Between October 2020 and April 2021, Americans lost more than $80 million in cryptocurrency scams, the U.S. Federal Trade Commission reported. This is a major PR problem for the cryptocurrency industry. But what can the industry do to help users stay safe and pave the way for mass adoption?
Preventing successful attacks starts with acknowledging that cryptocurrencies are fundamentally different from traditional, or fiat, currencies. Although blockchains are designed to incentivize sound transactions by rewarding good actors, blockchain addresses don’t have the same recourse or guarantees as bank or credit card accounts. There’s no authority to bail the holder out — no FDIC guarantee. While someone can dispute a fraudulent credit card transaction, a validated blockchain transaction can’t be undone.
Most veteran cryptocurrency holders however have managed to keep their cryptocurrency assets secure. Often for many years. Three relatively simple access control tools are responsible for that protection: private and public keys, software wallets and backup codes and hardware wallets. Here is a breakdown of how these tools operate and best practices.
1. Private and public keys
Blockchain-based cryptocurrencies come with public and private key pairs which are the bedrock of cryptographic security.
Keys are strings of characters, most often numbers and letters, that are longer than passwords and keys for mobile phones and online accounts. For example, in Bitcoin a private key is a 256-bit number, which is 64 characters long.
Private keys allow the holder to prove, cryptographically, that they are the owner of an account. They grant one full access to and complete authority over a cryptocurrency account in the same way a physical house key would to a home, or credit card number, expiration date and security code would to a credit card account. With a private key, the user has license to control their account, let others pay into it, sign transactions and send value to other accounts.
Sharing a private key with someone else is like giving them your bank card and PIN number, or the code to your safe. If someone has the private key, they can clear out that account. That’s why private keys are rarely, if ever, safe to share with anyone else. Similarly, don’t store or paste private keys in unencrypted text. It doesn’t matter whether they are saved on a device, website, in the cloud or otherwise. If a hacker found this information, the whole portfolio would be at risk.
In contrast to private keys, public keysare meant to be shared with the world, without risk. They resemble physical addresses. Anyone can send funds to that address using that public key, similar to a mailing address or bank account number. Public keys are generated from and correspond to users’ private keys. Public keys are safe to share because one cannot issue outgoing transactions with a public key —and it is impossible to determine someone’s private key from a public key.
2. Software wallets & backup codes
Software wallets are applications that let the user store and manage their cryptocurrency and can either be installed locally or accessed via the cloud. They can be used to store private keys, generate public keys and carry out transactions. They often store only part of the blockchain, meaning they require less space than a full node.
Some cryptocurrency wallets allow the user to export a backup code, or a sequence of 12-14 words, derived from a private key, that lets them access their wallet and private keys from anywhere.
The combined power of software wallets and backup codes contribute to both convenience and security. Here’s a practical example: Let’s say one has a backup code associated with a wallet on a laptop that you’ve recorded and saved. That person could throw their phone into the ocean and never see it again, go home and completely restore the wallet using a backup code — all without relying on any central party to re-issue the funds or access their personal information.
3. Hardware wallets
Hardware wallets are secure physical devices that store and manage a user’s cryptocurrency.
When enabled, they connect with online applications to make transactions without revealing private key data. When not in use, they are offline – a feature that makes them less accessible or vulnerable to hackers than other wallet solutions. Like software wallets, hardware wallets use backup codes.
The negative of choosing a hardware wallet is a certain degree of inconvenience. They’re not ideal for making frequent transfers . However, this is often seen as a feature, rather than a flaw.
The cryptocurrency industry needs to spread the word about these safekeeping measures if they want users and regulators alike to become more comfortable with mass adoption.