Question about airgapped devices

13 replies 137 views
nonce100Member
Posts: 16 · Reputation: 203
#1Aug 26, 2023, 11:52 AM
So here's the deal. If you've got an unrevoked DeFi connection and something goes sideways with that DeFi platform, does that mean your recovery seed gets exposed automatically? And what about airgapped devices? Are the assets still secure on them? I thought since an airgapped device requires itself to sign any transaction, it should keep things safe.
7 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#2Aug 26, 2023, 02:24 PM
You connect your wallet through the web3 to a site, but you also posted that the wallet is a wallet on an airgapped device. How is a wallet on an airgapped device be able to connect to the internet and connect to a web3 site? That is not possible. But I understand your question, your seed phrase can not be revealed if you connect your wallet to a web3 but know that the wallet is online and that someone like that will most likely make a mistake of sending his coin to the site. If it is a fake site, the coin will be lost as the site belong to scammers. Just leave the amount of money that you can afford to lose on wallet that you connect to web3. Your main wallet should not be used for something like that.
5 Reply Quote Share
cryptobridgeSenior Member
Posts: 221 · Reputation: 1481
#3Aug 26, 2023, 03:37 PM
You don't know airgap device, the airgap device doesn't make any special type of connection online. It's an idle device that sign transaction without the internet. Perhaps you mean a hardware wallet, but even the wallet doesn't expose your keys, where you make connection is entirely your responsibility. If you have any defi connections you have not revoke, use https://revoke.cash/ to revoke it.
2 Reply Quote Share
miner2018Member
Posts: 14 · Reputation: 127
#4Aug 26, 2023, 04:41 PM
You are using the airgapped hardware wallet in a wrong way. You shouldn't be connecting the wallet to any staking platform or any DeFi platforms, you have airgapped wallet because you plan to hold your coins for a long time, correct me if I am wrong. You better go on revoke and check if you still have connected connections before it's too late. Do not use your hardware wallet to claim anything online, you are simply using it the wrong way.
1 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#5Aug 26, 2023, 07:07 PM
The  airgapped device is not the universal shield that automatically protects your funds. In the end, everything depends on user. What you sign is what you get. If you use airgapped device to sign transaction or contract that has been hacked or intentionally designed to steal your money, your funds will still be lost. Even if you sign correct contract without fully understanding the mechanics behind it like slippage, for example you can still lose money.
2 Reply Quote Share
bull_2019Senior Member
Posts: 296 · Reputation: 1992
#6Aug 27, 2023, 01:27 AM
No, your seed isn’t exposed but your connection & permission given and how you did it  is a concern , this  pose same threat  on your wallet just like your seed getting exposed, the goal is always to drain your wallet  with or without seed. Cold storage may not matter much depending on the permissions, but whether or not it’s on an airgapped device, the contract will still need your seed if it requires approval.. If you can’t remember what approvals you gave earlier, it’s better to create a new wallet on your airgapped device and move your funds there. Make sure to back up your seed before doing anything.
2 Reply Quote Share
raven1337Hero Member
Posts: 530 · Reputation: 3357
#7Aug 27, 2023, 06:46 AM
As long as you're not visiting that site. your wallet is safe. I have a wallet that connected to the platform that has ever got hacked, Yet, my wallet is still fine caused by i was never connecting it back to the hacked site. My fund is still there, and nothing happened. The problem is that when you're re-visiting the site, then resign your wallet, it's opening the loophole for the hacker to hijack your wallet. If you're not doing it, you're fine. It's safe as long as you didn't have site permission to access your wallet. If you gave it, even airgapped device would be useless. The key is avoid to sign in a suspicious or hacked site. This obviously reduce your chance to be hacked by scammer.
3 Reply Quote Share
0xN0nceSenior Member
Posts: 421 · Reputation: 1069
#8Aug 27, 2023, 08:31 AM
I have never really thought about this, but this makes me consider the different connections in my hot wallet. Is there a website that lists potentially compromised services, or a crypto-related site that warns people? Maybe this is a future project for other service providers.
2 Reply Quote Share
alexwalletSenior Member
Posts: 347 · Reputation: 1933
#9Aug 28, 2023, 04:01 PM
Nope. It depends on what you mean by "something bad," as there are several types of authorization requests that web3 services require. Some legit websites typically implement an authorization session where you need to approve every action, while others don't. The problem is, if the service is fraudulent from the start, the authorization can cover all actions and be permanent. They only require initial approval. However, heed other members' warnings that you are not referring to airgapped wallets.
3 Reply Quote Share
d4rk5tackSenior Member
Posts: 259 · Reputation: 1325
#10Aug 28, 2023, 06:53 PM
The right question is if a particular wallet actually connects to online even once does that device from the start stands to be called an airgapped device? An airgapped device is actually that device that has never and will never connect to the outside world (network), the In capabilities to actually connect to network is what is called an airgapped device. So if the user has connected his device to any network before then it shouldn’t be called an airgapped device again I haven’t found one that lists all the malicious sites, but using OKX hot wallet I was able to see all sites that I have once connected my wallet to and haven’t revoke the permission there
4 Reply Quote Share
SwiftMatr1xFull Member
Posts: 59 · Reputation: 474
#11Aug 28, 2023, 10:04 PM
It acts like one in practice. An airgapped wallet should protect you from all online threats, your wallet should be invisible to them and as such fully protected from them. You will need to make an error offline for your wallet to be at any risk. You will not be able to connect to any online contract with an airgapped device. Transactions you sign are done completely offline and only broadcasted through the watch-only wallet. - Jay -
2 Reply Quote Share
bull_2019Senior Member
Posts: 296 · Reputation: 1992
#12Aug 28, 2023, 11:01 PM
When OP mentioned the word “airgapped”, I assume they are referring to a hardware wallet (even though hardware wallets aren’t truly airgapped). Using a hardware wallet to approve smart contracts does not change the fact that it still functions as cold storage.. The main issue is that it could have been used incorrectly, especially with the type of approval signed, which can later lead to funds being drained from the particular wallet. So the safest option for OP is to move funds to a new wallet if they don’t remember what was approved. This is the closest assumption based on how OP described the situation, but it could also be different.. example, OP might have first used a hot wallet to generate the seed, approved a smart contract before importing it into a HW wallet. In that case, it wouldn’t be true cold storage because the key was already exposed to a device that connects to the internet .  I think that’s what you meant below:
1 Reply Quote Share
fullnodeSenior Member
Posts: 222 · Reputation: 1515
#13Aug 29, 2023, 02:51 AM
Keystone Wallet is considered airgapped, but you can still sign smart contract transactions via QR codes. I think this is what the OP may be talking about. Since it doesn’t connect to the internet, the seed cannot be compromised. However, there are still risks if you haven’t revoked an exploited contract. Whichever tokens you’ve permitted the contract to spend can be drained up to the allowance amount you have set.
1 Reply Quote Share
D4rkFalconSenior Member
Posts: 308 · Reputation: 1050
#14Aug 29, 2023, 03:45 AM
An airgapped device is only acts as a second authenticatio so if you made a tx or transcation like transfer between one wallet to another. But if you approve some fishy contract they might still have your approved amount and can be used for drain your wallet. If you need to connect your airgapped device for web3 transactions like lending and swapping Im recommend to only approve limited amount and disconnecting after it. I believe this is the safest way or just simply use hot wallet for it. and use cold wallet only for HODl wallet.
7 Reply Quote Share

Related topics