G GOPNIK ACADEMY
EVM 101 — XRPL-EVM Sidechain · Lesson 5 of 5

Self-custody on EVM

4 min · read

Back to course

The same mnemonic that protects your XRPL wallet now protects an EVM address too. This lesson teaches the new attack surface — and how to defend it.

How the EVM address is derived

The Gopnik wallet uses BIP-32 derivation from your XRPL seed.

  • XRPL uses the path m/44'/144'/0'/0/0 (SLIP-0044 coin 144 = XRP)
  • The EVM derivation uses m/44'/60'/0'/0/0 (coin 60 = Ethereum)

Same seed, two different paths, two completely independent keys. Compromising your EVM key does not expose your XRPL key (and vice versa), because the BIP-32 hardened derivation path makes that mathematically impossible.

What this does mean:

  • If you lose your mnemonic, you lose both chains
  • If your mnemonic leaks, you lose both chains
  • Backup hygiene matters twice as much

The new attack surface — phishing on EVM

Phishing on EVM follows three patterns. Learn them; spot them in seconds.

1. Fake dApp + approval drain

You visit gopnik-wallet-airdrop.tld (fake). It asks you to "connect your wallet" + "approve" a contract you've never heard of. The approval is for infinity of your highest-value token. The contract calls transferFrom immediately and your funds are gone.

Defence: never sign an approval whose contract address you haven't verified. The wallet shows the destination contract address in plain text before signing.

2. Address poisoning

An attacker sends you a 0-value transfer from an address that looks exactly like one you've sent to before: - Real: 0xA1b2C3...DeF456 - Fake: 0xA1b2C3...DeF457 (off by one char in the middle)

Next time you copy-paste from your "recent transfers" list, you grab the fake. Your funds go to the attacker.

Defence: the wallet never auto-fills destinations from external sources. Always paste full address; always sanity-check the first 6 + last 4 chars; for large amounts, sanity-check the middle too.

3. Clipboard hijacking malware

Malware on your computer watches the clipboard. When it sees an EVM address copied (42 chars, starts with 0x), it replaces it with the attacker's address. You paste; you sign; funds gone.

Defence: for amounts > €100, verify the address character-by-character on the signing screen after paste. Hardware wallets (Ledger, Trezor) prevent this attack entirely — the device shows the address independently.

Paste-protection in the Gopnik wallet

The send form has built-in paste-protection: - Pasted address must match the regex ^0x[a-fA-F0-9]{40}$ (no invisible characters) - The submit button only enables after an explicit click on the address field (prevents clickjack-paste) - For sends > €100, a confirmation modal repeats the destination address with the first/last 8 chars in bigger text

The custodial opt-in (Maestro+)

If you'd rather not manage the EVM private key yourself, Maestro-tier users can opt in to custodial mode:

  • A fresh key is generated inside AWS KMS
  • The wallet calls kms:Sign on every transaction
  • We never see the raw private key — only KMS does
  • You sign a "consent" message with your current BIP-32 key proving you actually want this; we verify the signature before migrating
  • Migration is one-way: you can't go back to BIP-32 without manually moving funds

Custodial mode trades self-custody for convenience. It's the right choice for some users, the wrong choice for others. The default is BIP-32 self-custody for everyone — opt in deliberately.

The single rule

Read the destination address. Read the amount. Read the contract. Then sign. Every loss in the history of EVM phishing happened because someone skipped one of those three reads.