Lesson 1
Introduction to crypto security: wallets, keys, and smart contracts
Build your foundation of security as you enter the blockchain world.
The best way to start understanding crypto security is this: It’s in your hands, just like the wallet you carry with you every day. In most cases, there’s no institution standing between you and your assets, which can be an incredible freedom! But with freedom, there is always some risk.
Asset management (wallets and keys)
Understanding crypto wallets is a significant first step in safely navigating the world of digital assets. Just like keeping track of your cash or valuables, there isn’t much more reassurance than holding onto your assets yourself. If you entrust someone else to look after your things, there’s always a chance they could lose them or run off! Digital assets are just the same, so let’s learn a bit about the wallets where you can store your crypto.
Like many other safety measures on the internet, selecting the right wallet can introduce a security tradeoff in exchange for convenience. Crypto wallets vary in design and offer several different functionalities. However, there is an overarching similarity between all wallets: the safety and security of your wallet and the assets within is solely up to you, the owner. So, let’s review the different types of wallets and some best practices to protect your assets.
Software & hardware wallets
Software wallets are application-based wallets that store your private keys/assets in an encrypted format online within the app’s data storage. These wallets enable users to move, manage, and view your assets easily by decrypting and using the secret keys. Just like online banking, software wallets can be a fast and convenient way to manage your assets. Still, there are trade-offs—the security of these systems is largely dependent on the practices and protocols used by the app developers.
Hardware wallets are physical devices, often resembling USB drives or battery banks, which store your private keys within. They’re much more secure than software wallets if security best practices are stringently followed. However, if your device is compromised and your home computer gets hacked, the hacker could steal your assets from your wallet while plugged in. The downside is that moving and managing your investments is much more clunky compared to the ease provided by purely using software wallets. Hardware wallets store your keys entirely offline and require you to move your assets into an exchange platform before exchanging.
Custodial vs noncustodial wallets
Custodial wallets are the closest thing to a traditional “bank” experience regarding crypto wallets. They’re managed by a third-party crypto exchange via a software wallet on the internet (ie. Coinbase), and you must trust the exchange to control your keys, just like a traditional bank can access your accounts. The upside to a custodial wallet is that your assets are housed within an exchange, making them easier to move, manage, and invest. The downside is that you have to trust an exchange with your assets, and if the exchange somehow fails or your key/password is compromised, you’ll likely lose the assets stored within.
Non-custodial wallets or “self-custody wallets” are the crypto version of the wallets you keep in your purse or pocket. They can be software or hardware-based, and you are responsible for keeping them safe and secure. Remember, you are responsible if you lose your wallet or compromise your private key.
Custodial wallets are much more convenient for trading and moving things around regularly, but they rely on trusting a third party with your assets. Non-custodial wallets are a bit clunkier to move assets through but are more secure if the proper steps are taken and safeguards are implemented.
Smart Contracts & DeFi Projects
Smart contracts are widely used across the DeFi landscape due to their ability to add features and functionality to a blockchain. A smart contract is a piece of code running on a blockchain. It executes predefined conditions and actions, allowing for complex financial interactions without third-party intermediaries. A smart contract, once deployed, becomes immutable—meaning it cannot be altered—and the blockchain oversees its execution. Therefore, it is crucial to understand the terms outlined in the smart contract thoroughly. If users are not fully aware of how the contract operates, they may inadvertently engage in transactions that could lead to losing their funds.
Depending on the creator’s intent and thoroughness, this powerful functionality makes smart contracts extremely useful and potentially dangerous. Before you use a smart contract, ask yourself these questions.
Is it vetted?
Look into who else (if anyone) is using the project or contract. If it hasn’t been vetted or isn’t being used by many people, there’s almost certainly a higher risk. In addition to doing your research, be sure to investigate third-party auditors who can help verify if the project is safe to use.
Is the contract safe?
If you’re a developer, look into the underlying code and the developers or team who built it. What does it do? What are the specific variables used to seal smart contracts on this currency?
How does this specific contract work?
Do your homework and determine what conditions must be met to execute the contract. Knowing what’s at stake and who stands to benefit gives you a lot of insight into the safety and security of a specific contract.
Stay secure on the blockchain.
Cryptocurrency and blockchain technology present responsibilities along with advantages and freedoms. When we cut out intermediaries and banks, we must now manage our own assets independently. Remember: there is no insurance or government agency to protect you if you make a security mistake.
By acknowledging that risks and scams exist and that you are responsible for the security of your wallet and the assets within, you now have more tools to protect yourself—and fully take advantage of the benefits of crypto.
