← Back to context

Comment by IanCal

4 months ago

Isn't cold storage about where the keys are? You still need to be able to actually interact with a chain.

My understanding of "cold storage" was always that they keys are not accessible to the internet. That could be stored on paper, a flash drive or engraved in metal and put in a safe, or it could be in a regular digital wallet on a device never connected to the internet. If you want to do transactions, put it on an airgapped device, create the transaction, then move the transaction to an internet-connected device to broadcast the transaction.

  • The keys don't have to be accessible to the internet for this to work, here the attackers didn't get the keys.

    You can do the transaction on an airgapped devices and manually copy it over, but that's different from just cold storage. It also may not have actually helped here.

    Using something like trezor, the keys don't leave the device. It gets sent something to sign, you sign it and the result goes back. But if what you think you are sending to the device isn't what's actually being sent it depends on you catching that.

    If the thing is "transfer X native tokens" then it's more obvious what the impact of that is, but it doesn't have to be that. Perhaps it's adding a signer, changing a setting, altering an address. Worse, perhaps it's making some change to a contract that allows those things, but isn't as clear what it's actually doing. Worse still if the target address is close to what you expect - perhaps you think you're shifting tokens to another storage wallet, how many of the characters of the address do you check on the device itself?

    Air gapping doesn't really change any of that it just makes it a bit slower.

  • Ditto.

    The internet is adversarial, a cold wallet should only be reachable by a wrench attack.