Cybersecurity Cloud & Data

{Crypto watch: NGRAVE} The ´coldest wallet´ that is unplugged and never connects to the Internet

This Belgian blockchain startup is looking to have the last word in secure wallet storage.

2020 saw its fair share of crypto security breaches:

In September, KuCoin became a target for hackers. Around US $275 million were stolen, making it the third-biggest exchange hack of all time after Mt.Gox and Coincheck.

In December, UK-based exchange, EXMO, lost US$10 million to a breach. It is believed that hackers gained access to hot wallets typically used by exchanges to store operational funds needed to fulfill withdrawal requests quickly upon demand from users.


Read more: {Cyber watch: InstaSafe} A Zero Trust security solution that ´by default trusts no user, inside or outside the network´


In December again, Ledger experienced a data breach when hackers dumped their customer database on the web. While not a theft of funds, reports stated that users whose data leaked, have been targeted by phishing attacks.

Finally, researchers recently revealed that they had been conducting a year-long investigation into a piece of malware called ElectroRAT. The malware is a variant known as a Remote Access Tool, and it was spread through three scam applications, two fake crypto trading platforms called Jamm and eTrade/Kintum, and a phony crypto poker app called DaoPoker. The fraudsters tricked users across the globe into downloading their applications. Once installed, they would use keylogging and take screenshots to steal private keys.

Centralization is a crucial issue in the retail market, which is shocking for an industry that holds decentralization as a cherished principle

Centralization is a crucial issue in the retail market, which is shocking for an industry that holds decentralization as a cherished principle. Ledger and Trezor dominate the market for hardware wallets, and both have suffered major security issues in the past.

So, cryptocurrency users have two choices:

  • Find a reputable custodian for their funds. While there are reputable firms, all crypto custodians tend to be secretive about how they secure funds, so it is hard to evaluate how safe they actually are.
  • Use a wallet. The problem: hot wallets are notorious targets for hackers, and cold wallets are vulnerable due to dependence on Internet connection, which creates an opportunity for hackers.

According to blockchain security firm Slowmist, hackers have lifted an incredible US $14.6 billion worth of cryptocurrency in total. Of that, more than half has been lost from wallets.

Co-founders of NGRAVE, a Belgian startup looking to have the last word in secure wallet storage, also found themselves affected by this issue. They just came out with Ngrave ZERO, a hardware wallet that some call the ´coldest wallet´, because it does not need to be plugged in and never connects to the Internet.

It features two buttons for confirming transactions on the display screen and uses BIP39 seed encryption for private key storage. The wallet is backed by the Interuniversity Microelectronics Centre (IMEC) and Computer Security and Industrial Cryptography (COSIC).

The Tech Panda caught up with Ruben Merre, Co-founder and CEO of NGRAVE, to learn more about crypto wallet security and how his firm is tackling the issue.

Ruben Merre

Even so-called cold wallets or hardware-based storage always requires an Internet connection. So, there’s always a point of weakness that a hacker can exploit

According to him, most wallets simply approach security from the wrong angle.

“The fact that transacting in digital currencies requires an Internet connection leads to a situation where most wallet providers start from the basic premise that their wallets must be connected to the Internet. So, there are literally dozens of ´hot´ or software-type wallets that are simply apps on your phone,” he says.

These apps contain the same vulnerabilities as any other app, and the fact that they’re issued and operated by fallible humans means that it’s all too easy for hackers to steal funds. Many users make the mistake of storing their private keys on unencrypted media such as email.

“Even so-called cold wallets or hardware-based storage always requires an Internet connection. So, there’s always a point of weakness that a hacker can exploit,” he adds.

NGRAVE Origin

NGRAVE co-founder, Xavier Hendrickx, is a longstanding veteran of the cryptocurrency space, having joined in 2013. As such, he was one of the unfortunate targets of some of the most high-profile hacks in crypto history, including Mt.Gox, The DAO, and the Parity hack.

In an attempt to help reduce the risk, Hendrickx joined the white-hat hacking community. Merre and Hendrickx had already spent significant time discussing cryptocurrency security together with their third co-founder, Edouard Vanham. They came to the joint conclusion that there wasn’t a single security solution on the market with which they’d trust their own crypto. Thus, they decided to build it themselves.

They started off with an IndieGoGo campaign in May 2020, which successfully raised 450% of its fundraising goal within the first two days. By the time it closed, the company had raised US$450,000.

The first orders of the NGRAVE wallet are now due to ship in the next few weeks. Perhaps then, finally, crypto users can breathe a sigh of relief knowing their funds are offline, safe from hackers.

The NGRAVE ZERO Wallet

So, what does a good crypto wallet look like? Merre has a simple take on things.

“The only way to ensure the safe storage of digital coins is to keep your private keys air-gapped from the Internet. That means you shouldn’t store them on any Internet-enabled device or on any device that requires connecting to an Internet-enabled device,” he says.

This is the challenge that his company seeks to address. The NGRAVE ZERO wallet has been developed in collaboration with renowned cryptographer Jean-Jacques Quisquater, who is the second reference of the seminal Bitcoin white paper.

The only way to ensure the safe storage of digital coins is to keep your private keys air-gapped from the Internet

In developing the wallet, the NGRAVE team started from the fundamental premise that the device has to operate without connecting to any other device, either using a cable or by Wi-Fi or Bluetooth.

At the same time, they’ve strived to ensure that the user experience isn’t compromised by high levels of security, allowing users to send and receive cryptocurrencies with the same ease that they could with any other wallet.

How the NGRAVE ZERO Works with No Connectivity

The ZERO wallet has an LCD touch screen with a built-in biometric fingerprint sensor. It’s designed to work in tandem with their proprietary app, Liquid. For example, a user wants to send some crypto from their ZERO wallet. They initiate the transaction using the app, which generates a QR code.

The NGRAVE team has tried to keep the process as easy to use as a payment gateway like Apple Pay so that anyone can send a crypto transaction in seconds

The ZERO has a built-in camera that scans the QR code, so the user can then sign the transaction using ZERO. The ZERO then generates its own QR code, which the user can scan with their phone app, and the transaction is sent.

The critical point here is that there’s no sensitive information in the QR codes, and the ZERO never needs to connect to the phone app.

“The NGRAVE team has tried to keep the process as easy to use as a payment gateway like Apple Pay so that anyone can send a crypto transaction in seconds,” says Merre.

Burgeoning Markets

Merre believes that solutions such as the ZERO wallet are rapidly becoming urgent, given the pace of growth in the cryptocurrency markets. He sees the growth trajectory continuing as bullish.


Read more: Cyber trigger: Fraudsters leverage remote working, COVID-19 to give sleepless nights 


“Like many in crypto, I believe the markets will continue to show bullish signals for some time to come. The cycle following the last halving event in May 2020 isn’t yet done. Bitcoin prices will continue to rise. Even when the inevitable pullback happens, I doubt we’ll ever see a sub-US $10k or even sub-US$20k BTC again, simply because there’s too much institutional money in the game now,” he concludes.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

91.55% of Indian finance websites fail accessibility standards

As digital transformation accelerates, ensuring accessibility remains crucial for millions of Indians with disabilities. Addressing…

2 days ago

Is AI Hitting a Plateau? The Scaling Debate OpenAI Prefers to Avoid

I think OpenAI is not being honest about the diminishing returns of scaling AI with…

2 days ago

PayalGaming becomes India’s first female gamer to win an international award

S8UL Esports, the Indian esports and gaming content organisation, won the ‘Mobile Organisation of the…

3 days ago

Funding alert: Tech startups that raked in moolah this month

The Tech Panda takes a look at recent funding events in the tech ecosystem, seeking…

4 days ago

Colgate launches AI-powered personalized dental screenings

Colgate-Palmolive (India) Limited, the oral care brand, launched its Oral Health Movement. The AI-enabled initiative…

4 days ago

The role of ASR in voice bots: Revolutionizing customer interaction through real-time recognition

This fast-paced business world belongs to the forward thinking organisations that prioritise innovation and fully…

4 days ago