Download Trust Wallet
Home  >  Blog  >  Security  >  Crypto Wallet Security: A Deep Dive by Trust Wallet & BNB Chain
Security

Crypto Wallet Security: A Deep Dive by Trust Wallet & BNB Chain

Published on: Dec 2, 2024
Share post
In Brief

Learn all about crypto wallet security in this collaborative article by Trust Wallet and BNB Chain. Discover wallet types, security features, and more.

Crypto Wallet Security: A Deep Dive by Trust Wallet & BNB Chain

I. Introduction: The Wild West of Crypto Wallets

Keeping your tokens safe should always be the first priority. The recent DEXX security incident, which resulted in the loss of at least $21 million in user funds, serves as a sobering reminder of the ever-present risks in the crypto world. Attackers exploited vulnerabilities in the platform's private key management, impacting over 1000 users and sending shockwaves through the community.

The golden rule of crypto security is simple: "Not your keys, not your coins."

This starts with choosing the right wallet and adopting robust security practices. Crypto wallets come in various forms, including:

In this article, Trust Wallet and BNB Chain aim to provide you with the knowledge and tools to navigate the world of crypto wallets safely, empowering you to make informed decisions and protect your digital assets.

II. Lessons Learned from DEXX Security Issue

Before we dive into the ins and outs of wallet security, we’d like to share a recent security incident to highlight the importance of safeguarding your assets.

On November 16, 2024, DEXX, an on-chain trading terminal platform, was compromised, primarily affecting Solana funds. This breach resulted in losses exceeding $21 million across multiple users. Approximately 1000 victim addresses have been identified.

This incident, marked by over 9,000 unauthorized transactions, has raised significant concerns within the community. Analysis of several compromised addresses reveals that the stolen funds remain in the hacker’s possession, with no movements detected. This pattern strongly suggests a single perpetrator orchestrated the attack. Interestingly, almost every victim has a unique attacker address, indicating the attacker likely engaged in extensive premeditation.

Root cause analysis of the incident revealed that the vulnerability stemmed from the storage of private keys on the server. As shown in the accompanying image, the API for exporting wallets from DEXX returned private keys (appearing to be unencrypted) from its servers. This indicates that although DEXX markets itself as a non-custodial wallet, the users' private keys were actually stored on the project's servers.

image1.png

Several measures could have been implemented to enhance security and prevent this breach:

For users, it’s important to verify whether your wallets have undergone thorough and high-quality audits. Additionally, when investing significant amounts of funds, it is better to choose time-tested platforms to minimize potential losses in case of security breaches.

III. The Secure Wallet Design: Features to Look For

Security Scanner & Alerts

When exploring Dapps or performing transactions, it can be challenging for users to fully understand the impact of a transaction. Signing a given message or prompted transaction from a Dapp often requires an unwarranted level of trust, as it’s nearly impossible to predict the consequences of the transaction just by reviewing the on-screen prompt.

The Trust Wallet Security Scanner, which analyzes transactions and identifies suspicious patterns before funds are sent, helps reduce the likelihood of users signing scam or unwanted transactions. To date, this feature alone prevented a staggering $450 million from being sent to scammers, giving users peace of mind while they explore the Web3 ecosystem.

Instead of merely displaying the message or transaction as requested by the Dapp, wallets equipped with this feature simulate the transaction and present the simulated results to the user. This ensures that the action the user is about to sign aligns with their expectations.

trust-wallet-security-scanner-message.png

Given that wallets act as the gateway to interacting with Dapps—and users often struggle to grasp the full implications of transactions—it is highly recommended to use the security scanner feature. This reduces the probability of asset loss or unintentional signing of malicious transactions.

Wallet History / Audits & Security Licenses

Selecting a secure wallet is one of the most challenging tasks for users entering the Web3 ecosystem. Many users find it difficult to determine whether a wallet securely manages private keys, adheres to best security practices, and implements essential security features to protect their assets.

To choose a highly secure wallet, consider the following steps

By evaluating the wallet’s history, audits, and certifications, users can make informed decisions that prioritize security.

Secure Key Management

Secure key management is the foundation of wallet security in Web3. A reliable wallet ensures private keys are generated, stored, and managed in a secure manner that minimizes the risk of compromise.

Key aspects of secure key management include:

Non-Custodial Design: Opt for wallets that do not store private keys on centralized servers. Instead, private keys should remain entirely under the user’s control.

Seed Phrase Encryption: Ensure that wallets provide strong encryption for seed phrases, offering additional protection against unauthorized access.

Backup and Recovery: Wallets should provide secure options for backing up and recovering private keys or seed phrases, enabling users to regain access in case of device loss or failure.

With robust key management practices, users can confidently secure their assets and navigate the Web3 space with peace of mind.

IV. How to Choose a Wallet: A Step-by-Step Guide

A wallet is at the heart of the crypto ecosystem, acting as a gateway to blockchain networks and decentralized applications (dApps). Whether you're looking to store assets securely, access blockchain games, or transact seamlessly, choosing the right wallet is crucial. Here's a guide to help you make the right choice.

Understand Your Needs

Before selecting a wallet, identify your primary requirements:

Types of Crypto Wallets

Crypto wallets are mainly divided into two main categories—software wallets and hardware wallets. Each has its advantages and trade-offs.

Software Wallets

Software wallets are applications accessible via computers, smartphones, or browsers. They offer easy and quick access to your digital assets and allow you to conveniently connect with Web3 decentralized applications at the tap or click of a button.

Software wallets are a popular choice for those who frequently transact with crypto or prefer seamless access to their digital assets. The key advantage of software wallets lies in their immediate accessibility and their functionality, which allows them to seamlessly connect to dApps, be used for crypto payments, digital IDs and so much more.

Trust Wallet is a prime example of a software wallet that can be used on a mobile device or desktop computer. If that’s an option you’re interested in you can download Trust Wallet here.

When using a hot wallet on your PC or mobile, it's crucial to install antivirus software for malware protection to ensure the security of your personal computer or phone.

Hardware Wallets

Hardware wallets are physical devices that keep private keys offline.Hardware wallets are considered one of the safest ways to store and manage crypto. A hardware wallet is a tangible device designed to keep your private keys in a secure setting, isolated from any online access. Similar to other types of wallets, it enables users to authorize transactions and engage with the blockchain network.

Hardware wallets are often recommended for users who wish to have an extra physical layer of security for their crypto assets or for those who wish to store their crypto assets for a long time without frequent transactions. While hardware wallets offer an extra layer of security, the trade-off comes in the form of less immediate convenience. For instance, executing transactions might take a bit longer compared to a software wallet, as it requires the physical device to be connected to a computer or a smartphone.

Can hardware wallets and software wallets be used simultaneously?

Yes, you can use hardware wallets and software wallets together. This setup gives you a great mix of security and convenience. For example, you can connect a hardware wallet, like Ledger, to a software wallet, such as the Trust Wallet browser extension.

Key Factors to Consider

When evaluating wallets, prioritize the following:

V. Are Smart Contract Wallets Safe?

Smart Contract Wallet is a smart contract that is programmed to function as a wallet. For example, a typical smart contract wallet will be programmed to include features like:

  1. Asset ownership (to hold tokens & coins)

  2. Signature Validation (to validate ownership)

  3. Execution (to execute transactions e.g., swap, etc)

There are diverse approaches to developing a smart contract wallet and one of the most widely adopted industry standards is ERC-4337 that utilizes an alternative mempool to enable Account Abstraction.

Smart Contract Wallets, being programmable, offer several advantages over traditional wallets (EOAs), which are essentially just key pairs.

Smart Contract Wallets could enhance user security and experience in diverse aspects:

  1. Multi-owner account: Smart Contract Wallet allows users to set multiple owners for a single account and enforce a certain threshold of owner to authorize the operation to perform the transaction. E.g., 5-of-3

  2. Account Recovery: In case a user loses their key of the wallet, there is no way to recover the assets. However, with Smart Contract Wallet users can authorize a pre-defined key or entity to recover the account in case the owner key is lost.

  3. Flexible key management: Unlike traditional wallets(EOA) that enforces a certain cryptographic scheme for key management(e.g., Secp256k1), Smart Contract Wallet allows users to utilize their preferred key management system.

    For example, users can use Passkeys to manage assets with their TouchID & FaceID.

  4. Batch Execution: When performing swaps or DeFi transactions you may have experienced multiple steps of transaction for an action or may have wondered why transferring multiple tokens in a single transaction is not feasible. Through Smart Contract Wallet, users can execute multiple operations in a single transaction. For instance, this allows users to perform cross-chain bridging in a single transaction.

  5. Gas Payment in tokens: Smart Contract Wallet enables users to pay for gas in tokens. This allows users to not hold native coins but just hold the token the user prefers and use it to pay for gas.

These benefits of Smart Contract Wallets are indeed promising. However, it is worth noting that there could be potential security risks if there is a bug in the smart contract code of the Smart Contract Wallet.

So it is highly suggested to use the trusted and audited Smart Contract Wallets with trackable history of the wallet.

  1. Gnosis Safe Multi-Sig Wallet: The Safe Wallet offers robust security and an intuitive user interface for managing crypto assets securely. It is widely used by treasuries and institutions requiring multi-owner access and enhanced security features.

  2. Trust Wallet Swift: Smart Contract Wallet developed by one of the Trust Wallet

(empowering 140 Million+ users) provides a secure and next level UX to users.

Swift Wallet uses Passkey based key management while allowing users to pay gas in 250+ tokens which is 3.4X of the current market offerings.

It includes the one-step swap/bridging to enhance UX and gas efficiency and has been audited by top security firms like Halborn, Quantstamp, Certik and more.

VI. Conclusion: Taking Control of Your Crypto Security

The world of cryptocurrency offers immense potential but also significant risks, as evidenced by incidents like the DEXX security breach. The key takeaways are clear: prioritize security by choosing wallets that ensure private key control, conducting regular updates, and leveraging advanced features like security scanners. Understanding your needs and the available wallet options—whether software, hardware, or smart contract wallets—is essential to making informed decisions.

Ultimately, security is a personal responsibility. Stay vigilant, avoid sharing sensitive information, and diversify your storage methods. Empower yourself with knowledge and the right tools to protect your digital assets.

Your crypto security journey doesn't end here—it's an ongoing process. Share this article with friends, family, and your network to help others safeguard their digital assets. Together, we can build a more secure and resilient Web3 for everyone.

Disclaimer: Content is for informational purposes and not investment advice. Web3 and crypto come with risk. Please do your own research with respect to interacting with any Web3 applications or crypto assets. View our terms of service.

Join the Trust Wallet community on Telegram Follow us on X Instagram Facebook Reddit Warpcast TikTok

Follow BNB Chain on  Website | Twitter | Telegram | Facebook | dApp Store | YouTube | Discord | LinkedIn | Build N' Build Forum

Note: Any cited numbers, figures, or illustrations are reported at the time of writing, and are subject to change.