Stop Thinking of Your Wallet as a Crypto Storage

The term “wallet” has caused many problems for people who use blockchain technology but don’t know how it all works. If we keep our money and other things in hardware wallets, people think they’re safe and sound under our pillows or somewhere else. This isn’t true, though. But a wallet doesn’t store anything else.

crypto storage

Probably a lot of money has been lost because of this confusion. The recent phishing attack on OpenSea users is an example of this. It used a scam to get people to sign a malicious document. Once they did, the scammer was able to get a lot of money from many people. A disconnected wallet did nothing to protect the user because they had already given their OK.

Even in the development of blockchain technology, words have been used in a way that hasn’t always been the best. We talk about moving assets from and to different places. But there isn’t anything moving from place to place. We don’t have an address. Instead, an address is just a human-readable form of our public keys, and our public keys are half of our public-private key pair.

This means that smart contracts take care of all crypto assets, except for the built-in Ether. These smart contracts keep track of how many and what assets there are and who “owns” them. A crypto asset is “transferred” from one address to another when we change which private key has the power to tell a smart contract what to do with some of the crypto assets that it has defined.

Example NFT Transfer

Inside an NFT contract, there is an “owner” mapping between addresses and token IDs. This mapping determines “where” the NFT is at any given time. If you look at the following “transfer” of one of my lovely NFTs, all addresses are fake.

TokenID: 1000

NFT Contract: 0x38EC1bC5147aF6ed623cd4E921f3fA3fa3FD8674NFT 

From: 0x2048a0fC39e41EE21aF28FE3837F2c2e7B1f5C4F

To: 0x5cf8f40423ddD78c9E03f7D4D87434A71c185858

  1. I contact the contract at the specified address and instruct it to change the owner value for token ID 1,000 to the “to” address.
  2. The contract confirms that the contract was invoked using the private key associated with “from” and that “from” is the owner tokenID 1000.
  3. The contract then changes the owner tokenID 1000 address to the “to” address.

Now, only the private key that corresponds to that address has the power to do anything with the NFT with tokenID 1,000.

When we move fungible tokens, we do the same thing. Between addresses and balances, there’s a link. The balance variable in the “sending” account goes down, but nothing changes. In the same way, nothing is moving into or out of a wallet at this point. Only the private keys that control the process are in the wallets, not the other way around.

Even the transfer of Ether works in the same way. Using private keys, you can control what happens to a specific asset. These assets don’t move at all. Instead, they are no longer in charge of them. There’s nothing weird about that, though. The bank does not keep all of our money in a bit of bin, and when we move money from one account to another, gremlins move it from one bin to the next. This isn’t how it works.

That’s why we have to be very careful, even with “cold storage,” even though it sounds like it. This is the same thing that happens when you turn off your computer. If you have a private key linked to an already approved transaction, even though the hardware wallet isn’t connected, that transaction will go through, just like it would if your computer was turned off. In the end, the only thing that disconnected hardware keys can protect you from is malware that uses your connected wallet to sign a transaction.

Approved Transactions

Exchanges need to be able to see your assets. In this case, they can’t wait for you to approve the transfer by hand. So they have to make sure they like it first. You do this by agreeing to a contract that allows someone else to act on your behalf when you want to move some of your assets. The problem is that if you don’t want the contract to manage those approvals anymore, you have to do it yourself. You also have to make sure that you only approved non-harmful contracts before this.

Unfortunately, this seems to be what happened with the OpenSea hack. OpenSea sent out an email that had a link in it. They should not have done this because it’s bad practice and makes people too trusting links. An email that looked like the real one was sent out by someone else. Links in this version sent people to a page that asked them to sign a contract that didn’t belong to them. When the user agreed to that other contract, it gave access to their money and other things.

There is still a question about whether OpenSea’s version of the code had a flaw and how the thief could plan the attack so well. There was a big problem, and a lot of money was stolen, no matter which way you look at it.

crypto storage

Protecting Yourself

Because we’re in charge of all of our accounts, we have a lot of power and responsibility. If we let someone else handle our assets, things would be easier as we do with our money. But most of us want to be able to do even more. So we have to be careful. We should put our most essential things in cold storage. But again, as soon as you’ve approved the change, it’s already been made. In this case, disconnecting a wallet from the computer will not do anything because nothing is going on in the wallet. It’s all chained together.

Conclusion & Crypto Storage

The only way to keep your money safe is to never sign or approve contracts with a cold storage wallet, except for when you want to move your money to a hot wallet that you own. When you sign a message, make sure that you sign it for the right contract and on the right site. This is where you can see what token approvals you have open and then cancel them. You can do this through Etherscan or the equivalent for the chain you’re using.

Leave a Comment