Crypto Wallets Security: Explained

Published at: July 15, 2018

My wallet has been hacked. Help!

Since it’s already happened there is not much you can do. Imagine that you’re entering your wallet and seeing no coins and several transactions to unfamiliar addresses. That likely means you’ve been hacked.

Due to the anonymous nature of cryptocurrency ‘ownership’ is determined by whoever holds the codes for it. So if it’s gone - in majority cases - it’s gone. You may track the address of the last wallet but it will give you nothing. Notify the company - it's possible you are not the only one - and review your wallet and PC/smartphone security, if it has significant flaws.

Although if you kept your coins at a crypto exchange wallet and that exchange was hacked, there is a possibility that some kind of compensation will follow. The best thing you can do to protect your wallet is to make sure you’re aware of possible threats and you use your wallet correctly.

How could this ever happen? How can hackers steal cryptos?

Hackers use simple human weaknesses

The most popular type of fraud is phishing. Hackers may sent you a fake email from behalf of your wallet service, containing a fake URL, which may differ by one or several letters from the real URL of your wallet service. Or hackers even may redirect the right URL to fake URL when you’re entering the online wallet. The latest huge phishing scam occured on April 24 2018 to My Ether Wallet users, who lost in total $150,000 worth of Ethereum in a DNS hack.

Besides of phishing, hackers use simple human mistakes, such as keeping private keys in mail, exposing the keys at public, using public unprotected networks that allows hackers to sniff all the information and find the password. Big amounts of tokens and large transactions may attract hackers to hack exactly your wallet.

Where should I keep the keys, then?

The shortest answer here is that offline is better than online.

A popular mistake is to keep crypto wallet keys in email, Google Drive or Dropbox, or any notes app in your smartphone. These are the first places hackers usually try to get in. In order to save your coins, you can relocate keys to any less obvious storage. You may record it to an USB stick, or just write it down and keep it in your drawer - you obviously shouldn’t expose it to anyone else.

What if I lose my keys?

It depends on the type of wallet you use.

For most popular software wallets, it’s ok to know only your backup phrase, a mnemonic phrase, consisting of 12 words. In case you forget your pin, you should just delete the app, install it again using the backup phrase, and create a new pin.

There are wallets that provide access via Touch/Face ID instead of pin-codes. For example, in the Lumi app, you should just switch on Touch/Face ID in the app settings. The good thing about apps like Lumi is that the only thing you need to know is a backup phrase. The bad thing is that once you’ve lost the backup phrase, you’ve lost an access to your wallet. In this case, technology is helpless. The last hope for such luckless crypto owners is hypnosis.

I noticed that my wallet sets a new address every time I sign in - is it ok?

Yes, it’s for your wallet safety.

This method is called HD-safe, or "hierarchical deterministic", and means that every time you send or receive funds, a new address will be generated for your wallet. That’s a useful option, because it makes your transactions harder to track, and impossible for hackers to calculate the actual amount of money you keep at your wallet. If you need to transfer a big amount of coins you better split it to several transactions.

Is there an ideal wallet type with the best security level?

No. All wallets differ by online and offline types, and the security mechanisms differ respectively.

The majority of existing online cloud wallets, or so called ‘hot’ wallets, use two-factor authentication, in case hackers try to enter your email. ‘Warm’ wallets, the ones that you install as a software to your computer, or as an app to you smartphone, use 12-word backup phrase and pin-codes. ‘Cold’ wallets are hardware ones, that are located at a USB stick or a special gadget — it seems like the most secure way so far, but, according to a recent report, even hardware wallets are not foolproof. Regular updates and careful key management are still vitally important. Whatever kind of wallet you use, you should make sure that your laptop or smartphone doesn’t contain malware.

 

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Tags
Blockchain
Phishing
Wallet
Security
Private Keys
Related Posts
‘Blockchain Bandit’ Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
A “blockchain bandit” has managed to amass almost 45,000 ether (ETH) by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23. Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder. The report notes that rather than using a brute force search for random private keys, it used a combination of …
Blockchain / April 23, 2019
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
Can real-time transaction simulations prevent scammers from stealing crypto assets?
This year was a turbulent one for the whole crypto space. From NFTs to DeFi and exchanges, all areas of the industry felt the cold blows of crypto winter. Unfortunately, such an unfavorable climate is the perfect breeding ground for scammers to exploit distressed investors’ crypto wallets. The most recent examples of crypto scams include hackers stealing NFTs through over 500 fake phishing domains, while robocallers started targeting FTX customers in the aftermath of the exchange’s crash. Such malicious attacks have become an everyday occurrence in the space, and the crypto community is actively working on protective measures. On one …
Blockchain / Jan. 6, 2023
What are hierarchical deterministic (HD) crypto wallets?
Are HD wallets safe? HD wallets are as secure as the medium (physical or digital) on which they are stored. BIP-32 enables an HD wallet to produce a tree-like hierarchical structure of private keys from the seed. As a result, if a device is lost or destroyed, the seed backup can be used to restore the wallet along with all of the tree’s private keys. Hierarchical deterministic wallets offer enhanced security and privacy compared to non-deterministic wallets. They are secure because a new address is issued for every new transaction. Therefore, hacking them is a challenging and intricate process. Additionally, …
Blockchain / Jan. 19, 2023