What is a Supply Chain attack?
Engineers designed hardware wallets to have the best security possible, and in fact, almost all hardware wallets are secure if people use them in the right way. However, many engineers have left out one point of attack, and it is not surprising because this point occurs even before a user gets to use their product.
Before a hardware wallet gets into your hand, many people might have handled it before you. These people can include the shipping company, the retailer, the shipping person, and many more. If anyone of them is a hacker, they can modify the hardware wallet, install some malware, put it back together, and ship it to you. This malware or modification has one aim: to steal the crypto you which to secure in your new hardware wallet.
The supply chain attack can happen to many hardware wallets, even the most popular Ledger X. A study by Kraken exchange shows that even the well-known Ledger X can be modified, both hardware and software, in a supply chain attack before it reaches the customer's hand.
If you are interested in the study, you can read it here: https://blog.kraken.com/post/5590/kraken-security-labs-supply-chain-attacks-against-ledger-nano-x/
Preventing Supply Chain Attacks with Anti-Tamper & Anti-Disassembly
An effective way to prevent a supply chain attack is to deny hackers access to the software and the hardware. The Anti-Tamper and Anti-Disassembly features of the ELLIPAL Titan Cold Wallet is an excellent example of how a simple design can be very effective against supply chain attacks and physical attacks in general. (First, it is to be mentioned that the ELLIPAL Titan has no connection ports. To install malware, hackers must find a way into the wallet's hardware and modify the whole system.)
The Anti-Tamper feature describes the mechanism of the ELLIPAL Titan that automatically deletes the device's data in case of a breach making the device unusable. If a supply chain hacker tries to crack open the wallet to access the hardware, this breach will be detected and makes the device unusable; thus, the hacker will not pass it on to you, or if they did, you would just get a broken device. This feature is also useful if your ELLIPAL Titan gets stolen. You can rest easy that the hackers won't be able to break in and somehow extract your private keys.
Another feature is the Anti-Disassembly feature. This feature describes the ability of the ELLIPAL Titan to resist being forced open by hackers. The ELLIPAL Titan is made up of 1 solid piece of metal, and the screen is sealed on firmly with an IP65 rated dust-proof and liquid-proof seal. Even if hackers successfully forced the device open, there will be apparent scars left on the device. Therefore, hackers will have no choice but to pass on to you a device full of scratches and cracks that you obviously will not use.
Protect yourself against Supply Chain attacks
Supply Chain attack is one of the most common attacks on a hardware wallet. This is because it is most likely the only time hackers can access your new hardware wallet without you knowing, and it can easily catch you off-guard. For hardware wallets that do not have Anti-Tamper and Anti-Disassembly features like the ELLIPAL Titan wallet, users may have to pay extra attention to detect irregularity or traces of hacking with their new hardware wallet, both in the software and hardware.
1. Ledger Nano X vs. ELLIPAL Titan
2. Hardware Wallets vs. Cold Storage Wallet
It’s great to have all these features. I’d recommend buying Ellipal from Amazon. If you purchase directly from the company Ellipal and you do find the device to be tampered with as I have, then good luck returning it. It cost $158 usd to purchase the device and $160 usd to return to Ellipal. Lesson learned.