2023 kicked off with many wallet hacks where innocent users lost millions of funds. In January, Kevin Rose, the founder of Proof, lost over $1 million worth of NFTs to a wallet compromise. In February, a hacker phished a Trust Wallet user of about $4 million. In March, the users of MyAlgoWallet lost around $10 million due to a wallet key compromise. And nearly $35 million were stolen from Atomic Wallet over the first weekend of June.
There has been a consistent rise in hacks over the months. Once people lose their hard-earned digital assets to a wallet insecurity issue, most never recover them. The most effective way to curb wallet security breaches is knowing the best practices for safety. Don’t be the next prey of hackers. This short article will give you high-level practical tips for securing crypto wallets.
A crypto wallet can be a physical device or online platform that keeps your private and public keys so you can carry out transactions. You can send crypto from your wallet and use its address to receive crypto.
Unlike popular opinion, a crypto wallet does not technically keep your crypto, but only your public and private keys. Your public and private keys help the wallet read your data on the blockchain public ledger and display your balances. Let us briefly explain the importance of private and public keys.
A private key is a set of exclusive cryptographic numbers that allows you to approve crypto transactions. A public key, on the other hand, is an open cryptographic alphanumeric number that points to your address. You can see a public key as your account number and a private key as your bank transfer pin.
One of the decisions you must make regarding crypto wallet security is whether to use a cold or hot wallet. Each of them has a different storage method.
Hot wallets. Hot wallets are online-based crypto accounts. You must access them through websites, mobile applications, extensions, or software. Examples include MetaMask and Phantom.
The pros of hot storage:
But they have their downsides, too, including:
Cold wallets. Now, let us move to cold or hardware storage. Unlike its counterpart, cold storage is offline and tangible hand-held objects. Ledger and Trezor are some of the most popular cold wallets.
The pros of cold storage:
However, they are:
Discover the most secure crypto wallets with wallet security rating at CER.live.
Crypto wallets are prone to various hacks and scams. You must be aware of these risks to protect yourself properly from them. Most security risks always fall into these categories:
The attacker in a phishing attack finds cunny ways crypto owners can give up their details. Phishing attacks often appear in a harmless format that the victim won’t notice unless they are extremely security conscious.
The hackers utilize various social engineering techniques to trick their to-be victims. For instance, some hackers approached Dominic Lacovone as Apple Support. They tricked him into giving them access to his iCloud account, where he saved his MetaMask recovery phrase. They drained his $650k within minutes.
A similar occurrence happened to Nikhil Gopalani, the COO of RTKFT. Some hackers wittily got his Apple ID and stole around $175k worth of NFTs from his wallet.
Wallet providers can choose whether or not to keep mnemonic keys in their sentry servers. The former can be necessary for performance optimization and error management. In contrast, the latter is a more decentralized approach.
If a provider has to keep mnemonic keys for one reason or another, they must be stored in a secure environment. They must get the service of a third-party auditor to ensure that it is not vulnerable.
The Slope wallet hack of 2022 was a good example of this. They kept the wallet users’ mnemonic keys in their logs. The hackers discovered this vulnerability and took away over $4 million of users’ funds. We recommend that you store your keys in a security-tight system that has been reviewed by a reputable auditor.
There are one thousand and one ways hackers can breach your wallet. How can you protect yourself? These are some of the best practices for wallet security.
Never put your life savings in hot storage. It is too risky because they are prone to phishing and other forms of attack. In contrast, cold storage gives you absolute control over your funds. You’re the only one who can access it; little or no online manipulation can work. Something as sensitive as savings is better kept privately in cold storage.
Single-signature wallets suit individuals but not organizations, teams, or DAOs. Multi-signature wallets are better options for DAOs and larger groups of people who want to use a common treasury. Multi-signature wallets will require more than 3 people to sign transactions. A hacker must get 3 or more signatures to steal funds from the address. This can be extremely difficult or nearly impossible.
Two-factor authentication is an added layer of security that prevents just anyone from accessing your wallet. Different wallets have various methods of 2FA requirements.
They will usually require you to get some OTP from your email or phone message to confirm that you are the one. You can also include biometric authentication as part of your 2FA requirements. Other things being equal, threat actors cannot fulfill all these requirements and breach your security.
Don’t put all your eggs in one basket. As much as you try to be security-minded, hackers can still find a way to break in and steal your funds.
The best defense mechanism is to prepare for the worst. All your funds are gone if you put them in a single wallet, and it gets hacked. It is better to put your crypto and NFTs across multiple. This reduces the degree of your loss in case of a breach.
Public Wi-Fi is available everywhere for everyone to freely access the internet. But be aware that not all free things are secure and good. Public Wi-Fi owners can access some of your data once you connect. This data can also help a threat actor to gain sensitive details about your wallet and hijack it. At best, use a secure VPN to connect to public Wi-Fi.
Hackers are getting more creative with phishing attacks every day. You must also be familiar with their games and be on the lookout for them. Hackers can send you a link on Twitter or Discord and require you to click one. They can also pretend to be customer support and request you to call some code or OTP from your phone. The best practice is to be discreet with your details.
Set up a strong password for your wallet. The more unpredictable it is, the better. Avoid using your name or nickname as the password. We recommend you pick your password from random alphanumeric keys. Hackers cannot correctly guess your password if it is strong.
Anyone who has access to your seed phrase can access your non-custodial wallet. You must store or keep your password securely if you use a custodial wallet. For example, do not save your seed phrase or password online or in your iCloud. The best practice is to write them down on paper and keep them in a safe place. Your wallet has a lower chance of being compromised by you doing this.
You have to be security conscious, especially if you have your crypto wallet as an extension or saved the password on your browser. Some websites have weak security, which can be deliberate. You can easily detect such websites as they would have HTTPS instead of HTTP.
One of newbie crypto traders’ most popular mistakes is using their main wallets for airdrops. This is too risky as some airdrops may require connecting your addresses with unsafe websites. The best practice is to have burner addresses separated only for airdrops. At worst, only your burner will get breached rather than your main wallets where you keep your crypto assets.
One of the major bottlenecks of mass adoption into crypto lies in how it can be quite risky for anyone with a basic knowledge of wallet security. Here is a quick recap of the best practices:
Keep these best practices in mind so your digital assets can be safe.
Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.
Table of contents
Tell us about your project
14 min read
Discover
10 min read
Discover
13 min read
Discover