Interview With Alen Šalamun - Founder of BC Vault

Shauli Zacks Shauli Zacks

In a recent interview with Alen Šalamun, the founder of BC Vault, SafetyDetectives delves into the motivations behind the creation of BC Vault and its unique approach to cryptocurrency security. Alen Šalamun, a key figure at Real Security since its inception in 2002, brings a wealth of IT security expertise to BC Vault. The interview explores the evolution of security challenges in the cryptocurrency industry and how BC Vault addresses them with innovative solutions. With a focus on eliminating common attack vectors, BC Vault ensures enhanced security by abandoning traditional seed words and utilizing Ferroelectric RAM for encrypted storage. The interview further highlights the pivotal role hardware wallets play in the overall security and adoption of cryptocurrencies, emphasizing BC Vault’s commitment to being a fortress for safeguarding digital assets.

Can you introduce yourself and talk about what motivated you to start BC Vault?

My name is Alen Šalamun and I am one of the founders of the company Real security, which was founded a long time ago in 2002 as a distributor of leading IT security solutions. My whole life I have been dealing primarily with IT security and thus I do hold an MSc in IT Security. In all those years we have gathered a huge amount of knowledge on the field of IT security and specifically cryptography and everything related to it. As big crypto companies became our customers in the field of IT security it was natural for us to explore the world of crypto. For us a crypto wallet was nothing else but a reuse of the HSM technology (High Security Module) that was used for many decades already in the world of cryptography and PKI (Personal Key Infrastructure).

Using crypto wallets that were on the market in 2017 I came to the conclusion that we can do better. There were so many aspects that had to be done differently in our opinion. One thing led to another, and BC Vault was born.

How have you witnessed the evolution of security challenges in the cryptocurrency industry, and how does BC Vault address these challenges uniquely?

After the year 2017, when we envisioned the BC Vault hardware crypto wallet, I am very happy to say that we correctly identified the main security issues and solutions to them. As crypto became more and more “mainstream” and more and more money flowed into it, it was just logical that criminals followed. One of the main attack vectors was and still is the lack of crypto knowledge. Users are attacked on all possible fronts as phishing, social engineering, malware, project rug pulls etc.

One of the most common attack vectors are the seed words that tie together all present and future crypto wallets of a user in a single “tree of wallets”. Attackers try to lure the user into revealing those seed words to them and then they can just wait for the right moment in the future, when the crypto wallets will hold enough money to be worth stealing. The user will forget about the moment when the seed words were fraudulently exposed and have a false sense of security as he/she will use a new wallet in the future. But this wallet will also be visible to the hackers and when they strike in something like 6 months, the user will be completely baffled to how/what just hapened. In many cases they claim a service/wallet provider was surely hacked, but that was not the case.

Another common malicious technique is exploring the complexity of the crypto wallet addresses (e.g. 26-35 characters). Users might not rigorously check the whole address and the attacker might simply change the address in the process of copy/paste.

BC Vault thus does not use seed words at all. Each and every wallet generated by the BC Vault is completely independent from the previous one. Thus, even if private keys would be exposed at some moment, the wallets generated after that would not be known to the hacker. All private keys are securely stored in the FRAM – Ferroelectric RAM (as opposed to much more fragile flash storage used by competitors) in fully encrypted form. FRAM can reliably store the data for decades without being powered on, where data in flash can start to degrade in a year if not powered on.

Even physical attacks on the storage chip will do no good, as the data within is encrypted. This also leads to the fact that the BC Vault backups are not a completely vulnerable list of plain written 24 seed words but are 1:1 encrypted copies of the FRAM stored either on the microSD card (you can use many for redundant copies) or printed as a set of QR codes.

To be 100% sure on the contents of the transaction, that you are just about to sign on the hardware wallet, BC Vault features big OLED screen so you can comfortably check every single parameter of the transaction itself including the all-important destination wallet address. What you see on the screen is what you are signing. This is very important, as the software on the desktop/smartphone/… can be compromised and it could happen that it would claim you are signing something else completely.

There are of course many more things we do differently, but that is a mile-long topic!

What role do you believe hardware wallets play in enhancing the overall security and adoption of cryptocurrencies?

Hardware wallets are there for one reason – security. Thus, people have to understand that the never-ending compromise of commodity vs. security has to heavily weigh on the security side. Hardware wallet has to be the fortress to hold your valuables without a million different easy to exploit “doors and windows”. Paying for a pizza can be done via a simple to use software wallet residing on your mobile phone as it is quick and convenient. But you do not want to carry your life savings with you all the time on the phone, do you? Exactly the same as with the banking accounts. You do not have your pension fund directly accessible by your ATM card without any limits.

Once people follow this ideology, they will feel more comfortable about crypto!

Our slogan sums that up nicely: “Wallets are for pocket money; Vaults are for safekeeping”.

How does BC Vault approach the user experience aspect of its hardware wallets, especially in making them accessible to both beginners and experienced users?

Crypto transactions may indeed sound simple, but there are a lot of different parameters and options to them. To present all this to a novice user in a simple understandable form and still retain the flexibility craved after by the experienced user is no simple task. With BC Vault we always think of both groups of the users. We provide simplicity and complexity at the same time. Let’s take an example of sending out Bitcoin (BTC).

First of all, all your funds arriving to your BTC wallet will be seen as one wallet no matter to which address you received the funds (Legacy, SegWit or Native SegWit). A novice user might only enter the recipient’s address, use the suggested fees and that’s it. Advanced users might change the fees according to their own preference (pay less, wait more) and also change the return address of the rest of the unspent inputs.

Another example would be the unique “Copy private key” feature of the BC Vault. Novice users will always create a new wallet for different blockchains such as Ethereum, Polygon and Binance Smart Chain. Advanced users might simply copy the same private address to all these chains and keep the same wallet address on all of them. This is possible due to the fact that all these chains are based on the Ethereum (EVM Networks). Additionally, he/she might add custom EVM networks by him/herself as this is also supported in the BC Vault. These unique features enable the BC Vault to support all EVM networks and all custom tokens riding on them, as you can simply add them by yourselves. Again, for the novice users this might be a pain, so we did add the “Auto detect tokens” feature for them.

Addressing the challenge of phishing attacks and social engineering in the crypto space, what advice would you give to users to identify and mitigate these risks effectively?

If you follow a couple of rules, you will be able to avoid almost all of the bullets. Those are:

  • Never ever share private keys of crypto wallets with anyone/anything.
  • Understand implications of using “seed words” wallets. Especially how even all your future wallets will be exposed to anyone that saw those words. Even better, do not use seed words-based hardware wallets.
  • Do not hold your valuable funds/NFTs in the same wallet that you use for smart contract interactions and approvals (AirDrops, DeFi…). Smart contract approvals can give access to all your wallet contents to whomever they want.
  • Always check on the hardware crypto wallet device itself what you are signing. Even if the application would be compromised, the device will show you the actual data that it is trying to sign (at least BC Vault will).
  • Do your research before investing into “Rug-Pull” projects. Don’t try to get rich overnight 🙂

What are some of the most common misconceptions or myths surrounding cryptocurrency security, and how can users navigate through them?

As already mentioned above, a mistake in crypto space will probably lead to lost funds. Checking the recipients address for example might be done sloppy – like only checking the last 4 characters. Did you know there is a service available that will generate you a crypto wallet with requested characters in the address? You can generate a wallet address that will match 4 last characters of another in a couple of minutes. Always check everything!

Never trust your computer or smartphone, they can be fully compromised without you even noticing it.

Your only friend in the vast world of crypto scams, hacks and security incidents will be your own knowledge. In most cases nobody will be able to help you after you have made a huge mistake, so try to avoid it in the first place. There is a lot of information about crypto available in all different forms, use it to your advantage. If you do not know what you are doing, stop. Take your time to understand everything about the thing you are just about to do as it is better late than sorry in crypto.

About the Author

About the Author

Shauli Zacks is a tech enthusiast who has reviewed and compared hundreds of programs in multiple niches, including cybersecurity, office and productivity tools, and parental control apps. He enjoys researching and understanding what features are important to the people using these tools.

Leave a Comment