Security Guide: How to Use Crypto Wallets Safely?

Wallet is an important tool for the storage and management of encrypted assets, similar to bank accounts in traditional finance, for storing, sending and receiving cryptocurrencies.

Wallet is an important tool for the storage and management of encrypted assets, similar to bank accounts in traditional finance, for storing, sending and receiving cryptocurrencies.

However, for many newcomers to encryption, wallets are still an unfamiliar field, and it is not clear what kind of wallet to choose. This article aims to start from the most basic wallet-related concepts, and introduce in detail how to choose a wallet and store assets securely .

 

1.Wallet-related knowledge

1.What is a public/private key

 

The private key is equivalent to the password of your wallet account, owning the private key = owning the ownership of the wallet account”

 

The wallet address and private key are generated by an algorithm. The first generated is the private key, and a public key is generated from this private key to form a key pair, and the wallet address is further calculated and generated by the public key.

 

The public key and the private key are a set of key pairs, which are used for encryption and decryption, information verification and signature. The public key and the private key are not commonly used by users. The principle involves asymmetric cryptography, so I won’t repeat them here. , interested friends can search for relevant content to understand.

If you use a bank account as an example, then the wallet address is equivalent to the bank card number, which is used to receive assets.

The public key and address are public, and the private key is not public. It is equivalent to the password of a bank account and can only be known by oneself. Once the private key is leaked, the wallet and assets may be lost, and the person who has the private key can “log in” the wallet on other wallet applications.

 

2.What is a mnemonic

 

Now we create a wallet through the wallet application, usually we are not allowed to back up the private key, because the private key is composed of a string of random characters, which is complicated and difficult to remember, so there is a mnemonic.

Mnemonic phrases usually consist of 12 or 24 English words. The mnemonic and the private key of the wallet are in a mapping relationship, which can be understood as another form of expression of the private key, which is easier to record than the private key. Entering the mnemonic can also “log in” to the wallet. Therefore, the mnemonic, like the private key, cannot be known by others and must be kept properly.

 

3.How to store the mnemonic (or private key)

 

The core of blockchain asset storage is the storage of private keys and mnemonics. Loss of private key or mnemonic means loss of assets, so qualified private key or mnemonic custody is the first step to be responsible for your own assets.

 

There are the following points worth noting:

 

Offline storage: It is best to manually transcribe the mnemonic phrase or private key on paper (such as a book, notebook, etc.) and store it in a safe place. Verify the handwritten content, import the wallet to see if it can be successful, and prevent copying errors.

Decentralized storage: Divide the mnemonic or private key into multiple shares and store them in different security areas, and pay attention to saving these information.

Do not save mnemonic words or private keys on network devices: do not use chat software to transmit private keys/mnemonic words, do not use screenshots, photos or software collections, and do not store private keys in cloud backup, email, mobile phone memos, etc. /mnemonic.

Do not copy/paste the mnemonic and private key. The clipboard is a way to seriously leak the private key and mnemonic. When it is necessary to enter the mnemonic/private key, it is usually to import the wallet into a new wallet application, enter The method also tries to use the system safe input method.

It is worth noting that a set of mnemonic words can generate multiple wallet addresses, such as when using the one-click function of generating a new wallet in the Fox Wallet.

The mnemonic phrase of the new wallet address is the same as that of the original wallet address. Therefore, you can look up the private key of the new wallet address for backup transcription.

 

2.Wallet Division and Precautions

1.What is a cold/hot wallet

 

The cold wallet is the private key that has never been connected to the Internet since it was generated. Because signature is a mathematical operation, the message to be signed can be passed to the cold wallet through non-network methods (such as QR code, Bluetooth), and then sent back after signing and then published on the Internet.

After the private key is generated, it is a hot wallet that is stored in a networked device. Hot wallets can be divided into browser wallets, computer desktop wallets, and mobile phone wallets according to the networked devices.

Hot wallets are suitable for interacting with DApps (DeFi, NFT, GameFi, etc.), and cold wallets are relatively safe because they do not touch the Internet, and are suitable for storing large amounts of assets.

 

2.Hot wallet selection and precautions

 

There are many options for hot wallets, as long as they are well-known and open source, they can be used, and there is generally no big difference in security.

Precautions

The hot wallet must be downloaded from the official website, and all other download channels, including the app store, cannot be trusted. Whether it is a desktop plug-in, an Android APK or an iOS program. The official website can be downloaded directly or jump to the app store for you to download.

Precautions for wallet use:

 

Be cautious when signing your wallet. The content of the signature needs to be confirmed repeatedly. Users who interact heavily with the DeFi protocol and NFT should remember to revoke the authorization in time to prevent the asset from being stolen after a loophole in the application

Do not click on links (text messages) sent by others, download files shared by others, and even click on links of some KOLs, as they may contain viruses

Once any asset leakage is found in the wallet, the remaining assets should be transferred to another wallet as soon as possible and the wallet should be discarded without any luck

Not using a free VPN

Stay on top of the news and stay abreast of new stolen information in real time

3.Choice of cold wallet

 

Although the cold wallet can keep the private key off the Internet, it does not mean that it is absolutely safe. The following points are worth noting:

 

Make sure to buy through the official website to prevent hardware wallets from being tampered with

Backup mnemonic

Choose a hardware wallet with a screen: the final signature of the cold wallet should be based on the information on the wallet hardware screen, because the display of the networked terminal may be tampered with

Set a strong password or choose a product with biometrics to prevent the wallet from being cracked by others when it is lost

3.security plugin

Now there are some so-called “security plug-ins” on the market, the purpose of which is to protect users from attacks when interacting with DeFi or various Web3 applications, such as blocking phishing websites, malicious contracts, malicious tokens, etc.

A normal and reasonable security plug-in will not access the user’s private information, but will only check the user’s transaction information before the transaction, and will warn the user if there is a problem.

 

However, there is also a hidden danger here: if the security plug-in itself has loopholes or is attacked by hackers, the installation of the security plug-in will not only fail to protect the user, but will harm the user.

So here we take a neutral stance on security plugins, neither recommending nor disapproving.

 

With the development of blockchain and the increase of interactions on the chain, how to use wallets safely has become an essential skill. Although there are various security measures to avoid most risks, there is no absolute security in the blockchain world. With the continuous evolution of blockchain technology, new problems and challenges will emerge. Therefore, we need to continuously improve our knowledge reserves to better protect our assets.

 

 

 

 

 

 

Join the future of WEB3.0

Where simplicity meets WEB3.0. Powerful one-click transactions, unbeatably capital-efficient AMMs, and a modular developer experience.

Launch App arrow right