Hello!
In recent days I have been tinkering with what I believe is a very important security enhancement in Hive. Nothing less and nothing more than the addition of a Hardware wallet feature on Hive through Ledger.
The person responsible for this is @engrave, and if you're not doing it already, you should vote for him as a witness (you can vote for him through this link). It's the least someone on Hive can do for people who develop (very!) useful and necessary features.
This post isn't intended to be a tutorial (which by the way you can find here), but wanted to report a couple of things about the use of ledger in Hive and an important security improvement for my project, SEED.
HIVE on Ledger, important remarks
I'm not going to go into the minor details of the installation but go straight to the most important step, which is to change your current private keys to ones derived from your Ledger, which you can see in the step ''How to associate your account with ledger device'' in the aforementioned @engrave's tutorial.
As you can see in the pic, you will be asked if you want to ultimately change ALL of your keys or only the Owner key. This has some serious implications (as I have experienced it myself).
The thing is that for testing purposes, I tried changing the Owner + Active in one of my alt accounts (letting the posting as it is to keep with the blogging features).
What is my surprise when I realize I'm unable to use peakd or any other frontend (since the ledger app interface doesn't have a Keychain integration yet).
Not only that. I was completely UNABLE to use Hive-Engine. My account was only able to send/receive/power up/down Hive & interact with savings.
I didn't panic because I knew that the worst-case scenario was to wait for a Keychain integration, but being realistic this is a few months away, at bare minimum. I was locked out of my own account for a while because I'm a monkey and didn't think about this little detail, and didn't check for HE support first.
Fortunately, I was able to reach engrave through discord and with a bit of skill and another guide I was able to recover full control of the account in a few hours. Thanks again @engrave!
Then, what to do?
My recommendation: backup your Owner key through Ledger and keep unchanged your Active & Posting.
This way you'll be able to keep using your account until now, but instead of worrying about the security of your (encrypted or not) .txt file you'll sleep better at night knowing that if your active/posting keys ever get compromised (random power down starts or something like that). You'll have a very reliable way to recover your account (if you backed correctly your Ledger and all that stuff).
Bonus feature: Full cold Hive wallet
Maybe this post has probably got you thinking about ways to back up your account and assets (it's exactly what happened with me). And this is only one of those use-cases: a hive account under your control with ALL the keys derived from your Ledger.
My account has a lot of activity (transfers in/out, recurring payments, etc), and sometimes is a bit hard to keep track of everything. So it makes sense to create an account, with the only purpose of 'keep stacking' and to keep safe those assets that you're holding long-term anyway (you know, just in case).
If you stake Hive as Hive Power, you can always (and it's highly recommended) to delegate it to your main account.
This feature is even juicier since you can stack your HBD at +20% APR there and sleep even better at night.
Bonus feature #2 (for Project Owners like me!)
SEED isn't a stackable asset. I mean, you're holding it fully liquid into your account.
If you're holding a few hundred of something isn't a problem, but in my case, I've been holding ~50% of the total supply of SEED for a few months.
One of my deepest fears all this time has been someone gaining access to my account, and dumping everything at once, destroying the HE market and the Liquidity Pool.
Even worse, sometimes I log in very late at night to make a trade (usually I try to avoid it but sometimes I don't have any other option), and sometimes I'm afraid of 'market selling' the 'wrong token' and fat-fingering the market. A simple market sell of 3K SEED would be enough to make a lot of damage and put a lot of SEED in hands that shouldn't be.
Jeez, I still remember when someone missed on a few zeros and did a massive 'market sell' which emptied the GDAX order book and 'flash crashed' eth to 0,1$ ... from 320$... in a few seconds.
It would be a very big mess, and probably a new token must be issued... with the loss of trust and problems that this would generate. definitely a problem I don't want to run into.
Solution? Locking you out (temporarily) of your assets.
And this is exactly what I did. I sent my SEED stash (exactly 50% of the supply or 50K SEED) to a fully cold wallet of mine (without Hive-Engine support yet).
If required I can have access to those tokens through commands, but since I don't want to touch them for a long-time anyway this feels like a proper & very convenient solution.
To sum up
Ledger is a very reliable system to keep your assets safe. The recent addition is Hive is a great step ahead although there's still a lot of work to do in terms of integrations, etc.
Definitively the possibilities that open up are very significant.
--
Vote for My Witness!
If you like what I do consider voting for my witness, it's free!
Witness account: @empo.witness
Hive (main chain) witness vote - https://vote.hive.uno/@empo.witness
Hive Engine vote - https://tribaldex.com/witnesses
Posted Using LeoFinance Beta
I'm constantly developing Hive Ledger Wallet (for example, today I added an estimated savings reward indicator) so it might be possible in the future that you could manage your HE tokens (but don't take it for granted).
I also know that @stoodkev is going to add support for ledger when it's officially supported in Live Ledger.
I agree with your recommendation and it's exactly what I did with my account. I replaced only the owner key so I'm also able to interact with other frontends (vote, transfer funds etc). But I also created another account for cold storage and for this account I replaced all the keys and I'm sure there is no way to compromise it (it's, of course, possible to compromise seed phrase but that's a different case because you should never use your seed phrase online).
Yesterday I created a new tutorial on how to create cold storage and I wanted to indicate your case in it: https://peakd.com/@engrave/how-to-create-cold-storage-wallet-with-ledger-nano-and-earn-20-hbd-stable-coin-interest
good job! like your work.
Btw did you have any connection to Engrave outside of hive ( software?).
What do you mean exactly?
I know some wordpress plugin with same name. That's why i ask. As far i remember logo looks close the same.
Thats why i ask :P
I did not work on any WordPress plugin so it's probably something not related to me.
I was thinking should I try this out, thanks for doing it :)
Will wait a bit more I guess.
Nice review.
Ledger is very nice.
But for hive you can simple create a new wallet, backup keys on clean system and send funds to that wallet. Works the same.
You can also power up from other wallets to this. And you can also delegate it if you want ( with access the "cold wallet").
But sure for the safu way and hardcore ledger user it will be really cool. I can not imagine use it for every transaction :)
Glad to see that you got control back and interesting to see what yoou can do with a cold hive account.
Keep up the great content
Great points! I like the idea of having a "cold" account that you can send your stuff to and keep it safer there. That is a really great idea. I might have to look into that at some point. Especially since I have been stacking more funds in my HBD savings.
Posted Using LeoFinance Beta
All news to me and happy to see there are more options available. I need a ledger now and will go through this thoroughly before playing around.
Posted Using LeoFinance Beta
This is a much needed option, everyone knows that, ahve been thinking about it for some time now and I'm glad to read it is work in progress. I'm going to dig into it to learn as much as I can about it and also see if I can buy a Ledger as I only have a Trezor. It's better to separate things anyway.
It's nice and reassuring to see how you are handling the safety issues. Keep posting as it benefits us all and it needs to be said, your work is highly appreciated :)
Posted Using LeoFinance Beta
For sure, that looks great and like a very good and safe way to keep your account safe. Another layer and good security. :)
damnnnn thank you for this post I was really looking forward to hardware wallets for hive.
the more apps and features Hive has the better.
I'm sure there was a cold wallet meme opportunity somewhere :)
I have yet to try linking my Ledger to Hive as I need to properly read the tutorial first. Thanks for sharing your feedback. It just added to what I have to look out for when I do this.
Posted Using LeoFinance Beta
There is a new one, check out my latest post.
Awesome. I will go check that out. Thank you! ;)
Posted Using LeoFinance Beta
That is a nice way to keep your assets safe and I don't have a ledger right now. However, when I do, I will definitely do the security update and I hope the changes to keychain and etc are done by then.
Posted Using LeoFinance Beta
Interesting. I've been thinking about getting a ledger for some time now and this is even more of a reason
Posted Using LeoFinance Beta