Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
The recent Solana hack was caused by a private key vulnerability associated with the mobile software wallet Slope. Slope used Sentry, a monitoring service that sent user’s mnemonic in plain text and stored it in the cloud. To prevent against similar attacks wallet users should take the following five safety measures:
#1 Never take screenshots of the mnemonic or send them via Internet
When hacked the attacker gains full control of all the cryptos. Never take screenshots of the mnemonic and store it as a photo on a phone, never send them over text or messengers. Mnemonics are the unprotected “seed words” that are used to generate the private keys in the wallet.
#2 Use multiple wallets for different purposes
Deploy multiple wallets and use each of them for different purposes, like different checking accounts. Newbie wallet users should deploy more advanced wallet apps that automatically backup the encrypted Mnemonic.
#3 Don’t reuse or share mnemonic among multiple wallets
A lot of users in the Solana attack weren't using Slope at the time, but some of them admitted they either imported the mnemonic (seed words) from the Slope; or used Slope to import from other wallets. If reusing or sharing mnemonic among different wallets, potential security weaknesses for each wallet could affect all the user’s crypto assets, since any wallet who has access to the user’s mnemonics will have full control of all its private keys.
#4 Use hardware wallet for large amount of assets
To augment security, use a hardware wallet such as Ledger Nano, which costs less than $100, and are highly recommended for securing larger assets. A hardware wallet’s general design principle is to keep private keys completely separated from the computer and the network–they use USB cables, or Bluetooth; some use only a QR code scan with cameras. This makes them much safer than any connected, more vulnerable mobile or desktop wallet.
#5 Never import the hardwallet mnemonic to any other wallet
Mnemonic should only be used for backup and recovery and should not be used to “import” wallets. Any problematic wallet that touches the mnemonic renders all wallets no longer secure–even if that problematic wallet is no longer used. In other words, hardware wallets are generally very secure, but are compromised when importing its mnemonic to another wallet app–which eliminates the whole purpose of using a hardware wallet in the first place.
About the Author
Robert Mao is founder and CEO of ArcBlock, a decentralized developer platform for DApps, DLT and Blockchains; and also built DID Wallet, one of the first of its kind decentralized identity wallet. Mao has spoken about cryptocurrencies and blockchain technology at events around the world. Before ArcBlock, he worked for Microsoft Research’s Future Social Experiences (FUSE) labs, a research center focusing on social computing and machine learning. Before joining Microsoft, Mao founded Lodesoft Corp and UUZone Interactive Inc. in China. He also co-founded the non-profit Seattle Entrepreneurship Club, which is now one of the largest entrepreneurship organizations in the Pacific Northwest.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.