• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

An Achilles heel of the Cryptocurrency

Status
Not open for further replies.

tunguyen

New member
The one who controls private key and seed phase will control the whole Crypto market and even all mankind money in the future.

You can soar your wealth by understanding the Crypto knowledge at its core. It is never too late to learn again from the beginning to build your undestructible foundation to avoid regretful mistakes.

Sharing # 3:
A. Private key (Seed phase)! An Achilles heel of the Cryptocurrency.
B. How to protect yourself in the Cryptocurrency market full of security risks.

Sharing # 1: All hardware wallets or cold wallets may not be as safe as you think!
Sharing # 2: The root causes of losing all your money in both hot wallets and cold wallets.

=========================================================================
Warning: My sharing post may make some people or groups unhappy. Therefore, this post may get deleted or made hidden. If you find that this post is helpful to you, you should save it in your note or a Word document to read again later. As you read your note over and over again, I believe that you could understand Cryptomarket secrets better and benefit more from them. You could share this note to your friends and investor fellows without mentioning my name. I just want more and more of you to get away from crypto security risks without earning credits for my sharing.

Before going into detail, I would like to introduce a bit about my investing profile and me. I live in Texas, USA. My strategy is a long tem value investing approach in both stock market and Crypto market. I have stock investment accounts at Robinhood, IBKR, Charles Schwab, Fidelity, and Webull. In addition, I am trading and storing coins/cryptocurrecies at Coinbase Pro, Kucoin, Gate, Crypto App, CoinEx, Lbank, Bittrex, and Gemini. I have been using hot wallets from some big names including Trust wallet, Metamask, Crypto wallet, Coinbase wallet, and Safepal wallet. For cold wallet, I am using Safepal.

Let’s get started.

=========================================================================
Terminology definitions:

* Private key is like a password - a string of letters and numbers - that allows you to access and manage your crypto funds. A private key is a 256-bit number, which can be represented one of several ways. The example below is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F (e.g., E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262). A private key is not really human readable and memorizable, and you definitely don’t want to store your private key in a computerized form like in your computer or your phone for security reasons. Another option to store your Crypto account access information is to write down your private key in a piece of paper. This way is also not recommended because only one mis-spelled letter will make you lose your account access and your money. This is why seed pharse, a more human-readable form of password, was introduced.

* Seed phrase comes with many names. A seed phrase, seed recovery phrase or backup seed phrase is a list of words which store all the information needed to recover Cryptocurrency wallets. Your seed phrase is a mnemonic code consisting of 12-24 words that is used to recover your cryptocurrency wallet (e.g., witch collapse practice feed shame open despair creek road again ice least). Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their coins back.

* Difference between a private key and a seed phrase: Private keys allow you to send or spend your cryptocurrencies - they’re algorithmically derived from the long string of numbers represented by your seed phrase. Your seed phrase gives you access to your wallet and all the private keys in the wallet. You can think of a crypto wallet as being like a password manager for your crypto - as long as you have your master password (the seed phrase) you have access to all the associated crypto.

*** IMPORTANT: No matter if it was your private key or your seed phrase that were revealed by a hacker, you would lose your cryptocurrencies in your wallet(s). This is because when someone knows your seed phrase or recovery phrase, he will definitely has access to your wallet and can retrieve your private key to steal any coins. Under the scope of this sharing and my next sharings, I will use private key and seed phrase interchangably because the core story beside losing your cryptos inside your wallet(s) is that your private key was revealed to someone else, either via losing your private key or the seed recovery phrase.

=========================================================================
Sharing #3:
After investing in both stocks and crypto for a while, I learned that investing in crypto brought me a very interesting experience as it has many features far beyond what stocks can do. Crypto is one of the technologies for the future, but I have to admit that it comes with cons in which the worst one is the security risk. Storing cryptocurrencies is super risky that many investors may lose all their money because the private key that they trust to protect their money is actually not as powerful and safe as it need to be. I have shared about this topic briefly in my two previous posts. If you haven’t read them, I am highly recommend you to read, save and read again to fully understand all my points. Let go slow and safe, be suspicious and wiser in your cyptocurrency investment and management or your money will be stolen sooner or later.

A. Private key (Seed phase)! An Achilles heel of the Cryptocurrency.
Scenario: A Cypto exchange platform has a hot wallet with 1,000 different coins. One day, this platform was attacked because of any possible reasons, and the private for the hot wallet above was stolen. Right at the moment when the exchange’s staff and management team realized a potential fraud that some coins were transferring to a suspicious wallet, they could not stop these activities. This is because there are no such options like changing the wallet private key to stop the transfers or utilize 2-step authentication to avoid these stealing transfers. The best thing they could do to minimize their final lost was to quickly transfer all the remaining coins from that wallet to another one. The faster they acted, the more coins they could save. If they were too slow, the wallet’s balance would be a big zero. Good luck next time! You might have heard and read about many big Crypto exchange platforms experiencing hundred-million-dollar attacks recently. How do you think about this? Is this because those platforms do not have a good security system? I don’t think so. Those big platforms should have many big brains to stop hackers from stealing millions of dollars that easily. Now it’s your turn. Think about this situation and you can find the answer from my sharing above.

B. How to protect yourself in the Cryptocurrency market full of security risks.
As far as I know, there is no secured way to protect you 100% from losing your coins in Crypto market. Therefore, I can only propose some suggestions (60-70% protection power) that may be optimal for now (before the new security technologies is developed) to save you from losing all your coins

B1. Critical Rule: Trade and store crypto in decentralized mode. Don’t put all your coins in one basket but utilize many coin storage devices/platforms:

+ Hardware wallets: Use wallets under good brand names. I highly recommend buying wallets directly from the official websites (don’t buy from eBay for similar stores): Ledge, Trezor, Safepal…

If you don’t have a huge value of coins, it’s okay to use only one hardware wallet. But if you think your coin values may cost your fortune, please use more hardware wallets, one wallet per brand (e.g., 1 Ledge wallet, 1 Trezor wallet, and 1 Safepal wallet).

Overal security score: 6-7 out of 10.

When you start using a hardware wallet, you should write down your private key and all 12-word/24-word phrases to a small piece of paper or note, then cover the paper piece with clear tape to protect it and for long term use. Make another copy with paper and tape if you don’t mind. Finally, store these paper pieces in a safe and secured place that only you know about it.

Things to avoid: Do not share your private key to anyone and do not enter your private key in any websites. You should not store your private key electrically in your phone notes or computer so that none of the hackers and spies can find your private key anywhere.

Side notes: When you perform factory reset on your hardware wallet, your wallet will have a new private key. The private key keeps changing every time you reset it.

+ Well-known and well-established Crypto Exchanges: Please research and read more about crypto exchange reviews at coinmarketcap or coingecko.

It’s fine if you don’t have time for more research, you can read my research summary below. I already tested and was able to trade at the following crypto platforms/websites when I was in the U.S. I believe that you can do the same thing even when you are in a different country.

Binance. com (Binance. us if you are in the U.S.): security score 7 out of 10.

coinbase. com, Kucoin. com, Crypto. com: security score 7 out of 10.

CoinEx. com, Lbank. info, bittrex. com, kraken. com: security score 6 out of 10.

Right after you create your account/sign up at a Crypto exchange, register 2-step authentication and log out right away. You can log in again to see if the 2-step authentication works before you send your USDT/coins to that Crypto exchange.

+ Hot wallets or software wallets: E.g., Trust wallet, Metamask, Crypto wallet, Coinbase wallet.

Overal security score: 4-5 out of 10

Please don’t store your top coins or valuable coins in this type of wallet. Store them in hardware wallets or in a well-known crypto exchange

This type of wallet is more suitable for meme coins, or new coins that have not listed in any exchanges yet. Personally, I do not recommend this type of wallet because it is super risky. But if you really love trading via platforms like pancake swap, uni swap that using hot wallets is required, then you should know some ways to minimize your risk. I suggest you should use Safepal hardware wallet for swapping your coins every time you trade. It will take longer to trade this way because you will need to enter your PIN and scan your QR code to perform a trade.

B.2. Realized gain and money withdrawal to bank.
In this Crypto market full of risk, when you feel like your coins are very close to their peak and you are gaining x5, x10, … x100, it’s time to sell your coins, realize your gains, and withdraw your money to your bank. The amount you need to sell should be greater or equal to your initial investing amount. For the remaining amount, you are free to sell or keep them. You will never lose your money if these remaining coins’ value goes down one day. Always keep in mind that nothing is wrong when you realize your gain. You can do so many good things with money in your bank such as having fun with your family, helping your love ones and investing in another channel.

B.3. Crypto is not safe enough to invest 100% of your money in yet. I personally recommend the investment portfolio with maximum of 20% your money in Cryptocurrecy. You can invest your remaining money somewhere else.

Final note: Until a new security technology for Crypto private key is developed and introduced that is at a higher level of security with 2-step private key authentication or something similar, we can have peace of mind in this investment channel. For the current security technologies, I only rate it the security level of maximum 70% (the remaining 30% depends on who control the private key/seed phrase system). I think this 70% number an optimistic estimate because I hope the security issue will be fixed in a near future!

Okay, this is the end of my sharing.

Hope my sharing helps you more or less in your crypto investing path.

=========================================================================
Sharing # 1: All hardware wallets or cold wallets (e.g., Ledge, Trezor, and Safepal) may not be as safe as you think!

All the hardware wallets are merely a tool to create and store you private keys (or seed phase). They are not much different from hot wallets (wallets created with a software).

When you buy a hardware wallet and starting using it, it will give you a seed recovery phrase (with 12, 18 or 24 words such as: apple, hot, cold, same, table, tree…). Then, it will ask you to create a PIN and connect your wallet to a software/app in your phone or computer using a QR code (or a USB or a Micro SD card depending on the wallet brand).

In order to send a crypto to another wallet or to a crypto exchange, you will need to use your hardware wallet to do a lot of verification/confirmation such as entering your PIN and scanning a QR code. Do you feel that your wallet is safe by doing such steps above?

Let’s imagine that you lost your hardware wallet (you couldn’t find where you keep it) and you still have your private key and/or your recovery phrase, all you need to do is to buy another hardware wallet with the same brand as your lost one to retrieve all your coins. This seems to be right, but not really. You need to know more things for making it right.

For example, you own 1 BTC, 4 ETH, and 10 SOL, all stored very safely inside your hardware wallet. The private key that you created using a hardware wallet can be entered in any hot wallets (e.g., Metamask, Trust, crypto wallet, and Coinbase wallet) to do any transactions. You can send 1 BTC, 4 ETH, and 10 SOL to another wallet by just using a hot wallet without entering your PIN and scanning QR code using your hardware wallet. I have tested and confirmed that this is 100% possible. Do you feel like something is not right here?

As I mentioned at the beginning of this post, all the hardware wallets are merely a tool to create and store you private keys, nothing more. Therefore, when a hacker knows your private key, good luck! You money will not totally vanish, it is in someone else’s wallet no matter you are using a hot or cold wallet.

See you again in my sharing #2.
 
=========================================================================
Sharing # 2: The root causes of losing all your money in both hot wallets (hardware wallets) and cold wallets (software wallets)

Have you ever wonder why all your coins disappear from your wallet one day even though you store your private key (and/or seed phase) very carefully (never tell anyone, and never enter in any websites), and your computer is protected with expensive paid anti-virus program, and your phone is also highly protected and safe. If you have ever experienced this, or you are afraid that you may experience this, my sharing below is for you.

As I saw so many crypto investors unreasonably lost their money in their hot and cold wallets, I am writing this post with the main purpose of sharing to more and more investor fellows to protect your money in this market full of security risks. I am not planning to scare you or persuade you to stop investing in Cryptocurrency because I, myself, a big fan of Crypto.

1. Hotware wallets or software wallets were created with a software. Examples of hotware wallets are Trust wallet, Metamask, Crypto wallet, Coinbase wallet, Safepal wallet, … When you create a new wallet, the software from one of the wallet creators above will give you a private key. The most common private key is generated in conjunction with the recovery 12-word or 24-word phrase (such as: apple, hot, cold, same, table, tree…). Along with sending you your private key and the 12-word or 24-word phrase, the software also send these key and phrase to its managed server. And this server and its admin know your private key and your wallet address without doubt. I trust most of the wallet creators’ staffs who are supposed not to use your information for their personal purpose. Yes, most of them, not all of them. You may not be their potential prey until one day when your coin values grow to catch their attentions.

2. Cold wallets or Hardware wallets: E.g., Ledge, Trezor, Safepal... When you start using a cold wallet and connect it to the apps in your phone or computer using a QR code, an USB or a Micro SD card, the wallet creator software will decode your wallet’s encrypted information back to get your private key. Then your wallet address and private key will be sent to its server.

Hope you understand the root cause of losing your crypto at this point.

P/S: It is your choice to believe me or not. But please don’t trust anything that seems to be free for you.

Bonus information: A private key that was created from a hot wallet (Trust wallet) can be used in any other platforms (e.g., Metamask, Crypto wallet, Coinbase wallet, …) and in a cold wallet without any issues. And vice versa, private keys from a cold wallet can be use in a hot wallet.

See you again in my sharing #3.
 
Status
Not open for further replies.
Back
Top