With the recent surge in the popularity of cryptocurrencies, more and more people are looking for ways to store their digital assets safely. While there are many different methods of doing this, one of the most popular is to use a cryptocurrency wallet. However, . In fact, there are a number of different ways that your keys can be compromised, whether by hackers, thieves, or even just through human error. your crypto keys are not 100% safe even with a wallet Why Many Consider Private Keys To Be Safe Crypto-maxis beat the drum of “ ” and advocate the use of non-custodial wallets. The thinking is that as long as you don’t store your keys on an exchange or with a third-party service, they can’t be stolen. Not your keys, not your crypto. This is true to some extent. If you use a non-custodial wallet (such as Metamask, Trust Wallet, and others), it would be very difficult for a hacker to get to your digital assets. But not impossible. Non-custodial wallets put most of the key management into the hands of the user, thereby claiming to provide true ownership of digital assets. The Concept of a Mnemonic Phrase A mnemonic phrase, also known as a seed phrase or recovery phrase, is a set of words that can be used to restore your wallet. Mnemonic phrases are obtained from private keys by transforming the hexadecimal digits of a private key into a . Each word in the phrase corresponds to a hexadecimal digit, and the position of each word in the phrase corresponds to the position of the corresponding hexadecimal digit. series of words Most non-custodial wallets will generate a mnemonic phrase for you when you first create your wallet. This phrase typically consists of 12-24 words. If you ever need to restore your wallet, you simply need to enter your mnemonic phrase into the wallet software, and it will generate your private keys and allow you to access your digital assets. While this may not sound like much, it certainly provides a high degree of probabilistic security. To put that into perspective, the odds of guessing a seed phrase correctly is , which is more than the total estimated number of atoms on Earth! 1 out of 1.96 x 10^69 The problem is that if someone were to get hold of your mnemonic phrase, they would have full access to your wallet and could do whatever they wanted with your digital assets. This is known as the - despite the unfathomable security of cryptography, your digital assets are just one guess away from being completely compromised. “Private Key Paradox” Under the Hood of Crypto Wallets A software wallet is a software or browser extension (in most cases) that allows you to access on-chain assets. You can interact with other wallets through the PKI system. is that all these non-custodial wallets store your keys offline in your device or on your browser, so if your device is compromised, it will be easy for the intruder to access that data. An interesting thing to notice brute forcing a Trezor hardware wallet to access over $2 million worth of cryptocurrencies just because the PIN had been momentarily stored on the device’s ram. Here’s a case of a hacker Further, most non-custodial wallet solutions today rely on APIs from Etherscan, Opensea, Alchemy, and (all being centralized) to produce your recent transactions, wallet balance, and NFTs available in your wallet. Infura This is concerning because there is no verification done by these wallets on whether or not the API calls are legitimate. This essentially pushes the ecosystem to trust centralized services. The recent that geo-blocked all the users of Venezuela to accessing their wallets further emphasized how dangerous these central entities are when providing true decentralization, which web3 is aiming at. MetaMask-Infura fiasco The Menace of “Secure” Wallets Over the years, several non-custodial wallets were subject to hacks and theft. Some of the popular ones include the , which compromised over 8,000 accounts in August, the , which lost over $2 million in IOTA tokens in 2020, and , which allowed an attacker to steal 150,000 ETH in 2017. Slope wallet hack Trinity wallet hack the Parity wallet hack , to turn off the automatic iCloud backup of their wallet data. The warning was issued in response to the losses suffered by an NFT collector, who reportedly lost $650,000 in digital assets after his MetaMask wallet was wiped out in seconds. In April 2022 Apple customers were advised by MetaMask Reliance on PKI The problem with managing private keys is that it’s often difficult to remember dozens of random, hexadecimal strings. As a result, many people tend to store their keys in digital wallets or on physical devices such as USB drives. This creates a new set of problems, as the user now must worry about losing their device or wallet. If the user loses access to their device, they also lose access to their digital assets. Another problem with storing private keys on devices is that it’s often difficult to tell if the device has been compromised. For example, if an attacker were to gain physical access to your device, they could install malware that would record your keystrokes and steal your private keys. To address these problems, many wallets rely on Public Key Infrastructure (PKI), which is a system of digital certificates and cryptographic keys that can be used to verify the identity of users and devices. For example, when you log into a website, the server will use PKI to verify that your browser is who it says it is. PKI can also encrypt communication between two parties, such as when you use HTTPS to connect to a website. The problem with PKI is that it relies on centralized Certificate Authorities (CAs) to issue and manage digital certificates. These CAs are often owned by large corporations, such as Symantec or Comodo. The reliance on centralized CAs creates a single point of failure that attackers can exploit. For example, , an attacker was able to obtain a fraudulent SSL certificate for the domain name “google.com” from Comodo. in 2011 Yet PKI is still in use because of its adoption and established industry standard. We need a realistic way out of this. Conclusion The nature of key ownership, whether custodial or non-custodial, is not as simple as it looks and served to you on the front. The problem is compounded by the numerous moving elements involved in key management, from key generation to storage. Every piece of hardware or software in the chain poses risks that expose even allegedly non-custodial wallet choices to custodial-type concerns. It all comes to a point where the wallets utilize the centralized entities to perform almost 95% of their tasks, and outdated PKI used by these wallets are the two pain points that can be resolved with the evolution of web3. Sankrit for Your Content If you are looking for a web3-native content writer, I’d be happy to chat and share more of my work. LinkedIn: https://www.linkedin.com/in/sankritk/ Website: https://sankrit.com

Are Your Crypto Wallet Keys Really Safe?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Pakistan Wants To Ban Crypto - Masterstroke or Misstep?

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

Pakistan Wants To Ban Crypto - Masterstroke or Misstep?

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps