Ethereum’s Vitalik Buterin Advocates Unique Approach to Crypto Security

• Ethereum co-founder Vitalik Buterin has highlighted the drawbacks of using hardware wallets to secure crypto in his advocacy for Multisignature. 

• According to him, 90% of his funds are secured using Multisignature, an advanced approach that requires transactions to be validated by more than one signature. 

Crypto security takes center stage as Ethereum co-founder Vitalik Buterin makes an insightful presentation on the most effective approach to securing digital assets in addition to the vulnerabilities presented in the most common wallets. His comment came after an X user – @ptrwtts – pointed out some of the drawbacks of hardware wallets which invalidate its safety status. 

Counterpoint: when using a hardware wallet, the biggest risk becomes yourself. Beware of the footguns: Someone finds your stashed seed, you hide the seed so well you forget, you put the seed in a bank safety deposit then hastily move overseas due to covid.

According to Buterin, the risk of getting trapped in one of these obvious human errors underscores his decision to resort to multisignature to secure 90% of his funds.

The above is why I use a multisig (@safe) for >90% of my personal funds

M-of-N, some keys held by you (but not enough to block recovery), the rest held by other people you trust. Don't reveal who those other people are, even to each other.

Decentralize your own security.

— vitalik.eth (@VitalikButerin) May 1, 2024

For quick insight, multi-signature is a sophisticated approach that requires a transaction to have two or more signatures to be executed. In other words, the signatures are associated with different cryptographic private keys with the defined threshold of keys needed to sign a transaction to validate it. Multisignature does not rely on a single point of failure but depends on the trustworthiness and reliability of those who hold the other keys. 

More on Multisignature

Any party with a multi-sig wallet can initiate a transaction but will remain pending until other parties sign it. It may also implement an N-of-N setup where transactions become valid after being validated by signatories. It may as well have an N-of-M setting where a specific subset of signers approves a transaction.

However, this approach of securing crypto is not far from the reach of threat actors. It can be recalled that Horizon Bridge lost $100 million to hackers in 2022 when its 2 of 5 multi-signature schemes got compromised. 

This is what the Polygon’s chief information security officer, Mudit Gupta, said:

The hacker compromised 2 addresses and made them drain the money. The two addresses were likely hot wallets used to listen for and process legit bridging transactions…The attacker compromised the server(s) that these hot wallets were running on. Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either an SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.

The merit of this discussion is highlighted in the Chainalysis Crypto Crime Report which estimated that $3.7 billion were stolen from crypto theft in 2022. In 2023, this had decreased by more than 50% to $1.7 billion. However, the number of individual hacking incidents increased from 219 in 2022 to 231 in 2023. Another report by PeckShield estimates that the value of cryptos compromised by hacking stood at $187.6 million in March 2024.