Published on

Wallet Security


Wallet security is critical anytime you own more than modicum of crypto. Lets's explore how the popular wallets, Metamask (#1 Ethereum wallet) and Phantom (#1 Solana wallet) deal with security.

The first thing to understand: the seed phrase is your entire wallet. Optionally, you can add a passphrase to the seed phrase but that doesn't fundamentally change the discussion below so we'll ignore that henceforth. From this unique combination of 12-24 words, all your public and private keys can be derived as shown below. If you're interested in the technical details of how the derivation works, read this article.

Seed phrase derivation

When someone has your private keys, they can approve any transaction transferring money irreversibly to another (their) wallet. And if you can derive your private keys determinisically from the seed phrase, all an attacker needs is your seed phrase to completely drain all of your wallets.

Now if you don't need to use the money in this wallet to transact on a regular basis, you could simply write the seed phrase down on a piece of paper and store it in a safe. Maybe multiple safes, in case of a fire. That's an example of a cold wallet, that is a wallet not connected to the internet. In that case, ideally, you generate the seed phrase offline as well so that Metamask or Phantom has never had access to the seed phrase.

But if you want to use your cryptos, you need an internet-connected Metamask or Phantom wallet.

How do these wallets store your seed phrase? Metamask, which is open source, appears to store your seed phrase in encrypted form using AES-GCM. The encryption key is derived using PBKDF2 (10k iterations) from a password you set.

encrypted storage

This is actually a very secure setup: essentially state of the art encryption. Assuming you don't use any cloud features of Metamask and Phantom, an attacker would need both your password and physical access to your computer (where the encrypted wallet is stored) in order to access your funds. If they have the latter (physical access) but not the former (the password), they could attempt to brute force your password. PBKDF2 is computionally expensive so to derive the key from the password takes some time and they can't run through all possible enumerated passwords quickly. If you choose a 2-letter password, they might be able to guess it pretty quickly though. 1Password has a good table of the cost of a brute force attack on PBKDF2: a 9 character password with some lowercase letters and digits will cost $25k to crack. On the other hand, with just the password but no physical access, the attacker can't do much.

Phantom is a different story. It is not open source and has very little information detailing its security besides "Phantom is a self-custodial wallet. Your private keys are encrypted on your device by your password and are never shared with anyone." Even the independent audit they did doesn't talk about their encryption schemes. But it's a browser extension so the minified code is available with every install. I poked around but I didn't get too far. There are references to PBKDF2 (1000 iterations), AES and scrypt so it's likely very similar to Metamask: some kind of password-based key derivation to get an encryption key from the password AES encrypt the data. Phantom really should be more open about the encryption scheme and it's scary that they aren't.

Here are some key take-aways in the situation where someone wants to attack you:

  • Posession of seed phrase allows full access to funds
  • Password alone doesn't give access to funds
  • Physical access to your computer alone doesn't immediately give them access to all of your funds. But the attacker might eventually be able to get access to funds by cracking the password. It'll be expensive for them though.

Take-aways in case you forget the password or the seed phrase:

  • If you forget the seed phrase, you should be able to recover it from Metamask. Even if Metamask wasn't the originating wallet for this seed phrase, if some of the wallets have their private keys in Metamask, you'll have access to only those wallets. But overall forgetting your seed phrase is bad bad bad.
  • If you forget the password, no biggie, you can re-generate the wallet from your seed phrase.
  • If you lose your computer, not a problem again since you can re-generate the wallet from your seed phrase.

Overall, here are my high-level recommendations:

  • Choose a good wallet: Metamask seems okay and even though I use Phantom, I'm not sure that I'd recommend it given the lack of transparency around security
  • Store your seed phrase in a safe location: add some redundancy to ensure you don't lose your funds forever if that location burns down
  • Choose a strong password and store the password in a password manager like 1Password