The #1 reason for hacks is more preventable than you think
Heyo,
Jules here, from Cyfrin.
Did you know that the #1 reason for hacks in 2023 was stolen private keys?
They primary way in which we interact with private keys is through wallets. Your wallet choice depends on where you are in your web3 journey, and how much crypto you have to store.
TLDR on which wallet is best for you:
Total noob: Custodial wallet or centralized exchange
Beginner with small amount of money: Browser wallet
Intermediate with medium-small sized money: Hardware wallet
Intermediate with big amounts of money: Multi-sig wallet/Social Recovery AND Hardware wallet
Advanced with big amounts of money: Multi-sig wallet/Social Recovery or roll your own solution
💰 What should I use to store my assets?
= Crypto wallets store your private keys, keeping your crypto safe and accessible.
🐣 Noobs: Centralized exchange
A centralized exchange is a platform owned and operated by a single company, where users store and exchange their cryptocurrency.👍🏽 Pros: easy to use and can protect you in case you’re new to crypto.
👎🏽 Cons: because they are a single company, they could go under, freeze your account, own your money, and even rug pull you if you’re not careful. They also don’t work with web3 dApps.
— Potential suggestions: Coinbase, Kraken
🐥 Small Amounts or Short-Term Storage: Desktop, Browser, or Hardware Wallet
If you are a protocol or organization, your money should not be in the hands of solely one of these. We do not recommend you use these for large amounts of funds, or control of applications. But for small amounts of money and everyday use, this is great.👍🏽 Pros: you have full custody of your assets and they’re easy to use with web3 dApps.
👎🏽 Cons: you’re the sole security checkpoint, so if you make a mistake, you may get rekt quite quickly.
— Potential Suggestions: Metamask, Rainbow, Rabby
🪨 Intermediate or Medium-Sized Amount for Longer Storage: Hardware Wallet
If you MUST have a lot of money in a hot wallet, it’s best to spread the money across multiple wallets with different secret phrases so that if one gets compromised, all is not lost.
👍🏽 Pros: you get all the pros from a browser wallet, plus being separated from the internet for additional protection.
👎🏽 Cons: you get the same cons as a browser wallet, plus being vulnerable to physical attacks where people may attack you to steal your device.— Potential Suggestions (Cold wallet): Trezor (open-source), Gridlattice (closed-source, but good added protections against physical threats)
⚡️ Advanced Users for Long-Term Storage: Multi-sig with Social Recovery
Multi-sig wallets are our top choice for advanced developers and protocols to store their funds. The way they work is that you deploy a smart contract that needs X of Y signers to send any transaction.
👍🏽 Pros: are that with many signers, multiple steps are needed in order to take actions.
👎🏽 Cons: weak support for using these in Web3 dApps, the address is different on each chain, and getting people to sign transactions can be cumbersome.
— Potential Suggestions: Safe, Aragon, Argent
💡 Best practices
It’s best to rotate through private keys, rather than keeping the same one for years.
Never take a hardware wallet people give out in events.
Never share your private key with anyone, take any picture, email it, etc.
Most importantly - If, for even 1 second, your key is lost or potentially accessible by someone else, move your assets and consider that key forever lost.
— Check out the full article here: https://www.cyfrin.io/blog/what-should-i-use-to-store-my-cryptocurrency-web3-wallet-guide
🔏 Security news
The ultimate auditor’s checklist was released this week in Solodit, compiling lists from the industry’s top auditors.
Updraft got an upgrade with English subtitles, full keyword controls, and picture-in-picture functionalities to watch lessons while reading the text.
Cyfrin just released its end of year review - make sure to check it out here!
Always feel free to reach out if there’s anything we can support or collaborate on.
Sending lots of cyber love,
Jules 🤸🏻