New and experienced users alike are continually asked to make a crucial decision: do they want to be responsible for protecting their own coins? No matter what other advertising may say, one thing always holds true, which is that whomever has possession of the private key possesses authority over the coins. While some hardcore users would advise that users always control their own private keys, this may not be the optimal solution for those who don’t have the time or resources to devote to setting up comprehensive, multilateral security solutions.
In this article, we will be sharing about two wallet types that incorporate these different private key arrangements:
Custodial Wallet - private keys are secured by an intermediary
A custodial wallet (or cloud wallet) is one that possesses control of your private keys, and sends/receives crypto on your behalf. It is important that you trust this intermediary, so do your research to make sure that they are reputable, have good security, etc. While custodial wallets, especially those on exchange platforms or other institutions, can offer you additional features, it is important to note that they are also a gold mine for hackers. Make sure they have proper security.
Ideally, you would be able to examine the source code (provided you understand what you are looking at and it is open source). Barring that, you can also take a look at the general types of security features employed by the wallet to safely store your private keys.
At Cobo, we believe that security is one of our key value propositions. We have been constantly researching and investing in improving our servers and systems.
1. Hardware Security Module (HSM) for Private Key Management
Hardware Security Modules (HSMs) are dedicated cryptographic processors built to protect cryptographic keys. Private keys are heavily encrypted and kept inside a hardened, tamper-resistant device. HSMs are the industry standard in finance, and widely used in most organizations that deem security as of paramount importance (and Cobo is no exception).
2. Hot-Cold Storage of Funds
Cold storage refers to a cryptocurrency wallet that is not connected to the Internet in any way (thereby decreasing the risk of a hack), while hot storage refers to wallets that are directly connected to the Internet. This distribution of coins in hot and cold storage reduces the risk of hacks.
3. Third-Party Independent Audits
In Cobo, we are paranoid about security. We are Cobo users too! To ensure impenetrable security, we are always on a lookout for vulnerabilities in our wallet. Cobo recently passed an independent audit by security agency Cure 53, and schedules regular tests to stay on our toes. Cobo is also listed on Decentralized Vulnerability Platform (DVP), where white hat hackers get rewarded for highlighting vulnerabilities in listed partners’ applications.
Apart from strong back-end security features, Cobo also ensures that our users are protected from phishing and unauthorized transactions by features such as 2-Factor Authentication (2FA) and complex PINs. Although not required, we highly recommend that users enable these security features in-app.
There are many types of wallets in which users control their own private keys. We recommend a Hierarchical Deterministic (HD) wallet, which allows users to manage several private keys with a single 12, 16, or 24-word arrangement known as a “mnemonic phrase.” As long as users have this phrase, they can access their HD wallet on any crypto wallet implementing Bitcoin Improvement Proposals (BIP) 32, 39, and 44. Conversely, since users are fully responsible for their own mnemonic phrases, if users were to lose their mnemonic phrases, their assets would be lost forever.
There are many ways (of varying risk levels) to store your mnemonic phrase, including: keeping it on your laptop (not safe!), writing it down on a piece of paper, keeping it in a separate hardware device (i.e., HSM), or memorizing it.
Of these, Cobo recommends a hardware wallet. Without a hardware wallet, you always have to type in your mnemonic phrases into any HD-supported app just to make a transaction. Inputting your phrases will actually expose users to key-logging (tracking of keyboard movements in compromised devices). Therefore, the best way is to store your mnemonic phrases in a hardware wallet, which never exposes your private key.
A hardware wallet (i.e., Cobo Vault) serves as a safe place to sign crypto transactions without revealing your private keys. A typical hardware wallet reveals only the corresponding public key to facilitate transfer of cryptocurrency. Hardware wallets are typically isolated in some way from the Internet to deter hackers from having easy access to them. Some hardware wallets also provide more features like hidden vaults, creating many wallet addresses etc.
Unfortunately, no. There have been incidents where hardware wallet can be compromised through tampering, firmware hacks, and other methods (To see some ways to hack a hardware wallet, check out our Medium blog series on hardware wallet security features). Although they aren’t foolproof, hardware wallets do reduce the risk of getting hacked. After reviewing the technical loopholes of existing hardware wallets, we even created our own hardware wallet, Cobo Vault. The Vault is a military-grade secure hardware wallet that is completely isolated from the Internet and communicates with the outside world via encrypted QR code. It is even self-destructs when tampered with!
Read more about Cobo Vault here.
It is important that crypto users choose their digital wallet carefully. They do not want to misplace their digital assets or letting their assets fall into the wrong hands. Always do your research and choose a wallet that you are confident will put in the necessary effort and time to protect your assets.