Don't Hurry to Withdraw the Coin! Cold Wallet is Not as Safe as You Think

2022-11-14, 12:38



TL;DR

· The domino effect FUD triggered by the FTX crash gradually spread, the withdrawal movement continued, and no one knew when the bear market would stop;

· The crypto world is now very wild and chaotic. As users, what can we do;

· For most people, as long as password protection and double verification are done well, it is actually safer to put it in the exchange than the hot wallet.

· The real world is originally a process of entropy increase, and the mission of blockchain is to slow down the speed of entropy increase.



Introduction


The domino effect FUD triggered by the FTX crash gradually spread, the withdrawal movement continued, and no one knew when the bear market would stop. But we can have a good discussion. Is it really necessary to withdraw the coin? How to place your digital assets?


Withdraw or Wait?


This wave of coi-withdrawing campaign initiated by the FTX crash has exposed some crypto exchanges that have not heard the 100% proof of reserves to huge run risk, even the risk of closure.

In fact, when FTX sold a large number of Altcoins on the first day, sensitive investors should be aware that they may need to withdraw money and leave. Instead of being hindsight, passively waiting for the arrival of good news and expecting events to reverse.

We can see that the situation in the whole world is very turbulent, and the crypto world is also very wild and chaotic. As users, there is not much they can do, which requires us to make reasonable asset allocations according to our own conditions.

BTC may be the kindling for some people to start a new life in a turbulent situation. It is believed that one day, every family must have a certain proportion of allocation to help make the asset portfolio more healthy and sustainable.

In addition, we should also learn to use hardware wallets to store our own assets, disperse funds, and prevent all money from being included in the exchange. Even a giant as strong as FTX fell to the ground in only two days. What is impossible?


Cold Wallet or Hot Wallet?


So the question arises, is it suitable for users to use hot wallets or cold wallets? Next, we will list the use methods and potential risks of the cold wallet and the hot wallet respectively. You can refer to and choose according to your own situation.

Cold Wallet
A hardware cold wallet that meets the standards or is produced by a formal manufacturer must be isolated from the Internet. Generally speaking, the hardware cold wallet generates the wallet address and key when the network is disconnected. This ensures that hackers cannot directly steal the key from devices connected to the network.

Scanning the use process of the hardware cold wallet, we found that any scenario where a private key appears or uses a private key is completed when the network is disconnected, so this can break the way for hackers to steal the private key to some extent, thus ensuring the security of the hardware cold wallet.

In addition, it is recommended to observe wallets when receiving cryptocurrencies, such as imToken and Trust Wallet, and use QR Code, USB, or Bluetooth when sending crypto assets.

However, the risk of using the cold wallet is that the lack of relevant professional knowledge of users may lead to security problems caused by the "WYSIWYG (What You See Is What You Sign)" interaction mode. The hardware wallet is not absolutely safe.

At the World Hacker Conference DEF CON 25 held in Las Vegas, the United States, a foreign security team demonstrated how to crack hardware cold wallets, including the oldest Bitcoin wallet, Trezor. After getting Trezor, hackers can take advantage of the vulnerability to transfer BTC by removing its shell. This process takes only 15 seconds at the fastest.

Just two years ago, the security accident of Leger, the maker of cryptocurrency cold wallets, caused nearly 1 million e-mail addresses and 9500 user data to leak. Although it does not contain passwords, these personal resources are enough to be used by criminals to launch phishing attacks. The news of extortion has spread all over the world, causing panic among relevant users and making people feel ill about the use of third-party cold wallets.

Therefore, generally speaking, we need to carefully observe the well-known hardware cold wallet manufacturers on the market. If a manufacturer has produced hardware cold wallets for a long time and has never had a safety accident, it is highly probable that the hardware cold wallets produced by this manufacturer will be safe and reliable.


Hot Wallet
Generally speaking, the hot wallet will interact with DApp (DeFi, NFT, GameFi, etc.). When the wallet is running, the malicious code will directly package and upload the relevant mnemonic phrases to the hacker-controlled server. When the wallet is running, and the user initiates a transfer and stealthily replaces the target address, amount, and other information in the background of the wallet, it is difficult for the user to detect. Destroy the entropy value of random numbers related to the generation of mnemonic phrases, making these mnemonic phrases easier to crack.

Presently, Metamask, a well-known and safe hot wallet in the market, belongs to one of the six major products of the Ethereum technology development company ConsenSys and was once supported by the Ethereum Foundation.

It is a lightweight Ethereum open-source wallet and also an APP wallet. It has the function of testing Ethereum smart contracts, supports the most comprehensive Dapp, and is compatible with the hardware wallet Ledger and Trezor.

The user interface is simple, which is very suitable for beginners. In addition, users customize the wallet experience, such as adding a new application interface to the MetaMask. However, the gas rate is high, and the simple UI design and page are often criticized.


Is the Web3.0 Wallet Reliable?


A wallet is a necessary tool for users to interact on the chain. It can be seen as an important entrance from the real world to the crypto world. Its essence is a private key management tool with strong asset attributes. The development of crypto wallets in the future will also be enriched and expanded around these two features, and business optimization and resource aggregation will be carried out in a comprehensive and comprehensive direction.

As the leader of the future crypto wallet, Wallet.io, a decentralized multi-functional wallet in the Web3.0 era, uses a more balanced scheme to ensure your capital security.

Users do not need to record and save mnemonic phrases or private keys themselves, do not have to worry about their mobile phones or computers being invaded, and the platform ensures the security of funds; The platform cannot use the funds in the user's account, and the on-chain assets are clear, traceable, and cannot be counterfeited. wallet.io supports logging in through gate.io authentication. After completing authentication, users can log in to the exchange and personal wallet with one account simultaneously. The exchange and transfer are all done, which is convenient and fast.

In addition, wallet.io also has a leading multi-coin and multi-sig wallet at the institutional level. The contract code security audit is provided by Certik&Cheetah Mobile Security.

wallet.io single-person and multi-sig wallet: Gate and trusted digital asset custody experts jointly provide you with professional asset management solutions. It is suitable for a single person to manage assets. The multi-sig solution can avoid the loss of assets caused by the loss of a single party's private key. A "2-of-3 signature" mechanism is adopted. The 3 private keys are respectively set by the user, wallet.io platform, and the third-party authority are kept separately; The transaction requires the signature of two private keys to transfer out the asset. It supports a variety of digital currencies and can store hundreds of digital currencies. It ensures the security of the backup private key through professional institutions. It supports hardware wallets, and hardware cold storage, while the private key is more secure.

wallet.io multi-person and multi-sig wallet: a secure and flexible solution for collaborative asset management. It is suitable for multi-party cooperative asset management. It can not only avoid the loss of one party's private key, but also provide a better solution for multi-party cooperative asset management. The "m-of-n signature" mechanism allows the owner to set the total number of private keys n of the wallet and the number of private keys m required for signing transactions. That is, there are n members in the wallet who manage the private key. The asset can only be transferred out after m members sign it.

M-of-N control is more secure. The transaction requires the signature of N keys in M for confirmation. It supports multiple digital currencies and can store hundreds of digital currencies. A better backup experience can generate a secure keycard for users. When necessary, assets can be retrieved through the keycard. It also supports hardware wallets and hardware cold storage.

In addition, Wallet.io wallet provides users with digital asset management, sending, receiving, and other services free of charge. The sending fee will be paid to the network node that maintains the operation of the digital currency system, also known as the miner's fee, and has no economic relationship with the wallet.io. The transfer page displays the reference miners' fees, and the actual expenses shall be subject to the actual expenses. See the transaction record details page for details.
Currently, Wallet.io supports all EOS tokens, all ETH’s ERC-20 tokens, all QTUM’s QRC-20 tokens, and all NEO’s NEP-5 tokens.

In Wallet.io, the user does not need to back up the private key. Because Wallet.io uses a more balanced security policy, the private key is encrypted and stored on the platform with high strength. Neither the user nor the platform can obtain the private key independently. The private key uses the user's withdrawal password, which is stored through multiple encryptions. The platform cannot get the private key, and the private key is controlled by the user. When the user transfers money, the private key will be encrypted and deleted when it is used up.
A secure and easy-to-use all-currency wallet with multiple authentication and open-source transparency can ensure users' safety.


Some Suggestions


To sum up, our tokens are often stored in three places, among which the cold wallet is the safest. For most people, as long as password protection and double authentication are done well, it is actually safer to put it in the exchange than some hot wallets; Our hot wallet is always on the chain. Once wrong authorization occurs, assets can be easily transferred. Wallet.io can effectively avoid this error.
In addition, many people think that USDT is very safe. In fact, USDT is managed by Tether. Once it is considered black money, Tether can easily freeze the money. Therefore, it is better to be careful when encountering USDT of unknown origin. Similarly, it should be noted that the USDC will also be frozen.

Another place where people are most likely to make mistakes is the signature. It is generally believed that signatures do not involve authorization, and there is no operational risk. However, signatures written in non-plaintext still pose a security risk. Fortunately, Metamask will now use red letters to prompt.

Of course, in addition to signing, the most commonly used function is approval. This determines the amount of money you have authorized the other party to use freely in a certain currency. Generally speaking, DEX such as Uniswap are safer. However, once you encounter a new project that requires you to authorize unlimited transfer amounts, you must be careful. Hackers' favorite move is to trick you into a fake website when you are anxious (when a new project is minted), excited (suddenly received a seemingly large amount of airdrop), or depressed (repeatedly deceived) so that you unintentionally give him authorization.


Conclusion


Security is never absolute, but relative.

The real world is originally a process of entropy increase, which will constantly change, progress, and improve. The mission of the blockchain is to slow down the rate of entropy increase.

As a user of the currency circle, if you want to stay in this industry for a long time, the first thing is to focus on your own asset security, understand your scope of capabilities, choose the appropriate way to participate in it, and constantly find and experience the reflection and progress brought by the changes in the industry. Perhaps only in this way can we become better and better, and the crypto world will become better.

Thanks to all the people who have participated in the creation of a better world, Gate.io will join hands with you to cross the darkness and welcome the dawn.




Author: Gate.io Researcher Byron B. Translator: Joy Z.
This article represents only the researcher's views and does not constitute any investment advice.
Gate.io reserves all rights to this article. Reposting the article will be permitted provided Gate.io is referenced.
In all other cases, legal action will be taken due to copyright infringement.
Share
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank