How To Store Your Crypto Securely, With Ruben Merre

Cryptocurrency storage and protection is one of the most important areas for traders and investors to focus on. The greater the value of your crypto holdings, the more would-be thieves have to gain by obtaining your private keys. Both hardware (cold) and software (hot) wallets aim to help with this storage and security challenge. Still, with so many options, it can be difficult to decide on the safest strategy.

The guest for today’s show is Ruben Merre, Co-founder and CEO of NGRAVE, the creator of “ZERO”, the world’s most secure hardware wallet for crypto storage. Listen along as Ruben breaks down the importance of crypto wallets, and what features are making significant differences for crypto traders and investors.

Watch On YouTube

Episode Highlights

NGRAVE: “Our mission, empower people to master their wealth so they can live the life they want. We are here to change the way people experience crypto. We eradicate the chance of loss and malicious hacking of your crypto, giving you complete control of your digital assets. We believe we are all in this together. Join our movement.” (NGRAVE)

Hot Wallets vs Cold Wallets: What’s The Difference?: “The key difference between the hot wallet and cold wallets is that hot wallets are connected to the internet, while cold wallets are not. As a result, cold wallets are considered a more secure storage option for digital assets.” (CoinMarketCap)

Today’s Guest: Brad Yasar, EQIFI

About The Show

Cryptogic is the show for crypto investors who are focused on long term results. Follow Scott and Andy as they explore the investable world of blockchain technology, NFTs, Bitcoin, Ethereum, and other cryptocurrencies.

Connect With Cryptogic


Scott: Hello, and welcome to another episode of “Cryptogic.” I’m Scott, here with you once again. And really stoked for today’s episode because we’re going to be talking about something that I think is so important for crypto investors and traders to really have a good grasp on, and that is your crypto wallet. And joining me to offer insights on this, talking about security, the types of wallets, all of that, is Ruben Merre, who is the co-founder and CEO of NGRAVE, which has created a wallet, a hard wallet, called ZERO.

And Ruben has a lot of great insights to share, so we’re so lucky to have him. Ruben, welcome to the show, and thanks for being here.

Ruben: Yes, Scott. Thank you for having me.

Scott: Absolutely. Well, to kick things off, I always like to sort of start with a high-level question, just to make sure we’re all on the same page and that we’ve got the stage set. So why is secure storage so crucial for crypto investors, traders, really, anybody holding crypto, to really have a firm grasp on and be on top of?

Ruben: Good question. I think the question might even be more universal in the sense that, why do you have a lock on your house at home?

Scott: Right?

Ruben: So it’s probably the same answer. It’s to make sure that what is yours and what’s inside of that little world of you is protected and that nobody else goes off with your beautiful possessions. And basically, we learned it the hard way, in our own history, as being in crypto and being investing in the space.

And obviously, security has come a long way, but it’s still absolutely far from perfect. I mean, we don’t even have to look back long. If you look back, I think, one week or so, we’re looking at the $625 million hack out of the Ronin Bridge. If you look back a few days, every day, there’s something happening in this space. When it comes to security, we have, obviously, alerts on hacks, and, yeah, it doesn’t become less over time.

It actually just becomes more. And our main purpose is to protect people, and, yeah, we have the impression that we are still very much needed in the space to do that.

Scott: Absolutely. And I’m glad you kind of mentioned, you know, it was last week, there was that huge, I think, what, 625 million that was taken. So, clearly, it is something that is very present, and if you have something of value worth stealing, then, unfortunately, we live in a world where people are going to try to take that. And so, obviously, there are exchanges and organizations that they have their security protocols, but when you’re talking about what you can control, a wallet is a really key part of that.

Before we get a little bit more into your company’s story, are hardware wallets or “cold wallets” always superior to software wallets or “hot wallets” from a security and storage standpoint? I’m just kind of curious to your perspective on that, because I know that there’s a lot of discussion, and sometimes when some of these hacks happen, the first question is, well, where do they have their crypto?

And then, if someone says, “Oh, yeah, you know, it was on a hot wallet,” everybody’s, like, “Well.” So I’m just curious.

Ruben: Yeah. Well, the answer is not always black and white because it also depends on who comes out and proclaims that they are on a hardware wallet, right? There are a few wallets out there that, for example, are basically stripped phones. So what they do is they start with a mobile phone hardware and infrastructure and how everything works, even as an Android operating system, which is, obviously, also a very big honeypot in terms of attracting hacks.

So if you look at it from that perspective, there are quite a few hardware wallets that are actually very dangerous for the user. And so, in my opinion, the first thing a really good hardware wallet should be able to do is create strong keys. And everything falls and stands in blockchain, in the whole infrastructure behind it, with the simple concept of having a good private key, and even your addresses are less important because they’re actually derived mathematically from your private key.

So there’s only one thing you have to do well, and that is make that private key. And from there on, everything starts or already fails. And when we started with NGRAVE, we wanted to build maximum-security solutions that never compromised on security, and the first thing we needed to do, basically step zero, before we actually get into it, is how do you create a strong key.

And when we looked into any kind of solution out there, be it in the traditional banking space, be it in crypto wallets, online and offline, you realize that the keys themselves are not made well. And so we, even there, had to reinvent the whole key generation process, and that eventually led us to our patented key called the NGRAVE Perfect Key.

So if you ask me this question, I would say, in a nutshell, there are cold wallets that are less secure than hot wallets, and there are a few cold wallets that are, like, prime in everything it comes from. If I think about ZERO, our own hardware wallet, it’s the only one that actually checks the first box, which is, how do you create a strong key?

So, yeah, it’s not a black-and-white discussion because it also depends on the quality of implementation, and so on, right?

Scott: Sure. And I’m curious if you could tease that out a bit. What may be…and without getting too technical or revealing anything for any would-be hackers out there, I’m curious, what makes a key a good key versus not so good and kind of the problem at NGRAVE that you guys are solving?

Ruben: Yeah. So in theory, these private keys are marvels, right? So in theory, let’s say a Bitcoin private key consists of or is of the length of 256 bits. So that’s 256 zeros and ones.

Scott: Right.

Ruben: If you make that a bit more tangible, it’s about 10 to the 80th power of different possible keys you can have, and that is about similar to the number of estimated atoms in the universe. So in theory, if you make a strong private key and you do that offline, which is very important, then the only way I can get to your key is I have to brute force it. I cannot find it somewhere because you have it safely stored in a location where I can never actually get access to.

In practice, the challenge is not to try to find your key with brute force. It’s just try to find it. So if you got your key from an online hot wallet, then basically, they have given you a key that they gave you in an online way. Maybe you downloaded a little file that’s on your computer or you wrote it down on a piece of paper from something you saw on the screen.

Again, where are these keys generated? It’s also a big question, because if they’re generated, let’s say, by an average kind of randomizer for making keys, then the quality might already be bad in terms of how many different keys you can actually make in practice compared to the 256 bits that I mentioned, which is theory. So it’s a bit all of these different aspects that are very important to make sure you get to the right key configuration.

So what we believe you need to do to make a strong key is, if we talk about hardware wallets, for example, you will have a chip inside the device that has been perfected over the last decades to create strong keys. That is amazing. They’re called true random number generation chips, or TRNG chips, and the only big pain point there is, and it’s a really big one, is that they’re all backdoored by third-party agencies, so typically intelligence agencies.

They have to certify these chips. So they actually have the capability. You can even do a simple Google search, and you will find it, that they can actually sort of get to the point where they know what your key is. And what we see with any kind of hardware wallet today is that they simply use the chip itself, 100%, and then give you that key.

So what we do, for example, is we actually use the chip inside the device and we also let the user include sort of inputs from outside of the device. So your biometrics, your fingerprints, becomes part of your key. The light measurements that the device takes through the camera also becomes part of your key. And that way, you actually sort of resolve this kind of backdooring that’s in there before you start.

And second big pain point is that, if I just give you a key, I give you our wallet and there’s a key you have to write down, I might have the database on all the keys I ever made. And a few months ago, in’s backend, everybody who had access to the backend had access to all the private keys of all the cards they actually made.

So it can be that simple, and it’s simple to sort of resolve it. So we actually have created an interaction process with the user, where you simply do a bit of gamification, you play with the key, and eventually, what happens is that we, as the manufacturer, have absolutely no clue anymore of what your key could be. So basically, we make a key offline, you’re the only person who sees it, you interact with the key, and you also actually add external entropy sources, external sources of randomness, so to say, to the actual key.

And if you do all of that well, then you have a good key generation process. And unfortunately, there is not really any other solution right now that does it like that.

Scott: It’s taking all of that and putting it all together. And I think you’re making such great points, Ruben, where, when you read about these hacks, so much of it is just this one failure point, you know. There’s so many different areas where they were interacting with it or one failure point, so many people had just some kind of access to the key, or whatever it would be, some kind of footprint, right, that then creates a failure point, right?

Ruben: Yeah, exactly. And so when we set out to build NGRAVE, we came from sort of a background of at least one very severe hack for more than 40,000 Ethereum. And so we said, “We are going to build the one thing where you can actually put all your crypto on and sleep at night.” And that meant that we had to go 100% offline, because the moment you go online and you make a connection, then a hacker can try and basically use that connection to attack you.

So ZERO, for example, our hardware wallet, is 100% air-gapped, which means it never relies on a USB connection, on Bluetooth, on the USB…sorry, I did say that before. So it doesn’t need anything. It’s standalone. It’s offline. It’s actually a cage of Faraday. So there aren’t even radio frequencies able to get out of the device.

And that sounds…so the reason behind that is also because, if you are doing things with your hardware wallet, so you may be signing a transaction, depends a bit on which one you use, we can actually Shazam your private key, because you are using the key at that moment, and we can sort of pinpoint the range of potential private keys that you need to sign the transaction in that respect.

And so these are all, like, crazy “side-channel” attacks, as they call it in the jargon, and also those, we actually completely have taken out of the security framework that we use. And our security framework is very simple. Never ever, ever should there be any kind of compromise on your security.

Scott: I love it. And, okay, that word, simple, I want to dive into that because folks that are newer to crypto, you know, maybe they’re not as familiar. You know, we’re a show, our audience is crypto investors and traders, and some may be at various points in their sophistication around even just acquiring crypto and storing it and keeping track of their keys and what they’re doing there.

So there are currently, I think, a lot of barriers to entry for would-be crypto traders and investors, and needing specialized wallets is, I think, one of those potential barriers. Someone, you know, if you are coming from the traditional finance world, they’re thinking, “What? I need some special thing?”

What do you think wallet manufacturers, folks that are developing these great solutions, like NGRAVE, can do to really help improve accessibility and really lower this barrier to entry for folks, to maybe foster more adoption, more investors to get in on crypto?

Ruben: Yeah. So we’ve been active since 2018 to build out our full product suite. We did it very meticulously. Also, because if you do it right, then the next decades can be very important for you as a company. And so what we saw from all the customer interviews we’ve done is that, typically, if you use these kind of USB devices that only turn on if you plug them into your computer, you have, first of all, a very small but significant hurdle of actually plugging it in, and you’re plugging in your secure offline vault into an online connected device.

So it sort of deteriorates your peace of mind when you do that. So you have, like, a hurdle, purely psychologically, of, “I’m not going to do it.” Second, the security aspect of it or at least the feeling you get from it. There, also, with USB wallets, which is, I would say, today’s industry standard, it’s a total black box. You have no idea what’s actually going on in that little USB flash drive.

Scott: Right. You plugged it in, you’re like, “Okay, what’s happening?”

Ruben: Exactly. So what we tried to do was we said, “There are two things we have to focus on. One is maximum security, and the other one is it needs to be 21st-century experience, swiping, tapping.” So we have a touchscreen device. ZERO is touchscreen. It allows you sort of to interact as with a mobile operating system, but the nuance here is that we actually developed the whole firmware from scratch, again, with one goal, maximum security.

If you would use an Android-based operating system, which some wallets do, you actually already have so many possible attacks to that kind of operating system. So for us, we basically said, “It needs to be almost like an Apple experience. It needs to be super easy,” and only then users will actually adopt it more than you would initially expect.

And if you look at ZERO, so the way we communicate is over QR codes, and QR codes are a beautiful thing in the sense that everybody already knows them. Everybody uses them. They’re super fast. They’re intuitive. You can use your random phone and see what’s inside by just scanning them. So any kind of “dirty” information that would be in there, you can actually check it.

And it’s so easy, so understandable. We call it security through transparency. It makes it very easy for even the most basic user to understand the security level of, “Okay, I’m signing a transaction request on my phone with my device. Then I see on my device, is everything still correct? Like, is this still the right address I’m going to send from and to and the right amount of crypto?”

And if that’s the case, you sign the transaction offline on your device, show a QR code back, and your app will scan that QR code and send it to the blockchain. And that transaction signature QR never contains any data on the actual private keys. That’s the marvel of cryptography. So in a sense, what we’ve achieved is that you can actually, in a matter of, let’s say, 20 seconds, fully confirm a transaction.

Then you have the speed of the network, which, in most cases, is pretty fast. And in most cases, except maybe today for Ethereum, the gas costs are also very low. So you can basically say, even as a trader, yeah, it’s a bit extreme, but you could you say, “Look, I’m going to sleep. I’m a day trader. I’ll put everything offline in my wallet. Tomorrow, I wake up, I put it back online, and I continue trading.”

So that while you’re not actively in the market, you actually can be completely offline and completely peace of mind. And, yeah, those are all sort of, let’s say, big side effects, intentional side effects, of course, to make your 21st-century crypto experience much more reliable, and also, it will incentivize you to use your wallet more, which is strange.

You would say, “It’s a cold wallet. I’m going to put everything away.” But at the same time, while it can do that use case, it can also allow you to, “All right, I take it out. It’s a simple button on the side, device turns on.” You can immediately scan, and you can put everything offline, online. And that’s really the beauty of it.

Scott: I love it, and I love, too, that you mentioned your usage of QR codes, because that is something that so many people are getting more and more used to, whether it’s, now, you’re out at a restaurant, you do that for the menu, or me, I drop my daughter off at daycare, and the check-in/check-out for the app, there’s a QR code, just scan that. So, you know, I think that’s the kind of thing that really does lower that barrier to entry.

So, you know, folks watching, if you’re unsure, that’s a pretty low barrier, and you can get all of the security, everything Ruben’s been talking about, and not have to worry so much about your keys. Now, other than we’ve been talking about ZERO, you have a few other products. I just wanted to touch on them.

There’s GRAPHENE and LIQUID. Can you just walk us through those a little bit? What are those, and kind of what’s different about those?

Ruben: Yeah, sure. So what we set out to do was we wanted to make sure that we could secure the full end-to-end experience of a decentralized user, step zero being creating a strong key, which is where we already found improvements. Obviously, you also have the parts where you have to sign transactions securely, and so on. And in the end, there is…for everybody, unfortunately, at the moment that you pass away, your kids need access to your crypto, and all of these little steps in between and the extreme two steps, they all have their security challenges or riddles, even, still, to this day.

And so we wanted to solve all of them. And the big thing is, actually, that your hardware wallet isn’t the most important thing of what you have. You can lose your hardware wallet. You can simply buy a new one. As long as you can input your recovery key, your whole universe of wallets you have can be restored.

And so it shook us, it struck us that the existing solution for it is paper wallets, right? We are in this high-tech space…

Scott: Write down the key.

Ruben: Exactly. And we also, yearly, do sort of a big survey. This year, we had about 2,000 respondents over the whole world, and still, about 60% of users put it on the paper wallets. Luckily, the metal wallets have been increasing a bit, went from about 10% to 20%. And then you have people who just keep it online, people who don’t have a backup.

So what we said to ourselves was, “Okay, there are three wallets. What if I lose my hardware wallets? I need a backup. That backup, what if my house burns down or even in the simple case of I spill water on it? What will happen to my backup? Will it still be there?” And the current answer is no.

Our answer is we built GRAPHENE, which is a stainless steel backup solution. So if your house burns down, that’s at the maximum temperature of 1,000 degrees Celsius, the graphene plates, they only start melting at 1,600 degrees Celsius. So they’re extremely resilient in extreme circumstances. And the second question we wanted to fix was, what if somebody finds now my GRAPHENE?

They find my backup. So if today I find your 24 words, I know your key. If you cut it in 2 parts of 12 and I find one of them, I have to force only the other part. And we wanted to go a step further, where, basically, a user would have two stainless steel plates that, together, show you your key, but when they are separate, they basically have absolutely no information whatsoever on your key, so not a single word, not a single bit of the 256 bits that your key is, and we achieved that through NGRAVE, through sort of an encryption that we invented.

And the third level of your backup is, what if I lose my backup? So today, again, paper wallets, even the metal wallets today, it’s game over. In our case, we made it recoverable but in a way that there is never a third-party, including NGRAVE, risk. So we can recover your key for you, but we will never know at any point of any knowledge about your key.

And that’s that…

Scott: I love it. Yeah, go ahead.

Ruben: You know, that’s just, like, the power of GRAPHENE, and like I mentioned, the Perfect Key, in the beginning. So the Perfect Key also can…so the GRAPHENE only works with the Perfect Key. So the Perfect Key is something that goes through all of the steps you have and makes your experience much more secure, much more…yeah. So, therefore, GRAPHENE is, like, a marvel on itself in terms of the “technology” in a non-tech product, because it’s not an electronic.

Yeah. And then we have the LIQUID. So the LIQUID is our mobile app, and the way it works is you make your keys on ZERO, you share the addresses with a QR code to your app, and then your app actually has access to, let’s say, Etherscan for your Ether account, and so on. So it actually can show you in real time how you are doing with your portfolio, any kind of transaction history you have.

And if you want to create and sign a transaction, you interact with ZERO. If you want to receive a transaction, you can do it all from the app. So it’s sort of your gateway to the online realm, where you can actually start doing the real interactions and transactions.

Scott: That’s fantastic. So very much hitting all of those important points for doing transactions and also keeping that security and that storage in mind. And as you were talking about GRAPHENE, I was just remembering, you know, there’s still that story. I believe, there’s that poor gentleman who is still digging through the dump, looking for a USB stick, right, with millions and millions of Bitcoin on it, right?

We all know that story. So, clearly, trying to address those types of things, right?

Ruben: Yeah. And I still know a few people who do that as well. I mean, there are probably hundreds of them that have been stored in their house, and they don’t find it anymore. And, yeah, the Bitcoin you had five years ago…

Scott: Yeah. No, no, absolutely not.

So we’ve been talking a lot about, you know, having a secure wallet, all of these great tools that you guys have developed. Beyond just that, is there any general advice you could give an investor or a crypto trader, you know, who’s concerned about protecting their assets and wants to make sure that they’re doing things the right way?

So beyond, yes, having great tools, what are some of the things, I guess, they can do?

Ruben: Yeah. I think, with NGRAVE, what we really focus on a lot, and you can find it on our website and our blog, is that we try to figure out these questions and have the answers to them towards our users. Like, what are the things I can do to improve my cybersecurity hygiene in general? We recently made a whole series about the metaverse.

How can you safely interact with the metaverse? What things do you have to look out for? So I think about one or two weeks ago, we were present in the Metaverse Fashion Week, together with, like, all of these top consumer brands in the traditional space, and we were also sort of a security partner.

So literally, you could find things here and there with simple tips to make sure that you really realize that you’re not just walking around down the street, but that you’re actually completely vulnerable when it comes to any kind of NFT, your own digital assets, your own digital identity even. So it becomes so important that I would say any kind of tip that we wish you knew or wish you know is there and deeply explained, because the list is almost endless, right, in the small things you need to do.

And, yeah, one of the best things you can do is just keep it on a cold wallet and, ideally, keep it on a few, maybe even if you want to go a bit more extreme, you set up a multisig setup, depends a bit. But I think, like, our recent survey, yearly survey, of, like, security audits of people’s ways of how they interact with crypto and do that securely, you can also find it on our website.

There’s a lot of insights in there. Like, do you make two of a backup code of that? Where do you do it? Do you do it on your computer? Do you do it offline? What kind of backup do you have, a paper wallet, and so on? And, yeah, we’re trying to keep track a bit of it in the sense of, every year, how do these things evolve, and do they evolve in the right direction?

And we’ve seen that, also, like, QR code wallets now have also been taking up in terms of adoption, which is great, because I would say they’re the most transparent when it comes to security and also really air-gapped. Yeah.

Scott: Excellent. So as we are winding down this discussion, I always like to look at the future. So when it comes to, I guess, crypto storage, security, what do you think may come next? What are some potential innovations that we could see or trends that we could see in terms of crypto storage?

Ruben: So you mean specifically for crypto storage or?

Scott: Maybe. Yeah, just technological innovations, what might be coming next?

Ruben: Yeah. Well, from our view, of course, we’ve tried to be at the forefront of these kinds of innovations. So if we look at the, let’s say, hardware wallets that are out there today, there are quite some pain points that haven’t been resolved yet, and I think one that’s staring us all right in the face is simply that even paper wallets have never gone through the incremental innovation they should.

Like, for example, you can make paper unshreddable. That’s sort of a “technology” that exists. You can make it water/spill-proof. And none of these paper wallets do that. So even, like, just fixing those kind of basics, that’s an exercise that hasn’t been done. And so, when you’re a security company like us, that’s really almost a slap in the face, right, because our goal is to protect as many users as we can, and then we see that those that don’t use our solution are using, yeah, ways that are totally inadequate to actually keep your crypto safe.

So, yeah, we constantly are trying to write new whitepapers to come up with new kinds of innovations, and I think that’s what we do. And we have a few things coming up that we will not disclose yet. But, yeah, I think it’s also a bit of a question, like, where will the challenges be? And, yeah, then, obviously, metaverse is right there.

And the thing is that the metaverse runs entirely on blockchain as an infrastructure, and most of the infrastructure that there is today, in general, will also move towards such kind of a backend. And, again, it always comes down to that private key, again, because blockchain, the most important thing you need to know of is the private key.

And we talk about the private key paradox, which is, in theory, it’s guessing which atom it is somewhere in the universe, but in reality, you’re just finding it. So the private key is both the strongest part of the whole technology but also the big weak spot. And so I hope that the ways keys are made will evolve, the ways mnemonic seed phrases are made today will evolve, and hopefully, in the direction of the Perfect Key.

And, yeah, at some point…and those are things that have been around for a while. You also have these ideas of keyless platforms where you don’t need to even know anymore that there is a private key involved, and in a sense, that’s nice. It’s also how the internet works today. You don’t think about HTTPS and that it is secured.

But the reality behind it is still that, even in such situations, things always need to be signed, be it in a one-signature version or in a multisignature version where several parties need to sign things. So private keys remain the core essence of the whole thing. And if you look at the Ronin hack, all these bridges, all the stupid mistakes that happen and cause losses, we still have a long way to go.

So I would say let’s start with that. Let’s try to up all of these things ASAP, and then, yeah, maybe see if there are, like, extreme security conundrums we can go for. And maybe to add on that, so our team, our extended team, consists of the people who can sort of predict the future there, right? So one of our investors and senior advisors, his name is Jean-Jacques Quisquater, he is now 77 years old, has more than 50 years of active professional experience in hardware security.

So the first smart cards 50 years ago, he was part of that endeavor, going all the way into making the actual chips that do the true random number generation, he was involved. Now, he’s involved in the most advanced hardware security module in the world, ZERO. So these are people who invented branches of cryptography and that are continuously thinking about what’s next.

One of our other partners is COSIC. It’s a KU Leuven team that, 20 years ago, invented the Advanced Encryption Standards, or AES-256, which is used today still in your WhatsApp, in your Telegram, to actually, like, encrypt your messages. Officially, it has never been compromised. But in the meantime, the U.S. NIST, the National Institute of Standards and Technology, has conducted a four-year competition for the new quantum algorithms, quantum-proof algorithm, so to say.

So they recently also assigned COSIC, again, for the post-quantum cryptography standard. So through these partnerships, we also have, like, a leap ahead in terms of what will happen in the future, and then we can work our way back from there and actually build solutions that include those things proactively.

Scott: Absolutely. It’s going to be exciting to see, and with folks like yourself and your team working on it, I think we’re going to be in a good spot there, and especially as more and more investors and traders and stakeholders realize how important it is and how it doesn’t necessarily need to be an absolute headache to secure your keys and protect your crypto assets there.

So, Ruben, thank you so much for joining me on the show today, really sharing all of these insights. And if folks want to find out more, maybe head on over and see if they can get one of your wallets there, where can they do that? Where should they go?

Ruben:, and you can easily go to the webshop, purchase your wallet. We have the whole block up there. So that’s definitely where to look if you want to up your security skills. But also, we talk about a lot of different trends, like the metaverse, as well. So, yeah, it’s quite easy,

Scott: Fantastic. And we’ll be sure to have links to all of that in our show notes.

Ruben: Perfect.

Scott: Thanks again, Ruben.

Ruben: Thank you. Thank you, Scott.


Scott is a writer Cryptogic as well as host of the several popular podcasts.