Safety in Web3
In the Wild West, which is the crypto space, it is hard to deny that scams and hacks are not commonplace. Even seasoned users run the risk of falling prey to these scams. All it takes is a moment of folly — clicking on a malicious link, interacting with a phishing site, and poof — there go your funds.
Crypto-natives have adopted counter-measures to stay safe. For example, NFT traders are aware that malicious minting sites may be coded to drain their wallet. To curb their risk, they use a burner wallet — one that only contains the amount of money required for the mint. This way, even if their wallet were to be drained, they would lose the minimum.
But what about the funds that we hold for the long-term?
This is where we need to start thinking about the type of crypto wallet we are using.
Given the vulnerability of crypto to hacks and scams, as well as centralised exchanges recently and controversially suspending withdrawals, security is an utmost concern within this space.
Just because you can access your funds does not mean that you are truly in control of it.
This article will be a primer on what crypto wallets are, the differences between hot and cold wallets, and aim to help our readers keep their digital fortunes safe.
What is a Wallet?
Unlike real-life wallets, crypto wallets do not actually store your crypto asset, which lives on the blockchain itself. Instead, your wallet allows you to make transactions with your cryptocurrencies.
Public and Private Keys
Each wallet comes with a public and private key.
- The public key is the “address” at which your crypto is stored at. If people want to send crypto to your wallet, they do so by sending it to your public key. Anybody may also look it up and can view the transactions you make and the contents of your wallet.
- The private key is the “password” you need to make transactions. It should be kept completely secret from anyone else.
Note: these keys are different from a “seed phrase”, which is a set of randomly generated words which you should record when you first set up your wallet. These are the master keys to regaining access to your wallet. Again, it is important that it be stored securely and away from anyone’s eyes.
Non-Custodial vs Custodial
Custodial wallets are software wallets offered by centralised businesses, typically. The crypto purchased on centralised exchanges (CEXes) is stored in the in-app wallet.
The important thing to note is that its private keys are held by the centralised business. Users give up control of their wallet to the business, which is then responsible for the wallet’s security.
The age-old adage rings true — Not your keys, not your coins.
While users can make transactions with the crypto in custodial wallets, it is only because the business is allowing them to do so. There is no true ownership. If a business mismanages customers’ funds or prevents withdrawals, users can do nothing. Recently, such worries have materialised — in Vauld, Voyager, and Celsius suspending customer withdrawals (causing great distress in the crypto world).
These recent events have shown that it’s best not to trust anyone with your private key — it’s much safer to hold your crypto in a personal wallet like STEPN’s in-app wallet, Phantom, or Metamask.
Too hot to handle, too cold to hold!
Let’s understand Hot and Cold wallets.
A hot wallet is one that is connected through the internet, while a cold wallet is not. For context, a cold wallet is similar to a thumb drive — it only gets connected when you insert it into your computer.
STEPN’s in-app wallet is a good example of a hot wallet. Others include browser-based or mobile wallets like Phantom or Metamask and custodial wallets on centralised exchanges.
Cold wallets, on the other hand, are hardware wallets. The private keys are stored offline, on a dedicated device. Users plug this device into their computers in order to approve transactions on the blockchain. Some popular hardware wallet brands include Ledger and Trezor.
While cold wallets are considered to be more secure than hot wallets, it loses out in terms of convenience.
Ease of Use (Convenience)
Cold wallets: Designed with maximum security in mind, and unfortunately it is at the expense of convenience. If one were to trade frequently, then it would be terribly inconvenient having to constantly plug a cold wallet in and out, as well as key in PIN numbers and passwords.
On the other hand, hot wallets are typically designed for the user’s convenience. For web-based browsers, only a password is needed. Phantom Mobile on Apple even lets users unlock their wallets via Face ID.
Hot wallets: Typically have a lot more features and functionalities than cold wallets. For example, STEPN’s wallet offers a swap function, allowing users to swap between multiple cryptocurrencies like USDC and GST.
Cold wallets: Their offline nature allows for an extremely strong defence against hackers. Your private keys are stored in the device itself, isolated away from the Internet.
When transactions are made, a digital signature is required to prove ownership. With cold wallets, transactions start online — but next shifts to an offline mode where the signing process takes place. This way, hackers are unable to access your funds unless they physically steal your device (and the password or PIN numbers used to secure it).
Of course, although rare, cold wallets are still subject to your regular supply chain risk, as evidenced in the June 2020 attack on Ledger. Here, the personal information of 272,000 customers was leaked. Ledger has since conducted penetration tests for improved security, as well as onboard a new Chief Information Security Officer.
Hot wallets: Since they are always connected to the internet, the private keys are also online too.
Tips on Staying Safe
Of course, regardless of whether you use a cold or hot wallet, you are fully responsible for your asset’s security.
1. Make sure your wallet password is unique and not reused
For hot wallets specifically, it is recommended that you use strong passwords, which usually consist of a mixture of alphabetical and numeric characters.
2. Do not put all your eggs in one wallet
It is a good habit to spread your assets across multiple wallets, especially when the numbers start getting larger. That way, if one wallet is compromised, the losses will not be so severe.
3. Protect your devices
Good practices include refraining from connecting to public Wi-Fi, which is usually susceptible to hackers, ensuring passwords are in place, and installing an up-to-date antivirus tool
4. Beware of scams
This includes ignoring all direct message requests on Discord, Twitter, Reddit and other social platforms, double-checking all links you click on to ensure that it is not a phishing website, and not sharing your seed phrases and private keys with anyone.
5. Not your keys, not your coins
Avoid storing large amounts of your crypto assets on exchanges, as if any hacks occur, you stand to lose it all.
Additional tips for STEPN users:
- Ensure 2FA is enabled on your account. This adds another layer of security
- Visit only official STEPN links or links that are posted from our official broadcast forums like Discord and Twitter. You can refer to the list of official links here.
- Never share your verification code when you are logging in to your STEPN account.