Recently, hackers stole around $5.2 million worth of Solana from 8,000 hot wallets, such as Phantom, Slope, and Trust. Solana claimed that the security vulnerability was in the code of the third-party wallets and not in their own.
Now in the light of such revelations, cyber experts are debating whether crypto investors should store their private keys in cold wallets in order to secure their crypto holdings from such cyber hacking.
Incidentally, Peck Shield Alert, a security firm has Tweeted that around $8,000 worth Stablecoin and Solana have been stolen. Besides, Solana has also struggled with security issues in the past, and now, probes has revealed that as many as four addresses were linked to the hacker.
Crypto investing has come in vogue of late as they are considered the currencies of tomorrow. They are based on the Blockchain, and will be the native currency in the WEB3 space, the new digital world that we will be able to access in a few years using virtual reality.
Central banks across the world, including the Reserve Bank of India have announced they will be launching the central bank digital currency (CBDC) soon. As we usher towards this new world, the important question that now rises is how we can keep our money safe.
Technically, you can store crypto in a custodial wallet, where they do not provide you with a private key. Else, you can choose a hot wallet where your private key is stored in a browser extension or a desktop application, and lastly there is the most secure of all, the cold wallet, where you store your key in a hardware wallet. Keeping the private key secure is the most important piece of the puzzle.
Let us understand the concept of hot and cold wallets in detail.
Hot wallets include Web-based wallets (browser extension), mobile wallets, and desktop wallets. They are all connected to the Internet. In other words, if your system gets compromised, or if the hot wallet you use has security vulnerabilities, like in the Solana hacking case, where hackers stole the private key from inactive crypto Slope, Trust, and Phantom wallets, hackers can steal your private keys and drain your wallet. They can use a crypto tumbler to mix the stolen crypto with clean crypto to make it untraceable, or, they can also route the crypto through several accounts, which would make it even harder to trace. The advantage of hot wallet is that it is seamless, as it is connected to the Internet, and you can make transactions and payments quickly.
Ideally, you should keep only a limited amount of crypto in your hot wallet, just like you use your cash wallet that you would keep in your pocket; you do not put all of your savings in one wallet.
Cold wallets are the most secure of all wallets. They are similar to a USB drive or a hard drive and come for as low as Rs 5,000. Just consider a home or a bank safe where you would keep your valuables. Technically speaking, when you keep you private keys in a hardware wallet not connected to the Internet, it is called a cold wallet.
That said, when you make a transaction from your cold wallet, although it is connected to the Internet, the signing of transactions is done in your device. This signature then allows you to assign ownership to the recipient of a crypto transaction. Essentially, you can store your private key in a regular USB, but a dedicated hardware wallet is more secure and durable.
You can use multiple hardware wallets to spread your private keys. This will ensure that even if your main hardware wallet gets lost, you still have a backup. The last resort is the recovery phase, it’s a string of 12-24 words. It is your private key in mnemonic form.
Says Vikram Subburaj, CEO, Giottus Crypto Platform: “Cold wallets are definitely secure, because they are not connected to the Internet, i.e., their keys are not exposed to virus or malware attack. However, for regular trades, accessing crypto stored in cold wallets are cumbersome. Hot wallets are prone to attack, but are convenient.”
According to Subburaj, a hybrid model is recommended.
“Every investor will ideally like to split their portfolio into long-term hold (higher share of portfolio) and short-term use (smaller share of portfolio). Cold wallets are best suited for long-term hold,” he adds.
Adds Om Malviya, president, Tezos India: “While prioritising the security of digital assets, the cold wallets are immune to hacking, and the information stored becomes almost impossible to steal. The ‘in-device’ signing obstructs any kind of unauthorised transaction, because of the fact that the private keys never leave the device. In the case of hot wallets, no matter how convenient they may be, there’s always an impending risk of it being vulnerable to attacks.”