Comparison: Why is the Mitilena cryptocurrency wallet better than the MetaMask wallet?

It’s quite simple, when you install the MetaMask browser extension, which contains the wallet itself, something interesting happens.

Every website you visit knows that this cryptocurrency wallet is installed on your computer. You wonder how? I’ll tell you, with this little block of code:

window.addEventListener('load', function() {

  // Check if Web3 has been injected by the browser (Mist/MetaMask).
  if (typeof web3 !== 'undefined') {
    // Use Mist/MetaMask's provider.
    web3js = new Web3(web3.currentProvider);
  } else {
    // Handle the case where the user doesn't have web3. Probably 
    // show them a message telling them to install Metamask in 
    // order to use the app.
  }
});

 

“OK. That is, it turns out that no matter which site I visit, it can 100% determine that I have this wallet installed?”

Yes.

“And what does this mean?”

That means you say to every site you visit: “Hey, I have cryptocurrency and I’ll show you my wallet, it’s closed of course, but it’s so beautiful, look.” When you are on the site BBC.com it is clear that you are in no danger. However, you visit different websites, and not all of them can be fully trusted.

This is similar to the situation when you are in a crime-ridden neighborhood late at night, go to a dangerous bar, and at the counter, take out your wallet, from which the bills inside are for all to see. Yes, technically you still have the wallet. Yes, you are formally protected by law. But right now you are exposing yourself to the risk that someone in the audience with a long criminal record has already noticed you in this bar and is leaving the bar wondering how he could get your wallet.

Showing your wallet – This is not a case of theft or robbery. This should be taken into account. However, this is the first risk you take yourself.
The next risk is visiting dangerous places or dangerous websites. This is the second risk. And the risks, as you know, are summed up.

Luck is what counts now, you are indirectly entrusting the fate of your wallet to someone else, i.e. luck. Will there be someone sitting in the bar with a long criminal record and a huge desire to profit from someone while your wallet is out and open? Maybe he will remain seated, or maybe not. But it doesn’t depend on you anymore. This is already a matter of chance.

The same goes for the website, maybe a website decides and has the technical capabilities to carry out an attack on your wallet, or maybe not. However, here you lose control of the situation and give control to chance.

That is, in summary, by installing such a wallet, you are no longer in control.

“OK, but my wallet is encrypted!”

Short answer: it’s not that simple here.
Example: Google, which owns the Chrome browser as of December 29, 2022 at the time of writing this article, has fixed 9 critical zero-day vulnerabilities in one year. What is a zero-day vulnerability?

A zero–day vulnerability is a software vulnerability discovered by attackers before the program manufacturers found out about it. Patches have not yet been released for zero-day vulnerabilities, which increases the likelihood of an attack.”

Google employs 200,000 people, I do not know exactly how many people work on the Chrome browser, but I am sure it’s a lot. That is, despite this, at least 9 of the most serious vulnerabilities were found EVEN in a product such as Google Chrome.

Thousands of people are developing what would seem to be the most secure product, but still from time to time attackers hack it. They hack in such a way that Google releases security patches and does not even report what vulnerability they fixed because there is a risk that users who have not updated will be hacked easily enough just by reading the description of the fixed vulnerability.

Hence, you should be well aware that in the modern world, you can hack almost anything. Even government websites and systems are hacked.
That is, as long as there is something to hack, it will be hacked, no matter how secure the product seems.

What is the connection here and what is to be done?

Logic itself suggests a connection here:

  • You tell each site that there is an entity on your computer that you can connect to, and that entity is a cryptocurrency wallet.
  • The hacker, on the other hand, picks up this encrypted entity and begins to probe for various vulnerabilities. The connection from this entity leads directly to your cryptocurrency wallet.

What is to be done? One of the first rules, rather crude, but quite effective, is isolation. If you disconnect a hacker from the entity of your wallet, then the hacker will have nothing to tap, nothing to play with, nothing to hack.

You need to remove the path from the hacker’s computer to your wallet.

Now, if such a wallet is installed on your computer, then you have a direct expressway from the hacker to you. Get rid of the pathway and there will be nothing for the hacker to hack.
The cords through which the connection runs must be cut.

Do you remember medieval castles?

A moat with water was dug around the castle to create a layer of insulation. It is impossible to run through the water on a warhorse, you have to build a crossing, and as you know, it is more vulnerable as it creates the bottleneck effect.
Moreover, the castles were built on a hill, the difficulty of running up the stairs in heavy armor is also a layer of isolation. A fighter will swing his sword faster when he has rested, and not when he has climbed a mountain and no one has given him time to even catch his breath.

Isolation as an element of security is present everywhere: prisons, as isolation of dangerous elements from society. Electrical wires, safe areas, walls, fences, bags, boats, cups, they are all layers of isolaion, they are everywhere, as part of security.

Now then,

If you tell everyone about your wallet and give the entity of your wallet to everyone, you violate one of the most important principles of security – isolation.

I think I have clearly explained the main security problem of the MetaMask wallet. It is inherent in the working principle of this wallet and cannot be removed.
Therefore, I personally do not recommend anyone to use this wallet if you keep at least some significant amounts in cryptocurrency for yourself.
I note that although this is the main security problem, it is one problem. There are others, but I will write about them in the following articles.

Now let’s go back to the Mitilena wallet. As you have probably already understood, this wallet is not integrated into the browser and does not inform every website that you have installed this wallet, accordingly, the isolation principle of security is observed here and you get a much more secure wallet. The Mitilena wallet has other very serious security bonuses based on isolation, the same ones used in military and government organizations, but I will tell you about them in the following articles.

The website of the Mitilena wallet, the basic version is free. If you want to purchase a premium subscription, enter the promo code MarekHruska to get a 25% discount.

admin Avatar

29 December 2022