Why Crypto Hardware Wallet Makers Keep Getting Hacked - And A Proposal To Fix It
Trezor was the latest victim of a marketing system breach - how I would fix this
Security breaches in hardware wallet providers Ledger and yesterday’s Trezor exploit have highlighted a critical issue: their email marketing systems have been compromised and used for phishing scams against customers, sometimes repeatedly.
The root of the problem lies in the nature of email delivery as a semi-monopolized system, dependent on reputation for ensuring message deliverability. Consequently, running an independent mail server with the expectation of reaching customers effectively is no longer possible. Email marketing platforms, the primary players in this space, aren't designed with high-security measures in mind, making them vulnerable targets for hackers seeking access to valuable customer Bitcoin wallets.
In the early 2000s, I ran a private email delivery service for an organization with good delivery rates, just by using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). However, this landscape shifted dramatically with the advent of Gmail. Google, in collaboration with AOL and Yahoo Mail, transitioned to a domain reputation-based system. This shift has made it virtually impossible for non-marketing organizations to manage their own email servers, as maintaining a strong domain reputation requires the regular dispatch of a high volume of emails.
A potential solution to this dilemma lies in an existing concept: Hashcash, proposed by Adam Back in 1997. Notably incorporated into Bitcoin's proof-of-work algorithm, Hashcash could effectively address the email security issue. It operates by attaching a computational proof header to emails that necessitates a modest computational effort to generate, thereby discouraging mass email send-outs. Widespread adoption of Hashcash could diminish the relevance of the current domain reputation-based system.
However, the prevailing email marketing oligopoly is unlikely to be motivated to change the status quo, which perpetuates their necessity and influence, making the adoption of Hashcash unlikely.
An alternative, more feasible solution that doesn't involve challenging the email monopoly is OpenPGP. PGP (Pretty Good Privacy) and its primary open-source implementation, GnuPG (GNU Privacy Guard), are encryption and digital signature systems, already extensively used for authenticating the sender and integrity of message and file creators. While major email marketing services and inbox providers do not support these encryption tools, there are browser extensions that add seamless support, though they have limited adoption.
In light of these issues, I propose that Bitcoin businesses spearhead the initiative to sign all their communications using PGP/GnuPG digital signatures. Additionally, promoting browser extensions that automatically validate such messages could significantly enhance security and trust within the industry.