I would like to hear from pro-crypto folks what they think about this scenario? Specially, I would like to compare the equivalent from "old school finance". Imagine that your phone is stolen, then someone gains access to your plain old bank account. They drain your account. You can make a police report, then share with the bank. In most cases, you will get your money back. What about crypto? AFAIK: It is gone. Unless it is a huge amount, probably your national police force won't try to hunt down the thieves. And, the crypto exchanges will be of little help.
baobun•4mo ago
Mitigations for cold wallets (step 0: don't carry the sole signer to millions in your pocket), from simple to complex:
1. Classic custody with offchain authentication ("rediscover banks")
2. Self-hosted cold/offline airgapped wallet with split shamir seedphrase backup
3. Multisigs and HTLCs (e.g. transfers only executed on 2-of-3 signatures of yourself and trusted third party, with a timelock/delay)
Those are all robust and tried-and-true patterns.
On smart contract chains like Etherum there is a jungle of "smart wallets" backed by smart contracts doing the above and more. Obviously those are earlier days and not without their own class of risks but they should illustrate what is possible.
> And, the crypto exchanges will be of little help.
You'd probably be surprised. Exchanges tend to collaborate and be quick in responding and acting to reports of theft or other criminal activity going through their platforms. Including those which otherwise tend to skirt the darker shades of the regulatory gray zones.
throwaway2037•4mo ago
baobun•4mo ago
1. Classic custody with offchain authentication ("rediscover banks")
2. Self-hosted cold/offline airgapped wallet with split shamir seedphrase backup
3. Multisigs and HTLCs (e.g. transfers only executed on 2-of-3 signatures of yourself and trusted third party, with a timelock/delay)
Those are all robust and tried-and-true patterns.
On smart contract chains like Etherum there is a jungle of "smart wallets" backed by smart contracts doing the above and more. Obviously those are earlier days and not without their own class of risks but they should illustrate what is possible.
> And, the crypto exchanges will be of little help.
You'd probably be surprised. Exchanges tend to collaborate and be quick in responding and acting to reports of theft or other criminal activity going through their platforms. Including those which otherwise tend to skirt the darker shades of the regulatory gray zones.