If there were 10 commandments in crypto, the very first one would be “Thou shalt keep thy private key safe.” Because of the way that cryptocurrency works, if anyone gains access to your private key, then they also have access to your tokens, NFTs, and anything else you have stored on the blockchain. It’s like the key to your bank safe.
This can be an intimidating fact for people who are just getting into cryptocurrencies, and can even be something of a headache for users who have been around for a while but don’t want to devote the time or resources into figuring out how to keep their keys as safe as possible.
In the worst case scenario, this can lead to keys being compromised and tokens lost. But even in a good scenario, this can lead people to leaving their tokens in an unsafe wallet — similar to leaving your bank safe key on a park bench and hoping no one realizes what it is.
The good news is that keeping your private key safe is actually quite simple once you understand a few fundamental principles. After just a few minutes reading this blog post, you’ll be a key safety pro.
First, a refresher: how do private keys work on Antelope?
When you create an account on an Antelope blockchain, such as EOS, a key pair is generated:
1. Your public key, which is stored publicly on your account on the blockchain, to indicate which private keys have access to control the account. (This is different from most of the industry, where your public key is used to send tokens to your account. On Antelope chains, your account name is used for this purpose.)
2. Your private key, which is stored in a secure wallet (like Anchor). Your private key allows you to sign transactions and use the tokens in your account. It is a string of random letters and numbers, which can also be represented by a passphrase.
The role a wallet plays here is as a form of data storage for your private key, similar to how a password manager stores your passwords. The main difference is that a password manager provides the right password for a site on command, whereas a wallet provides a signature. It creates the signature with your private key, but the key itself never leaves your device.
You can use your wallet to sign a piece of data (whether that’s a transaction, a login request, a smart contract, or something else), and the resulting signature can be used as proof that you approved the data — but it doesn’t hold any traces of your private key.
There’s not an ideal metaphor for this, but it’s similar to how Japanese hanko stamps, or personal seals, work. In Japan, you would use your hanko to sign important documents, like an employment contract or a lease. The stamp mark you make with your hanko is proof that you’ve agreed to the contract, and because the hanko is unique and registered in your name, it also serves as proof of identity. And if someone took your hanko, they could agree to contracts in your name.
In this case, the hanko is your private key, while the mark it makes is the signature your wallet creates with your private key. And if someone got ahold of your private key, they could sign things in your name too, so the stakes are high.
The Top 3 Ways Your Private Key Can Be Stolen
You may hear people talking about how their private key was “hacked” on the internet, but this is actually one of the biggest misconceptions in crypto. Hacking a private key by guessing the string of random letters and numbers correctly is mathematically impossible — there are more potential private keys than there are grains of sand on earth, so you can’t stumble upon one by accident.
But what can happen is that private keys can be compromised. Here are the three main ways that bad actors could compromise your keys, and what you can do to protect yourself:
Problem #1: Your key was CREATED in an unsafe way.
When you generate an account on the Antelope networks, your key pair is also generated for you. It’s important to understand how and where your private key was generated, because if it wasn’t on your device, then your key is more susceptible to being compromised.
This is because there are services in the Antelope ecosystem that will create an account for you and provide you with a private key through unsecured means. When this happens, it creates multiple possible ways for bad actors to get your key. Keep in mind that whenever your key is moved from one system to another, it provides opportunities for bad actors to compromise it.
To demonstrate this point, let’s say that a new decentralized gaming app creates an account for you, so you can play on the blockchain, and the private key to your new account is sent to your email. In this case, your key could be compromised…
- When it’s first created, because you don’t know if the app that sent it to you has kept a copy of your key. It would be like your key company keeping a copy of your house key after making one for you, and then they can break into your house (or account) whenever they want.
- When it’s sent by the app’s email provider, because the provider (or a hacker) could intercept the email and save a copy of it.
- When it’s received by your email provider, also because the provider (or a hacker) could intercept the email and save a copy of it.
- When you access the email on any of your devices, such as your phone or computer. Whether the device itself is compromised, or if your device automatically saves a copy of the email to the cloud (which could also then be hacked), there are multiple possible attack vectors between when your key is created and when it reaches you.
If you have a private key that came from a centralized service, it doesn’t become safe even if you move it into a secure wallet, because there were so many chances for someone to steal it beforehand.
If you’re not sure where your private key came from, or if it could have been compromised when it was given to you, then you should change your private key. If you’re an Anchor user and you would like to do this, you can reach out to Support for assistance.
If you’re creating a new account, use an account creation service that generates your private key directly on your device, such as Anchor’s account creation portal. Anchor itself never sees your key, so you’re the only one with a copy — and there’s no need to move it anywhere. For this reason, generating your key on your device is the best choice for overall safety.
A Note for Developers
Developers play an important role in safe key creation too! It may sometimes seem preferable to create accounts for users, so that they don’t need to do it themselves to access your app or project. Yet it’s important to keep in mind that when you generate a key for a user, you are now directly responsible for the safety of that key and all the potential attack vectors that we outlined above. In many cases, it is safer for users (and faster in terms of development) to integrate directly with a wallet that handles account creation rather than to handle account creation in-house.
Problem #2: Your key was STORED in an unsafe way.
Once you have your private key, it needs to be stored in a wallet if you want to use it to sign transactions. There are multiple options for wallets in the Antelope ecosystem, but they ultimately boil down to:
- Custodial wallets, where your private key is stored by the wallet company.
- Self-custodial wallets, where you store your private key.
Both types of wallets have trade-offs, but in terms of key security, custodial wallets have far more risks. That’s because they’re more alluring targets for hackers than individual key holders are.
One major reason for this is simply economy of scale, because custodial wallets hold funds for multiple users and are therefore higher-value targets than individual wallets would be. We see the same logic play out when someone robs a bank, rather than a house.
We also need to consider that custodial wallets store the private keys for all their users, and by necessity, these keys are often stored in legacy administration systems — computer files, spreadsheets, etc. These systems have multiple possible attack vectors, including their own employees if a hacker tries to use social engineering to get access to their systems. Once a hacker gets in, they can simply read the private keys and check if there’s anything of value stored in their wallets. No guessing involved.
The best way to protect yourself is to use a self-custodial wallet, like Anchor, that encrypts your private key and stores it in your device’s secure enclave (a secure computer chip which is typically unlocked using your biometrics, such as your fingerprint). This way, you’re a far less appealing target for hackers, and the only way your private key could be stolen is if your own personal device was compromised. If you’d like to go a step further and keep your key in cold storage, off your device, then Anchor’s Owner Key Certificate is an excellent option.
Problem #3: Your key was SHARED.
Because a private key is supposed to stay private, it may seem obvious that you’re not supposed to share it. But unfortunately, scams abound in the world of crypto. Even perfectly reasonable people can fall prey to them, so if this has ever happened to you, you shouldn’t feel bad.
Yet it bears repeating that if anyone ever asks you for your private key, don’t give it to them. Ever. They don’t need it.
…But what if you really, really want to access a service, app, or game that asks for your private key?
If you find yourself in this situation, you have the option to create a second account, so that you can share the key to an account that doesn’t contain all your tokens. It’s a similar concept to having a real email address and a junk email address — use your junk account for things that need your private key, and your real account for storing your assets. That way the things you care about stay safe, but you can also try everything you want to in the crypto-verse.
Just keep in mind that once you give someone else the private key to this extra account, you are trusting them with full control over it. They could remove assets, sign things in your account’s name, etc. It is no longer a safe space. So only keep an amount of tokens (or NFTs, etc.) that you’re ok with losing in this “junk account,” because it could be compromised at any time.
So to review…
If you want to keep your private key as safe as possible:
- Make sure you generate your key on your own device.
- Store your key in a self-custodial wallet.
- Don’t tell anyone your private key. (Or make a junk account.)
Follow those three rules, and your private key should stay safe and sound! And if you’d like to learn even more about private keys, you can check out our podcast episode Key Safety — Thoughts on Private Key Best Practices.