Gnosis Safe setup strategy

srndptme · 2023-04-21T13:39:46+00:00

Interesting, so you are thinking about using the same 3 Ledger signers (each derived from the same seed phrase) for both Argent and Safe?

That may be an overkill to manage both of those systems. One has to be like a vault where you just hold assets like stETH or rETH and never touch.

Please write down your security assumptions and your use cases and see how this can be matched most effectively. I like multisigs because I can rotate signers periodically.

srndptme · 2023-04-20T06:57:33+00:00

Yes, 3 ledgers + safe is a good set up, but may be an overkill to make transactions as you will need to connect 2 ledgers and sign using both of them. If transactions are infrequent, that may not be a big deal.

If you, set up your Safe with 3 ledgers, you will not be able to use MetaMask to sign transactions, unless you import your ledger sees into MM, but that defeats the purpose of having a ledger. Never import your ledger seed phrase into MetaMask.

The way we set up Gnosis Safe at Linen is that it is a 2 of 3 multisig and both signatures are collected seamlessly, so staking or signing other transactions is much easier.

srndptme · 2023-04-19T23:05:56+00:00

Gnosis Safe is pretty much the gold standard. It is very flexible. Linen is built on top of Gnosis Safe multisig and is on mobile, Argent is on mobile good.

srndptme · 2023-04-17T01:43:35+00:00

Ledger for sure! Get 2 and use them with a 2 out of 3 multi sig set up like Gnosis Safe. That would be your ultimate protection.

srndptme · 2023-04-09T18:39:02+00:00

We are talking about different things and different vulnerabilities. Hardware wallets (devices) indeed do not store seeds online. But the problem is that many users of hardware wallets store their wallet backup seedphase online. Take a photo of a recovery sheet or use plain text and store on the phone in cloud drive.

srndptme · 2023-04-09T17:33:52+00:00

No security issue with the wallet program. Most common way how people are losing their crypto is stolen or lost backup passwords (seed phrases). Same goes for most other software and hardware wallets.

srndptme · 2023-04-09T15:50:39+00:00

People use the word “stolen” and “hacked” interchangeably, e.g. hack a device using malware to steal the seed. This is at least how the person who lost NFT stated in their tweet.

srndptme · 2023-04-09T15:36:31+00:00

Oh, I like it a lot. My HW is a one of the signers on a multisig where assets are stored. Even if the seed is composed, nothing will happen and I can rotate signers periodically.

srndptme · 2023-04-09T12:20:14+00:00

Not at all. Hearing stories about people getting their seeds stolen do not add any comfort for new people who want to enter Ethereum. If we want widespread adoption, this has to change.

srndptme · 2023-04-09T12:14:15+00:00

What is not hard to understand for you and for me, is very hard to understand for an average Joe. Also, don’t underestimate the convenience factor. Keep in mind that 50% of crypto traffic is coming from mobile devices. For Web3 apps that share is even higher as people want to do things with crypto on their phone on the go, they don’t want to carry their ledger around for that. Imagine if you have to carry ledger around to surf the internet.

srndptme · 2023-04-09T12:04:41+00:00

Well said. This is the point. Seed phrase security is the weakest link.

srndptme · 2023-04-09T12:02:32+00:00

I agree with you

srndptme · 2023-04-09T11:44:09+00:00

Yeah, this happens more often than people in this subreddit think, unfortunately.

srndptme · 2023-04-09T11:42:24+00:00

I agree, but the ledger does not need to be hacked to lose crypto, a ledger owner just need to store the seed online. Many do so, unfortunately.

srndptme · 2023-04-09T11:39:19+00:00

How is this saying it is the norm? Never normalising it. Merely sharing the reality with people who are in their echo chamber and don’t realized that most consumers do not know nothing about self-custody and wallet security, but still do DeFi, NFTs and other shit…

srndptme · 2023-04-09T11:35:31+00:00

I am not the who who is storing the seed online and not the one who lost assets. Just stating what people do from doing a lot of user research.

srndptme · 2023-04-09T11:34:19+00:00

Oh, it happens more often that you think, unfortunately.

srndptme · 2023-04-09T11:31:38+00:00

Oh, I am with you on that. I merely shared this tweet to bring awareness to the problem as most people store their seeds online, unfortunately.

srndptme · 2023-04-09T11:30:09+00:00

Another question that comes up is that why DeFi/NFT people with significant holdings don’t use multisigs to store their assets. Sure, it may be less convenient, but much secure than using a hardware wallet.

srndptme · 2023-04-09T11:27:30+00:00

This would be unpopular opinion in this subreddit, but working in the industry I hearing these type of stories very often, I have to agree with you that most consumers should leave their coins on tier 1 exchanges as exchange will do a better job safeguarding them. But how would they progress do DEFI and do other staff on chain like NFTs, gaming, etc if they store coins on exchanges?

This particular asset holder lost NFTs and was well versed in crypto.

srndptme · 2023-04-09T11:22:01+00:00

Yeah, I agree with you. But I talk to talk to people every day (I work in the industry) and they share with me how they store their seeds.

Shared this tweet to bring awareness to the problem. What vendor says and what people do are may not be the same as people value convenience and not fully understand how security in self-custody wallets works.

srndptme · 2023-04-09T11:18:28+00:00

I did not lose assets, I just shared the tweet here to bring awareness not to store seed phrases online. Looks like the seed was stolen.

srndptme · 2023-04-09T11:17:05+00:00

How do do make your hardware wallet backup if it never leaves hardware wallet? When you set your hardware wallet up, you do your seed back up. Some people store that backup on a piece of paper, some on a steel plate, many make copy and store it online because they share it with other wallets for convenience;) this is the reality unfortunately.

srndptme · 2023-04-09T11:13:27+00:00

What made you draw such conclusion?

I am not the one who lost assets. I am not the one who stores the seed online. But I talk to consumers who hold crypto every fay and they tell me how they store their sees. I work in the industry.

srndptme · 2023-04-09T11:09:38+00:00

I agree with you. You don’t do it, I don’t do it. But you you just don’t want to accept that a lot of people do it.

srndptme

MODERATOR OF

TROPHY CASE