With Crypto Assets, Best To Run Cold
Today we’re excited to welcome guest contributor Sarah McCrary to Womxn In Crypto with a post on storage and security. A technologist and business leader with over twenty years experience building software solutions and tech-enabled product, Sarah explores the rise of crypto wallets as they evolve into a technology for the (web3) masses.
Toddkramer.eth had one regret after being involuntarily relieved of 16 NFTS he valued at over 593 ETH (~$2.2mm)...”lessons learned. Use a hardware wallet....”
He was reportedly duped into allowing unauthorized actors to access a hot wallet connected to the account holding the NFTs. It’s unclear if a hardware wallet, also called a cold wallet or cold storage, would have actually prevented the crime. A hardware wallet would have required an extra step to connect a physical device to authorize transactions before they executed. That friction might have allowed Toddkramer.eth to reconsider what he was doing and stop the operation before suffering any losses.
Hot is fast and loose.
A hot wire is one that is connected to an energy source — it is hot with current as long as the circuit is live. Similarly, the hot wallet is connected to the internet as long as the computer it is stored on is connected to the internet.
Hot wallets are convenient because they allow users to quickly connect an account to blockchain apps and services with minimum friction. It is possible that Toddkramer.eth’s mistake was connecting his hot wallet to a malicious app that exploited the access and tricked him into authorizing the transactions that moved the stolen NFTs from his account to the attacker’s account.
Cold is slow and safe.
Cold wallets are cold because, unlike hot wallets, the private key is always offline (cold) even when the physical device is connected to an app or service over the internet. Cold wallets provide private key storage on a hardware device that requires physical interaction to utilize the device to authenticate transactions.
Cold wallets reduce, but do not eliminate, the risks to your crypto accounts. By keeping the private key offline and requiring physical interaction to authorize transactions, the extra steps required of cold storage can help prevent a bad actor from taking the owner’s assets — limiting easy opportunities for theft.
Toddkramer.eth leaves us with one more lesson. In response to his plea on twitter to help him recover the stolen NFTs, he encountered unforgiving criticism and sarcasm to which he replied:
Note:
Toddkramer.eth deleted some tweets after the fact; however, the original thread is archived. https://web.archive.org/web/20211230115037/