Many people are curious about what a cold wallet is in the world of blockchain. Can a cold wallet, which emphasizes high security, be hacked?
Ko Wen-je, chairman of the People First Party, recently became involved in the Jinghua City case and was detained and prohibited from meeting by the Taipei District Court. Recently, the media revealed that the prosecution has seized Ko Wen-je’s cold wallet (Cold Wallet), which is currently being decrypted.
What exactly is a cold wallet? Can a cold wallet, which emphasizes high security, be hacked?
What is a wallet?
What exactly is a wallet? This is a common question for newcomers to the blockchain world.
Cryptocurrency wallets, unlike bank accounts or EasyCards, do not actually store virtual assets (cryptocurrencies, NFTs) in the wallet. Instead, they are a digital medium for storing, sending, and receiving virtual assets. They are a critical part of the cryptographic infrastructure that enables various blockchain technologies to be implemented.
Cryptocurrency wallets have three important elements: private keys, public keys, and addresses.
Private key:
When using virtual assets, the “private key” must be used to prove the ownership of the wallet. Only the person who owns the private key for that address can use the wallet. Therefore, the private key must never be revealed to others, as virtual assets can be stolen. The private key is designed based on cryptography and generates a unique 256-bit random number. There are no two sets of duplicate private keys.
Public key:
On the blockchain, the public key is used by miners to decrypt and identify wallets.
Address:
Represents a specific “location” on the blockchain and can be used to send and receive virtual assets. The public address can be shared with everyone to receive assets. The address is a unique string calculated through the private key and cannot be reverse-engineered into the private key. Only the person who owns the private key for that address can use the wallet.
A wallet is similar to a Google, Facebook, or LINE account used to log in to various services in the online world. Some people describe a wallet as a passport in the blockchain world, representing a person’s identity in the virtual world. With a wallet, one can explore everywhere and interact with the blockchain network as a key.
The use and management rights of a cryptocurrency wallet belong to the wallet owner and are not controlled by any company or organization. Users can use the wallet to send and receive cryptocurrency assets such as Bitcoin, Ethereum, and even NFTs.
The concept of a wallet can also be compared to a bank account. Without a wallet, it is impossible to send or receive cryptocurrencies. In other words, the first step to owning cryptocurrency is to have a wallet, which is not held by any bank or financial institution.
Wallets are mainly classified into hot wallets and cold wallets based on “online or offline storage.” They can come in the form of hardware wallets, mobile applications, browser plugins, etc., making cryptocurrency payments or transactions as convenient as online credit card payments.
Hot Wallet: High transaction convenience
A hot wallet, also known as an online wallet, includes exchange wallets, browser plugins, and apps. With a withdrawal request, funds can be easily withdrawn through simple approval steps. However, because they are connected to the internet, there is an increased risk of being hacked.
Among them, the hot wallets of “centralized exchanges” belong to users, but the control is not independent of users. Mechanically, it is equivalent to entrusting the custody of encrypted assets to the exchange. Although it offers high transaction convenience, if there are problems with the exchange, it may not be possible to retrieve the encrypted assets.
The recent bankruptcy case of the FTX exchange illustrates the risk of misappropriating encrypted assets stored in centralized exchanges. When the bankruptcy is established, even though the wallet belongs to the user, the user cannot freely withdraw the encrypted assets inside. That is why investors withdraw their funds when they receive risk information about exchanges.
In addition, there is a well-known browser plugin called MetaMask, which allows connection and interaction with various decentralized applications (dApps). The biggest difference and advantage compared to exchange wallets is that users keep their private keys and store them in the plugin software. Although these hot wallets have a higher level of control, the generation and use of private keys in these wallets are connected to the internet, which increases the probability of being attacked by hackers. They are not 100% secure.
App wallets, on the other hand, operate similarly to browser plugins but are installed as applications on mobile phones, while browser plugins are software extensions for computers. Depending on the user’s situation, different software can be used for wallet operations.
Cold Wallet: High security
Compared to the risks of potential loss of encrypted assets in hot wallets, cold wallets store private keys in physical hardware or USB devices in an offline manner. When there is a need to deposit or withdraw cryptocurrencies, they can be connected to a computer, reducing the possibility of hackers stealing private keys.
Even if your cold wallet is lost or damaged, you can retrieve the assets inside as long as you remember the private key and mnemonic phrase of the wallet. This is because the assets are not stored in the cold wallet itself but are accessed by connecting the cold wallet to a computer to read the data on the blockchain.
Compared to free hot wallets, common cold wallet brands on the market include Ledger, Trezor, and Coolwallet, with prices ranging from around $100 to $250. They have different security specifications, appearances, operating interfaces, support for various currencies, and service features depending on the brand and model. They come in the form of credit cards, USBs, hard drives, etc., support a range of 1,000+ to 10,000+ currencies, including NFTs, and provide functions such as transactions, staking, and DeFi.
Purchasing and using a cold wallet have certain thresholds. Please make sure to order from the original manufacturer’s link and confirm that the packaging is intact upon arrival to avoid installation of malicious software by malicious individuals.
How to choose a wallet?
Regardless of the purpose of holding cryptocurrencies, it is recommended to have a “hot wallet” for convenient transactions. In addition to the wallets created when opening an account on an exchange, it is advisable to install the most well-known browser plugin, MetaMask, for use with various decentralized applications (dApps).
Another option is Trust Wallet, an officially supported decentralized wallet by Binance, which has gained a large number of users with its clean interface and simple operation process.
At the same time, to increase asset security, it is also recommended to use a “cold wallet” to store cryptocurrencies that do not need to be traded temporarily. The purchase depends on factors such as budget, number of currencies owned, and usage habits. In terms of convenience, the cold wallet CoolWallet issued by a Taiwanese blockchain company not only supports Chinese interface but can also be directly connected via Bluetooth on a mobile phone. It has a card-like appearance and is lightweight and portable.
According to Glassnode data, after the closure of the FTX exchange, approximately 450,000 bitcoins were transferred from exchange hot wallets to cold wallets in 2022, reducing the amount of bitcoins held by exchanges to less than 12% of the total bitcoin supply. For example, in December, Binance lost 90,000 bitcoins in just 7 days, and Coinbase had 200,000 bitcoins transferred out in 4 days in November.
Despite many exchanges offering interest rewards to attract users to store their cryptocurrencies on the exchange, in situations where market risks are high and the security of exchanges cannot be determined, investors prefer to safeguard their assets. Storing assets in a cold wallet is a safer reserve method to protect oneself from exposure to unknown market risks.