This is a technical article about another of Anonyome Labs’ contributions to supporting the ongoing development of decentralized identity – the future of privacy and identity management on the internet.
Quick read: Through extensive research, we have discovered that using an air-gapped and security-tightening wallet is the optimal approach to safely storing $CHEQ tokens from our cheqd mainnet validator node. This solution is known as a cold wallet because it’s a cryptocurrency wallet that is not connected to the internet, which makes it difficult to remotely steal the assets stored in it. As the cryptocurrency space continues to develop and gain traction, the importance of securing tokens is becoming more apparent. Cryptocurrencies are very desirable to criminals and we’re seeing more hacks happening to various exchanges. With Anonyome Labs continuing to develop and participate in the SSI space through the cheqd network, putting privacy and security first helps set the pathway for the future. This cold wallet concept is an important step along the path.
Long read: Since Anonyome Labs joined the cheqd mainnet, our validator has been actively participating in the network and earning $CHEQ tokens. The validator earns a commission on the staked tokens from other parties’ delegations as well on those that are self-delegated.
Tokens and cryptocurrencies in general continue to attract criminals who exploit vulnerabilities in these newly developed technologies. As a result, the decentralized finance and decentralized identity communities face hot wallet hacks and the resulting theft of personal or company assets. To combat potential theft or loss of tokens, Anonyome Labs researched and implemented a cold wallet storage solution for its $CHEQ tokens which addresses the risks in running a validator node.
About cheqd and $CHEQ
Since its launch, cheqd has provided a utility token ($CHEQ) that will allow future issuers, receivers, holders and node operators to pay each other privately and securely for digital credentials. A suite of mobile and backend tools will allow developers like Anonyome Labs to use cheqd decentralized identifiers (DIDs) for SSI applications. While the cheqd DID method is still being implemented, node operators can already contribute by hosting nodes to participate in the network. As we said, the cheqd network is maintained by node operators that earn tokens through commissions via participant delegations. The so-called “nodes” run the cheqd-noded software, which is the server portion of the cheqd network stack built using Cosmos SDK and Tendermint. Nodes actively participate in the network by validating transactions, signing and writing new blocks to the public ledger, using computer resources.
Risks involved with running a validator node
Operating a node on the cheqd mainnet requires tokens to initiate governance proposals and to pay for transactions. But not all the tokens that the validator earns need to remain in their wallet and could be kept on another wallet less prone to vulnerabilities.
The validator’s wallet is potentially vulnerable to attack in two ways:
- Tokens can be sent from the validator’s wallet to any other $CHEQD wallet via the cheqd-noded command line interface (CLI). The CLI transaction command is protected by a keyring passphrase which is created during the setup phase. In the circumstance where access to the validator and keyring passphrase are compromised, all tokens stored on the validator could be transferred to any other wallet. Such an attack would require a weak passphrase in order to be brute-forced.
- If all tokens are stored on the validator and the recovery phrase (mnemonic) were to be lost, the tokens would not be recoverable if anything were to occur to the validator. For example, in the event of a corrupt or deleted node with no backups, without the mnemonic the tokens would be lost forever.
The solution to address these risks for Anonyome Labs is to successfully implement a cold wallet to store the majority of tokens it earns and owns.
What are cold wallets?
Cold wallets are devices that generate and store private keys used by cryptocurrency wallets while remaining offline. Being offline is an advantage because the private keys are never shared without authorization. The term “air gap” in this context describes the process of physically separating access to assets from a security perspective.
How does a cold wallet address security risks?
Using a secondary, security-hardened wallet allows for tokens to be securely backed up. Any tokens that the validator isn’t using to perform transactions can be sent to the hardware cold wallet address. Once there, the tokens are air gapped and not accessible without authorization from the cold wallet device. The fact that a cold wallet is a physical medium ensures the assets stored on it are truly in the owner’s hands.
Which options are available for $CHEQ?
Ledger Nano Hardware Wallet
While the Ledger Nano natively supports the Cosmos Interchain it doesn’t support $CHEQD natively and must be configured via an interchain wallet such as Keplr, which provides an interface to pass cheqd transactions to the Ledger Nano. This configuration alone doesn’t provide an interface to perform decentralized governance tasks, so Keplr needs to be connected via Omniflix.
Omniflix is a dashboard used for staking, delegation and governance on the cheqd network. It connects with the Keplr Chrome Extension through the extension’s API, which authorizes any transaction through the Ledger Nano linked to the account. The Ledger Nano acts as the security-hardening component of the cheqd wallet since it must be unlocked with a 4-8 digit PIN code and be physically present when interoperating. This means that no tokens can be taken from the wallet unless the ledger owner authorizes it.
The Ledger Nano devices use Ledger Live to install individual cryptocurrency “apps” onto the device. While Cosmos is supported as an app, there is no direct support for cheqd within Ledger Live. As a result, Ledger Live is not suited as a wallet to store, stake or delegate $CHEQD tokens and is only used to install the Cosmos app. The Ledger Cosmos app, when connected and unlocked within Keplr, allows the wallet to communicate to the cheqd network. Ledger Live also acts as a further management console for the Ledger hardware wallet to change preferences, settings and perform important firmware updates.
AirGap vault and wallet
AirGap vault is a novel approach to storing wallet private keys offline. It’s novel in the sense that no specific hardware is required, only an app on any iOS or Android device. Once the app is installed, the device can be put on airplane mode to remain completely offline. While AirGap supports Cosmos and staking of tokens, it doesn’t yet support $CHEQ tokens.
Our decision and implementation
Due to the limited adoption and support for $CHEQ tokens among wallet providers, the best option to date for securing assets is on a Ledger Nano device that interfaces through Keplr and Omniflix.
To summarize, this lets us:
- back up excess tokens on a separate air-gapped wallet
- stake air-gapped wallet tokens to the Anonyome Labs’ validator and claim the rewards
- transfer tokens from the air-gapped wallet to the validator if it requires more tokens to process transactions.
Anonyome Labs has employed a multi-stage approach to transferring tokens off the validator, which requires:
- biometric authentication
- two-factor authentication (2FA) command line access
- air-gapped cold wallet authorization
- password manager access to strong passwords.
This process is audited and separates roles and duties, with need-to-know principles limiting the access to company assets both internally and externally. The process for backing up tokens from the validator’s address is outlined next.
Process for backing up tokens
- Ledger Nano (S/X) device
- Cosmos app installed through Ledger Live
- Keplr Chrome extension with Ledger Nano (S/X) imported
- Keplr connected to the cheqd Omniflix dashboard.
- An authorized user uses biometric authentication to sign into their device and open their 2FA app.
- The user logs into Validator EC2 Instance using the correct certificate file and 2-factor authentication code.
- The user accesses the cheqd node CLI to send unused tokens to the Ledger hardware wallet address.
- Keplr asks for the Ledger Nano to be connected and unlocked with the on-device pin and to open the Cosmos app.
- Keplr Chrome extension is unlocked using the password stored in a password manager protected by another password or biometric.
- The user is authorized to send, receive, delegate, stake and claim $CHEQ tokens. The ledger must remain connected and unlocked during any of these actions.
Through extensive research, Anonyome Labs has discovered that using an air-gapped and security-tightening wallet is the optimal approach to safely storing $CHEQ tokens from our cheqd mainnet validator node. As the cryptocurrency space continues to develop and gain traction, the importance of securing tokens is becoming more apparent, to mitigate the risks from malicious actors. With Anonyome Labs continuing to develop and participate in the SSI space through the cheqd network, putting privacy and security first helps set the pathway for the future.
Key terms to know
Validator – a node responsible for verifying transactions on a blockchain. Once transactions are verified, they’re added to the public distributed ledger
Node – a computer that connects to a cryptocurrency network. It acts as a relay point which keeps a copy of the ledger and verifies its validity
Ledger – a public record of transactions that is replicated and distributed across the participating network to its peers (other nodes on the network)
Staking – the process of depositing cryptocurrency into a smart contract on a network to receive tokens as a reward. This is considered similar to an interest-bearing savings account
Delegation – the process of picking validators to stake tokens in. Holders vest their tokens in validators they trust to process transactions and earn rewards
Keyring passphrase – the password that restricts access to the cheqd-noded command line interface
DID – a type of identifier that enables verifiable, decentralized digital identity. This can refer to any subject, person, organization, thing, data model, abstract entity etc.
Verifiable credential – an open standard for digital credentials. Verifiable credentials represent statements made by an issuer in a tamper-evident and privacy-respecting manner.
Hot wallet – a cryptocurrency wallet that is always connected to the internet and cryptocurrency network
Cold wallet – a cryptocurrency wallet that is not connected to the internet, making it difficult to remotely steal the assets stored in it
Air gap – a metaphorical description of the conceptual gap required by the physical separation between computers
Inter-chain – the way all blockchains and traditional systems can connect in a secure manner
Photo by Billion Photos