Beginner’s Guide to Web3 Security: Navigating Wallet Types and Risks

Background

As the cryptocurrency market heats up, Web3 projects are rapidly evolving, and the excitement among users is constantly growing. Along with this surge comes the risk of users inadvertently falling victim to hacks or scams when learning about various new projects.

It is well-known that wallets serve as both the gateway to the crypto world and a fundamental component of Web3 infrastructure. So, without further ado, let us introduce the topic: Wallet Types and Risks.

Common Wallet Types

Browser wallets

Browser wallets such as MetaMask, Rabby, etc. are installed as browser plug-ins in the user’s browser (such as Google Chrome, Firefox, etc.). They are typically easier to access and use, not requiring the download or installation of additional software.

Web wallets (not recommended)

Web wallets allow users to access and manage their crypto assets through a web browser. While convenient, the risks associated with web wallets are significant. Typically, web wallets encrypt mnemonic phrases and store them in the browser’s local storage, making them vulnerable to malware and cyber attacks.

Mobile wallets

Similar to web wallets, mobile wallets operate as apps that users can download and install on their smartphones.

Desktop wallets

Desktop wallets were more common in the early days of cryptocurrency, with well-known ones such as Electrum, Sparrow, etc. These wallets are installed as applications on a computer, with private keys and transaction data stored locally on the user’s device, giving users full control over their crypto keys.

Hardware wallets

Hardware wallets, such as Trezor, imKey, Ledger, Keystone, and OneKey, are physical devices used to store cryptocurrencies and digital assets. They offer offline storage of private keys, meaning private keys are not exposed online during interactions with DApps.

Paper wallets (not recommended)

Paper wallets involve printing a cryptocurrency’s address and its private key on paper as a QR code, which is then used to conduct transactions by scanning the code.

Common Wallet Risks

Downloading Fake Wallets

Due to a person’s geographical location, limitations like the absence of Google Play support or network issues, many users are forced to download wallets from third-party sites or randomly through browser searches, often leading to the installation of fake wallets. This is especially dangerous since ad space and search rankings can be bought, allowing scammers to lure users with fake wallet websites. The picture below shows the results of searching for TP wallet using Baidu:

Buying Fake Wallets

Supply chain attacks pose a significant threat to the security of hardware wallets. If not purchased from official stores or authorized dealers, there’s uncertainty about how many hands the wallet has passed through before reaching the user, and whether its components have been tampered with. In the picture below, the hardware wallet on the right has been tampered with.

Trojans on Computers

Wallets can be compromised by malware if a computer is infected. It’s advised to install antivirus software like Kaspersky, AVG, or 360, keep real-time protection active, and regularly update the virus database.

Inherent Wallet Vulnerabilities

Even if you download an authentic wallet and are cautious in its use, vulnerabilities in the wallet’s design could still expose it to hacker attacks. This underscores the importance of choosing wallets not just for their convenience, but also for the openness of their source code. External developers and auditors can identify potential vulnerabilities through open-source code, reducing the likelihood of attacks. Should a breach occur due to a vulnerability, security personnel can quickly locate and address the issue.

Summary

In this issue, we’ve introduced different types of wallets and highlighted common risks to help our readers develop a fundamental understanding of wallet security. Regardless of the type or brand of wallet you choose, always keep your mnemonic phrases and private keys confidential and secure. Consider combining the strengths of different types of wallets, such as using a combination of well-known hardware and software.

(Note: The wallet brands and images mentioned are solely for educational purposes and should not be considered endorsements or guarantees.)

Guest post by SlowMist

Disclaimer: The views, information, or opinions expressed in the report are intended for informational and educational purposes only. It is not intended or offered to be used as legal, tax, investment, financial, or other advice. Under no circumstances are Bitget, our employees, agents, partners, and/or co-operations responsible for any decision made, action taken, or result obtained from or in reliance on the use of the information herein. Any investment or trading ideas, strategies, or actions should never be taken without first taking into consideration each individual's personal and financial situation and/or without consulting financial professionals.