From Hot to Cold: A Practical Guide to Truly Secure Crypto Wallets

mibii - Jul 31 - - Dev Community

"...The former CTO of Coinbase believes that if the G7 allows the confiscation of digital assets, tech giants like Apple, Microsoft, and Google might scan devices, find private keys, and hand them over to authorities if demanded."

It's time to remind everyone about the basics of cryptocurrency wallets. What's the difference between a "cold" wallet and a "hot" one? Many think a cold wallet is a hardware wallet, and all software wallets are hot (unsafe). This is not the correct understanding.

Hardware wallet = Cold wallet ? NO

Using a hardware wallet means connecting it via USB to an internet-connected computer. What are the technical details of what's happening? What data is exchanged between the hardware wallet and the computer through this USB connection? Only the developer of that hardware wallet knows for sure. If you're not a developer, you're unlikely to answer this question. Users must be confident that no confidential data actually leaves the hardware wallet via USB to the computer and the internet. Thus, a hardware wallet can't be considered a cold wallet.

ANY wallet installed on your phone or computer WITHOUT AN INTERNET CONNECTION is a "Cold wallet"

In reality, ANY wallet installed on your phone or computer WITHOUT AN INTERNET CONNECTION is a "Cold wallet". Any wallet on a device WITHOUT AN INTERNET CONNECTION can play this role. But once run with the internet on, the wallet formally stops being cold.

How can such a wallet work without the internet?

But, you'll ask, how can such a wallet work without the internet? The internet is NOT NEEDED to create an initial random seed phrase in your wallet and generate a list of addresses associated with that phrase. You DON'T NEED an internet connection to start receiving cryptocurrency. The internet is only needed for OUTGOING transactions.
To be more precise, when I talk about an internet connection, I mean connecting the wallet to a blockchain node, which is required for the wallet to prepare and send a transaction - broadcast. Sometimes it makes sense to consider deploying your own blockchain node).
Then, the only way to work safely is to store confidential information OFF-LINE. (in our case, private keys or seed phrases are confidential)
You can use any popular crypto wallets, but make sure, that you are sure that your wallet do generate a really random and secure seed phrase generator and the crypto wallet is open source.
"So, are all web wallets crap and fraud?" No, a web browser is just an interface to the main program code, which can run locally in the browser or on a remote server (via the Internet). As you understand, the second option is categorically unacceptable for a crypto wallet. The wallet should work entirely locally, except for tasks where internet is required to communicate with the blockchain. There are wallets created only for generating addresses (public and private keys), without the task of interacting with the blockchain.
And such web wallets exist. For example, the well-known "paper wallet".
https://github.com/pointbiz/bitaddress.org meets these requirements and can be safely used offline by downloading it to your computer (or smartphone).
Also, a known and reliable multi-currency web wallet can also work locally in a web browser.
https://github.com/iancoleman/bip39
Also consider my recent open code - Secure Seed Phrase Generator.
With the mentioned wallets - OFFLINE - you can easily generate crypto addresses and start receiving cryptocurrency by sharing your address with someone.
This is a real cold wallet if you run it offline.

But what next - what if you need to send your assets from a cold wallet?

How to send and keep your wallet address cold after sending?

How to take only part of the funds, leaving the rest in this cold wallet?
For this, you can use the utility https://github.com/coinbin/coinbin - it allows you to prepare a transaction and broadcast it.

In brief, it's three steps

  1. Form the necessary transaction, from where to where and other parameters here https://coinb.in/#newTransaction (done online, use only your public address to prepare the transaction, DO NOT use your private key)
  2. Sign the transaction here, https://coinb.in/#sign (for this, you need to copy the string obtained in the previous step to a text file and transfer it to your offline device). For signing, we use the same utility, but on your offline device.
  3. The last step - broadcasting - notifying the entire network about your transaction, here https://coinb.in/#broadcast (for this, we paste the string obtained in the previous step into the window and press the button. For those who don't want to trust and aren't ready to delve into the technical intricacies of hardware wallet operation, it's better not to use them at all. Instead,

follow the principle - if there's an internet connection - the wallet is HOT, no internet connection - the wallet is COLD.

Any of your wallets installed on a phone where you've turned on the internet even once - formally ceases to be a "Cold wallet". And vice versa, any wallet - an application installed on your phone or computer without internet - is a Cold (reliable) wallet. After all, you can calmly sign transactions without an internet connection, and then transfer them to a computer (phone) with internet.
By using offline wallets and following the recommended three-step process for sending transactions, you can maintain the status of a cold wallet and safely manage your digital assets.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .