Fallen Angel Attack
Traditional approaches to Bitcoin storage rely on security by obscurity. Most wallets implement a "secure element," which is a piece of hardware designed to hide something inside a puzzle. The puzzle is made to be difficult and expensive for a hacker to get the thing out. However it is impossible to make this puzzle unsolvable, and as a result, the hypothetical hacker and protector are forever locked in a battle of wits.
KoinKeep's unique style of Bitcoin storage eliminates the puzzle entirely. The data required for our hacker to steal founds is not located on the device at all. Our clever hacker can "solve the puzzle" on the device until the cows come home and they'll never get the funds.
Unlike other Bitcoin storage systems, KoinKeep uses a “security passphrase” that is never stored or sent to the hardware device and yet is required to access your funds. Think of it like putting your safe behind a locked door. Opening the door doesn't give you access to the inside of the safe while a hacker with the code to your safe can't get past the door. It doesn't matter if our hacker can crack a safe if they can't get through the door!
The keys to the door are stored on your phone while the keys to the safe are stored on your hardware wallet. This simple trick takes little effort for you but makes it exponentially more difficult for our hacker. So difficult that perhaps we will convince our hacker to change careers to an agent of good instead!
With KoinKeep, You’re also protected against the fallen angel attack. In this type of attack the manufacturer of the hardware, or someone in the supply chain, modifies the hardware before it arrives to you. They could put an extra chip on the board or even replace a chip with a malicious one. This malicious chip then forces the device to use the fallen angel’s malicious entropy.
The malicious entropy gives the fallen angel a “magic mirror” that can see all of the funds being added to these modified devices. Having established magic mirrors on as many devices as possible, they now wait and watch, while customers add funds to the hardware wallets that left the factory.
The fallen angel waits in excitement as their magic mirror reveals more and more customers’ savings. Once the fallen angel has enough Bitcoins deposited onto their infected devices to satiate themselves, they make their move. With the 100,000 devices they’ve infected there is now over $100M worth of Bitcoin.
They execute their demon script and instantly steal the funds through the magic mirror. All those customers’ Bitcoin are now gone and in their control. They silently retire with as much funds as they could be patient for — probably telling their friends they “got lucky” with Bitcoin.
But they won’t get you! Because of the simple act of putting your Bitcoin safe behind a door using KoinKeep. The magic mirror entropy can’t see through the extra door. The fallen angel attack is foiled because the keys to the door were never generated on the hardware! By letting your phone generate the keys or even better, supplying your own, the fallen angel skips right over you in search of easier prey.
An additional security feature KoinKeep supports out of the box is splitting the key to your Bitcoin safe across multiple devices, so called Multi Signature Security.