Types of Wallets
by slowmist
Hot Wallet
Compared to a cold wallet, a hot wallet has basically all the risks that a cold wallet would have. Plus, there is one more: the risk of theft of the secret phrase. At this point there are more security issues to consider with hot wallets, such as the security of the runtime environment. If there are viruses associated with the runtime environment , then there is a risk of getting stolen. There are also hot wallets that have certain vulnerabilities through which the secret phrase can be directly stolen.
Centralized exchanges with deep pockets and good reputations provide the best experience. As long as you are not personally responsible for losing the token (such as if your account information was hacked), centralized exchanges will usually reimburse your loss.
Cold Wallet
Cold Wallets (comparison matrix)
There are different ways to use a cold wallet. From a wallet's perspective, it can be considered as a cold wallet as long as it's not connected to any network. But how to use it when it's offline? First of all, if you just want to receive cryptocurrency, it's not a big deal. A cold wallet could provide excellent experience by working with a Watch-only wallet, such as imToken, OneKey, Trust Wallet, etc. These wallets could be turned into watch-only wallets by simply adding target wallet addresses.
If we want to send cryptocurrency using cold wallets, here are the most commonly used ways:
QRCode
USB
Bluetooth
All of these require a dedicated app (called Light App here) to work with the cold wallet. The Light App will be online along with the aforementioned Watch-only wallet. The essential principle is: eventually, it's just a matter of figuring out how to broadcast signed content onto the blockchain. Detailed process is as follows:
The content to be signed is transmitted by the Light App to the Cold Wallet by one of these means.
The signature is processed by the cold wallet that has the private key and then transmitted back to the Light App using the same way
The Light App broadcasts the signed content on the blockchain.
So no matter which method is used, QR code, USB or Bluetooth, it should be following the above process. Of course, details might vary from different methods . For example, QR code has a limited information capacity, so when the signature data is too large, we would have to split it up.
It seems to be a bit troublesome, but it becomes better when you get used to it. You would even feel a full sense of security. However, don't consider it 100% secure because there are still risks here, and there have been many cases of heavy losses because of these risks. Here are risk points:
The target address of the coin transfer was not checked carefully, resulting in the coin being transferred to someone else. People are lazy . For example, most of the time they only check the beginning and ending few bits of a wallet address instead of fully checking the whole address.
Coins are authorized to unknown addresses. Usually authorization is the mechanism of the Ethereum smart contract tokens, the "approve" function, with one argument being the target authorization address and the other being the quantity. Many people don't understand this mechanism, so they may authorize an unlimited number of tokens to the target address, at which point the target address has permission to transfer all those tokens away.
The cold wallet may not have provided enough necessary information, causing you to be careless.
Last updated