Five security tips for better day to day crypto wallet use
The recent Solana hack was caused by a private key vulnerability associated with the mobile software wallet Slope. Slope used Sentry, a monitoring service that sent user’s mnemonic in plain text and stored it in the cloud. How can Crypto users prevent this from happening to the wallet they are using?
Here are a few prevention tips from our engineers who built DID Wallet, one of the first of its kind decentralized identity wallet.
Mnemonic seed words are so often used in crypto wallets they are nearly the de facto standard. Never take screenshots of the mnemonic and store it as a photo on your phone, never send them over text or messengers. Mnemonic are the unprotected “seed words” that are used to generate all of the private keys in the wallet. When taking screenshots or sending text/messengers, there is a potential risk of those getting leaked, therefore the attacker could have full control of all the cryptos. Newbie wallet users should deploy more advanced wallet apps that automatically backup the encrypted Mnemonic.
Deploy multiple wallets and use each of them for different purposes, like different checking accounts. Separating digital assets into multiple accounts or even different wallets, and using specific accounts for specific applications lessens risk/vulnerability. Like the old saying goes “don’t put all your eggs in one basket”, and very true for web3.
A lot of users in the Solana attack weren't using Slope at the time, but some of them admitted they either imported the mnemonic (seed words) from the Slope, or used Slope to import from other wallets. If reusing or sharing mnemonic among different wallets, potential security weaknesses for each wallet could affect all the user’s crypto assets, since any wallet who has access to the user’s mnemonics will have full control of all its private keys.
Use a hardware wallet such as Ledger Nano, which costs less than $100, to further secure crypto currencies. These are ideal and highly recommended for securing larger assets Hardware wallet’s general design principle is to keep private keys completely separated from the computer and the network, they use USB cables, or bluetooth, or some even only use QR code scan with cameras to sign blockchain transactions for you, this makes it much safer than any mobile or desktop wallet which store your private keys in a connected environment.
Mnemonic should only be used for backup and recovery, and should not be used to “import” wallets. Any problematic wallet that touches the mnemonic renders all wallets no longer secure–even if you don’t use that problematic wallet anymore. In other words, hardware wallets are generally very secure, but it will not be able to protect you if you ever import your hardwallet’s mnemonic to another wallet app, and it eliminates the whole purpose of using a hardware wallet in the first place!
Those tips has also been published by BitcoinInsider.