There's a very important fact that I want to bring to everyone's attention first and foremost: A seed phrase has never been broken.
Sure, people have been tricked into giving them away, or written them down and lost them. But so far, with Billions of dollars worth of prizes for any determined attacker, there is no record of a seed phrase ever being successfully brute-forced or guessed.
Safemoon wants to throw that security in the bin.
What they have cooking up is genuinely one of the more perplexing things they have done. You've heard the expression "A solution looking for a problem" - try this: "A problem looking for a solution" - because Safemoon's new 'feature', "SAFEMOON ORBITAL SHIELD" seeks to undo security in exchange for a pithy amount of convenience.
What is it?
The weird thing is, I don't even think Safemoon know what Orbital Shield is. There's plenty of fluff on their web documentation, but it's all light on details. At its heart it's just login protection. Their website states:
You might find a few other products similar to Safemoon Orbital Shield in that they offer login protection. However, none offer the level of protection Safemoon Orbital Shield offers. Safemoon protects you with the login system and its additional security features."
Well, that doesn't really help much does it?
I'll explain. Basically, with Orbital Shield you give it all your seed phrases, and Safemoon store them alongside your username & password in an encrypted database. Then you only need to log in on any device and you have all your wallets ready to use.
That's the main pitch.
What problems does it solve?
As far as I can see, none. It actually creates more problems. Let's say you have three BSC wallets. The seed phrase is 12 words long for each. By using Orbital Shield on a new device, it saves you the arduous task of entering.. checks notes... 36 words.
By comparison, that paragraph was 48 words and it took about 30 seconds to write. So in the most extreme case we can say that Orbital Shield would save someone with 3 wallets possibly about 3 minutes. And anyway, how many times are people loading wallets onto new devices?! I've been in Crypto for 5 years, I think I've put a seed phrase in..... four times.
What problems does it create?
The trade-off for this epic gain in productivity is a suite of serious security flaws.
1) Safemoon holds your seed phrases AND your username & password in an encrypted database
Holding information in encrypted databases is NOT standard practice. Encrypted information can be decrypted. For a famous example of this, see what Turing managed to do with the German Enigma code in WW2. An encryption key CAN be decrypted en Credentials and sensitive information should be salted and hashed. In addition, if an attacker gains access to the decryption key then then have the proverbial keys to the kingdom.
2) Relying on Username/Password
Pop quiz: What's more secure - a seed phrase or a username and password? It's the seed phrase. By design, it's something you are meant to store securely and have very limited use of. Username and password leaks are EVERYWHERE. You can look at the famous website HaveIBeenPwned to see if your email address appears in any data breaches. There's similar sites where you can input your password and see if that appears in any data breaches too. Even using 2FA is not secure as we have all seen several devastating simswap attacks that bypass 2FA.
3) Access for one, access for all
Keys to the kingdom indeed. By linking all your wallets to one set of credentials, you literally put all your eggs in one basket.
Typical Safemoon.
In very typical fashion, the Safemoon Army goes full throttle on trying to create a FOMO(untain) out of a FOM)(lehill). This Orbital Shield is nothing revolutionary, or advanced, and when you assess it you find it creates a bunch of vulnerabilities. All for the sake of a couple minutes of convenience maybe once a year.
And it's not just the supporters that are blowing smoke up everyone's assholes either. On the day of the BNB Bridge hack last month, CEO John Karony ominously tweeted: "ORBITAL SHIELD [eyes emoji]" - a not-so-subtle dog-whistle to hype his ignorant followers into thinking that somehow login protection would've prevented a bridge hack on BNB.
Other than that, Safemoon has been quiet. It's honestly gotten quite boring.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments