of those issues.
The Perfect Key is a new key format. It is a 64 hex. It is 64 characters instead of 256 zeros and ones, and each character has 16 values: 0 to 9, A to F. You can compare it a bit to the classical way that the private key is used or looks like, but we use it as a Master Seed. So the difference between a private key and the Master Seed is that the Master Seed is one key that creates the whole universe of private keys that you need to hold if you want to have five Bitcoin accounts, 20 Ethereum accounts, or an infinite number of accounts. But you only need to remember one key. That is the master key.
The 24 words Seed Phrase are today the master key, but as I mentioned, there are quite a few drawbacks. That is why we came up with a hex format. It is about how you use that hex format to solve all the issues I mentioned.
What other issues are potentially there with hardware wallets?
Scott - Yours is air-gapped because you never have to be attached to the Internet. It works through QR codes. It is a very different system than a lot of other wallets. Some of the problems with existing hardware wallets you solved by air gapping the ZERO are, for example, that the battery dies. In my case, I have had a [competitor] that I plugged in, and it would not accept firmware updates. Or there are people becoming confused during a firmware update and sending their coins away, and they are not coming back. There are a lot of issues with how those things work, especially when updating. So, talk about the issues you saw with theirs and how you chose to solve them.
Ruben - We started with the core principle of 'we will never compromise on your security’. That is the first thing you need to do as a brand. When we look at other wallets, we do not see anything close to that. The most simple thing is giving you a paper wallet as a backup. A paper wallet that you spill water on and is game over. That cannot be a definition of security.
Hardware wallets today mostly connect via USB or Bluetooth. But you are basically working with a black box. You do not know what happens inside the Bluetooth connection, inside that USB connection, so you might as well sign anything. We use QR Codes because it is something that everybody knows and uses on a daily basis. It is intuitive and fast. It is a no-brainer, and you have already adopted it. And it also happens to be the most secure way of interacting. You never actually make a connection with an online device. The only thing you do is show a picture, and the other side shows another one back. How can you, by showing a picture, hack a device? That is very hard to do.
In our case, if you would say we show you a QR code and that QR code says: "this is a transaction you need to sign”; you can literally take your phone, scan it and see what is inside that QR code.
You basically have security through transparency. You see what you sign. In that sense, your product can be closed source. As long as the user understands how it works and can see what he is signing, there is no reason for panic. Whereas, if you do it with USB or Bluetooth, you have absolutely no clue.
Scott - I believe that at some point, I'm going to make some massive error: I think all of us know that every time you send crypto, you get that little feeling that you might have done something wrong. I do not care who you are. I do not care how many times you've done it. I do not care what size. Someone even joked that Vitalik Buterin still probably sends a small five-dollar transaction to test before he even sends it, and he's a guy who invented it to some degree.
One of the things I like about the QR code is that you do not have to type in or copy and paste and type in a complicated address. There is no way to mess it up. It either reads the QR code or not. So for me, that simplifies the process massively.
Ruben - Every one of these online solutions, with either USB or Bluetooth, you are connecting to an online device and opening the box of Pandora. Any attacker can have at least one point that he can use to attack your solution. With QR codes, you do not have that.
To give you one example of how devastating a USB connection can be: in 2014, there was a virus called Stuxnet. It was developed by a U.S. intelligence agency. Its goal was to mess up the nuclear enrichment program in Iran; in their fully offline power plants. They built a virus that replicates itself over the USB drivers. If you would put your USB into your computer, it would have a way to replicate into other computers and then go on to those USB sticks. It would never activate up until the moment when it would be in the right environment, a nuclear power plant. So this is one of those famous viruses that went through a simple USB connection.
That is just a way to let you hopefully understand that it is dangerous to use whichever kind of tiny connection there is because the hackers are smarter than us. If we are offline, really offline like we are, how do you attack an offline solution from 500 kilometers away?
Scott - If you are not an offline solution like that, the hackers eventually find a way no matter what. As you said, hackers are smarter than us. It seems like an impossible job to be a security expert because you can only really react. It is very hard to predict what a hacker you have never seen might do.
Ruben - Yes, and if you think about North Korea's Lazarus group, they do only one thing every day: attack solutions and try to steal crypto. It is a few billion dollars a year that they find. The only thing you can say about that is the moment they decide that you are a target, you have already lost. The only way you can protect yourself is to adhere fully to the concept of needing to be offline.
Our device is ZERO. It cannot connect online. It does not have 4G, Wi-fi, Bluetooth or USB connection to sign transactions or interact with your computer.
Scott - It can charge through a cord but plugged into the wall.
Ruben - We also still have to do firmware updates, so that was a point where we said: “how can we do that if we never go online?”. That got us to do something amazing because we have a USB port that can connect to your computer if you want to do a firmware update.
We were able to certify our operating system for the highest security certification in the world. It is called EAL7, common criteria EAL7. It is the most accepted standard for security worldwide. The US, Canada, Germany, France, etc., accept this as the standard. Apple pay and credit cards have EAL5 security. The best bank goes up to five and a half, or six. ZERO, our hardware wallet, is the only thing with the EAL7 security certification. We do not have an equal on that level. It is the most secure financial product in the world. We did it because we live up to our promise, which is: 'we never compromise on your security'. If we do a firmware update, it is taken care of by EAL7 security, which is inherently artificially unbreakable.
Has anyone attempted unsuccessfully or actually hacked the device?
Ruben - We have gone through extreme testing. One of the people on our team is Jean-Jacques Quisqater. He is one of the foremost pioneers in the world of hardware security. 77 years old. More than 50 years of career. He started with the first smart cars, the first chips, and the first backdooring of those chips; because the chips inside hardware wallets are backdoored. When he was 75, he said that the way NGRAVE ZERO creates Keys is for him the future of hardware, so he became an investor and advisor. These kinds of people help us think even more deeply than we can to make this the best solution in the market.
Subscribe To The NGRAVE Blog
Get the latest insights on crypto, security, blockchain, and more.
What do you say to somebody new to the crypto space?
Scott - For example, someone opens a Coinbase account and buys a little bit of crypto but then does not think beyond that. There are a lot of people, I would say, who come into crypto, especially the mainstream, that do not even know hardware wallets exist.
Ruben - Every major crypto exchange has been hacked in the last five years. Literally weeks ago, one of the biggest suffered a hack. Maybe not directly on the exchange, but still a lot of money. The DeFi platforms that are supposedly decentralized are as centralized as it gets, and they are failing, and their users are losing everything they have.
I would say, if you have a Coinbase account, there is a certain level of trust you have. Because it is a good brand, they have done a good job, but you always have that inherent risk. For example, if you look at hot wallets such as Metamask, the biggest hot wallet mobile app in the world for crypto right now with 30 million users a month, the core thing in your experience with Metamask is anxiety. All the crypto I have on it might get stolen tomorrow because they gave me a little Json file I put on my computer, or they give you a key online, which is already like: ‘do not do that’. The nice thing is that we define the QR code standard with them behind the scenes, and you will actually be able to use your ZERO, have the keys, and your Metamask becomes your interface, but there is no more crypto to be stolen. You can do DeFi, token swap, whatever it is, and nobody can steal from you because it is all offline on our device.
Scott - That is different from using a [competitor] when interacting with Metamask because you are plugged in via USB to do that interaction.
Ruben - In the theoretical sense, there still are some risks with that, but it is also about usability. In our case, QR codes are super fast. You tell Metamask: “I want to sign a transaction”, and one QR code later it is already on the grid. The nice thing about ZERO, and we notice it with our customers, is it is the coldest wallet, but it is actually temperature agnostic because it is fast. It is almost as fast as hot. In the future, you will also be able to place limit orders offline on the DEX, so you literally do not even need money on an exchange, but you can still say: “I am gonna buy some Bitcoin, and I am gonna buy it with Ethereum” without any risk to your to losing the actual transaction.
How does GRAPHENE compare to other key storage solutions?
Ruben - We do end-to-end security, so we do not create a key, then give you your wallet and say: “now it is up to you and make sure you do not lose your key, and if you do, too bad”. Unfortunately, that is literally the narrative of all the wallets right now. They give you a piece of paper. If you
think about just that aspect, I cannot understand why they do not do incremental innovations such as making it water spill-proof, making it unshreddable, etc. Those are things that are easy to do.
In our case, if you buy only the wallet, you do get a paper wallet as a backup. It is unshreddable; you can spill water on it; nothing will happen to it. For us, this seems the most logical thing to do with the most basic backup you can have. But obviously that was for us not the end goal because we saw three big challenges to solve with GRAPHENE.
The first one is if your house burns down; or if you spill water on it, that thing needs to survive. It is more important than your hardware wallet. You can lose your hardware 100 times. As long as you have a backup, it is all fine. These plates are stainless steel, which burns at 1375 degrees Celsius. Your house burns down at the maximum temperature of about a thousand. So this thing is smiling back at you when your house is burnt to the ground. That is the first goal of a good backup.
The second thing you need to look at is: somebody finds my backup, what happens? They find my 24 words; they know my key. Game over. I cut it into two parts of 12. They find 12 words; they have a lot of information on my key. It is sort of game over.
What we were able to do with the Perfect Key is this thing that consists of two plates. The upper plate is uniquely configured to make holes into a lower stainless steel sheet. In the end, the lower plate will have holes in it. For the person who looks at it, they will not be able to make anything of it. There is not a single piece of information they have when they find the lower plate. You have to put the other one on top of the other one. It is always a unique configuration. If you want to find your key back, it is the two plates you must put together. So that is the second point: if somebody finds one plate, they can do nothing with that. We obliterate your key into two parts that are completely meaningless.
The third big challenge is, of course, ‘what happens if I lose the GRAPHENE?’. Again game over. In our case, there is an ultimate recovery code on the bottom of the top plate. Keep that somewhere else, and if all else fails, give us that code, and we can recover this part of your solution. We have no idea what you did with your GRAPHENE, so we cannot find your key. We typically tell a regular retail customer to buy two lower plates. Then, you have your own backup. It is the cheapest part of the whole solution.
Scott - I think the most fun part about buying your wallet is doing the punching. Anyone who watches my live streams used to make fun of me. People were like: “why are you holding a weapon?”. Because I just had it on my desk for whatever reason, I am talking, and I have this punching pen in my hand. But I will warn you that it is very loud. The first time I did one, it was like 5:15 in the morning. I was like: “ah nobody is awake in my house. I am going to go ahead and get this done”. Boom! Screaming kids, like really loud. I woke up my entire family. I would say do it in the afternoon.
Ruben - Do it when you have stress because it is a good stress reliever.
Is there anything you still want to do with NGRAVE?
Ruben - We have a huge roadmap. For us, it is all about “we want to protect people”. That is our goal. You do not see many companies like this in crypto because in the time frame we built this, about four years, you could have done a lot of token raises, and you can become wealthy fast and easily. But for us, it is all about the purpose of protecting more people on a daily basis.
Our big hairy audacious goal is to protect 500 million people by 2032 with our technology. And it goes well beyond just the B2C segment. We are already working with businesses with big asset managers to incorporate this into what they do. If we look, for example, at the level of things, new things we would invent and bring to markets, it is the next step. Now it is all still on you. If you lose your device and backup key, it is game over. The next thing we will build is a solution where you can literally never lose your keys again. The way that works is this thing for you will be one share of your initial key. NGRAVE will have a second share of that key. And a third party will have the third share of that key. If you lose yours, we will send you our share, the third party will send theirs, and your ZERO will be able to recreate with two of the three keys the initial key of your wallet. It is something that is pretty similar to Shamir Secret Sharing, which is a sort of cryptography principle in crypto already. But if that is the case and you lose this, you did not lose your keys. That is what we are all waiting for: a solution where at least we know on that front that we are good.
What does an institutional solution look like?
Ruben - The beauty of that is that this thing has the highest security certification in the world. It is overkill for a random person who wants some crypto and be at home with his wife and kids. But once you go into B2B, this is a game changer. Imagine you have to protect 500 million dollars with an EAL5 solution or an EAL7 solution for the same price. Which one do you choose? When you go into B2B, and this beauty already can do everything, B2B is more about governance and about business requirements. If they say: “we are 10 managers, if seven out of the ten can sign a transaction, then it is good”. They can have seven or ten of these devices, and they can literally do that. It is like a multi-signature setup, for example. That is almost peanuts to build. It is just on a software level, and the device already exists.
Scott - In a multi-sig solution, you would want a variety of wallets to sign transactions. Ideally, as secure as this wallet is, you would not want it to be seven of these.
Ruben - No. Ideally, in multi-sig setups, you use different hardware wallets. The reason is that if you use the same technology, and somebody finds out how to break them, it is game over. It is better to use different ones so that you know they have to break all of them to get to the outcome you do not want.
Scott - One of the pioneers of multi-sig is Jameson Lopp, who owns Casa. He is one of the original Cypherpunks, and he sort of famously disappeared from the entire world to see if he could do it. But in one of my conversations with him, he made a great piece of advice that I want to share, having nothing to do with the multi-sync setup. He said: “I tell people that they should consider their security at 10x whatever the current value of their crypto is. If you have ten thousand dollars in crypto, do not think about how you would secure ten thousand dollars in crypto. Think how you would secure a hundred thousand dollars. Because it could go 10x in six months, and then, all of a sudden, you are scrambling for a solution that is secure enough for a million or 10 million or 100 million dollars”. Is that sort of the shared idea?
Ruben - Whenever you buy crypto, you do not think it is five thousand dollars. You think it is five thousand dollars, but it is actually fifty thousand dollars. You also have to consider you are protecting that money and not your moon portfolio, so to say.
Do you think that hardware wallets are a solution for everyone?
Scott - Some people are too uneducated about it or have not done the work, and then they become their single point of failure and completely blow it. Because even if you do all of this and you lose the plate… If someone puts all of it in one flimsy safe and somebody takes it out…
Ruben - I think there is a spectrum, and some people say: “I want to be my bank, and I do not trust anybody”. On the other side, you have somebody who says: “I just want to outsource it. I do not care. Somebody needs to do that for me”.
Let's say banks start there, and are trying to get more decentralized. We start here, and we may build solutions like the one I explained, where you can have three parties that make the outsourcing part easy for you. In the end, it might be that we also build a custody platform. Because we have superior hardware, we know how to build end-to-end solutions, so we know how to make software as well. And when we look at what exists, we already see gaps that need improvement.
Do you see yourself ever working with exchanges as their custody solution?
Ruben - We are closing a round right now, and one of the world's top five exchanges is leading it. There are many facets to this deal. It is not just equity investment; it is commercial partnerships and so on. They have millions of customers, so that is interesting to push the solution. But they are also interested in what this can mean for their institutional custody. It is all coming together in a great way for us, because we will have a lot of experimentation possibilities into how this fits perfectly into institutional custody or in the B2C setup. It is part of our longer-term roadmap.
Do NGRAVE sales increase with outflows from exchanges?
Scott - A popular on-chain metric traders love to look at is inflows and outflows from exchanges. They say if money is coming into the exchange, somebody is looking to sell. If it is going out, people are looking to hold. I have a different take on that and maybe you can tell me if I am right or wrong. I think we are seeing massive outflows from exchanges, which people think are bullish, because so many platforms have collapsed, and people are finally looking to get their coins off exchanges. Do your sales confirm that? I think you would sell well in a bear market where people are concerned.
Ruben - We see a change in how people think about this, and rightfully so. These DeFi platforms are even worse than centralized platforms. At least with a bank, you know you have a level of money guaranteed. It is these DeFi platforms that do not give you back anything. Unfortunately, it is always such an unfortunate event that suddenly gives you that light bulb in your head when it is too late.
Hardware wallets are booming in that sense because people understand more and more that you should own your keys. Right now, it is just crypto, but soon it will be your identity, house, etc. If you think about Facebook, today you can log in with your password and say: “I want to change my relationship status”. But it is Facebook who will say yes or no. So you do not own your own Facebook identity even at this point. If you think about it from that perspective, your private keys are the most important thing you will have in the next 50 years. And if you create your key wrong, as the first step, you lose. Unfortunately, all solutions we have seen already fail on that level.
If you can take away something from this conversation, it is that those private Keys are the only thing you need to remember about the whole crypto space.
How do you protect the anonymity of your clients?
Ruben - Let's say all these exchanges think about is: “I want to have more users, more revenue, more adoption…”, and they will take care of the security and the administration and every supporting part of the infrastructure later on. And sometimes that turns out to be a very bad idea.
You should always circle back and think about how everything is following. If you are a security company, that needs to be 10 times harder in your head going on all day long.
We remove as much as we can from our users once we have shipped to them, and we keep everything offline on secured terminals for the stuff we want to keep. There is nothing really that you can try to steal because it is either offline or already gone.
How do you protect the user from scams?
Guest - I know that with wallets, 90% of the hacks happening are not due to the hardware actually being hacked but users getting fished or interacting with the wrong smart contract address. Is there anything you are doing for the user experience to fix those issues?
Ruben - What we do the most is trying to answer all those questions. For example, “what happens if NGRAVE does not exist tomorrow?”. And “what are the cyber security hygiene things I need to do to be better?”. We spend a lot of time building content like that. If you go to our website, you can find an academy, a Blog, etc., you have all these different categories that you can look into. I think that is where it starts.
When using your ZERO in the open world, it will never disclose your keys. Unless you are literally sitting here, the camera is on top of you, and you are looking at your Seed Phrase, then that is obviously not what you should do. But phishing and so on, this is a different aspect of the whole story. For example, if you have to download the app on your device, you can literally scan a QR code on ZERO that will bring you to the App Store. You do not have to type it in; find it and download the wrong app. You can do it from the device. We are always proactively looking at these small things that might get exploited in the wrong way.
What is the innovation process, and who are the people behind it?
Ruben - The core people behind are three people. It is me, my co-founder Xavier (CTO), and my co-founder Edward (COO). Together we partnered up with a lot of really cool parties all over the world. For example, COSIC is one of the most renowned cryptography teams in the world. They invented AES 256, the encryption algorithm in your WhatsApp, in your Telegram, and even government secrets are kept secret through that algorithm. They made it 20 years ago. It still has not been broken officially. Now they are the ones selected as the post-Quantum cryptography standard. That is one of the teams we work with on a very close and regular basis. It allows us to look into the future because they tell us: “This is the post-Quantum cryptography thing we have worked on. Maybe it should be part of the wallet” well before it comes out. People like Jean-Jacques are all part of this team.
It is the three of us at the core, and every single decision regarding which chip should be on there, whether we tailor the chip to be more secure, which resistor, etc., it was us who made that final decision on what it needed to be. We had a lot of help from hackers trying to break it open and then telling us maybe we should change this or that. By now, governments are trying to break it open, and they have not succeeded. That is good news, and we hope we can share that shortly.
It is always sort of co-creating with the end user. You still need to adhere to its maximum security, and we will not give in on any points. And still be able to marry all of those things together. That is the actual challenge, so that you keep everybody happy. Because if it sucks in UI, nobody is going to use it. If it is unsafe, nobody will use it after it has been broken. It is a continuous process that keeps iterating to ensure everyone is involved. And if you are lucky and persistent, this is the outcome.
Scott - It is a touch screen, which is awesome. I do not know if you have ever used a [competitor]. [The interface is uncomfortable]. It is a constant headache. [ZERO] is as intuitive as an iPhone.
Ruben - In our Indiegogo campaign two years ago, you could choose colors. Scott only has white ones. So he has the real cold white versions of it.
Scott - That is all I got, guys. I encourage you to put ZERO in your hands and check it out because it is pretty amazing. Especially if you have never held another one of these kinds of devices in your hands.