Some time ago, a post "Hiding the Private Key in Tang Poems" sparked heated discussion in the Chain Node Forum. Some people thought it was a safe and interesting gameplay, and some people questioned its security.
On the evening of December 18th, we invited the person in charge of imKey products and the former head of the Slow Mist security business, One Piece, and the host Jun Yao to talk about how to protect the security of personal digital assets.
In this live broadcast, One Piece proposes-
The most important thing when choosing an exchange to deposit currency is to judge whether the exchange has a reserve capacity and a compensation plan;
Users should know whether their needs are profit-seeking or long-term investment before choosing a way to keep digital assets;
Increasing incidents of currency theft on exchanges are actually increasing. In fact, sometimes hackers are really just "back pot warriors".
Wait for an interesting and practical point of view, and come forward to share your experience of losing a coin. Let's review the details of this live broadcast together.
From 300 Tang Poems to Private Key Mnemonics
Going back to the heated discussion post mentioned at the beginning of the article, hiding private keys in Tang poetry is essentially a rule of brain wallets. Regarding the use and security of brain wallets, One Piece said:
The brain wallet is a set of word combination rules invented by itself, and uses the established algorithm to produce wallets. Although it seems that the private key is not likely to be stolen by others, there is still a possibility of deciphering it; and the reliability of doing so is poor. Once forgotten, it will lead to asset loss.
In addition, One Piece also talked about the sudden death of the CEO of the QuadrigaCX platform, and because he was the only person in possession of the private key, the exchange lost $ 200 million in digital assets. It can be seen that the private key storage method is very important, and this method of brain wallet also has greater risks. To protect your own assets, instead of racking your brains and compiling a responsible rule, keep in mind that it is better to worry about managing your own generated private keys. Regarding the storage of private keys, One Piece stated:
The management of private keys is mainly to ensure security and accuracy, including copying the correct mnemonic words and private keys and verifying the accuracy, especially the copying of the mnemonic words must be careful, after the copying, you can verify whether it can be recovered-really There are some users who make mistakes in the step of copying mnemonic words because of their carelessness, which leads to big mistakes in the end.
After all, our wallet only recognizes private keys but not others, so we still need to emphasize the principle of the supremacy of private keys to everyone. Keep your private key well and make a backup to ensure the security of your wallet.
Has the theft of exchanges become the norm?
For many small white or retail investors, the more accustomed way is to store digital assets directly in the exchange. However, in recent years, exchange thefts have occurred frequently. Is it safe to deposit coins on the exchange? In this regard, One Piece gives the following suggestions:
If the user needs to store assets in the exchange, then first he needs to determine whether the exchange has the ability to pay and the payment plan. If the exchange is strong enough to afford it, the risk of losing coins is also borne by the exchange. It is safe. Of course, if there are a lot of digital assets, it is recommended not to put all eggs in one basket. There are indeed a lot of news about the theft and failure of exchanges in the market. If you don't have your private key in your hands, there must be risks.
Exchanges with payment capabilities and payment plans can indeed provide users with more security, but in the face of frequent exchange theft incidents, users often still "talk about the color change of exchanges". Regarding the theft, One Piece Means:
First of all, it is related to the development of the industry. In the early years, the number of exchanges was not large, and the number of exchanges has increased significantly in the past two years. Some new small exchanges lack experience. They may directly buy a server and go online, and then go online. Just be hacked, then run away. That's part of the surge in the number of stolen exchanges we've seen.
In addition, sometimes we also analyze according to the path and hacking methods given in the official statement. Some of the published hacks are actually unexplainable. In reality, there are indeed some benefits of the exchange's high-level cake distribution. The problem was not resolved, and eventually the hacker was used as a shield and pot man. Such incidents also exist, but the truth of the matter is only known to the attacker and the victim. It is difficult for outsiders to accurately determine whether they have actually been hacked. Fortunately, the characteristics of the blockchain are what you do on the chain. Both can be found, and also provided some clues for some technicians to analyze the process.
Frequent theft of exchanges is, on the one hand, the process of industry development from unprofessional and immature to professional and mature, and on the other hand, it is a wake-up call to remind us to keep in mind the safety of assets. Being rational and vigilant, and not putting eggs in the same basket, exchanges can also be safe.
What to protect you, my digital assets!
Facing the complicated market, there are various ways to store assets. In addition to the brain wallets and exchanges mentioned above, where can users store their assets? One Piece gave the following answer:
One of the seesaw challenges facing wallets on the market today is ease of use and security, but there is no doubt that security is still the first priority. When choosing an asset storage method, users are also recommended to choose something more complicated but more costly but more secure. Stronger method. Based on your own needs, should you pursue profit in the short term or invest in the long term? Needs are clarified, and decisions made accordingly. Profit-seeking users may choose more large exchanges or compliant exchanges. For users with long-term investment, hardware wallets will be a better choice.
When it comes to hardware wallets, we have to mention the difference between software wallets and software wallets. The former is disconnected from the network to save private keys, and the latter needs to be networked. So software wallets must be insecure, and hardware wallets must be secure? One Piece said:
The main difference between the two is the storage location of the private key and the mnemonic. The software wallet will be stored in the storage space of your mobile phone. There will be a security mechanism in the mobile phone called the sandbox. The data in the sandbox is other Applications cannot be stolen. However, some developers may not pay attention to this detail, leaving sensitive data in an insecure area. At this time, using other apps or jailbroken or rooted mobile phones, hackers can install a malicious app on your mobile phone in this form. In this way, you can steal your private key or other sensitive data. This is also where software wallets have a high risk. Once the mobile phone is hacked, the risk of stealing digital assets is very high. There is no such risk in hardware wallets, because the data is encrypted and stored in the high-level security chip of the hardware wallet and cannot be obtained through the app interactive method. The mnemonic will only appear once when the user creates the wallet. The user only needs to back up the help. Epilogue will not cause asset loss even if the hardware wallet is lost.
Of course, the security performance of hardware wallets includes many aspects. One Piece gave us an example. A wallet he tested has used a non-mainstream mnemonic storage solution because the hardware wallet manufacturer has not adopted the industry standard mnemonic storage solution. This resulted in a loss of 0.1 BTC. Talking about this experience, One Piece said that although the product itself has an unreasonable design, it is also because of its carelessness that it eventually led to the loss of coins. I would like to remind you again that there are many asset storage solutions, but still keep in mind the first one of security and caution!
In summary, fun and interesting brain wallets still have large risks. The widely-acclaimed exchange deposits are not useless, and the popular software wallets and hardware wallets on the market cannot guarantee 100% security of assets. For users, the most important thing is to improve security awareness. For different needs, choose a platform or wallet rationally and carefully, and abide by the principle of not putting all eggs in a basket, to protect their digital assets to the highest degree. .
The above is the live broadcast content organized by the chain node. For more content, please watch the video playback above the article.