Five security tips for better day to day crypto wallet use
2022-09-26
The recent Solana hack was caused by a private key vulnerability associated with the mobile software wallet Slope. Slope used Sentry, a monitoring service that sent user’s mnemonic in plain text and stored it in the cloud. How can Crypto users prevent this from happening to the wallet they are using?
Here are a few prevention tips from our engineers who built DID Wallet, one of the first of its kind decentralized identity wallet.
Never take screenshots of the mnemonic or send them via Internet
Mnemonic seed words are so often used in crypto wallets they are nearly the de facto standard. Never take screenshots of the mnemonic and store it as a photo on your phone, never send them over text or messengers. Mnemonic are the unprotected “seed words” that are used to generate all of the private keys in the wallet. When taking screenshots or sending text/messengers, there is a potential risk of those getting leaked, therefore the attacker could have full control of all the cryptos. Newbie wallet users should deploy more advanced wallet apps that automatically backup the encrypted Mnemonic.
Use multiple wallets for different purposes
Deploy multiple wallets and use each of them for different purposes, like different checking accounts. Separating digital assets into multiple accounts or even different wallets, and using specific accounts for specific applications lessens risk/vulnerability. Like the old saying goes “don’t put all your eggs in one basket”, and very true for web3.
Don’t reuse or share mnemonic among multiple wallets
A lot of users in the Solana attack weren't using Slope at the time, but some of them admitted they either imported the mnemonic (seed words) from the Slope, or used Slope to import from other wallets. If reusing or sharing mnemonic among different wallets, potential security weaknesses for each wallet could affect all the user’s crypto assets, since any wallet who has access to the user’s mnemonics will have full control of all its private keys.
Use hardware wallet for large amount of assets
Use a hardware wallet such as Ledger Nano, which costs less than $100, to further secure crypto currencies. These are ideal and highly recommended for securing larger assets Hardware wallet’s general design principle is to keep private keys completely separated from the computer and the network, they use USB cables, or bluetooth, or some even only use QR code scan with cameras to sign blockchain transactions for you, this makes it much safer than any mobile or desktop wallet which store your private keys in a connected environment.
Never import your hardwallet’s mnemonic to any other wallet
Mnemonic should only be used for backup and recovery, and should not be used to “import” wallets. Any problematic wallet that touches the mnemonic renders all wallets no longer secure–even if you don’t use that problematic wallet anymore. In other words, hardware wallets are generally very secure, but it will not be able to protect you if you ever import your hardwallet’s mnemonic to another wallet app, and it eliminates the whole purpose of using a hardware wallet in the first place!
Those tips has also been published by BitcoinInsider.