Why do we need Cold and Hot wallets to secure digital assets?
The Blockchain is the underlying tech layer made up of a decentralized ledger and in theory, a very secure data structure as there are a lot of distributed nodes that participate in the consensus algorithm. In order to hack the blockchain, hackers should exploit vulnerabilities in a lot of decentralized nodes, which is theoretically almost impossible.
The basic security assumption of blockchain is that it is impossible to hack so many nodes to change the state of the blockchain.
If blockchain tech is so secure, how could it be hacked?
The Achilles Heel of the technology is the centralized nature of institutional users that manage large amounts of crypto assets (money) for their clients, while the only thing that stays between the money and the hackers is the private key. The private key should be used to sign, on blockchain transactions, the same way that a manual signature could be used to sign traditional checks. If someone steals the institutions’ private key they can create a transaction on their behalf and steal the money. Unlike bank systems – once a hacked transaction is created there is no way to reverse it – the money is literally stolen.
Why is it important to store and safeguard your private key?
Whoever holds the private keys has complete control over the assets associated with that key. Because blockchain transactions are instantaneous and irrevocable, users aim to keep their private key secret. The private key is only generated once, so misplacing a private key effectively renders useless all the crypto assets associated with that address.
Although the optimal custody scenario has yet to be defined, it is undisputed that control of the private key is of paramount concern. In fact, the private key is, in essence, the real asset. It’s intrinsic properties and powers mean there is no way to truly safeguard it without exception.
Cold wallets “The vault of institutional custodians” are hardware devices that store Bitcoin or other cryptocurrencies initially, internet isolated, device. In theory, the cold wallet solution is reported to be the most secure way to store cryptocurrency. Some cryptocurrency users prefer to keep their digital assets in a physical "wallet," most often a device that looks like a USB stick; they can only be accessed by being plugged directly into a computer and require an internet connection in order for a user to access and move their cryptocurrency funds.
There are several popular cold wallets for commercial use such as Trezor, Ledger Nano S and for enterprise and institutional investors some other devices use a combination of:
- SDK card
- External thumb drives
- Dedicated air-gapped machine with HSM
Problems associated with the above hardware are usability and to gain access to the crypto asset you need to connect the cold wallet to a computer and therefore it is exposed to the internet. By doing so you are compromising the cold wallet system through the Internet connection, thus exposing it to potential attack vectors and eventually potential cyber theft.
Using cold wallet storage is a necessary security precaution, especially when dealing with large amounts of Bitcoin and other crypto-assets. For example, a cryptocurrency exchange or crypto fund custodian would typically offer instant withdrawals and might be responsible for hundreds of thousands of Bitcoins and other crypto assets. To minimize the ability that hackers could steal the entire reserve in a security breach, the operator of the financial services would follow a standard protocol, by keeping the majority of the reserve in cold storage, while holding a smaller percentage of the assets available for day to day trade activity.
Essentially they would not store the majority of digital assets’ private keys on their server or any other connected computer. The only amount kept on the server is the minimum required to cover anticipated customer withdrawals.
Methods used to secure private keys for digital assets
- Data encryption that protects wallets with a strong password
- Backups for digital wallets in case of computer crashes or fraud
Cold wallets are not truly secure as, at some point, they need to send funds and by doing so they rely on bi-directional communication and are connected to the internet. This is when they can be compromised and be infected with malicious data and extremely vulnerable to attacks. Therefore all cold wallets become hot wallets dispelling the theory of total security for institutional custodians.
Hot wallets today have an important role as they are capable of providing easy access to funds and processing automatic transactions, however private keys of the hot wallets are stored in a method that requires that they are always connected to the internet. There are different types of hot wallets that take a different approach on how to store private keys. From a mathematical perspective, some duplicate private keys between different participants and another divide a private key between the participant. In other words, hot wallets today tackle the security risk by distributing private keys.
The Hot wallet participants maintain control of their private keys, so the cryptocurrency assets in the hot wallet remain under the holder’s control. However, the assets remain vulnerable to hacking, as a malicious person or group which gains access to your computer or smartphone would theoretically also be able to drain your wallet via getting access to the private key.
A hot wallet’s primary advantage is that it can be used for automatic and fast access transactions. Individuals looking to actually make purchases with their cryptocurrency assets might choose to use a hot wallet, for instance, as the holdings in that wallet can be transferable across the internet and in general, the number of crypto assets is at a high enough value, therefore it is not worth the time and money that hackers would invest to steal. On the other hand, hot wallets are definitely vulnerable to security breaches as they have ongoing access to the internet. Different types of hot wallets all store the private keys on internet-connected applications
- Basic Hot wallet - Direct connection of the private key on the Internet
- Multisig Native Wallet – duplicates private keys - you only need to compromise two participants in order to gain access
- Multiparty computation (MPC) – Distributes private key between 2-5 participants
If we look at the Multisig method even with 2-3 people or entities having to confirm a particular transaction, hacker groups will spend millions on institutional targets and they only require attack vectors for 2 out of 3 in order to compromise the security. Hacker groups are willing to do this as they stand to gain hundreds of millions in stolen crypto assets.
Even the MPC methodology is vulnerable to a variety of attack vectors. With the MPC approach, multiple non-trusting computers can each conduct computation on their own unique fragments of a larger data set to collectively produce a desired common outcome without anyone node knowing the details of the others’ fragments. The private key that executes the transaction is then, a collectively generated value; the proponents of MPC maintain that at no point is a single computer responsible for an actual key. MPC based wallets are said to be a better solution to any hardware or multisig wallets in the market. They are mathematically proven to be safer, completely off-chain, providing higher flexibility and are generally ledger agnostic.
Unfortunately, even with the fragments on multiple devices, it is still not an entirely safe solution because sophisticated hackers might be able to linger within a cluster of machines long enough to trace and reconstruct a key. If they manage to compromise one single employee machine or server they will be able to move laterally in the network and compromise other devices which are a part of the signature method. So this can also be proved false as hacker groups are sophisticated enough to find the vulnerabilities in this method and are willing to spend millions to steal billions.
Using the above solutions could essentially prevent a rogue employee from stealing keys on-site, or from a cold-storage facility, or from any hardware device managed entirely by the company. There are mpc wallet providers that try to limit an attacker or a rogue employee from entering a single network and collecting all of the cryptographic information they would need to authorize and sign an illegal transaction, however, this solution is also not 100% secure and merely mitigating attack vectors is just not an option when billions are at stake.
Why should the industry care?
As of writing this article the total market cap for cryptocurrencies has exceeded $208 billion and is now in the 10th year of existence. In these past 10 years, there have been many notable hacks. All institutions with custody of large amounts of crypto assets have a responsibility to their investors to ensure the most robust security options are deployed throughout their enterprise.
Furthermore, the hacks also lead to various other cyber damage
- Theft of assets - irreversible
- Reputation damage
- Theft of private customer data
- Loss of jobs
- Closing down the business
But that’s a different article...
Although there is a lot of volatility in the market which in part is driven by FOMO and media hype, it is critical to acknowledge that a major factor is the security of digital assets and this can affect the value of a cryptocurrency or an exchange asset valuation fundamentally altering the entire ecosystem.
Conclusion: Hackers would invest millions to steal billions.