Thoughts from a Crypto Company Founder: Part 2
Today I want to give away something free that may help other crypto founders save millions. Although there are many ways to end up getting https://rekt.news/ in crypto, there is one error that many companies make from day one.
NO ONE SHOULD EVER KNOW THE PRIVATE KEYS TO YOUR INFRASTRUCTURE. PERIOD.
If your company already operates with HSMs, you can stop reading. If not, you should fix this yesterday. For those readers who don't know what an HSM is, it is a Hardware Security Module. These beautiful pieces of hardware are magical boxes that allow you to create private keys inside them that your infrastructure may use to sign transactions, but no one may ever export them. Said differently, you can create private keys that your systems may securely use but no one will ever be able to get the raw private keys themselves.
In order to understand why this is such a big deal, lets consider two cases:
1. An internal actor has access to your raw private keys to deploy assets using their personal device. This person gets separated from the team.
2. An external actor gains access to your cloud infrastructure or even one of your developers machines ( possibly where private keys are stored ).
In both of these cases any private keys the actor had access to must be rotated. This can be a huge pain at best and the loss of control of your systems/assets at worst.
Digging deeper at the difference between using an HSM versus using raw private keys, lets consider what does happen when a malicious actor gets access to a key in terms of the game theory.
The attacker's best strategy is to maximize the amount of assets they may steal. Your best strategy is to minimize the amount of assets the attacker may steal, but the reality is there is no winning move for the defender in this game. An attacker has every incentive to pay as much gas as is possible to ensure their transaction that steals funds will succeed. You however lose more value every time you pay more gas, but you face losing everything if you do not pay enough gas to prevent the attacker from replacing your transaction with a higher gas price. The result is a race to the bottom where the person being attacked either loses everything to the attacker or the miners. Thus, it is a lose lose game.
In the event that keys are stored in an HSM instead of in a raw format readable by others, you can put complex access controls in place that limit the amount of funds that may ever leave an account. This has the benefit that while you may lose something, you should never end up in the case above where you always lose everything.
So now we get to the free part of the post. If you want to see how to use AWS KMS as an Ethereum compliant signer in GoLang, I have already done the hard work for you. Just go check out this Gist, and feel free to ask questions. I am always happy to help.
https://lnkd.in/gNWpNeqc
CreationNetwork.ai
1mohttps://linktr.ee/creationnetwork.ai