Lair Of The Multimedia Guru


Blockchain Security 1 of 4 (Gnosis Safe)

With blockchains making sure the transaction you sign is what you wanted to sign is critical.

So professionals use a multi signature gnosis safe … (which is a webapp in the WEB BROWSER) to build a transaction. Then verify it by looking at said WEB BROWSER. And then have multiple independant people with hardware wallets BLINDLY sign this transaction. The used hardware wallets are NOT able to display any details about the signed transaction.

What could possibly go wrong? (we are all safe if we just dont do anything except using these computers with WEB BROWSERS to sign transactions, right?)
ohh lazarus stole 1.5 billion $ from bybit 5 days ago. How could that happen ? They used gnosis safe, they used the best hardware wallets. Alot of details still arent known but oddly enough gnosis safe website seems not fully working even today.

But seriously, why is a “WEB BROWSER” not ok ? Its too complex, it can do too many things, your computer is to complex it can do too many things. You need a minimal piece of hardware and software with minimal features, no execution of remotely downloaded code, no trust of remotely provided information, … if you want security. Hardware wallets that directly do multisig and directly display what is transferred and where to would be an option. (A ledger that you are forced to update regularly through a WEB BROWSER like application and that is closed source and that now even has the official ability to extract the private key is just the next rusty link in the chain of “security”)

Update 2025-02-28: If someone is looking for a hw wallet that supports displaying safe multisig transactions it seems the Keystone wallet can do this.

Update 2025-03-07: Investigation Updates and Community Call to Action

Filed under: Uncategorized — Michael @ 14:46

Powered by WordPress