Crypto Wallets – everything you need to know

my reaction: THEY SHOULD PUT THAT ON THE BOXXXX!!!!!!

Lesson: NOT YOUR KEYS, NOT YOUR COINS!

Wallets can be primarily classified as custodial and non-custodial wallets.

Famous line by Andreas Antonopoulos
Understand math, and the universe will yield to you.
Please keep your private keys secret!

Seed Phrase

Other names for seed phrase: mnemonic phrase, seed words, backup seed, recovery phrase, etc.

  • It is an ordered sequence of 12 or 24 words chosen from a list of 2048 words
  • It is a human-readable representation of a big random number, each seed phrase is unique
  • It is used to derive your private keys, hence should be kept a secret
  • It is used to recover your wallet in case of any problem
  • Whoever owns the seed phrase owns all the private keys, and the linked crypto assets
  • Do not lose it — once lost cannot be reproduced

Technicalities of HD wallet (BIP-39, BIP-32, BIP-44)

BIP-39: Implementation for the mnemonic code words

It is a two part process.

BIP-32: The essence of HD wallets

It is a system for deriving a tree of keypairs from a single seed. The seed generated in the previous step is used to produce a Master Private and Public Key. These master keys are then further used to produce child private and public keys (used for different purposes like various coin-types and accounts)

The resulting tree structure.

BIP-44: Defines specific logical hierarchy for HD wallets

It is used to determine which addresses are currently in use out of the million possibilities. It uses a derivation path to do so.

What role does your wallet password play?

Your wallet password encrypts your seed phrase and the private keys. This encrypted data is then stored on the available storage system like disk/usb/server/etc. (explained ahead).

difference between encoding, hashing and encryption

Types of wallet and the risks associated

The real wallet where you actually store your keys can be of two types: hardware and software.

Hardware wallets

Two types:

  1. Special device: Created for the sole purpose of key management. It is a dedicated secure hardware which stores user’s private keys and is protected by a pin. Used to provide isolation between the keys and the (hackable) computer or smartphone. Safest.
  2. Paper wallet: This is actually just a paper with private keys written or printed on it. Paper is the safest option against hacks in the internet world but possesses other threats. Doubt anybody uses it.

Software wallets

Two types: depending on where the data is being stored

  • These software store your encrypted data locally.
  • Mobile apps are safer than computer apps (as modern mobiles do have a dedicated memory slot to store sensitive information)
  • On computer apps the data is being stored on the disk — moderately risky (unix-based OS are a safer option than windows)
  • Some wallets run as a browser plugin and store data locally along with the other browser data. Least safe compared to the above options.
  • Threats: keyloggers/malware/viruses/remote access to your device
  • Your (encrypted) data is stored on a 3rd party server. Most risky.
  • You are generally asked to login via. username and password
  • Sometimes you may not even own your coins :p (you know the slogan!)
  • Risks: exchange hacks, phising, vendor defaults/scams

Hot vs Cold Storage

Another terminology that you may come across — Hot wallets and Cold wallets. This is nothing but a classification based on the frequency of use (how often you use the wallet)

  • Hot: most used, highly connected to internet [software wallets usually]
  • Cold: less used, not often connected to internet [mostly hardware]

Wallet Backup

Backing up your wallet means securely protecting your 12 or 24 words (secret) seed phrase. Never save your seed phrase anywhere digital. Everything digital is prone to hacks.

  • Paper recovery: Write your seed phrase on a paper and store it in a safe locked place. Protect it from water, fire, and other threats
  • Metal engraving: There are special tools available in market that let you engrave your seed phrase on a metal, so you can keep it somewhere safe for years.
Checkout: security resources by Jameson Lopp

Security Precautions

  1. Be vigilant while dealing with your Private Keys
  2. Use strong unique passwords everywhere
  3. Don’t use cracked torrent versions of software. Use Legit OS and apps
  4. Don’t visit untrusted URLs
  5. Use 2FA wherever possible (Authenticator app — not sms or email 2FA)
  6. Use password manager — in combination with your brain 🙋
  7. Use VPN, firewall and network level safety protocols
  8. Use legit (paid or open-source) anti-virus, anti-malware, etc. solutions
  9. Use encryption whenever needed
  10. Don’t keep all your eggs in one basket — diversify wallets, funds, and everything you own!

Bottom line

For those starting out new:

  1. You can signup for an exchange (custodial) wallet. Buy the crypto using your fiat money, then transfer it in your non-custodial wallet. [keep in mind for every transaction you have to pay a little gas fee to the network for computation]
  2. For non-custodial wallet the safest option is a hardware wallet but since they are costly, you can go with a software wallet (mobile, desktop, or browser which stores data locally). And once you have sufficient funds, move on to the hardware wallets.
Alan Turing OP!

References

  1. BIP-39 mnemonics for HD wallet
  2. BIP-32 Hierarchical Deterministic (HD) wallets
  3. BIP-44 — Multi-account hierarchy for HD wallet
  4. Andreas’ Youtube Channel
  5. Good-guy Bad-guy example by Chris Blec
  6. Awesome HD wallet explanation by someone at mobilefish youtube channel
  7. Security tips by exodus

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vijay Pagare

Vijay Pagare

11 Followers

Software Engineer | B2B SaaS Products | Trying to learn and help along the way! 🚀 (DMs on twitter @pagarevijayy)