I learned something new today about crypto hardware wallets
Cameron O'Rourke
Technical Product Marketing and Product Management for Data, Analytics, AI/ML and Web3 Projects | Ex-Oracle | Six SaaS Startups | Developer | Writer | Video Expert
In the Web3 / crypto space I literally learn something new every day. Today, I learned that not all hardware wallets are created equal, as far as security is concerned.
But first, some background…
Both BTC and ADA use an accounting model called UTXO (Unspent Transaction Output). This is one way of dealing with the fact that blockchains are immutable — a transaction can’t simply go into the blockchain and update your Bitcoin balance, for example.
In the UTXO model, when you receive funds (or other assets, like NFTs), they are associated with a new unique address, the UTXO, that is tied to you as the owner of those funds. So if someone sends you 500 ADA, it will be associated with a UTXO, and this UTXO, plus all the other UTXOs on the blockchain derived from your identity (your keys) can be added up to determine your ownership or ‘balance’.
Once a UTXO is created, it can never be changed. Remember, the blockchain is immutable. So if I want to send you, say, 200 ADA, we are going to have to split or destroy the original UTXO with 500 ADA in it, and create two new UTXOs, one with 200 ADA for you, and another with the 300 ADA that I’m keeping for myself.
领英推荐
What’s cool about this system is that a new address is generated for each transaction, making it harder for someone to view your transaction history. With modern hardware wallets, the receiving address is the same as the new UTXO address.
Note that Ethereum doesn’t use the UTXO model. Ethereum uses an account-based model whereby transactions directly alter the balances of the sender and receiver. Since all transactions are directly linked to your address, there are negative privacy and security implications.
Finally, what I learned today was that not all hardware wallets (I’ve been testing several) generate a unique receive address for every transaction. Some use the same receive address but generate a unique UTXO as part of the transaction. This is a setting on some of the wallets, but on others, there is no choice.
For me, this was a revelation, as the HD wallet in question is one of the more expensive, air-gapped types. This exploration also reinforced my skeptical view of Ethereum security. And its a reminder that curiosity and a willingness to dig beneath the surface are essential in this brave new Web3 world.