As we know very well by November 2022, there is a variety of scams, hacks, and exploits that give malicious actors direct access to operational funds. This is because there is no intermediary bodies add layers of security between users and funds. With networks like CashApp and Venmo, several large institutions, which have millions of dollars not only in security but also to recover any lost funds, interact with eachother, between the value between you and the sender/ recepient.
In cryptocurrency, operational security is on the user, no matter who it is.
Development teams, bridges, DEXs, CEXs, and countless users, on every chain, from PancakeSwap, Nomad Bridge, and Solona to your uncle who got into crypto without consulting you first, have made detrimental follies, either through social engineering, or backend security, that have left their funds exposed. This can happen when storing or attempting to move funds.
This is a basic outline of Operation Security.
1. Keys- Private Keys - \\\ Long string of letters and numbers allows users to sign transactions and access funds
^^^ same function v v v <100% Secret, to be kept secure and safe. Losing back ups to these will lose access to funds. >
Mnemonic Phrase- /// 12 or 24 words which can mirror the wallet key and be used to sign transactions and access funds
Public Key- Public Knowledge, publicly listed on blockchain, used to receive funds.
How keys work- Alice wants to send BTC to Bob. She uses Bob's public key to add Bob as the addressee. She uses her own private key to sign the transaction and approve the spend to send BTC to Bob. The message that approves spend is encrypted with the famous SHA- 256 encryption, which then hits the decentralized blockchain for consensus approval. After being approved, Bob's private key, since his public key is listed, is eligible to decrypt the approve send message and receive the amount that has been approved on the blockchain.
NEVER GIVE ANYONE ACCESS TO YOUR PRIVATE KEY OR MENOMIC PHRASE!!! DO NOT ENTER IT INTO ANY FORM, EVEN IF IT LOOKS LIKE YOUR WALLET UI!!! In Ethereum (Metamask), if you're already logged into your wallet/ account, you will never need to type out your private info. Don't worry about your public key, everybody already has it.
2. Wallets - Types of Wallets/ Vulnerabilities/ Benefits
1. Software wallets (hot wallets) - Cons- attacks on connected sites/dexs, device (phone or computer) can be hacked for password, software bugs/vulnerabilities, device can be stolen for access. ///Pros - Easy and simple access and mobility.
2. Hardware Wallets (Ledger, Trezor) - Cons- loss/ theft of wallet, forced under threat to open, hack of database, bugs/vulnerabilities in production of wallet. ///Pros- Hides private keys offline, instead of stored in a non secure device.
3. Paper Wallets - Cons- Loss or theft of wallet, incorrect setup./// Pros- generally considered the most fool proof of these 3.
4. Multi sig Wallets- (any sort of wallet design that requires more than one signature to approve transactions, in any ratio. i.e., 2/3, 6/9, 4/4. )
Pros and cons of multi sig wallets are fairly obvious, this adds layers of security, however, loss of access may happen if any of the listed wallets are unable to approve transactions for any reason. Not fully available to the general public as of yet.
3. Passwords - 73% of online passwords are duplicates for other accounts. Take this into account when online databases experience massive breaches and one of your passwords is compromised. Will this password open more of your accounts? Strong passwords are crucial, I think we have all been on the internet long enough to know what a good password looks like and what a bad password looks like. Nothing with the word password, or about the site, or about public info of yourself which is easily guessable. You can try a safe online password generator, or a random string of letters or numbers. Random strings are more secure when they have six characters or more. Make sure to back these up in a way that won't be hacked (computer or phone) or lost!
4. Devices- Sim cards, used in two step verification to ensure, on a whole range of sensitive information files, can be duplicated! Real life example! A man buys 468 brand new sim cards, dupilcates everyone, sells them all of them to different individuals, then gains access to each individual 2 step verification contents. Another man targeted a residential line, told him he needed to provide sim card details or he would lose phone service, then deactivated the man's SIM and reactivated it under his possession, effectivley stealing a quantable sum of money from this individual.
Some OpSec device tips: 1. Have multiple devices for 2 step verification for different accounts.
2. Never leave your phone or computer unattended (quick lock time will help if this is a risk.)
3. Password protect everything and use multiple forms of verification.
5. Real Life-
Real life protocol:
1. Close your computer
2. Biometric access to your phone
3. Put your private keys somewhere safe IRL!!!
4. Keep your devices with you.
5. Trust noone!
People have been threatened with death for the seed phrase! or worse! ill let you figure out what that means.
Full Lesson is tokengated course by omakasea
Tokens can be bought here.
Follow me on Twitter and Lens.