290 likes | 307 Views
Learn about different types of wallets, their security features, and how transactions are conducted in the cryptocurrency ecosystem.
E N D
Wallets: Wallets Code that allows a user to control cryptocurrency value Assets are tracked & controlled by, not stored on wallets No physical form Use cryptographic keys to send updates to the ledger Ledger maintained by decentralized network of computers Provides public key and private keys Public key- public address found on the ledger Used to accept transaction of value from another Identify your account Searchable and public Private key- digital signature that proves you control coins Use this to “sign” transactions of coins to another Proves you control assets Kept private- Control of private key is “ownership” Keystore file- encrypted version of keys Mnemonic seed- set of words that can be used to regenerate keys
Wallets, cont. • Types of wallets: • Paper: • May be a physical copy or printout of public and private keys • May be software used to securely generate a key pair which are then printed • “Load” wallet by sending assets to public key on paper wallet • Take value off by “sweeping” funds from your paper wallet to software wallet. • Usually has a QR code • Vulnerable to loss theft or destruction • Software • Desktop • Downloaded and installed on a PC or laptop. • Only accessible from the single computer in which they are downloaded. • Vulnerable to hacks/ virus • Loss/theft or destruction
Wallets, cont. • Mobile • Held on mobile internet connected device (phone, tablet) • Usually feature light • Optimized for mobile commerce • Hardware: • Physical devices that store and require a password to use a private key • Additional level of security • Typically require software installed on a machine or a web interface to access • Risk of theft, loss • Risk of hardware sabotage
Wallets, cont. • Online • Run “on the cloud” • Accessible from any computing device in any location. • Store your private keys online /give up your private keys • Controlled by a third party • Do you trust the 3rd party to protect you? • NYAG Virtual Markets Integrity Initiatives Market Report • Third party custodial: • Service that holds crypto for another • “Vaulting” /Cold storage • Contracts • Insurance?
Wallets, cont. • Multi signature- • Splits private key into multiple sub-keys • User created rules for how many segments are needed to sign (m of n) • Useful for escrows, account controls • Example- A and B are in contract to buy a home. $50 in escrow • May create a 3-part key, where A, B & escrow agent C each get a key • Need 2/3 to release $50 to B • Either A&B or B&C or A&C can sign • Ex: Inspection Contingency • Useful to limit ultra vires spending, create parentally controlled wallets, joint tenancy wallets, etc.
How secure are wallets? • Security? • Private key= control & “ownership” of the assets • May be recovered in some instances by forensics, • Restored by use of seed phrase • May reduce opportunities for loss by “air gapping” devices • Cold storage- self help /vendors for a fee • Some wallets are more secure than others • Paper, hardware are more secure. • Mobile, less secure- connected • Third party varies- how much do you trust the third party? How do they handle cybersecurity, insider theft, are they insured?
How secure are wallets? • How to practice good wallet hygiene • Only keep small balances hot/online • Backups: • Keep wallet updated- patches to protect from software vulnerabilities are common • Use complex passwords • Use known wallets • Use non-SMS 2FA, non telco devices for 2FA
Download a wallet • BRD Wallet:
Download a wallet • BRD Wallet:
What’s a “transaction” • Transfer of control over some asset recognized by the system to another participant on that system by sending a signed message to the network seeking to alter the ledger to reflect updated ownership of those assets. • Signing off ownership of the coins to your wallet’s address. • Sender signs with private key • Recipient signs with public key • No “coins” move anywhere • What does a transaction cost? • Most chains charge fees • Set by the traffic on the network, not the wallet • Dynamic - Tip for service
How is the ledger updated? • Mining is an analogy: Resource intensive task to obtain a thing of value • Miners validate new transactions through Proof of Work, borrowed from HashCash • If it costs money and time to add a new set of transactions, more difficult to retroactively overwrite • The cost to alter one block to change a transaction may not be expensive, but changing block means you’d have to redo all blocks that came after, which increases the cost • Miners look at information from pending submitted transactions, plus information from prior blocks, plus other pieces of data and integrate them into a calculation that’s missing one piece of information: the Nonce. • They then repeatedly guess random Nonces and wait for the outcome.
How is the ledger updated? • If they get an outcome that is a valid outcome, they have “solved the block” and they share their calculation with other miners who will confirm it. • The amount of mining activity on the network dictates how many valid outcomes exist. • Adaptive: More mining power on the network, fewer acceptable outcomes. • The network of nodes will circulate the inputs and nonce to other nodes to confirm. • Once confirmed, other nodes will update their copy of the ledger to include the transactions which were part of the calculation and resend the nonce and transactions to other known nodes. • Once a block is added, the miners will work on the next set of pending transactions to assemble and validate the next block of tranactions. • Bitcoin designed to add a new block on average every 9 minutes.
Why Mine? • A miner or group of miners who find a block are paid with a “coinbase” transaction- currently 12.5 BTC • Miners may mine together, or in groups called pools that share the yields of their efforts • Bitcoin designed to add a new block on average every 9 minutes. • Arms race of: • Mining equipment • Electricity costs • Subsidies
All transactions are public: • Using blockchain explorers: • API’s from blockchains • Useful for forensics • https://btc.com/
Exchanges: • Common gathering sites for trading • Coinbase, Mt. Gox, Binance • Various financial, technical, and governance configurations • Centralized/Decentralized exchanges • Coin only/fiat • Token-powered exchanges • Common features: • Participate by sending assets to the exchange • Place orders bid/ask on given asset pairs • May offer leverage/margin • May offer swaps/futures
Exchanges: • Who owns the assets on an exchange? • How do you know? • Where are trades conducted? • How are our exchanges regulated? • AML/KYC • CFTC? • SEC?
Exchanges: • Coinbase: https://coinbase.com/legal/user_agreement
Exchanges: • Coinbase: https://coinbase.com/legal/user_agreement
Risks of Exchanges: • Hacks • Regulatory uncertainty • Insider attacks • Lack of risk mitigation • Lack of transparency • Conflicts of interest • Abusive trading activity • Limited consumer protection • Reliability /Uptime
9/18/18 NYDFS Report on Virtual Markets Focused on 5 main areas:
9/18/18 NYDFS Report Key Findings: - Exchanges often fail to detect or stop suspicious trading patterns or manipulation - There is no mechanism for analyzing suspicious trading strategies across multiple platforms. Few platforms seriously restrict or even monitor trading “bots” /automated algorithmic trading on their venues. Some indicate that they have no responsibility to stop market manipulation - Only a small number of platforms have taken meaningful steps to lessen those risks - No consistent approach to audits, no audit standards exist. Difficult or impossible to confirm whether platforms are responsibly holding their customers’ virtual assets as claimed. - Customers are highly exposed in the event of a hack or unauthorized withdrawal- generally no insurance for crypto.
9/18/18 NYDFS Report Key Findings: Eye Openers - Largely subjective asset listing standards, often involving payoffs to list - Varying approaches to employee trading on platform - Many exchanges trade against customers (Coinbase- 20%!) - Most offer but few require 2FA - Few exchanges offer insurance against crypto, some for fiat on hand - No common audit standards - Some platforms cancel trades that are pending when systems experience outages- some do not. - Most (but not all) exchanges require AML/KYC -All exchanges log IP Addresses but only a few block VPNs intended to hide IPs - Varying fee structures- by volume, or maker-taker, deposit, withdrawal, preferred rates - Order types are not standard across exchanges, include “hidden,” some not available to all traders - Some exchanges allow colocation for HFT - Only some exchanges have policies on automated trading, police bot activity - A minority of platforms have market manipulation policies - Little cybersecurity standardization, disclosure