1. Home
  2. private keys

private keys

Crypto Portfolio Tracker Coinstats Confirms Security Breach; Temporarily Shuts Down App

Crypto Portfolio Tracker Coinstats Confirms Security Breach; Temporarily Shuts Down AppAccording to the crypto portfolio tracking app, Coinstats, suspected North Korea-linked hackers are believed to be behind the security breach on June 22, which impacted 1,590 user wallets, The Coinstats team has advised users with affected wallet addresses to immediately transfer their funds using their exported private keys. Coinstats App Shut Down Coinstats, the crypto […]

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

How to backup your crypto wallet private keys

To securely backup your crypto wallet private keys, create an encrypted offline copy on a hardware wallet or write them on paper.

In the rapidly evolving world of cryptocurrencies, it is critical to secure one’s digital assets. A crucial element of crypto security is storing a backup of private keys. Private keys are the keys to one’s crypto kingdom, and losing them can cause an irreversible loss of money. 

This article will explain the importance of private keys, the risks they pose and the different ways to safely backup keys.

What are private keys?

In the world of cryptocurrency, every digital wallet is built upon a foundation of cryptographic keys, forming an essential element of its structure. These keys, unique to every user, play a pivotal role in securing one’s assets.

The private key, functioning akin to a password, acts as the gateway to accessing funds, while the public key mirrors the wallet address, enabling seamless transactions. Generated through complex algorithms, private keys are the linchpin of ownership in the digital asset realm.

In contrast to conventional banking systems, where misplaced login credentials are frequently recoverable, a lost private key in the cryptocurrency realm cannot be recovered. Therefore, the private key and ownership are inextricably linked, so protecting them requires careful consideration.

To better understand the concept of private keys, let’s explore how they work:

Key generation

A public key and a private key are the two cryptographic keys that are generated when a cryptocurrency wallet is created. The private key is kept confidential and known only to the owner, whereas the public key is available to all and acts as an address to receive funds.

Ownership and security

The private key belongs to the owner alone and functions similarly to a digital signature. It needs to always be kept secret and safe. The linked cryptocurrency funds are under the jurisdiction of anyone who has access to the private key. Private keys can be kept by users in a variety of formats, including encrypted digital files, paper wallets and hardware wallets.

Transactions

A user uses their private key to sign transactions when they wish to send cryptocurrency from their wallet. This signature is validated by the network using the matching public key. The transaction is accepted and posted to the blockchain, verifying the money transfer if the signature is legitimate.

Access and control

Having the private key enables an individual to access and manage the funds. It is imperative that the private key be kept confidential and not disclosed to any parties. The fact that there is usually no means to retrieve the linked funds in the event that a private key is lost or compromised highlights how crucial it is to protect this sensitive data.

Risks associated with losing access to private keys

In the digital world, losing access to private keys may pose significant risks, especially when it comes to online security and cryptocurrencies. Enabling secure transactions and confirming identification require the use of private keys. A user may suffer financial loss and maybe face legal issues if they misplace their private keys, which essentially gives them no control over their digital possessions.

Furthermore, internet security is compromised by losing private keys. These keys give a hacker the ability to impersonate the user, which could result in identity theft, unlawful access to private data or even financial fraud. It highlights how crucial it is to protect private keys and employ safe backup procedures to avert such dire circumstances.

The examples of James Howells and Stefan Thomas demonstrate the serious risks associated with losing access to private keys. In 2013, Howells, a British IT professional, unintentionally threw away a hard drive that had his Bitcoin (BTC) private keys. The BTC on the disk is worth millions of dollars now, but it’s buried in a landfill and cannot be accessed.

Similar to this, programmer Stefan Thomas has 7,002 BTC worth tens of millions of dollars, but the funds are locked away because he forgot his password. On Oct. 25, crypto recovery firm Unciphered offered to unlock Stefan Thomas’ IronKey hard drive containing 7,002 BTC in an open letter, but Thomas has not responded to the offer.

How to back up private keys

Backing up private keys can be done through various methods, each with its own advantages and drawbacks.

Paper wallets

Using paper wallets, which are tangible documents that hold an individual’s public address and private key, is a common method to back up private keys. Because it cannot be hacked online, creating a paper wallet offline offers higher security.

Nevertheless, paper wallets are prone to deterioration over time, loss or physical damage. They also make regular transactions difficult because one has to import the private key into a digital wallet, which can be a hassle.

Hardware wallets

Hardware wallets, which are actual physical devices made especially for safely keeping private keys offline, are an additional secure option. Hardware wallets are resistant to malware and computer infections and provide increased security.

They accept a variety of cryptocurrencies and are convenient to use. But even if they are a one-time cost, there is still a possibility of damage, loss or theft, although they are more durable than paper wallets.

Encrypted digital file

Keeping private keys on an external storage device, like an external hard drive or USB drive, as an encrypted digital file is another popular method. In addition to being convenient, this approach can be encrypted for increased security. But there’s also a chance of digital theft and data corruption, so regular backups and encryption are essential.

Encrypted cloud storage

Using encrypted cloud storage services is another technique. Encrypted private keys can be safely kept in the cloud and accessed only with a strong passphrase. This approach has the ability to be accessed from any location with an internet connection and frequently comes with automated backup capabilities.

However, it raises questions about the cloud service provider’s security and reliability, as well as the potential for a data breach in the event that the service is compromised.

Mnemonic phrases

Mnemonic phrases — also referred to as seed or recovery phrases — are employed for wallet recovery purposes. The recovery phrase is a user-friendly and human-readable backup that, when needed, can be used to regenerate the private keys associated with a wallet.

These word sequences are created using an algorithm and a user’s private key. In the event of a loss, mnemonic phrases can be utilized to recover the private key, if stored securely. This approach is beneficial for individuals who would rather not depend on digital or physical backups. But since anyone who knows the mnemonic phrase can access the related private key and funds, it’s crucial to keep it private and not divulge it to unknown parties.

Step-by-step guide to recovering a wallet using backed-up private keys

To protect your funds, there are several steps involved in recovering a crypto wallet using backed-up private keys, as explained below:

Step 1: Gathering the necessary items

You must first acquire the items required for the wallet recovery procedure. This entails downloading and having the official wallet software ready for installation, as well as making sure the private keys are safely backed up.

Step 2: Installing the wallet software

You now need to install the wallet software. You should launch the software and follow the on-screen instructions to finish the installation procedure. To minimize security risks, the wallet software must be downloaded from the official website.

Step 3: Accessing the wallet

Once the software is installed, open the wallet and search for the feature that permits restoring funds or importing an already-existing wallet. Carefully enter the private key linked to your wallet (and make sure it is accurate) after choosing the “Import Private Key” option.

Step 4: Verifying and securing

The wallet software looks up the corresponding balance on the blockchain after the private key is entered. The displayed balance must reflect your expectations, which you must confirm. You also ought to take additional security precautions for the wallet, such as configuring a passcode or using any other accessible security features.

Step 5: Backing up and testing

You need to make a new backup after your wallet has been restored and secured. Any changes to passwords should be included in this backup, as they are subject to updates. However, recovery phrases and private keys, being foundational to the wallet’s security, should remain unchanged and do not need to be updated in subsequent backups. Next, you should send and receive a small quantity of cryptocurrency from the wallet to test transactions and make sure the recovery is successful.

Step 6: Additional security measures

Here, you should consider extra security precautions. This can entail creating frequent backups and, if the wallet supports it, turning on two-factor authentication. Maintaining the security of the funds requires keeping the wallet software updated with the newest security patches and features.

How to recover a wallet using a backed-up recovery phrase

Using a backup seed phrase to recover a wallet is a straightforward process that requires gaining access to the wallet’s recovery feature. The first step for the user should be to install or launch the wallet software for the cryptocurrency they want to get back. Upon opening the software, the user needs to locate the wallet recovery or restore option, typically found in the settings or main menu, and labeled as “Recover Wallet” or a similar term.

After choosing the recovery option, the user needs to adhere to the instructions displayed on the screen. When the wallet is first set up, they will probably be asked to enter the seed phrase in the correct order. The user might have to reset the password for the retrieved wallet if the wallet software demands it.

Subsequently, the user should patiently wait for the wallet software to synchronize. This process ensures that the wallet is updated with the latest transactions and information. Following successful synchronization, the user should have access to their recovered wallet, complete with the correct balance and transaction history.

Is there a change in the private keys when a wallet is recovered?

In most standard wallet recovery processes, the private key associated with a particular wallet address remains the same. The goal is to regain access to the same wallet using the same private keys when a user recovers a wallet using a recovery phrase or any other backup method.

The recovery process typically involves the user using the backup (such as a recovery phrase) to regenerate the original private keys that were associated with the wallet. If the recovery is successful, the user will have access to the same funds and addresses that were in the wallet before any issues occurred.

However, users should understand the specific details and nuances of the wallet software or service they are using, as there could be variations in how different wallets handle recovery. They must follow the instructions provided by the wallet provider to ensure a smooth and accurate recovery process.

Common mistakes to avoid during the wallet recovery process

Users need to exercise caution during the wallet recovery process to steer clear of typical issues that could result in the loss of their cryptocurrency funds. Typing the private key incorrectly is a serious mistake that could cause access to be permanently lost.

Furthermore, users should avoid compromising their wallet’s security by disclosing their recovery phrases and/or private keys to outside parties. Another risk is falling for phishing scams; users should always double-check the URLs of websites before inputting important data.

Finally, there are serious risks associated with not updating antivirus software and not backing up newly created private keys (in case funds are transferred to a new key). Also, malware can be introduced by ignoring approved sources and downloading software from dubious websites.

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

Ledger hardware wallet rolls out cloud-based private key recovery tool

Ledger emphasized that the ID checks required for its private key recovery tool are not like KYC checks as they require “much less” information.

Hardware wallet firm Ledger is rolling out its cloud-based private key recovery solution despite facing significant criticism from the crypto community.

Ledger Recover, an ID-based private key recovery service for the Ledger hardware wallet, is launching on Oct. 24, the firm officially announced on X (formerly Twitter). The release comes in conjunction with Ledger finalizing the open-source code for the Ledger Recover on GitHub.

Provided by blockchain protection platform Coincover, Ledger’s seed phrase recovery solution is a paid subscription service allowing users to backup their Secret Recovery Phrase (SRP). SRP is a unique list of 24 words that backs up the private keys and gives users access to their crypto assets.

Ledger Recover was designed for users who “want to add an enhanced layer of resilience” in case their SRP is ever lost or destroyed, Ledger’s chief technology officer Charles Guillemet said. He also emphasized that Ledger Recover is an optional recovery service, adding:

“If you don’t wish to use the service, no worries — it’ll always be 100% optional. You can simply continue using your Ledger as you did previously — nothing will change.”

At launch, Ledger Recover is compatible with Ledger Nano X, with Ledger Stax and Ledger Nano S Plus integration coming in the near future. The solution is not compatible with Ledger Nano S, according to the Ledger Recover FAQ.

Ledger Recover is initially available to passport or identity card holders in the United States, Canada, the United Kingdom and the European Union. “We will be covering more countries and adding support for more documents,” Ledger said.

The firm emphasized that Ledger Recover’s identity verification “is not the same” as Know Your Customer (KYC) checks carried out by centralized crypto exchanges. Ledger noted that its recovery system only requires a “valid, government-issued document,” stating:

“Identity verification inherently collects much less information compared to KYC [...] KYC involves ID verification but it can also include revenue information, record of criminal activity, citizenship check, etc.”

According to social media posts, Ledger Recovery service will be available at $9.99 per month, or about $120 per year. If a user fails to pay the subscription, the subscription will be suspended, allowing the user to reactivate subscription in the next nine months.

Related: ETF filings changed the Bitcoin narrative overnight — Ledger CEO

“You will need to pay an administration fee of 50 EUR along with any outstanding balance,” Ledger Recover FAQ reads.

The rollout comes months after Ledger paused the recovery service in May 2023 in response to community backlash. Ledger CEO Pascal Gauthier subsequently said that the firm will launch the product once its open source code is released.

Ledger’s largest competitor, Trezor, has stayed away from introducing a cloud-based private key recovery solution, opting for a physical backup solution. Trezor launched its own physical seed phrase recovery tool, Trezor Keep Metal, in mid-October 2023.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

CoinEx hack – compromised private keys led to $70M theft

CoinEx confirms that compromised private keys gave hackers access to hot wallets, leading to $70 million hack.

Hong Kong-based cryptocurrency exchange CoinEx has revealed that compromised private keys allowed hackers to steal over $70 million of tokens, while the team looks to open lines of communication to claw back funds.

CoinEx representatives unpacked the finer details of their continuing investigation to Cointelegraph as the team works to build and deploy a new wallet architecture to restore impacted users and functionality of the platform.

Despite an estimated $70 million worth of cryptocurrency being stolen from the platform, the exchange claims this amount represents a small percentage of its total assets under management. CoinEx stated that affected users will be compensated entirely for any lost funds.

CoinEx said that it was still investigating the identity of those responsible for the security breach, which handful of blockchain security firms are attributing to to North Korean “Lazarus Group” hackers.

“Additionally, we have opened communication channels to the hackers in hopes of proactive engagement toward a mutually agreeable resolution.”

The exchange explained that a preliminary investigation pinned the root cause to a compromised private key for its hot wallets. These were used to store exchange assets for carrying out deposits and withdrawals.

Related: New York bans CoinEx exchange, seizes $1.7M in crypto assets

CoinEx suspended its withdrawal service to avoid further losses, patched system vulnerabilities and transferred remaining assets from the affected hot wallets. The exchange told Cointelegraph that it expects to resume withdrawals progressively within 7 working days.

“Our team is currently focused on building and deploying an entirely new and robust wallet system to handle activities within the 211 chains and 737 assets.”

As Cointelegraph initially reported, CoinEx first flagged “anomalous withdrawals” from one of its hot wallets on Sept. 12, beginning with a transfer of 4,947 Ether (ETH). The hackers then began to withdraw large amounts of other tokens to the same address.

The value of stolen funds was first estimated at $27 million but has doubled in the week following the incident.

North Korean hackers have preyed on the cryptocurrency space for the past few years and have been responsible for the largest thefts in the space to date. The 2022 Axie Infinity Ronin Bridge hack alone saw over $650 million stolen.

Blockchain analytics firm Chainalysis estimates that North Korean hackers have stolen around $340 million of cryptocurrency in 2023. This number is now expected to rise with attributions made to the CoinEx hack as well a $41 million hack of cryptocurrency gambling platform Stake on Sept. 4.

Magazine: Web3 Gamer: PUBG devs’ Web3 project, Animoca’s $20M raise, Shardbound review

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

Ledger releases white paper for hardware wallet seed recovery tool

Despite facing notable criticism over the Ledger seed recovery tool, the hardware crypto wallet firm expects to launch the Ledger Recover tool in Q4 2023.

Major hardware cryptocurrency wallet provider Ledger is getting closer to launching its planned solution to allow users to back up and recover a Ledger device seed.

Ledger chief technology officer Charles Guillemet took to Twitter on June 21 to announce that the hardware wallet company has open-sourced the Ledger Recover white paper.

Guillemet said the upcoming service is expected to be launched in Q4 2023, provided by the digital asset security firm Coincover. The main takeaway from the white paper is that the new service is “100% secure,” the CTO assured. “You can learn precisely how it works technically and examine the service yourself,” he noted.

Available on GitHub, the Ledger Recover white paper provides a 34 pages-long document including a technical overview of Ledger’s solution for the backup and restoration of the hardware wallet’s seed.

Ledger Recover’s repository enables three primary operational flows, including backing up the seed, restoring it on a new device and securely deleting the backups. The white paper also includes data on Ledger Recover’s system design and cryptographic protocol.

One of the implementations includes the seed’s split into shares using the existing private key distributing technology known as Shamir backup. “Having less than the required number of shares does not give any information on the seed,” the white paper notes.

The white paper emphasizes that users can run the protocol independently from Ledger, which is supposed to underscore its flexibility and commitment to self-custody.

As previously reported, Ledger’s seed recovery tool has triggered significant criticism from the crypto community. Introduced in May 2023, Ledger Recovery is an optional subscription for users who want to back up their secret recovery phrase, according to the CTO.

Related: Trezor CEO cites usability as top factor for hardware wallet: BTC Prague 2023

Many industry players like Polygon Labs’ Mudit Gupta pointed out potential vulnerabilities in Ledger Recovery. “The problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys,” he noted. Binance founder and CEO Changpeng Zhao also questioned the benefits of the new tool, saying, "So the seed can leave the device now? Sounds like a different direction than ‘your keys never leave the device.’”

According to Ledger's CTO, the new seed recovery solution “does not change the security” of Ledger devices. Guillemet also called on developers, researchers and crypto enthusiasts to look into the white paper and fully understand the wallet’s security mechanisms.

Magazine: Hall of Flame: Peter McCormack’s Twitter regrets — ‘I can feel myself being a dick’

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

Atomic Wallet says hack affected 1% of active users, but investors claim otherwise

In the aftermath of the attack, Atomic Wallet — along with individual blockchain investigators — have amped up efforts to track and revert stolen funds.

A hack that drained $35 million from Atomic Wallet users since June 2 impacted less than 1% of its monthly active users, according to the company. In the aftermath of the attack, Atomic Wallet — along with individual blockchain investigators — have amped up efforts to track and revert stolen funds.

Trying to cash in on the commotion, a few verified scam Twitter accounts impersonated Atomic Wallet while sharing phishing links claiming to help users recover lost funds.

Pseudonymous on-chain researcher ZachXBT further claimed to have helped a victim recover $1 million of lost funds. However, the recovery process is yet to be disclosed, which ZachXBT allegedly “Will share in time but best not to yet.”

Despite Atomic Wallet’s announcement, numerous users were continuing to report loss of funds at the time of writing. Additionally, the community called out the company’s attempt to water down the damage, as one user stated:

“% doesn't matter, hacker intend to focus on big fund wallet only.”

The episode reflects on the importance of researching the right service provider when it comes to the safekeeping of crypto assets. Moreover, it questions the “not your keys, not your coins” narrative preached by numerous crypto wallet providers such as Atomic Wallet, as shown below.

ZachXBT’s investigation found that the largest amount lost by an individual in the Atomic Wallet hack was $7.95 million in Tether (USDT) on the Tron blockchain. As per the last update, the five biggest losses account for $17 million.

Related: Gate.io threatens legal action against rumor-mongers

Over the weekend, on June 4, a hacker took control of the mobile phone owned by pro-XRP (XRP) lawyer, John Deaton. Deaton’s Twitter account was then used to shill LAW tokens.

Soon after the tweet, Deaton and accounts representing him warned users about the hack and were advised against investing in the cryptocurrency.

Magazine: AI Eye: 25K traders bet on ChatGPT’s stock picks, AI sucks at dice throws, and more

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private Key

Kaspersky Uncovers Counterfeit Trezor Wallets That Jeopardize Crypto Assets With Pre-Knowledge of Private KeyKaspersky, the multinational cybersecurity and anti-virus provider, made a startling revelation on May 10th. According to their report, a victim of a crypto hack had unwittingly purchased a counterfeit Trezor Model T from a “trusted seller through a popular classifieds website.” The researchers at Kaspersky were able to extract the custom firmware that the hackers […]

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

‘The Future of Digital Payments Lies in Web3 Payment Services’ Says Robert Miller of Fuse

‘The Future of Digital Payments Lies in Web3 Payment Services’ Says Robert Miller of FuseDespite not being mainstream payment solutions yet, cryptocurrency-based payments (also known as Web3 payments) already bring benefits such as lower transaction fees, Robert Miller, the vice president of growth at Fuse, a layer 1, EVM-compatible blockchain for launching dapps, has asserted. For merchants, Web3 payments come with the added benefit of what Miller called protection […]

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

Solana’s Crypto and Web3 Smartphone ‘Saga’ Available to the General Public on May 8

Solana’s Crypto and Web3 Smartphone ‘Saga’ Available to the General Public on May 8Solana’s cryptocurrency and Web3 smartphone, Saga, will be available for purchase on Monday, May 8, 2023. Crafted by OSOM, the Android smartphone is designed specifically for Web3 applications and enables users to self-custody crypto assets using its Seed Vault feature. Solana Smartphone Saga Ready for the Masses Solana Labs, Inc., the company behind the Solana […]

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting

BitGo patches critical vulnerability first discovered by Fireblocks

BitGo has patched a vulnerability that threatened to expose the private keys of retail and institutional users.

Cryptocurrency wallet BitGo has patched a critical vulnerability that could have exposed the private keys of retail and institutional users.

Cryptography research team Fireblocks identified the flaw and notified the BitGo team in December 2022. The vulnerability was related to BitGo Threshold Signature Scheme (TSS) wallets and had the potential to expose the private keys of exchanges, banks, businesses and users of the platform.

The Fireblocks team named the vulnerability the BitGo Zero Proof Vulnerability, which would allow potential attackers to extract a private key in under a minute using a small amount of JavaScript code. BitGo suspended the vulnerable service on Dec. 10 and released a patch in February 2023 that required client-side updates to the latest version by March 17.

The Fireblocks team outlined how it identified the exploit using a free BitGo account on mainnet. A missing part of mandatory zero-knowledge proofs in BitGo’s ECDSA TSS wallet protocol allowed the team to expose the private key through a simple attack.

Related: Euler Finance hacked for over $195M in a flash loan attack

Industry standard enterprise-grade cryptocurrency asset platforms make use of either multi-party-computation (MPC/TSS) or multi-signature technology to remove the possibility of a single point of attack. This is done by distributing a private key between multiple parties, to ensure security controls if one party is compromised.

Fireblocks was able to prove that internal or external attackers could gain access to a full private key through two possible means.

A compromised client-side user could initiate a transaction to acquire a portion of the private key held in BitGo’s system. BitGo would then perform the signing computation before sharing information that leaks the BitGo key shard.

“The attacker can now reconstruct the full private key, load it in an external wallet and withdraw the funds immediately or at a later stage.”

The second scenario considered an attack if BitGo was compromised. An attacker would wait for a customer to initiate a transaction, before replying with a malicious value. This is then used to sign the transaction with the customer’s key shard. The attacker can use the response to reveal the user’s key shard, before combining that with BitGo’s key shard to take control of the wallet.

Fireblocks notes that no attacks have been carried out by the identified vector, but warned users to consider creating new wallets and moving funds from ECDSA TSS BitGo wallets prior to the patch

Hacks of wallets have been commonplace across the cryptocurrency industry in recent years. In August 2022, over $8 million was drained from over 7000 Solana-based Slope wallets. Algorand network wallet service MyAlgo was also targeted by a wallet hack that saw over $9 million drained from various high-profile wallets.

Crypto Analyst Predicts Incoming Bitcoin Parabolic Rally, Says BTC at Point Where Things Get Exciting