The recent Kucoin hack, where $275 million worth of cryptocurrency was taken from Kucoin’s hot wallet, has brought to light the importance of cold wallets in the cryptocurrency space. We’re going to take a look at the kind of wallet system Kucoin was using that made it more vulnerable to an attack, and explore some measures you can take to protect yourself and your assets, as much as possible, from a similar event happening in the future.
What are crypto wallets?
For those of you who are new to crypto, wallets are where you store your cryptocurrency. There are a few important components of a wallet which makes each one unique. These also function as security measures controlling who has access.
First, we have a private key. This is a mathematically generated string of letters and numbers linked to your wallet address. The control of this key allows crypto to be spent from this wallet. If you lose/forget this key you will lose access to the funds in your wallet as there is no way to retrieve it.
Next, we have the public key. This is also related mathematically to the address of your wallet. The public key confirms that the wallet address belongs to you. As the names suggest, it is important that you keep your private key safe and known only to you. Your public key will be viewable by anyone. Your wallet will also contain a log of all incoming and outgoing transactions which can be verified by checking them against the blockchain.
Cold Wallets v.s Hot Wallets
At the most basic level, there are 2 varieties of wallets used for cryptocurrency, hot and cold. Within each of these, there are a few different versions. If you’re interested in finding out more about all the different types of wallets, Read What is a crypto wallet.
What is a Hot Wallet?
A hot wallet refers to a wallet that is connected to the internet, a cold wallet is an offline one. The Kucoin hack targeted the hot wallet system the company was using to store their customer’s crypto. Hot wallets are viewed as riskier and more vulnerable to such attacks. This is because the internet connection which makes them better for quick online transactions, also gives hackers a route into the wallet.
What is a Cold Wallet?
A cold wallet, on the other hand, is more secure as it is kept offline on a separate piece of hardware like a USB. It can only be accessed by whoever is holding the physical device. On the flip side, it takes longer to make transactions as cryptocurrency works on blockchain technology, which is at its core an online system. You either need to transfer funds to a hot wallet to initiate transactions, or connect your cold wallet to the internet momentarily to send the details of a transaction which you’ve signed offline.
Details of Phemex’s wallet security practices can be viewed Here
How does Phemex utilize cold wallets?
A crypto exchange that primarily utilizes cold wallets such as Phemex, is in theory safer as funds and keys are not accessible through the internet.
Phemex assigns each user their own cold wallet deposit address, these are then periodically gathered and stored in the company’s multi-signature cold wallet through offline signature. In this way, we keep the funds used and stored on the Phemex platform safe from outside attacks. One downside is that accessing these funds takes a little longer than platforms that use hot wallets. However, we believe that security and assurance that your funds are safe are worth a little wait.
Wallet Security Best practice
Because of this, we suggest that users keep both a hot and cold wallet. A cold wallet should be used for storing larger amounts of crypto. These are long term investments – ie coins that you intend to hold on to for a while and not spend. A hot wallet is useful to store a more limited sum, only containing what you have near-future plans to spend or use online for trading or exchanging.
Make sure that you do research into whichever wallet is going to work best for you. Maintaining secure practices with your keys is going to be the best way to protect yourself from malicious losses. Just like you keep your pin and passwords private, the same also goes for the keys to your wallet. Cryptocurrency isn’t as regulated nor as controlled as Fiat currency, the onus is more on you to keep yourself safe.