In the period 2021 - 2022, DeFi applications are the top target of hackers. The peak was in 2022, when cybercriminals took more than 3,1 billion USD from these projects, and throughout 2023, projects continued to suffer a series of serious security incidents.
“Fed up with the risks from hacking”
In March 3.2023, the Euler Finance lending protocol was attacked, causing a loss of 197 million USD. By July, projects continued to record 7 hacks, including the Curve Finance platform. According to CoinDesk, this leading stablecoin exchange had more than $70 million withdrawn from its liquidity pool in hours.
Similarly, a number of serious attacks continued to take place in September - November 9. Both DeFi and CeFi platforms were affected: Mixin Network ($11.2023 million), CoinEx ($200 million), Poloniex Exchange ($43 million), HTX ($130 million), and Kyber Network ($113 million).
It is estimated that from 2021 to 2023, there will be 516 hacking incidents with an estimated loss of 8,6 billion USD. This creates concern for cryptocurrency users.
How to use digital wallet safely?
Even as DeFi projects improve smart contracts, protecting private keys is still the most basic step for every user.
When using hot wallets, users need to be careful of risks when connecting to the internet such as connecting to fake websites, accessing malicious links, downloading files of unknown origin... Before accessing or connecting For any website, users need to carefully check whether the project is reputable and whether the website's domain name is correct or not.
By simply changing a small character on the domain name, criminals can trick users into clicking on a fake website. Security firm Trend Micro estimates that there were more than 5.800 websites impersonating Apple to hijack user accounts.
Particularly in blockchain, the ETHDenver event with thousands of attendees was also a victim. According to Blockfence, the fake “go-ethdenver” website “ethdenver” accessed more than 2.800 wallets and stole more than 300.000 USD.
Ms. Linh, a longtime cryptocurrency investor, shared that she often limits public Wi-Fi access in cafes, airports or hotels. Although convenient and free, public Wi-Fi often has low security, making users vulnerable to data theft.
“Hackers can set up fake Wi-Fi networks with names similar to official Wi-Fi networks. When users connect, hackers can control online activities and steal users' personal information," a security expert warned.
To avoid online risks, many users have sought solutions using cold wallets. In cold wallets, the user's private key is stored on a USB-like device and completely disconnected from the internet. However, users should note that most cold wallets will be secured with a PIN code. So, they can still lose their assets in case they forget their PIN.
Besides, cold wallets have a number of other disadvantages that make this product not widely popular compared to hot wallets. While hot wallets are free, cold wallets are quite expensive, fluctuating around a few hundred USD. Cold wallets are also relatively "picky" when they can only store a few popular cryptocurrencies such as Dash, Ethereum and Bitcoin...
In addition, the biggest inconvenience is that users always have to plug the wallet into the PC to connect to the network and start trading or withdrawing money.
Currently, Zen Card is a hybrid wallet product introduced by technology startup Ninety Eight in 2023. The project's goal is to combine the advantages of hot wallets (convenience, affordable prices) and cold wallets (security). High).
In Zen Card, the seed phrase (after encryption) is divided into 2 parts, one part is stored on Zen Card and the other part is stored on the user's phone. Every time a transaction needs to be signed, the user needs to combine the Zen Card with the phone. Coin98 Super Wallet will create a secure and private environment for users to synthesize keys immediately.
Once the user has signed the transaction, the previously synthesized key will be destroyed to ensure safety. Because the key is not in an intact state on the phone, users do not need to worry about losing their wallet in case the phone is hacked by bad guys.
Seed phrase is still the most important key that represents the user's right to hold assets. Whether it is a cold wallet, hot wallet or warm wallet, users still need to store this code to restore the wallet. Once the code is available, users can easily buy a new phone to restore their wallet or buy a new Zen Card to "share" the seed phrase with the phone.
In addition, a number of other projects on the market also launched the initiative to split seed phrases similar to Zen Card. Seed phrase includes 12 – 24 randomly generated English words. This is an important password for users to create and restore cryptocurrency wallets and get private keys on the device.
For example, the Ramper wallet platform "splits" the private key into 2 parts. The first part of the key is encrypted and sent to a third party. The remaining key is saved on cloud storage such as iCloud or Drive. Therefore, the wallet's private key will not be exposed if the device is infected with a virus and takes control.
Therefore, in the future, users will not be the only party storing these important keys. Projects can also develop new technologies to help customers use cryptocurrencies safely while ensuring ownership of their assets.