Welcome to Schooled by Breach! Our latest weekly newsletter where Breach writer, Adetomiwa talks to people with experience about pressing crypto questions, learns a lesson and shares the findings with you. Crypto can be easy, so let’s figure it out together. Out every Friday!
TL;DR
Clement Hugbo, a Blockchain UX designer at Blockchain gaming platform, Metaverse Magna (MVM) walks me through some of the best ways to safeguard crypto wallets from hackers: don’t store all your crypto in one wallet, use an extra private key, activate push notifications.
Have you ever been hacked? I have.
It was in 2016. I got an email telling me I had a bill from Apple to update my email. I was at school, in a group meeting working on a final project and drunk on coffee. I clicked on the link and entered my bank details. But as soon as I clicked “Send” it suddenly clicked that this was absolutely not from Apple.
I immediately got out of class and called my bank to block the card — the hacker had unfortunately gotten in, but thankfully, I had a pretty strict limit on my online spending so they couldn’t take much before the bank blocked the card.
Thankfully, I’m now aware of the tactics hackers use in email fraud: ensure you check that the sender is from an official account you recognise. If you’re unsure, reach out to the company the email is allegedly from to confirm that they did send you an email. No email hackers are getting past me ever again 😤.
But as I become more intertwined with crypto, I can’t help but be nervous about the possibility of my crypto wallets getting hacked. To put myself at ease, I decided to find out some of the best ways to protect my crypto assets from hackers.
For help, I reached out to Clement Hugbo, a Blockchain UX designer at Blockchain gaming platform, Metaverse Magna (MVM).
Clement reminded me that there are two major types of crypto wallets:
- Cold wallets: Typically not connected to the internet. Types include hardware wallets and paper wallets.
- Hot wallets: Connected to and stored on the internet and are generally split into Custodial and Non-custodial types.
Missed our episode on crypto wallets? Catch up here.
The hacker-proof wallet
Clement revealed to me that he has found that hardware wallets are the most hacker-proof type of crypto wallet.
A hardware wallet, Clement says, is “similar to a flash drive”. He explains that you have full control as your crypto is stored in a physical device. When you need to use it, you plug the device in, enter your wallet keys and transfer the crypto you need from your hardware wallet to wherever you want — “just like you might send a file from your flash drive to your personal computer”.
Clement explains that hardware wallets are considered the safest kind because they are basically tied to your control. “When your hardware wallet is disconnected from your computer, it is pretty much like the wallet doesn’t exist”, and there’s no way for a hacker to get into something they can’t find.
Clement says though it is the safest (keeping in mind that “nothing is 100% secure”), it does have its challenges. One that the biggest ones, he says, is that you have 100% responsibility. “If something happens to your hardware — like if you lose it or it has a chip problem, that’s the end. All your funds are gone”. Another risk he points out is the trustworthiness of the device creators: “There’s no way to know if the people who created the hard token have some kind of access to it and can hack it from their end”, so it is important that if you choose to use a hardware wallet, you research the developers and choose the one you trust.
I’ve never been good at keeping tabs on objects (the evidence is in all the necklaces I randomly find in my pockets months after losing them 🙈), so I asked Clement to share some storage tips for absent-minded people like me. What I need, he says, is a hot wallet.
A few Schooled by Breach issues ago, the Founder of Web3 Ladies, Oluchi Enebeli explained to me that there are two types of hot wallets — custodial (like Binance) and non-custodial (e.g. Metamask). She explained that with a custodial wallet, there is a third-party provider taking care of your private keys, so all you need to remember is your password. Clement says that custodial wallets offer some security and it’s “almost impossible to lose your money”.
“If a hacker were to get into somewhere like Binance, it’s the exchange that is hacked, not the wallet, so they are obligated to give you your money”, he added. The only way it’s on you is if they get in through your phone — for this, he suggests using apps like Google Authenticator for extra security.
For non-custodial wallets, like Metamask, you have 100% control over your wallet, so your private keys are your responsibility.
Clement uses both. He revealed to me that his Metamask wallet was recently hacked. “I was hacked by a very good hacker who I believe used Brute Force to get into my crypto assets”. Brute Force is a crypto hacking technique where the attacker submits various random words and paraphrases as crypto keys until they eventually correctly guess all your crypto private keys.
Clement says that he still uses his Metamask because it’s the only way he can trade and make purchases on decentralized platforms. But to ensure that he doesn’t fall victim to hackers again, he has taken some extra precautions.
- He never stores all his crypto in one wallet
The best way to protect yourself is “don’t put all your funds in one wallet”, says Clement.
He has spread his crypto assets across various wallets — both cold and hot. He warns that I should be careful to note that creating two different wallets under the same private keys is basically creating sub-wallets under one. So if the goal is to spread the risk of attack, I should be creating entirely new wallets with completely new keys and spreading my assets across them.
I wondered how it would be possible to remember all these new keys and in response, Clement recommended using a password manager like 1Password. “You’ll have a [masterpassword] and that’s the only one you’ll need to remember. Everything else is stored in the manager”.
- He uses an extra private key
Private keys are usually auto-generated by the cryptocurrency wallet when you open a new wallet on the platform. Clement believes that he was hacked due to the randomness of the keys. He explains that the keys usually come in 12 or 24 words, all of which a hacker with a good tool can guess. To mitigate this, what he does now is that he creates an extra key (that is a 13th of 25th word) that is personal. “Something no one else can know that will increase the difficulty of his password”. He, however, added that this feature is mostly available only on hard wallets for now.
- He has text, email and push notifications
Almost all of us get some sort of notification or prompt every time we use our banking apps. Clement mentions that the Web3 development platform, Alchemy, has created an application that allows you to get push notifications for actions on your wallets. Regardless, most crypto applications also send emails when actions are taken on your account.
If they’re so safe, why doesn’t everyone just use the custodial wallets?
In my conversation with Oluchi, she shared that most people stick to non-custodial wallets because they uphold crypto’s goals of “autonomy, decentralisation and complete ownership”. Clement shares those thoughts. Non-custodial wallets don’t ask for any private information, so you have complete anonymity and absolute privacy. In addition, when you decide you don’t want to use a non-custodial wallet anymore, you can transfer everything, including your transaction history. As Oluchi mentioned, “[non-custodial wallets] just makes it easier to control your assets”.
My conversion with Clement showed me that though hacking is a possibility, there are things I can do to protect myself. And if I don’t care too much about the autonomy and privacy features the non-custodial and hot wallets offer me, I can simply stick to custodial wallets and do my best to keep my password safe.
