If the platform goes bankrupt, will the purchased digital currency still be there?

The first priority of cryptocurrency investment: security

If you make money but cannot withdraw it, or the principal may be stolen at any time, no one would be willing to make such a risky investment. The cryptocurrency field is still in a relatively early stage, and many mechanisms are not yet mature and complete. Although there are more substantial investment returns, the risks are indeed higher, but investment is to make money, and the money earned must be taken away and the principal must be kept. These are the two most important things.

Therefore, many people who are new to the cryptocurrency world will ask: Where should I store my coins to keep them safe? Which is better, an exchange or a wallet?

This article will introduce the existing security mechanisms of exchanges and wallets, as well as their respective suitable usage scenarios and habits.

Six security mechanisms of the exchange - simply protect your assets

Mainstream exchanges usually have these security mechanisms for crypto assets stored in exchanges and the security of our exchange accounts:

1. 2FA (two-step verification) login - The use of exchanges is a bit like online banking. You need to register an account and log in before using it. 2FA requires other verification codes in addition to the account password to log in, such as email, SMS verification code, or use third-party verification tools such as Google Authenticator

2. New IP login warning - Whenever a new IP attempts to log in, an email notification will be sent, so you can instantly know if someone else is secretly logging into your account

3. Login device management - Check the logged-in device, which is also used to check if someone has secretly logged into the account

4. Set a separate withdrawal password (different from the login password) - You need to enter a separate password when withdrawing money. Even if the login password is leaked, as long as the withdrawal password is set differently, others will still not be able to withdraw money after logging in

5. Withdrawal restrictions on whitelist addresses - You can only withdraw money to addresses in the set list. New addresses are usually restricted to withdraw money after a period of time (such as one day). Even if the password is leaked, the other party cannot withdraw the money immediately

6. Withdrawal limit - set a daily withdrawal limit. Even if everything fails, the other party will not be able to withdraw all assets in a short period of time.

An exchange may not have all six of the above mechanisms at the same time, but usually has at least four or five of them. These mechanisms can be classified into three parts:

Login related - Add login verification steps to ensure that it is the person logging in.

Withdrawal related - increase withdrawal limits, additional passwords, quotas or whitelist address restrictions.

Abnormal alerts - Immediate notifications when there is abnormal activity in your account

Security mechanisms are usually disabled by default and must be enabled by the user. Once most of the security settings are enabled, it will be much more difficult for assets to be stolen.

Once 2FA two-stage verification is set, it is useless for the other party to get the account password, and they have to hack into other verification devices, such as mobile phones or email mailboxes; once the withdrawal limit is set, even if the login is successful, the currency cannot be withdrawn. Even if the whitelist address is set, the currency cannot be withdrawn until the time limit is reached. At this time, the account owner should have received an abnormal warning and can quickly change the password or withdraw the currency to other places first.

After all the relevant security settings are enabled, if you really click on a phishing website and enter your account password and 2FA verification code, it will be difficult for the other party to steal anything. The biggest possibility of theft may be that the other party gets your phone, and the mobile app is set to use fingerprint or facial recognition to log in. If the other party happens to be nearby and can directly use your finger to pass the verification, then only in this case can the encrypted assets in the exchange be successfully stolen by bypassing the numerous security settings.

The exchange account does not have a private key. You are not afraid of losing the private key. It does not matter if you forget the account password. As long as you can prove that you are the person, you can use customer service to help reset the account password.

In summary, if the security settings of the exchange are turned on, it is actually very difficult for the assets in the exchange to be stolen. Most of the thefts are caused by registering to a fake website from the beginning, or not setting up 2FA. The exchange does not need to worry about losing the private key. The biggest risk is that the exchange may misappropriate customer assets, or the exchange itself may be hacked, which may cause insolvency or even run away with the money.

Incidents of exchange hacks have decreased in recent years, but incidents of misappropriation of customer assets are still heard from time to time, such as FTX in 2022 and BKEX in 2023. Try to only use the top exchanges. The top exchanges may not be Absolutely safe, but usually safer; try to use exchanges that provide proof of asset reserves (POR), and try not to put all your assets in one exchange, and don’t put all your eggs in the same basket

The security of your cryptocurrency wallet depends on yourself, please keep your private key properly

Current cryptocurrency wallets do not have many security mechanisms and mainly rely on the users themselves.

Cryptocurrency wallets do not require login, they are mainly private keys. Once you have the private key, you can transfer the money into the wallet and control the assets in it. As long as the private key or mnemonic phrase is leaked, the other party can withdraw the coins in the wallet. Even if you find out immediately, you can't stop it. What you can do now is to be faster than hackers and transfer the coins away faster.

Glossary:

The private key is a string of garbled characters. The mnemonic is converted into 12-14 English words that are easier to remember. The private key is then calculated through a mathematical algorithm. The functions are similar. Once leaked, the control of the wallet is lost.

As long as it is a regular cryptocurrency wallet, it is a non-custodial wallet. The manufacturer will only update the software and will not help manage your wallet and assets. Only the user can record and back up the private key. Once forgotten, it is gone and customer service cannot help. recover

Has the private key been leaked? We have no way of knowing.

Maybe there has been an outflow, just because there is not much money in it, and the other party does not want to take action yet. The wallet owner has no way of knowing whether there has been an outflow; the exchange has an abnormal login warning, but the cryptocurrency wallet does not. General cryptocurrency wallets cannot set currency withdrawal whitelist address restrictions, nor can they set quota limits, etc.

The security mechanisms of cryptocurrency wallets are roughly as follows:

Multi-signature mechanism - initiating a transaction requires multiple people to authorize the signature together, and there is no fear of a single private key being leaked. But this is difficult for ordinary people to use, and only wallets with a lot of assets will set it up.

Each wallet address is authorized separately - a mnemonic can create dozens of wallet addresses, which can be operated in the same wallet tool. Each wallet address corresponds to a set of private keys, and each operation authorization contract is limited to this address. Even if an error occurs, only this address is at risk, and other addresses are fine (unless the mnemonic is leaked). If a different wallet address is used for each website, risk isolation can be achieved well.

Some cryptocurrency wallets/browser extensions have smart contract security scanning functions - cryptocurrency wallets need to be connected to the website and authorize smart contract operations, but if you connect to a phishing website and authorize a fraudulent contract, your assets will be at risk. Some cryptocurrency wallets have a security scanning function that scans security and gives warnings before authorization.

When using a device to log in to a website, be sure to check whether it is a phishing website. Many websites are only slightly different from the official website, so be sure to pay attention.

When operating a hardware wallet, you need to insert a physical wallet (similar to the physical key of an exchange) - cryptocurrency wallets can also be divided into cold wallets and hot wallets. Those that are connected to the Internet are hot wallets, and those that are not connected to the Internet are cold wallets. Cold wallets are usually presented in the form of hardware wallets. The private keys are only stored in the hardware wallet. The hardware wallet itself cannot be connected to the Internet. When using it, the hardware wallet must be plugged into the computer to sign for authorization. If you don’t get this physical wallet, The ____ does not work. Unless you copy the private key to others, there is almost no risk of private key leakage in a hardware wallet. The private key in the hardware wallet is stored in isolation. Even if the computer used is infected, the private key in the hardware wallet will not be leaked.

In summary, cryptocurrency wallets at this stage do not have many useful security mechanisms. Multi-signature is not practical for ordinary people. It is also troublesome to manage a new wallet address every time you use it on different websites. Not every wallet has this function of security scanning. At this stage, most of them still rely on third-party tools to check. As for hardware wallets, you have to spend money to buy them and learn how to use them. Usually, people with a certain amount of assets will choose hardware wallets.

At present, any attempt to improve the security of cryptocurrency wallets is almost always accompanied by inconvenience and increased costs.

The security of cryptocurrency wallets mainly depends on the users themselves. As long as the private keys are not leaked and do not authorize risky smart contracts, the assets in the cryptocurrency wallet will be safe.

Once the private key is leaked, it is no longer safe. If you think there is any doubt about the leak, be sure to create a new wallet immediately and transfer the coins there. Do not continue to use the wallet in question. In addition to outflow, another risk is forgetting the private key. If you forget the private key and do not make a backup or the backup is lost, the assets there will have nothing to do with you from now on, so be sure to back up the mnemonic phrase and private key.

It seems that exchanges are much safer than cryptocurrency wallets, why do so many people use cryptocurrency wallets?

Because of the title:

Not Your Keys, Not Your Coins

Not your private key, not your coins

If the exchange is hacked, our assets are at risk of loss; if the exchange misappropriates our assets, we are at risk; if the exchange is mismanaged, we are still at risk. The risk is in the hands of the exchange, and our own risk is in the hands of others. When using the exchange, we have to trust the exchange as a central institution. All of these violate the decentralized nature of blockchain cryptocurrency.

In a decentralized world, we don’t need to trust other people, we only need to trust the program (contract). We don’t rely on other people’s behavior for our own safety. We control the risks ourselves.

Using an exchange > If you have done all the security settings, the remaining risk is the exchange. Security depends on the exchange.

Use a cryptocurrency wallet > No need to worry about your assets being misappropriated, no need to worry about exchanges messing around, your security depends on yourself

There is no safest option, only the safest way that suits you best.

If you are a believer in decentralization and fully agree with the decentralized nature of blockchain, then of course you have to use a cryptocurrency wallet, which is most in line with the characteristics of decentralization.

If you are not a believer in decentralization and just want to operate cryptocurrencies safely, how can you determine whether an exchange or cryptocurrency wallet is more suitable for you?

Are you more risky? or is the exchange more risky?

If you have a good sense of security, keep your work and currency playing equipment separate, check new websites every time, and know how to safely back up private key mnemonics, then using a cryptocurrency wallet will indeed be safer than an exchange. After all, it is not Need to bear the risks of the exchange itself

If you are not that familiar with information security, often ignore details in the pursuit of speed and convenience, and often lose things, then using an exchange and turning on all security settings will be much safer than using a cryptocurrency wallet.


#美联储何时降息? #PlusToken相关钱包转移ETH #加密市场反弹 #美国CPI数据连续第4个月回落 #新币挖矿TON