Recently, I have seen many group members (especially crypto newcomers) fall into the pit of asset theft/wallet loss/mnemonic loss/assets cannot be displayed, etc. Some even lost hundreds of Ethereum. Without sufficient knowledge of asset security, the crypto circle is really dangerous💀First, I collected 10 typical questions for popular science. I will try to speak in human language and continue to add if necessary.
I lost my mobile phone. Can the web3 wallet be recovered?
What is a mnemonic? A mnemonic (Secret Recovery Phrase in English) is a list of words that stores all the information needed to recover a cryptocurrency wallet. It is usually 12 or 24 words. 24 words are safer and more difficult to crack. The mnemonic can be understood as the master key of the wallet. It is generated when you create a wallet, and the wallet company does not know the mnemonic of your newly created wallet (if you know it, run away quickly😂). When importing a wallet and restoring a wallet, you need to use the mnemonic. The mnemonic is equivalent to the wallet itself. Losing the mnemonic is equivalent to losing all the assets in the wallet, so this is the most important concept in wallet asset management. Be sure to save it! If your cold wallet is accidentally flushed down the toilet or picked up by someone, it doesn't matter. Just buy a new cold wallet and import it with the mnemonic.
What is the difference between a mnemonic and a password? As mentioned above, the mnemonic is basically equivalent to the wallet itself and has the highest security level. The password is used to protect the wallet app, such as MetaMask or Ledger, which has its own app or browser plug-in and needs to enter the password to log in. If you forget the mnemonic, you can log in to the wallet app with the password if you are lucky, find the mnemonic in the app and record it again (for example, MetaMask has such a function). But this is not always the case. Some wallets only give you the opportunity to record the mnemonic when you create it, and you can't view it again afterwards. Or after logging in to the app with the password, only some wallet address accounts can be displayed, and the rest of the wallet address accounts cannot be displayed. At this time, there is no way to retrieve these accounts without the mnemonic. So be sure to save the mnemonic record when the wallet is created, and don't take chances.
Are mastering the mnemonic and the private key the same thing? They are not the same thing. The mnemonic phrase controls your "big wallet", and the private key controls the "small wallet" corresponding to each of your wallet addresses. The "big wallet" can contain multiple "small wallets" (for example, [MetaMask] can have multiple EVM chains, and each chain can have multiple wallet addresses. Or the multi-chain form of a hardware wallet). Take [MetaMask] as an example. Losing a private key is equivalent to losing the assets of a wallet address (strictly speaking, it should be called an account). If you lose the mnemonic phrase, all the wallet address assets of the entire MetaMask will be lost.
How to keep the mnemonic phrase? The best way is to copy it on paper and store it in a safe alone in a closed environment. At that time, there were more advanced operations such as engraving it on a waterproof and fireproof metal plate, storing it in a private bank safe, etc. Note that the entire copying process must be completely off the Internet. Do not take photos and upload them to the cloud, do not copy and paste, do not save them on mobile phone notepad apps, do not be under the camera in public places, etc.
What is a hot wallet? What is a cold wallet? The main difference is whether it is exposed to the Internet. Hot wallets, including network plug-in wallets (MetaMask, Phantom) or exchange Web3 wallets (Binance, OKX), are convenient for daily transaction interactions, but are vulnerable to hacker attacks. Cold wallets provide a higher level of security by keeping private keys offline. No matter what the situation, they are completely out of touch with the Internet. They are more secure and suitable for hoarding coins.
Is a cold wallet equivalent to a hardware wallet? Not necessarily. Hardware wallets are the main form of cold wallets. The definition of cold wallets mainly depends on whether they are connected to the Internet, so some old leeks can also use old Apple phones that are not connected to the Internet as cold wallets.
How to properly manage asset security? Cold wallets are used to hoard coins and store large amounts of assets. They are never connected to the Internet and never interact. For insurance purposes, you can buy multiple cold wallets from different wallet companies, and put your eggs in different baskets. I have seen some big players use 30 cold wallets 😂 Hot wallets store small amounts of assets for trading and interactive wool, etc. A friend of mine accidentally clicked on a phishing link and caused the hot wallet to be stolen. There was still a lot of money stored in the wallet, and the loss was heavy.
What hardware wallet brands are worth considering? I won't make any recommendations, I'll just talk about my personal experience. The two most popular foreign teams with the longest tracking records are [ConvertL] and @Trezor. From my personal observation, the Chinese teams with the best reputations are [ConvertL] and [ConvertL]. I'm more familiar with [Ledger] [Onekey] [Keystone]. I'll briefly mention the advantages of each company for reference, and I won't mention the shortcomings to avoid causing conflicts. You can decide for yourself.
[Ledger]: The most famous, the oldest (one of?), the longest tracking record [OneKey]: Open source code, good reputation and product experience, the only hardware wallet invested by Coinbase [Keystone]: Open source code, good reputation and product experience, MetaMask's official hardware wallet partner
Can a hardware wallet generate multiple addresses? Does it use the same set of mnemonics? It can generate multiple addresses and use the same set of mnemonics. Different chains should have different addresses, and the evm chain should have the same address. Refer to question 3, the concepts of "big wallet", "small wallet" and "multi-chain wallet".
What is a smart contract wallet? This topic can be opened in a long article 😂 I won't go into details here. You may have heard of several wallet concepts, such as smart contract wallets, account abstraction wallets, AA wallets, ERC-4337 standard wallets, etc. Friends who are not industry practitioners can understand these as the same thing (in fact, there is a difference!), collectively referred to as smart contract wallets, which are different from traditional EOA wallets (such as MetaMask, [ConvertL], etc.). Simply put, a smart contract wallet is a wallet that can be managed using smart contracts, and you can add the desired functions by writing programs. At present, common functions include gas payment (users are unaware of the existence of gas, and use ERC-20 tokens to pay gas instead of ETH), social recovery (using email and other means to restore wallet accounts, without recording mnemonics), batch transactions (no longer need to sign once for each interaction), etc.
convertl May 28, 2024 It is well written and generally enough for novices. But it is more demanding, as follows: 1. Strictly speaking, all hardware wallets are not 100% safe. After all, it is too challenging to human nature. You don't need any hardware wallets. 2. A secure wallet should be one that generates 100% random mnemonics securely. 100% random and secure mnemonics can only be generated by a PC+bip39 that is never connected to the Internet. 3. To store coins, you can only use a cold wallet that is never connected to the Internet, such as a mobile phone that is not connected to the Internet.
