Article by ijeblowrider | Edited by Frank America and Trewkat | Cover Art by AB_colours
Welcome to Bankless Publishing’s Crypto Basics Series. We’ll be shipping all of our introductory web3 content on Mirror each Monday, enabling users to curate a web3 reference library by minting NFTs on Optimism.
Our world is primarily based around money. For some people, money may be a measure of wealth and power, while for others, money just allows them to maintain peace and happiness. It doesn’t really matter what money represents for an individual; that is subjective, so what matters is how we adapt to the use of it. Our lifestyle is directly influenced by the way we spend and manage money.
On a broader scale, most of us are putting our trust in banks that almost always have a powerful foothold in a country’s economy. But banks can fail. We all know this. The ability to control our own money is a major benefit offered by public blockchains. Blockchains are immutable ledgers that do not need a trusted third party (such as a bank) to keep transaction logs, but instead offer full sovereignty to users via the use of cryptocurrency wallets, which provide an interface to the information held on chain.
Cryptocurrency wallets, also known as digital wallets, are devices or programs that allow access to crypto holdings through private keys. Every wallet consists of both a private key and a public key, the latter of which acts as the wallet’s receiving or public address.
It is possible to build a variety of applications, not only financial, using blockchains; this is broadly referred to as Web3. Many Web3 applications will require users to log in with a cryptocurrency wallet, even if there are no financial transactions planned. Web3 technology is moving forward, releasing new products at a very fast rate and cryptocurrency wallets like Tally Ho and MetaMask are working to integrate new security features and privacy measures on top of basic cryptocurrency token display.
Cryptocurrency wallets are similar to ordinary cash wallets but rather than directly storing assets, these are actually storing the digital credentials that a user would need to access information, recorded on the blockchain, about assets associated with that wallet address.
When it comes to cryptocurrency wallets, there are two types of keys you need to know about. One is your public key, the other is your private key. To use an analogy, consider your public key to be specific mailbox with a delivery slot, and your private key to be the method of access to control the contents of the mailbox. Let’s take a closer look at them both.
Private keys and public keys are the most common terms used in cryptography. Without these keys the whole idea of cryptocurrency would fail. Both private keys and public keys utilize data encryption and decryption.
The private key is a series of alphanumeric characters acting as a wallet access ‘password’. These are needed to create digital signatures, to prove ownership and spend the funds associated with the public address.
The private key is the gateway to a user’s crypto funds and it is crucial to keep it secure and never share with anyone.
Decentralization is eliminating third parties so there is no centralized authority to look for support in case of theft or loss.
Note: If Vitalik Buterin ever asks for a private key, it is a scam.
Private keys are found in different forms depending on the wallet type and user security preferences:
256 character long binary code
64-digit hexadecimal code
The public key is a cryptographic code that is paired to the private key and it acts as a receiving address used only for deposits or checking the balances, in some ways similar to a regular bank account number. Anyone can make a transaction towards a public key address but can’t make transactions out of it unless they know the private key. Until recently, it was generally agreed that public addresses are safe to share, but as technology increases in sophistication and thieves increase their greed, that approach is changing.
It is becoming increasingly important to share a public address only with trusted figures or entities because anyone that can be associated with a public key may become a victim of harm and theft. This happened to Pavel Lerner, the Russian head of a UK-registered cryptocurrency exchange, who was kidnapped back in 2017 by a group of masked men who demanded over $1 million in BTC. A more recent story was shared on Twitter by a man from Kaliningrad, Russia, who was allegedly kidnapped for the $523,000 he held in a Binance account.
Private keys can be stored on different mobile devices, computers, USB drives, hardware wallets, or even on a piece of paper. Security measures should be considered the most important aspect of owning a digital wallet.
Private keys are exactly what hackers and scammers are looking for. If there’s no need for daily wallet usage it would be better to store the keys on older devices without an internet connection. Hardware wallets or even encrypted USB drives are also a secure alternative.
Seed phrases are a series of 12, 18, or 24 words that are generated when a new wallet is created. Cryptocurrency wallets allow you to create and own multiple addresses but the seed phrase acts as the “master key” for all of them. Unlike the private key, which is associated with a single blockchain address, the ‘mnemonic’ seed phrase gives access to the entire wallet and all private keys stored within it.
Keeping the keys stored on a device that is regularly connected to the internet or even to Bluetooth may not be safe, as wireless networks and Bluetooth signals are easy for hackers to intercept. Many recommend keeping private keys on paper and stored in duplicate in multiple locations.
Custodial wallets are provided by third-party companies like Coinbase, Binance, and Kraken and are often the first step for a first-time crypto user, especially as these are usually the interface with bank accounts. Even though it is easy to create an account and start using it, the company only allows you to use the services under specific circumstances and in most cases, this means a Know Your Customer (KYC) process is imposed, so it is very important to trust the provider. Custodial wallets offered as part of these centralized exchanges are controlling your private keys but are enabling easy crypto deposits and withdrawals.
A modern banking product like Revolut is an example of a custodial wallet — one that allows users to hold and transact with both fiat and cryptocurrencies. However, users can only buy or use cryptocurrency within the Revolut system; it is not possible to send crypto to — or receive it from — another wallet outside Revolut.
Non-custodial wallets empower users with full control over the private keys and assets. Since there is no third party to assist users with funds and keys management, these are recommended for those that already have a basic knowledge of Web3 and wallet security. Any interaction with blockchains or decentralized applications will require a non-custodial wallet. For example, purchasing an NFT on OpenSea, voting on Snapshot, or securing a loan with Aave or MakerDAO will all require the user to sign in with MetaMask or an equivalent non-custodial wallet such as Tally Ho.
Hot wallets are desktop or mobile software applications that run as a browser extension or app on a device that has an internet connection. Some of them are basic and can only send or receive assets, others are more complex, with functionality like NFT viewing or direct exchange integrations. Although hot wallets provide flexibility in managing cryptoassets, hot wallets are highly vulnerable because they are almost always connected to the internet when running, thereby risking exposure and possible theft of private keys. Transactions made with these software wallets are directly delivered to other wallets through a fast online transaction process.
Hot wallets are highly vulnerable because they are always connected to the internet.
MetaMask is the most popular hot wallet. It is built upon Ethereum’s infrastructure and an understanding of its functionality is useful to help. MetaMask enables you to send, receive, and swap cryptocurrencies, and it can interact with decentralized applications from the same chain.
MetaMask allows switching from one Ethereum-compatible network to another like Binance Smart Chain, Polygon Network, Avalanche with the same wallet keys. MetaMask also provides access to Layer 2 scaling solutions like Optimism and Arbitrum.
Hot wallets played a crucial role in opening up the cryptosphere to the mainstream market.
Cold wallets are physical hardware wallets with higher levels of security and privacy. Cold wallets allow you to generate and store new addresses and keys for various chains in an offline mode, i.e. while the wallet is not connected to another device or the internet.
Cold wallets are highly secure because they are only connected to the internet on an as-needed basis.
Transactions made with hardware wallets enhance the key security by shifting from the online environment to offline for private key signing, then back to the online network to complete the transaction.
Some companies have their wallet source code open for the community and with the right equipment anyone can build up a similar looking device and test its capabilities and levels of trust. On the other hand, some have their source code private or partially open so the trust has to be put in the wallet provider. This is the case with Ledger wallet’s source code.
Although cold wallets offer increased privacy and security, they are recommended for experienced cryptocurrency users because they are much more complex to use. Cold wallets are a logical next step for those who have at least tried a hot wallet before, and are comfortable with it.
Security features for cold wallets include:
2 Factor Authentication (2FA)
The biggest cold wallet brand names are still Trezor and Ledger, both of which offer similar looking devices that support a great number of coins/tokens but with different software and hardware capabilities.
Trezor devices are built on a single chip model and their source code is fully open-source. The hardware used is also open-source firmware and can be freely purchased meaning that anyone can build up a Trezor wallet and test it out for vulnerabilities, even if the cost of the hardware might be more than actually buying one.
Ledger devices are built on a double chip model where one of them is a bank-grade secure element — because of that it may have the most enhanced physical security. Ledger is also running on an open-source framework called “Blockchain Open Ledger Operating System” but the hardware is closed-source firmware and not available for third party purchases, so the threat models can’t be tested by the community.
Information recorded on paper — including private keys or QR codes for easy scans, are most often used only for long-term storage of assets, as users would have to create a new wallet following each transaction for security reasons.
Also, these wallets can easily be damaged and checking the paper condition from time to time is a must. There is so much crypto lost forever just because of fading ink that many companies have started to sell metallic plates that can store a recovery key or phrase in the steel unit.
Wallet standards apply to all cryptocurrency wallets — no matter the blockchain they are running on — and determine how wallets create seed phrases and generate encryption keys. Most of the wallets are compatible with multiple standards related to BIP and SLIP, but the more frequently used ones are still BIP.
Over time BIP standards evolved and were applicable to other infrastructures:
BIP-32 represents the standard for generating hierarchical deterministic wallets (HD wallets) and defines how the hierarchical structure of keys and addresses are generated from a single master key.
BIP-44 represents the standard for defining an organizational hierarchy for managing multiple accounts in HD wallets.
BIP-39 represents the standard for generating deterministic keys and defines how a seed phrase is used to create a HD wallet.
SLIP-32 represents the standard for the extended version of the serialization format defined in BIP-32 and aims to solve some previous limitations.
As the main existing chains already have a lot of trusted nodes to verify the transactions and are extremely hard to hack, attacks on users’ cryptocurrency funds are not coming directly from blockchain but rather through phishing scams, hacked exchanges, exploited cross-chain bridges, or decentralized applications.
In most cases personal private data is targeted by the hackers, so the security measures below are good practice regardless of whether cryptocurrency is involved:
Avoid the use of public Wi-Fi networks because the traffic is easy to intercept.
Beware of phishing scams. These have evolved in many ways over the years and it is crucial to double check before any interaction.
Backup wallets and other important information.
Spread savings over multiple accounts in case one gets hacked.
Never store large amounts on custodial exchanges.
Never disclose your own savings. Keep them private.
Social recovery wallets are increasing in popularity because of the attestation concept and unique possibility of setting up multiple users as wallet guardians. In case of a loss of private keys, users are able to initiate a recovery phase through a special transaction to generate a new key by contacting each guardian separately. A transaction will be approved if more than 50% of the guardians sign it.
Multi-signature wallets share two, or multiple, private keys, and transactions made through these wallets will require most or all the key owners to sign the transaction, depending on initial settings. In this form a single point of failure is eliminated and the funds are much more secure.
With blockchain tools, it’s possible to become our own banks, to manage our own money, and to remove dependency on any central authority. The more we learn about Web3 and cryptocurrency wallets, the more financial freedom it will bring.
Most cryptocurrency users have both custodial and non-custodial wallets, the former for convenience and the latter for security, but blockchain decentralization is fully about ownership and control over assets. Cold and hot wallets are key tools for serious cryptocurrency holders. An appropriate wallet type should be selected depending on user needs. It is recommended that those transacting small amounts of cryptocurrency on a daily basis use hot wallets, while users who want to hold crypto for a longer period of time should invest in a cold wallet.
Web3 is continuously evolving and so are cryptocurrency wallets. In upcoming years these might come with a lot of great features like buying crypto with a credit card directly through the wallet or even fully eliminating private keys and moving to another form of password integration. These potential innovations may drive an even faster adoption of cryptocurrency.
ijeblowrider is a Web3 researcher and author interested in blockchain technology and studying decentralized financial instruments that can facilitate and improve people’s lives for real good. Also in a deep dive for the true definition of art. He has a background in stock exchange account management, economics, and fashion design.
Frank America is a Co-founder of The Rug News, and a Content Manager at Bankless Publishing.
Trewkat is a writer and editor at BanklessDAO. She’s interested in learning as much as possible about crypto and NFTs, with a particular focus on how best to communicate this newfound knowledge to others.
ab_colours is a versatile designer with over seven years of experience. He specializes in doing product design, UX design and brand identity. He has been DAOing for the past eight months and has been able to amass quite a lot of knowledge about the fascinating blockchain space.
BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.
Bankless Publishing is always accepting submissions for publication. We’d love to read your work, so please submit your article here!
This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.
More Like This
Tally’s Community-Owned Crypto Wallet is a New Web3 Public Good by Hiro Kennelly
How to Set-up a MetaMask Wallet by Frank America
Banking The Unbanked by links