Let's make crypto safer

Last week I got a letter through the mail. A new jeweler is opening in town. As a special offer they are giving away 10,000 watches.

Let's make crypto safer
Photo by Clarissa Watson / Unsplash

Free watches!

Last week I got a letter through the mail. A new jeweler is opening in town. As a special offer they are giving away 10,000 watches to customers with over $10,000 savings in a particular bank.

The offer is for the bank I use! I check my bank balance and wahoo, I qualify for a free watch!!

To claim my free watch I have take the contents of my savings account, in cash, to the address on the letter. So I can prove that I have those assets, of course. I don't recognize the address, and it's not in a great part of town, but the watches do look nice...

So I withdraw my savings in cash and stuff it into an envelop, and head across town to the address on the letter. It seems to be down a back alley, but when I start to feel nervous I look again at the letter. Really nice paper. Letterhead is pretty too. This will be fine.

Local taiwanese market empty alley by night
Photo by Rémi Thorel / Unsplash

I enter the shop, which does have a lovely sign out front, and there is a guy behind the desk. He's in a sharp suit.

"Err, I'm here about the watch?" I say.

"Sure friend, come on over. Just two things we need to do first. I need to check that you really do have $10,000 and then there is some paperwork for you to sign."

Paperwork to sign. Sounds official. Reassuring really.

"Hand it over please," says the man. "It's all fine, I just need to check you have at least $10,000, and there is no way I could possibly do that without you giving me direct access to your money."

The man holds out a hand while he's speaking. His palm seems sweaty. I'm having second thoughts, then he pulls out a watch. It does look nice.

So I hand over the envelop of cash. The man snatches it, and a door at the back of the room bangs open, a heavyset man with a scarred face shambles over, grabs the envelop and retreats back through the door.

"Oh don't worry," says the man behind the desk. "We just need to count it now. Here is the paperwork for you to sign"

The man pushes over a long form that is written entirely in hexadecimal. Which I, as a human, cannot read. It has a place for a signature at the bottom.

"Errr, I can't read this," I say.

"Don't worry," says the man. "It's all fine. But you can't have the watch unless you sign." He waves the watch again. It catches the small amount of light in the small room and sparkles.

In a rush I take a pen and sign the form. I'm breathing heavily now. Suddenly this all seems like a bad idea.

"Congratulations, here is your watch!" says the man, placing the watch in my hand. It feels lighter, less valuable than I had expected. The door at the back of the room slams open and the heavy set man appears again, his face wreathed in smiles as he hands back my cash.

"All good," he says.

I stumble from the shop into the alley, hurry back into the sunlight and make my way quickly home. As soon as I am home I count all my cash and am pleased to see it was all there. It turns out the watch isn't all that good, but hey, it was free.

I feel good about my day. I was worried for a while but it seems there was no real risk all along. I could trust those strangers, at a random address, with potential access to all my money. And it's totally fine signing things you don't understand when there is a something of significant value at stake, after all.

And I am glad I still have my savings. There's a new club opening in town. To get in I have to prove I have at least $10,000, and the only way to prove that is to give them potential access to my cash, by taking it along with me. And as today has proved, there is no other way to do this, it's all totally safe and risk free and will never be a problem.

Truth is stranger than fiction...

Now, that is all - obviously - not true.

And yet this is basically what users of crypto do all the time. The special offer is for Bored Ape holders, so you have to sign the message with a wallet that holds a Bored Ape. What does that message do? Can you not read pure hexadecimal!? It seems we live in a world where if you cannot read hashes you deserve to get robbed.

I don't like that world. People should be responsible, sure. But it should be so very much harder for the scammers and thieves. You should be able to make mistakes without losing it all. At the end of the day, you should be safer.

Crypto does trustless proofs. It's crypto's bread and butter. Having to sign a message with a wallet holding an asset to prove you own that asset is ridiculous.

In fact, it's beyond ridiculous. It is insane. Totally bonkers.

In any crypto interaction a thief cannot gain access to your tokens if you are not using the wallet that holds them.

Just let that statement sit for a while. It is 100% impossible to interact with wallet A and have someone steal assets from wallet B.

So if you don't sign the message with wallet B your assets aren't just a bit safer. They are not even a lot safer.

They are TOTALLY safe.

EPS is very simple. You create a trustless proof to say that when you interact with your hot wallet it represents the balances of your cold wallet. You are eligible for the free mint, the discord role, entry to the club. And you can sign with your hot wallet.

Let's take some of the very very many recent exploits on token holders, and see what happens if they were using EPS.

Signing a contract interaction that was actually set approval for all on the token contract. 
  • Without EPS: total loss of funds.
  • With EPS: no loss of funds (remember, your hot wallet doesn't actually hold the NFTs).
Signing a message that could be used to replay other messages against my address.
  • Without EPS: total loss of funds.
  • With EPS: no loss of funds.
Signing a message or group of messages that somehow exposes my private key
  • Without EPS: total loss of funds.
  • With EPS: you lose the ETH on your hot wallet (this should never be much, right?).

This list goes on unfortunately. But you can fight back! In just three steps:

  1. Setup an EPS proxy. It's free. See the guide here. You got three minutes? Course you do.
  2. Stop interacting with your cold wallet. Need to prove you own something on your cold wallet and they don't support EPS? Give them grief!! Do they not care about your assets. Direct them here, tell them how easy it is to integrate.
  3. There's no step three you are already done you legend!

EPS is about safety. The safety of your assets. The cutting out of the exploits and thieving. Stopping your heart being in your mouth as you sign that message (WTF is it??). Stopping the tweets from crypto OGs who have lost six figs on an interaction with their vault address.

This problem is an easy one for crypto to solve. EPS has solved it already, get signed up and make sure projects know that you want this safety in your life.

Stay safe out there.