Bootcamp: Solidity Developer
From the basics of Solidity to deployment on the mainnet.Learn more
I have been involved in electronics for a long time — since childhood. My whole life has been connected with it. After university, I went into targeted practice — I worked for hire, then I started working in startups. There I was a founder and an idea generator. Some startups moved on, some died — that's how it usually happens. But one way or another, all of them were connected with the development of hardware or electronic devices. In some startups, I led the development team, in others I was a tech lead and generated ideas.
I got into crypto through friends. Many were involved with blockchain. I've known Sergey Kunz for a long time. We went to the same school until 6th grade until he moved to Germany. We didn't communicate until the year before last, and then we met in Lisbon.
This was the starting point. Before that, I had already interacted with guys from the crypto world and felt interested in this sphere. At some point, I made a decision for myself that I no longer want to do startups — it's costly for me both in resources and in time. I wanted to be involved in side projects and custom device development, for example. I started to chat with Sergey, and he suggested coming to see him and speak.
In Lisbon, I met the guys from Opium, Zerion, and also Anton Bukov. They immediately noticed that I was involved in electronics. They started saying that I could develop a proper wallet. The guys were just sharing their pains regarding cold wallets.
I thought, why not. Sergey and Anton said they had long wanted to create a hardware wallet, but they couldn't find the right person to realize the idea. I had this idea myself, but I really didn't want to get involved with a startup, because it's always about enthusiasm, and startups usually don't have money at the beginning, which makes it difficult and lengthy to do something truly cool. Then the guys...
Offered me to participate in a grant program. I immediately started preparing documents and applying for a grant. Actually, at the end of December, I received confirmation that my project was interesting and relevant. The 1inch Hardware Wallet project was launched in January 2022 — it exists to this day. The wallet development is still in progress.
ABOUT THE 1INCH HARDWARE WALLET PROJECT
Why did 1inch need its own hardware wallet at all — it's because of usability. The existing solutions on the market are utilitarian and partly classic, old. Probably somewhere from the mid-2000s, when wallets look like flash drives.
The main problem that 1inch faced was closed source code. For example, like all popular wallets. Nobody knows what's inside the wallet.
When it comes to private key generation, when we generate a wallet, take it out of the packaging — we create a wallet. It accumulates entropy according to specific algorithms and randomly generates a seed phrase. In projects with closed firmware, we have a black box — no one knows how truly random the seed phrase generation is. For most users, this is a relevant issue because they want to know if it won't backfire in 5 or more years.
1inch also faced problems with device convenience. And external features. Many devices simply have two buttons to control the entire device — it's cumbersome. We are already in an era where there are phones and tablets, touchscreens everywhere.
Even small children, when they see a screen, instinctively poke it with their fingers, because most of the devices they see are controlled by touch.
It's surprising that all wallets now are mechanical buttons. There is no convenience of use. For example, it's challenging to enter an 8-character password to sign a transaction using two buttons. It causes difficulties if you need to sign 3-4 transactions a day. Overall, it causes more negativity than satisfaction in use, and since you spent money, you should like using the device.
We decided right away that our device would have a touchscreen. It should be pleasant and convenient to use. We made the device in the form factor of a bank card and equipped it with a touchscreen display.
We ended up developing a UI. You can control the interface as on a phone - just by touching it with your finger. To date, in my opinion, this is the most suitable case and meets all global trends and standards.
Our project is dedicated to the community. This is if we talk about the software functionality. Overall, my point on this matter is this — I don't want to develop devices, inventing ideas out of thin air. The project arose from the real needs of users, not from my mind.
The main requirement that I put forward is an open-source project. We plan to open a repository on GitHub so that anyone from the community can see what we did with the wallet, how to use it and how to check for security. Anyone will be able to verify that everything is okay with the software and it can be used.
We will post a 3D model of the wallet on GitHub. As well as assembly diagrams and how the development went. So anyone will be able to assemble the device at home if they order the same board that we used.
About the features of the 1inch Hardware Wallet
The device will work without charging for two weeks. This is if you sign transactions about 2-3 times a day. It has a built-in battery. If we talk about resources, then the charge will last from 3 to 5 years.
We built a small camera into the wallet. It reads QR transactions that need to be signed. Then the device offers to sign or reject. After signing, a response QR is generated, we also read it from the screen of the cold wallet, thereby ensuring that the transaction signing is maximally protected.
There is also NFC (Near Field Communication). To date, this is also a certain trend. Many wallets have NFC onboard. We don't have any wired or wireless interfaces, like Bluetooth or USB, on our device. Overall, from a security standpoint, we decided to make the device as protected as possible. You cannot sniff the signals.
We decided to create a multi-seed wallet. This is an additional feature. Almost every one of our competitors allows you to create a wallet with only one seed phrase. Some support the HD Wallet protocol, when several sets of wallets come from one seed phrase, but overall the seed phrase remains the same. We decided that this is not fair.
Yes, and the community itself told us that this is inconvenient. They asked, can't the device create multiple wallets with different seed phrases? I asked myself the same question and saw no technical limitations from a technical point of view. Overall, we are moving towards implementing such a functionality, so that you can create multiple wallets with different seed phrases in a cold wallet. If we talk about a wallet with large amounts and need maximum protection - we suggest using a camera with QR, everything is transparent here. If you create an additional wallet, for example, a daily wallet, where small amounts are stored — here you can already use NFC. This will make transactions faster.
There is a case called blind sign. It's when a person doesn't know what transaction they are signing and what smart contract is being executed. They have no idea what will really happen to their assets right now. What if a smart contract is being executed that will simply transfer all assets to a foreign address? The opacity of this moment leads to many cases of money loss. The solution to this flow lies with the developers.
About the technical properties of the wallet
The 1inch team has a solution for parsing transaction calldata. There's a database of smart contracts. And there are hundreds of thousands of them. The most appropriate solution so far is the integration of a library with a small database of common smart contracts, which will allow our wallet to parse the transaction offline and show the transaction to the user in an understandable way, warning that a smart contract is being executed. This way, the user will understand whether the correct smart contract is working and whether a transaction is being signed at all.
The wallet will be compatible with the EIP-4527 standard. This is precisely the standard that regulates the interaction of a cold hardware wallet with another device via a QR code. We took this standard and started development based on it. As there is already such experience, and it is applicable to blockchain, we decided not to reinvent the wheel. But we give the user the choice: camera or NFC.
We want to make the device as secure as possible. And here the protection is not only the interface but also the connection. Camera and NFC cover most cases for easy connection to any device: mobile, desktop, or laptop - you don't need to install drivers or other couplings for this.
Of course, the reliability of the wallet itself is reduced. But we are planning stress tests in the near future. We will be testing its durability. We wanted to make it as airtight as possible. There is little free space inside, and it won't break easily from an impact. Plus, it's pretty lightweight — 75 grams.
Again, speaking of reliability, the same buttons and mechanics - if it happens that you put the device somewhere and a button was pressed, it can break, the membrane loses elasticity, and the button breaks. Mechanics are not as durable as a touchscreen. Even if you scratched the screen, and the image is not clearly visible, the touchscreen will definitely not stop working.
My team is engaged in the development of hardware solutions. As for the firmware, everything will be released as open source. So that the user can verify if the correct firmware is installed in the device.
There is a bootloader - the main firmware of the device. It allows you to install the main firmware on the device. It lives on the device permanently. The main idea is for the user to be able to verify the bootloader, to confirm it's correctly installed on the device. Moreover, to have the ability to independently compile a firmware build from the repository on GitHub, to be sure that at the moment the firmware that is in the repository is installed on the device. And, of course, that it meets safety requirements.
My main task is to make the project as transparent as possible. Every user should be able to verify everything that interests them. To ensure the safety and quality work of the device.
For instance, let's consider Android. It has its own OS, and it also has a boot mode, that is, the bootloader mode. This is software with limited functionality. It allows you to connect the device via USB to a computer so that it is identified as a mobile phone and allows specialized software to upload the operating system to the mobile's memory. It allows you to work with memory, test functionality, peripherals, touchscreen, speakers, etc. The bootloader's task ends here. That is, when the device is launched, it starts from the zero memory address. The bootloader instructs that the main firmware should be launched from this address and sends the microcontroller to refer to the address where the main device firmware should be - in the operating system if we're talking about Android, or in the main wallet firmware if we're talking about the wallet. If the bootloader, having sent the microcontroller to look for the main firmware in this memory area, does not find the firmware, it remains in the boot mode.
Our wallet will come with pre-flashed firmware. That's how they'll be made at the manufacturing plant. But due to elongated logistics, by the time the device arrives, the firmware may already have been updated. So most likely, the user will be offered to update the firmware to a newer version. If they don't trust anyone, they will be able to flash everything themselves, relying on the repository.
The wallet will support Ethereum and similar blockchains. For now. In the long run, we plan to connect other blockchains. After all, the community's interest is not only in Ethereum. We want to support Ton, Near, and others. For instance, Ilya, the founder of Near, and I discussed the possibility of integrating and supporting their blockchain.
The device must be universal, and we must implement the wishes of the users.
In February, we will finish the engineering sample. That is, we will finish making the appearance of the device. In May, we plan to get pre-production, that is, a device ready for serial production. Then we will conduct the final tests. By the end of the year, I think, the world will see the first batch of wallets.
We will definitely conduct a security audit. As soon as everything is ready. Only after this we will move on to serial production. Without audits, it is not advisable to put the device on sale, because an audit is like a peculiar quality stamp, that we have conducted tests and guarantee security.
Yes, such a trend is observed now. Probably, soon everyone will walk around with crypto phones. Solana, for example, is making their own mobile. 1inch also understands that the next step is something similar to a phone. I don't know when this will happen.
We're considering integrations with Binance. The exchange is showing active interest in cold wallets, so something might come of it. They might be interested in our project.
About the 1inch Hardware Wallet team
My team is independent, but we have obligations to the 1inch Network. This concerns the development of the product and the realization of the original idea that was laid out in the project. Personally, I carry a lot of responsibility. Currently, we are raising investments - our financing is separate. 1inch itself does not finance our project. We are independent contributors.
We use the marketing and name of 1inch. Anton and Sergey themselves are involved in the project and its completion. All ideas that are born in their minds find their way into the project. Everyone contributes their invaluable input. It's great when a large community works on a project because the more ideas, the better the project is implemented.
Our main task now is to release the first version of the device. Let users test it, look at it, and touch it. When we receive feedback, we will make another device. And it will be better than the first one - it will take into account all user feedback.
We want to protect the wallet from remote hacking. Why don't we trust hot wallets? Because it's a mobile application, it stores the private key somewhere deep in memory, and we continue using the phone while the money is on the wallet. Accordingly, a hacker has a backdoor to get into it and take the private keys, and therefore get access to the assets.
There's also hardware hacking. That is, access due to physical access to the device. From there, the hacker gets private information. A cold wallet is designed to protect against remote hacks. When there are no possibilities for the device to independently access the internet, it always guarantees additional security. In our case, we do not have any wired or wireless interfaces.
The only way to compromise a transaction is somehow to steal and read the QR code, replacing the transaction, but this is very difficult. The private key is stored inside the device, we receive the transaction, packaged in a QR code. Then the device internally signs the transaction and outputs the signed transaction as a text string. At this stage, during the transaction signing, it is impossible to infiltrate the device and steal something.
Right now, we are facing a problem — the device's memory capacity. I think that in the near future we will start expanding the amount of flash memory on board the wallet. At the moment, we are not planning to incorporate all the smart contracts that exist in the blockchain sphere. We want to include the popular ones. I talked a lot with developers and they reassured me that there are only about 20-30 contracts that are most often used, so there is no need to allocate a lot of memory for all of this yet.
About the future of web3 and wallets
Users will prefer cold wallets. Or some gadgets that are more specialized to securely store private keys. As soon as they understand the difference and realize that hot wallets do not provide security, and storing funds online can be compromised and money can be stolen.
To make a hot wallet safer, you need to upgrade the hardware-software complex. For example, specialized chips that are designed to improve the security of storing private keys. It can't be the case that improvements are only made from the software side of the product.
When people start to understand how crypto works, a demand for secure storage of their assets will arise. I think there will be even more specialized wallets for storing private keys. Currently, the architecture of each wallet consists of different chips. For example, a microcontroller, a microchip. Most likely, the trend will start to develop towards SoCs. These are system-on-chip solutions - when one chip has a specialized device. Perhaps in the future, this will be implemented in mobile phones.