• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Yeah. Two different people had the secret keys for the same wallet. One of them kept them in an air gapped computer. The other person kept them online in a computer accessible via SSH.

    Even assuming these two trusted individuals we’re not directly involved, having an always online computer with a half a million US dollars on it is a big risk.

    I’m in no way trying to second guess the tragedy here. I’m just speaking for people who might have a similar problem on going in the future.

    For a shared wallet, something like paperback, using Shamir’s secret sharing distributed amongst trusted parties. Could be good. It would require multiple parties to conclude to unlock the key.

    https://github.com/cyphar/paperback

    The offline wallet signing is really cumbersome, but it is something to use when we’re talking about huge amounts of money. https://monerodocs.org/cold-storage/offline-transaction-signing/

    I remember reading about air gapped QR wallet signing. https://github.com/nasaWelder/lunlumo which is interesting, but I thought there was something more polished available. Anyway a program that allowed you to easily sign transactions from an air-gapped computer, could be interesting for these trust problems.

    So honestly multi-signature transactions are probably the right way to go. It increases the difficulty of hacking the computers to hacking multiple computers

    • Saki@monero.town
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      In hindsight, maybe something very simple—using Feather on Tails, and this USB stick is only physically connected when necessary—could have prevented this from happening. Maybe.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I think anonero has something like this, but they don’t have a clearnet url to link to