What security issues should encrypted users pay attention to?
Risks always occur in the unknown.Author: @cmdefi
"Security" should be the biggest topic in the industry for at least the next 10 years, as there are currently contradictions on both the decentralized and centralized ends. Taking advantage of the recent discussions on exchange security, let's delve into the topic from the following perspectives:
Asset Sovereignty
Smart Contract Security
Anti-Censorship
Wallets
1/4 Asset Sovereignty
Decentralization offers far greater asset sovereignty than centralization, meaning users have complete control over their assets. This was the mainstream narrative during the DeFi Summer and the starting point for the massive withdrawal movement that year.
However, as attacks on smart contracts and authorization theft become more frequent, higher asset sovereignty does not necessarily equate to stronger security. Many ordinary users lack the ability to identify risks, and managing assets securely on-chain requires significant learning time and experience, leading to increasingly high barriers for self-managing assets.
As a result, newcomers entering the market still tend to prioritize entrusting their assets to exchanges or institutions, with the intention of letting professionals handle professional matters. Of course, this means losing asset sovereignty in exchange for custodial services provided by centralized institutions.
As the industry has developed, exchanges and on-chain platforms have essentially catered to different user groups, each with corresponding risks. The way risks manifest is different; on-chain self-management of assets offers strong sovereignty, allowing you to own 100% of your assets, but it requires sufficient experience and risk management skills. Delegating management to exchanges is simple, but it may expose you to centralized risks. There is no perfect solution; what matters is understanding where the risks lie and maintaining a sense of caution.
2/4 Smart Contract Security
"Risks always occur in the unknown."
Beyond asset management, from the perspective of DeFi projects, non-upgradable and permissionless smart contracts are considered decentralized and immutable. However, does this imply absolute security? Not necessarily. The risks associated with smart contract code cannot be fully predicted or simulated. If a critical smart contract has a fatal flaw and cannot be intervened by centralization, it becomes a situation where even divine intervention is futile, as has been seen in many cases in the early days of DeFi.
So how will smart contract security develop in the future? According to the original intention of decentralization, simple smart contracts will undergo testing over time and the market, ultimately achieving "solidification," meaning they become fully decentralized and immutable. Then, the complexity will gradually increase. In this process, some complex projects will inevitably need to set up emergency buttons at critical points to mitigate and recover losses during significant events (of course, various permission constraints will typically be used to prevent risks associated with excessive centralization).
Thus, the issue of smart contract security is something that must be experienced through time and testing. Currently, all FUD (fear, uncertainty, doubt) regarding DeFi security is essentially FUD about the industry's future. The security issues faced by smart contracts are challenges that all on-chain projects, whether GameFi or SocialFi, will encounter in the future. DeFi is simply the first to navigate this path; only by solidifying enough groundwork can the road ahead be smoother.
3/4 Anti-Censorship
Anti-censorship is an aspect that many people tend to overlook because most think of themselves as merely trading coins and feel far removed from the concept of anti-censorship. In fact, once you experience it, you will fully realize its importance, as it directly makes you aware that without decentralization, your money cannot be 100% considered yours. This point does not need further elaboration; those who understand will recognize that anti-censorship is one of the most important aspects of the vision for decentralization.
In this regard, it complements asset sovereignty, as decentralized management indeed surpasses centralized management.
4/4 Wallets
When it comes to storing assets on-chain, we often encounter cold wallets, hot wallets, and hardware wallets.
Cold Wallet: Simply put, this means that the private key is never connected to the internet during its creation and management. Such cold wallets can be created by oneself, for example, using an old iPhone to make a cold wallet, with many tutorials and resources available online. From a personal management perspective, this method is currently very secure; the only thing you need to be cautious about is not losing the piece of paper where you record your mnemonic phrase.
Hardware Wallet: First of all, it is not equivalent to a cold wallet. Hardware wallets involve various hardware technologies. Overall, the generation of private keys also does not connect to the internet, but the controversy lies in the fact that the hardware providers are centralized institutions, which may theoretically pose centralization risks. On the other hand, hardware wallets usually add an extra verification step before executing transactions, akin to U-shields or security cards as protective measures.
Hot Wallet: Hot wallets are the ones we use most frequently. They are more convenient and flexible for daily use, and frequent on-chain interactions can increase wallet authorizations and signatures. Particularly, if you authorize some upgradable contracts, there may not be any issues at the moment, but the upgraded contracts could introduce new risks, laying hidden dangers for the future.
The use of wallets is typically configured based on individual circumstances. Ultimately, the security of a wallet boils down to the security of private keys and permissions.
