Tell me if your Wallets are Safe after Learning about Starshell Wallet in this Post.
Data is worth money and this is a key reason your online privacy is at risk. For instance, knowing your browsing habit or search history can deliver big profits to advertisers. While this is a legitimate use of your data, personal data is also worth money to criminals. Therefore, any information you put on the web might be used maliciously.
So, “If you say you don’t care about privacy because you have nothing to keep, it’s as if you’re saying you don’t care about free speech because you have nothing to say”. However, this post will focus more on privacy in web3 cryptocurrency browser extensions like Metamask, Kelpr, Phantom, and the likes.
Web3 Wallet Extensions
These browser extensions play important roles in what we know as web3 today. Owing to the emergence of Defi and other profitable crypto investment platforms, most people now keep a lump amount of their wealth in the web3 ecosystem for higher returns through wallet extensions.
Notwithstanding, important privacy ethics that are capable of exposing users to threats and attacks are being neglected by these browser extension wallets. Why have wallets not thought about web protection? It sounds so funny that ‘’my Metamask extension makes itself known to websites I visit without my permission, please who owns who?.” These wallet extensions give variables to all sites a user visits including those that deal with cryptocurrencies and those that do not.
Analogy1
For instance, Mr. A logs in to [www.gynaloy.com] → [page displays contents] — — [website global scope ] — — — displays — →” this user has the following wallet extensions {X, Y, Z}” where X, Y, Z represents names of wallet extensions that Mr. A has in his browser.
MITM Attack
A man-in-the-middle attack is a type of cyber attack in which an attacker monitors the interaction between two targets to collect and decrypt personal data, passwords, and transaction details to convince victims to complete a transaction, initiate a transfer of funds or change login credentials. Web3 wallet extensions are vulnerable to MITM attacks for the fact that they make their presence known to every website whether the website demands their connection or not, and co-extensions that are obscure have the potential to compromise others. The major problem is that communication between websites and wallets can easily be spoofed or intercepted by a malicious extension capable of aiding a MITM attack. This could trick a user into approving an action generated by the attacker instead of the original transaction. So, malicious extensions can overwrite transactions as in the case below.
Analogy2
User — — {swap transaction(swap)} — — — — [Intruder] — — — {transfer transaction(swap)} — — — {signatory permission(swap)} — — — User =”Allow”
Boom! This user has just bitten the dust! More and more wallets have been compromised and wiped due to a lack of privacy in web3 wallet extensions.
Why We Need To Fix The Fox
It is right to say that being careful of sites one surfs is enough to stay safe from this privacy risk but what if the trusted site got compromised and, thereby exposing data to threats from hackers; the devils of web3 these days? It’s no more news that the recent Axie-Infinity hack told a lot on the launch of its origin card and other platforms have also suffered great losses from cyber hacks. This is why we need a wallet that is privacy-preserving by default.
What is Starshell wallet?
Starshell is a privacy-preserving, free, and open-source web3 wallet built for the SecretNetwork and Cosmos ecosystem. A wallet that employs a Covert Discovery process to prevent advertising itself to every website by default but rather requires websites to first request to see if the wallet is installed. This gives users the ability to surf websites without exposing the presence of their wallet extensions.
Starshell Shadow Accounts
Starshell offers an address randomization service known as Shadow Accounts when exporting the wallet’s public key to web apps. This ensures the integrity of the produced transaction by replacing the shadow address with a real address before transactions are submitted. This resolves the web3 wallet’s flaw of embedding transaction data in the real wallet address, making it open to exploitation through its owner signatory function.
Addressing Malicious Extension Attack
The major challenge of other web3 wallets is that there is no way to be sure that window property has not been changed(like (swap) in Analogy2). Therefore a wallet that uses non-configurable JavaScript properties, reference comparison, stack signing, and out-of-band authentication tends to provide maximum shield malicious extensions can not bypass.
EndNote
Starshell wallet covers the whole spheres of security and privacy protection on the web3 wallet. These features are what we need to have peace using web3. Starshell wallet is still under development and it will support both mobile and desktop at its launch. According to their roadmap, the app will launch in Q4 of 2022 which is in October.
Follow starshell on Twitter
Learn moreStarshell website
Watch Starshell question session with ShadeProtocol:- https://youtu.be/Fbhp5VTM_pM
