Busting the Big Lie at the Heart of Crypto

Crypto has many mottos, but there’s one that sums up its entire philosophy: “Trust No One”. Yet it’s a rule that even experienced Bitcoiners break every time they transact.

If you (like millions of people worldwide) own a Ledger device, you’re trusting to mid-20th century technology. Even worse, you’re putting your faith in something you can’t verify for yourself. That’s the absolute antithesis of decentralization.

Welcome to the big lie at the heart of the crypto revolution: that it represents a paradigm shift in financial security, transparency and self-sovereignty. It’s simply not true – at least, not when it comes to the most popular consumer hardware wallets on the market. To find out why, let’s embrace another motto, and Do Our Own Research. Let’s dive in and expose the big lie at the heart of crypto security.

Smart Cards and Black Boxes

The first and biggest untruth is that consumer hardware wallets are the future. They’re not: they rely on the same technology that’s in your debit or credit card. We still call it ‘smart card’ like it’s something out of Black Mirror, but it is essentially unchanged since integrated circuits were added to plastic bank cards. In the 1960s.

“So what?” you might say. If it ain’t broke, don’t fix it. Fine – but only if you’re happy with hardware wallets’ notoriously poor UX, like having to constantly open and close apps in order to perform transactions on a tiny screen with tiny buttons….

Poor usability is the number one enemy of security, but hardware wallets have another serious problem lurking within the box – and that’s the box itself. Not the device’s outer skin, but the technology package beneath it. Most of the wallet industry is built on closed source, proprietary, ‘black-box’ technology. That’s not necessarily to disparage the hardware and software that lies within; only that you can’t check it out for yourself. Once again, you’re trusting the keys – to your crypto, of course, but increasingly to your entire digital identity – to an unknown entity.

There are some situations where you should trust without verifying. Conversations with your spouse, perhaps. But never when it comes to your wealth.

Closed Ecosystems and Walled Gardens

One of the first things Bitcoiners learn is that the whole ecosystem is not only transparent and verifiable – it has to be. That’s why it’s been able to constantly evolve new functionality and use cases. By contrast, hardware wallets have made the conscious choice to build high walls around their secret gardens. As a result, innovation in the industry is utterly moribund.

Apologies for singling out Ledger again, but it’s both the most popular consumer hardware wallet and an object lesson in stagnation. Because every “app” has access to the master seed, each one needs to be reviewed and approved by Ledger. This is terrible for innovation, antithetical to the blockchain’s open source ethos, and puts more control in the hands of these insecure wallet providers. This control will only increase as we protect progressively more parts of our lives (including our digital identity) and sign a wider array of contracts and transactions with cryptographic keys. 

Just as the ‘first web’ tended towards centralization, putting unparalleled power in the hands of just a few tech behemoths like Google and Facebook, hardware wallets represent an incredible concentration of vulnerability. How do we fix it?

Open Your Wallet 

It sounds counterintuitive, but the way to true security is through openness. Bitcoin’s inventor realized this, and so did everyone who followed him (or her). Open source, decentralized networks demand hardware and software that are open, too.

And they can have it. The tools are here now, thanks to new advances in hardware such as open source microkernel-based operating systems running on open source hardware. These enable anyone to inspect the underlying security of the device, while developers can permissionlessly build and ship apps. Because they can live side-by-side in their own sandboxes, malicious or corrupted apps cannot affect others.

I don’t know why the wallet industry didn’t see this sooner. Maybe it was laziness, or just a lack of imagination. But I do know that clinging to decades-old technology and building walled gardens has been a catastrophe for security, innovation and UX. If we want crypto to thrive and adoption to grow, it needs a new motto: Open Your Wallet.