Navigating Wallet Types and Risks

Background

As the cryptocurrency market heats up, Web3 projects are rapidly evolving, and the excitement among users is constantly growing. Along with this surge comes the risk of users inadvertently falling victim to hacks or scams when learning about various new projects. This guide primarily covers, but is not limited to: risks involved in downloading and using wallets; pitfalls that might be encountered while participating in various Web3 ecosystems; how to better discern whether signature authorizations are dangerous; and what to do if unfortunately hacked. (Note: The content is subject to change based on new developments and editorial decisions, so the final version may differ slightly in detail and length.)

Whether you're a Web3 newcomer overwhelmed by industry jargon and unknown risks, or an experienced enthusiast facing challenges in the blockchain space, this guide is for you. Our aim is to help every user effectively safeguard their assets and confidently navigate the dark forest of blockchain.

Wallet category

It is well-known that wallets serve as both the gateway to the crypto world and a fundamental component of Web3 infrastructure. So, without further ado, let us introduce the first topic: Wallet Types and Risks.

Browser wallets

Browser wallets such as MetaMask, Rabby, etc. are installed as browser plug-ins in the user's browser (such as Google Chrome, Firefox, etc.). They are typically easier to access and use, not requiring the download or installation of additional software.

Example: https://metamask.io/download/

Web wallets (not recommended)

Web wallets allow users to access and manage their crypto assets through a web browser. While convenient, the risks associated with web wallets are significant. Typically, web wallets encrypt mnemonic phrases and store them in the browser's local storage, making them vulnerable to malware and cyber attacks.

Example: https://www.myetherwallet.com/wallet/access/software?type=overview

Mobile wallets

Similar to web wallets, mobile wallets operate as apps that users can download and install on their smartphones.

Example: https://token.im/download?locale=en-us

Desktop wallets

Desktop wallets were more common in the early days of cryptocurrency, with well-known ones such as Electrum, Sparrow, etc. These wallets are installed as applications on a computer, with private keys and transaction data stored locally on the user's device, giving users full control over their crypto keys.

Example: https://sparrowwallet.com/

Hardware wallets

Hardware wallets, such as Trezor, imKey, Ledger, Keystone, and OneKey, are physical devices used to store cryptocurrencies and digital assets. They offer offline storage of private keys, meaning private keys are not exposed online during interactions with DApps.

Example: https://shop.ledger.com/products/ledger-nano-s-plus/matte-black

Paper wallets (not recommended)

Paper wallets involve printing a cryptocurrency's address and its private key on paper as a QR code, which is then used to conduct transactions by scanning the code.

Example: https://www.walletgenerator.net

Common wallet risks

Downloading Fake wallets

Due to a person's geographical locations, limitations like the absence of Google Play support or network issues, many users are forced to download wallets from third-party sites or randomly through browser searches, often leading to the installation of fake wallets. This is especially dangerous since ad space and search rankings can be bought, allowing scammers to lure users with fake wallet websites. The picture below shows the results of searching for TP wallet using Baidu:

Buying Fake Wallets

Supply chain attacks pose a significant threat to the security of hardware wallets. If not purchased from official stores or authorized dealers, there's uncertainty about how many hands the wallet has passed through before reaching the user, and whether its components have been tampered with. In the picture below, the hardware wallet on the right has been tampered with.

Trojans on Computers

Wallets can be compromised by malware if a computer is infected. It's advised to install antivirus software like Kaspersky, AVG, or 360, keep real-time protection active, and regularly update the virus database.

Inherent Wallet Vulnerabilities

Even if you download an authentic wallet and are cautious in its use, vulnerabilities in the wallet's design could still expose it to hacker attacks. This underscores the importance of choosing wallets not just for their convenience, but also for the openness of their source code. External developers and auditors can identify potential vulnerabilities through open-source code, reducing the likelihood of attacks. Should a breach occur due to a vulnerability, security personnel can quickly locate and address the issue.

Summary

We've introduced different types of wallets and highlighted common risks. Regardless of the type or brand of wallet you choose, always keep your mnemonic phrases and private keys confidential and secure. Consider combining the strengths of different types of wallets, such as using a combination of well-known hardware and software.

Note: The wallet brands and images mentioned are solely for educational purposes and should not be considered endorsements or guarantees.