Halborn Logo

// Blog

Blockchain Security

Stolen Keys: 3 Ways You Can Keep Your Private Keys Safe


profile

Rob Behnke

April 15th, 2021


On the blockchain, your identity is managed using public key cryptography.  Instead of having a blockchain account tied to a real-world identity, it’s linked to a particular public/private keypair.  

The private key is used to generate digital signatures for transactions, while the public key can be used to verify them.

Under this model, access to a private key is equivalent to control over a particular blockchain account.  Anyone who knows an account’s private key can perform transactions on its behalf, and blockchain immutability makes it impossible to reverse these malicious transactions.  As a result, protecting the secrecy of a private key is essential for blockchain security.

3 Ways to Protect Your Private Keys

Private key security may seem simple, but compromised private keys are the most common way in which blockchain accounts are hacked and people lose their cryptocurrency.  Avoiding three common mistakes does a lot towards protecting the security of a blockchain account.

1. Use a Random Key/Passphrase

In order to use your blockchain account, you need to be able to remember the private key (or have something remember it for you).  The use of mnemonic phrases to simplify key recall is designed to make this easier.

With mnemonic phrases or private keys, it may be tempting to create something that is easy to remember.  Some common choices are a simple mnemonic phrase or a private key that is the hash of a common word.

While these seem like a good idea, other people have had the same idea already and look for these weak keys.  If they guess correctly, they can take over a blockchain account and steal the crypto inside.  For this reason, it is essential to use a completely random private key for blockchain accounts.

2. Maintain Control of Your Keys

Some of the primary selling points of blockchain are decentralization and control over your own money.  However, many cryptocurrency users immediately give up this control to a centralized exchange, trusting them to manage and secure the user’s private keys.

When using a cryptocurrency exchange, your security is only as good as that of the exchange.  

In some cases, exchanges have been hacked.  In others, users have traded the security of their private keys (long, random numbers) for that of passwords (often short and reused).  As a result, exchange-related hacks are much more common than any other.

Putting private keys on a cryptocurrency exchange leaves them vulnerable.  Private key security requires maintaining control of your own private keys.

3. Use a Hardware or Offline Wallet

Almost all software has vulnerabilities that can leave it exposed to attack.  This is also true of software-based cryptocurrency wallets.

If private keys are on Internet-accessible systems, they may be vulnerable to attack.  A better way to protect these private keys is to use a hardware wallet or other offline system to store private keys and generate digital signatures.  

By ensuring that keys are never accessible to or stored on an Internet-connected device, these systems reduce their probability of exposure.

Securing Blockchain Accounts

Control over a blockchain account is based on access to the corresponding private key.  Anyone with the key can generate digital signatures and transactions for that account.  This means that protecting your private keys is an essential part of securing a blockchain account and the smart contracts associated with it.