Liquid Stake with compassSOL for an 7.15% APY from staking, MEV + fees

Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.

Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools. Learn more

Stake your SOL

  1. Click to connect your wallet
  2. Enter the amount you wish to stake
  3. Kick back and enjoy your returns
  4. Unstake from your wallet or our staking dashboard

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools.

Learn more

Breakpoint 2023: Security in Web3: Ensuring User Protection in a Decentralized World

Published on 2023-11-09

Exploring the importance of security in Web3 and strategies for user protection by leveraging hardware solutions.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

Summary

At Breakpoint 2023, the focus on Web3's security emphasized the critical nature of secure key management in a decentralized digital ecosystem. Carl Anderson from Ledger highlighted the vulnerabilities of software wallets and the importance of hardware solutions in safeguarding digital assets. The speech underscored the fact that while blockchain technology provides an immutable and secure ledger for transactions, end-users and exchanges constitute the weakest link in terms of security. As a response, Ledger has developed hardware wallets that provide robust security measures by combining secure elements, a unique operating system, and a trusted display, ensuring user protection at rest and in-use.

Key Points:

The Necessity of Security in Web3

With the rise of Web3 and its potential to revolutionize digital ownership, the need for enhanced security is paramount. Carl Anderson explained that, as with previous web generations, the transition into Web3 would require a combination of software and hardware innovations. Web3 promises to change how we think about digital ownership, but without secure management and storage of digital assets, the system is vulnerable. Anderson warns against using Web2 technologies, like cloud storage for private key management, as they aren't designed to securely store sensitive information. Additionally, he shared the history of spyware such as Pegasus and how it exploited Web2 security flaws, stressing the inadequacy of traditional methods in the Web3 space.

The Role of Hardware in Securing Digital Assets

A significant part of Anderson's presentation focused on why hardware wallets, such as those developed by Ledger, are superior to software wallets. These hardware devices ensure 'security at rest' by protecting private keys with a secure element that is impervious to external attacks or attempts to extract data. 'Security at use' is guaranteed through the operating system that runs on the secure element, designed to protect against malware and to ensure that the transaction being signed is the exact transaction the user intends. The addition of a trusted display allows users to physically verify and approve transactions, making it much harder for fraudulent activity to occur.

Scalability and Ecosystem Support

Anderson delved into Ledger's scalability and its support for a multitude of blockchains and applications, asserting that the company's technology is not limited to any single blockchain. He emphasized the importance of a decentralized approach to security wherein developers from various protocols can utilize Ledger's Software Development Kit (SDK) and developer portal to build their own wallet applications. This ensures that as the blockchain ecosystem evolves, Ledger's technology can adapt and offer support for a wide range of cryptographic needs.

Facts + Figures

  • Web3 is the new era of the internet focusing on decentralized protocols and blockchain technologies.
  • Blockchain security is strong, but endpoint security—the users and exchanges—is where vulnerabilities lie.
  • Spyware like Pegasus demonstrates the weaknesses in Web2 security architecture when it comes to storing secrets like private keys.
  • Hardware wallets provide security at rest and security at use, both of which are crucial for protecting digital assets.
  • Ledger's hardware wallets use a secure element designed by STMicroelectronics, similar to those found in credit cards and passports.
  • Ledger's OS running on the secure element facilitates an SDK, allowing developers to create applications that are secure by design.
  • A trusted display ensures that "what you see is what you sign", allowing users to verify transactions.
  • Ledger supports the Solana ecosystem, and their technology was used by the Solana Foundation to develop a compatible stack.
  • Ledger's solutions are designed to support multiple chains and dApps, thus ensuring scalability and flexibility in the evolving Web3 space.

Top quotes

  • "This revolution won't happen without security."
  • "Web two is about publishing information, consuming information, but not so much about storing secrets."
  • "Please do not store your keys in Gmail, do not store your keys on the cloud."
  • "That's where [software wallets] fall short."
  • "The secure element ... is actually the same ones that are in our credit cards or the chips in our passports."
  • "No one else can actually show anything that's uncontrolled on that display."
  • "It's with those three properties that we actually are solving for that key management challenge really."
  • "A key thing about scalability and security is that it's not linked to a single blockchain."

Questions Answered

Why is security paramount in Web3?

Security is central to the success of Web3 because it ensures the integrity and safety of digital transactions on decentralized networks. Without user protection, the revolutionary promise of Web3 for digital ownership and exchange is undermined by the risks of theft, fraud, and unauthorized access.

What are the vulnerabilities of software wallets in Web3?

Software wallets, which secure keys on operating systems susceptible to spyware and malware (like the old spyware Pegasus), fail to provide robust 'security at rest' or 'security at use’. This means that private keys stored in software wallets are at a high risk of being extracted or manipulated, leading to asset theft.

How do hardware wallets like Ledger's provide better security for digital assets?

Hardware wallets like Ledger's provide enhanced security by using secure elements to protect keys when at rest, operating systems to defend against malware during use, and trusted displays for users to verify transactions. These elements prevent unauthorized access to private keys and ensure the integrity of transactions.

Can Ledger's technology support various blockchains and applications?

Yes, Ledger's technology is designed with scalability in mind, offering support for various blockchains and dApps. This is achieved through an SDK and a developer portal that allows external developers to build on Ledger's secure platform, providing a collaborative approach to ecosystem security.

What is the advantage of having a trusted display in a hardware wallet?

A trusted display on a hardware wallet allows users to visually verify and confirm the actual transaction before signing. This feature prevents man-in-the-middle attacks and fraud by ensuring that users are not tricked into signing malicious transactions by verifying that the information on the display matches their intention.

Related Content

Breakpoint 2023: Auditor's Panel

Insights from leading blockchain auditors on the importance of security in the Solana ecosystem.

Breakpoint 2023: Web3 Security and Best Practices

An in-depth look at securing the Web3 environment with industry best practices and tools.

Breakpoint 2023: Security Considerations from RPC Providers

Exploring the critical security considerations for RPC providers in Web3 infrastructure.

Breakpoint 2023: Securing FireDancer

FireDancer's security enhancements and strategies presented at Breakpoint 2023

Breakpoint 2023: From TradFi to DeFi

Key insights into the transition from traditional to decentralized finance from industry experts.

Breakpoint 2023: Bonds Can Be Interesting, Too

Introducing stable bonds on the blockchain, fostering growth and stability in the DeFi ecosystem.

Breakpoint 2023: The Creator Economy in Web3 vs. Web2

Exploring the challenges and opportunities for creators transitioning from Web2 to Web3 ecosystems.

Breakpoint 2023: When Are You Going to Get Serious About Security?

A compelling call for developers to prioritize security in the Web3 ecosystem.

Breakpoint 2023: OpenBook v2

Rebuilding Decentralized Finance Post-FTX Crisis: The Launch of OpenBook v2

Breakpoint 2023: Phantom Quests

Phantom introduces an engaging incentive program to explore new features and understand the Solana ecosystem with Phantom Quests.

Breakpoint 2023: Youth in Web3

Exploring the journey, challenges, and advice of young professionals in the Web3 ecosystem.

Breakpoint 2023: Fireside Chat with Nuseir Yassin & Akshay BD

Exploring the financial reality of content creation and the potential impact of Web3 on the creator economy.

Breakpoint 2023: Gaming in Web3 Panel

Leaders in the Web3 gaming space discuss the challenges and opportunities within the industry.

Breakpoint 2023 Highlights

An overview of Solana's achievements and the future of decentralized networks presented at Breakpoint 2023.

Breakpoint 2023: Payments on Solana, The Digital Commerce Revolution

Exploring the potential of Solana for revolutionizing digital payments and commerce.