How to keep ETH safe?
Users often do not worry about how safe their funds are while they are stored in a bank account, nor do they worry about a third-party accessing their bank account and draining it without authorization. When it comes to Ethereum wallets and other cryptocurrency wallets in general, the above-mentioned scenarios are a possibility, and avoiding them is fundamental to the protection of funds.
The Ethereum community recommends that users triple check everything to ensure they always send funds to the right address, always interact with the applications they intend to and write down the private key as they should. Bookmarking your web wallet and the websites of any decentralized applications you regularly use is also a known best practice to help avoid phishing schemes. Some browser extension wallets have a list of known phishing schemes, and will automatically block undesirable websites to protect users.
Understanding Ethereum wallets
Ethereum wallets come in all shapes and sizes, but not all of them have the same features. Some wallets only allow users to send Ether (ETH) between addresses, while others have more functionalities and even let users create smart contracts, which are self-executing agreements written in code.
Setting up an Ethereum wallet often involves either downloading or writing down a private key or seed phrase. Private keys allow users to send or spend their crypto, and seed phrase gives them access to their wallet and all the private keys in the wallet. Private keys or seed phrases are crucial for securing funds, and a crypto wallet acts as a password manager for users' cryptocurrency holdings. As long as users know their master password (the seed phrase), they can access their crypto funds. Storing private keys using third-party programs such as applications may seem like an easy alternative, but malicious actors may access these services if the users’ device is compromised because access to the keys means access to the funds.
There are two main types of Ethereum accounts: externally owned accounts (EOAs) and contract accounts. Externally owned accounts are made up of public and private cryptographic pairs of keys. Public and private keys prevent forgeries by proving that the sender genuinely signed a transaction. Because users use their private key to sign transactions, it gives them control over the funds in their account. Users only have private keys (while never really holding cryptocurrency), so the funds always lie on Ethereum's ledger. The Ethereum ledger is a record-keeping system that anonymously keeps track of individuals' identities, ETH balances and a record of all valid transactions between network participants. In contract accounts, a smart contract is deployed to the network. Each smart contract has a unique Ethereum address controlled by the code.
Despite the above differences, both types of Ethereum accounts have four characteristics in common as listed below:
Nonce: For externally owned accounts, this number represents the number of transactions sent from the account's address. For a contract account, the nonce is the number of contracts created by the account.
Balance: This ETH address owns a certain number of Wei (an ETH unit of denomination), with 1e+18 wei (exponential notation) per ETH. 1e+18 wei means 1 ETH is equivalent to 1x1018 wei.
codeHash: This hash represents the code of an account on the Ethereum virtual machine (EVM). Ethereum's own virtual computer, known as the EVM, is the part of the protocol that actually performs transaction processing. The codeHash field for EOAs is the hash of the empty text. For contract accounts, the code is hashed and stored as the codeHash.
storageRoot: This hash is a Merkle Patricia tree's root node (a tree of hashes). This tree, which is empty by default, encodes the hash of the storage contents of the ETH account.
Hot and cold wallets
In the cryptocurrency sector, there are two main types of wallets: hot and cold. Hot wallets are those stored on devices connected to the internet such as a desktop PC or Mac and a mobile device. Cold wallets, on the other hand, store the user’s private keys offline. Being offline eliminates several attack spots that hackers could take advantage of, such as infecting other people’s devices with malware to access their keys. Malware is software designed to either damage or gain unauthorized access.
Hot wallets are often more user-friendly and allow users to access their funds anytime from anywhere. On the other hand, cold wallets are typically less intuitive and can make it a tad harder to move your funds.
Types of Ethereum wallets
Mobile wallets are light nodes that do not require users to download the entire blockchain. Mobile wallets are applications that can be installed on mobile devices as easily as any other application from Apple’s App Store or Google Play, and can be used to access your funds using a cellular connection.
They rely on miners to relay precise information about the network's present state. Some of the disadvantages with a mobile wallet is that it is easy to hack and if your mobile device is lost, you may lose access to your Ethereum funds. However, having backups can keep you safe from any loss arising out of hacks or unintentionally losing your keys.
Most popular mobile wallets support Ethereum and ERC-20 tokens and come with built-in browsers ready to interact with decentralized applications and the decentralized finance (DeFi) sector, which is built out of decentralized applications offering financial services.
Desktop wallets run on operating systems (OS) like macOS, Microsoft Windows, or Linux OS. Desktop wallets are ideal for those who prefer to handle their finances on desktops. Because most desktop wallets keep keys locally, users will need to use their computers to access their Ethereum wallets.
Users can use a light client or download a full client with the entire Ethereum blockchain with such wallets. Downloading a full client is considered to be a preferable alternative because it eliminates the need for miners to feed them accurate data. Instead, they validate transactions themselves, resulting in increased security.
Similar to mobile wallets, desktop wallets not only allow users to send and receive Ethereum, but can provide a number of advanced features to allow users to create smart contracts or run a full node, effectively giving users more functionalities within their wallets.
Since desktop wallets are connected to the internet, they are considered hot wallets. The private keys to these wallets are stored on users’ machines and not on any external servers, making them vulnerable to hacking.
Web interface wallets are a popular alternative to both mobile and desktop wallets, and are essentially websites that let users interact with the Ethereum blockchain after connecting their wallets to the interfaces.
Web wallets allow users to use a web browser to connect with their accounts. These wallets take advantage of cloud storage and can be accessed from anywhere in the world. Cloud storage makes use of the enormous computer servers housed in data centers that physically store data and make it accessible to customers via the internet. The stored data can be delivered on-demand with just-in-time capacity and costs, eliminating the need to purchase and manage data storage equipment.
Using web interface wallets directly can be risky, as users have to trust a website with their private keys. While some web interfaces are considered trustworthy, users may still be vulnerable to a number of attacks unrelated to the wallets themselves. These attacks include phishing schemes in which hackers can access a website impersonating the legitimate web interface. Similarly, domain name system (DNS) attacks may occur where users' internet activity is redirected to a malicious server that uses collected data like login credentials to access their information.
Browser extensions are used on desktop browsers to interact with decentralized applications and can store both ETH and ERC-20 tokens, all while supporting a nearly infinite number of addresses. To more advanced users, browser wallets are also useful because they can be used to interact with other blockchains.
Browser extensions are seen as a safer alternative to web interfaces, as they store users’ private keys on their browsers in an encrypted way. To access their wallets, users will need to protect them with a password which bolsters security. Like mobile wallets, installing browser extensions is easy and is done in the same way users install any other browser extension. Some browsers already come with built-in Ethereum wallets that make it even easier to interact with DApps.
Hardware wallets are pieces of hardware that store users’ private keys offline and are, as such, cold wallets. Hardware wallets have to be connected to a computer for the funds to be moved and are password or PIN protected. To gain access to the funds, a malicious party would need physical access to the device and know the password protecting the funds. However, hardware wallets can be expensive for users with smaller amounts of funds to store.
It is important to never buy a used hardware wallet nor buy one from a third-party vendor. After being used for the first time, these wallets could be compromised to trick users into believing that they are sending funds to a wallet only they control, while the initial owner of the hardware wallet may already have access to it.
Paper wallets are a more basic type of cold wallet and essentially involve printing out the private keys that control the funds onto a piece of paper and storing it. To access the funds, malicious actors would need access to that piece of paper. The main advantage of this type of wallet is its accessibility, as all that is needed is a pen and a piece of paper.
Because of the fragile nature of the material they are printed on, these wallets may not be suitable to hold long-term, as there have been cases of the paper getting destroyed or mistakenly thrown out. Alternatives include pricier titanium plaques that could even resist natural disasters because of the material they are made of.