What's the Huge Issue with Private Keys?
Published Jan 30, 2023
By Qredo Team

What's the Huge Issue with Private Keys?

The first thing you should know about private keys is that they work incredibly well, whilst they remain private.

The original inspiration behind private keys was a technological innovation, defeating the ability for brute force solving of an encrypted alphanumeric string via the sheer size of the combinations needing cracking. When securely generated, and kept private, these keys are almost impossible to guess by chance. 

For comparison, there are 2^256 possible private keys for the traditional 256-bit Bitcoin private keys, which is roughly 10^77, only a few orders of magnitude away from the number of atoms in the Universe, estimated to be around 10^80.

That's one thousand quadrillion vigintillion! A serious number of zeroes.

Seed phrases, private keys and single points of failure

Since seed phrases of 12 - 24 words have become commonly used as more human-friendly interfaces to access accounts that store private keys, often to multiple wallets, these have of course in their own right become vulnerable to the same problem. 

Seed phrases and private keys share a flaw – if there's no additional layer of security in place, these act as single points of failure. Access this single point, and anyone can steal your digital assets.

How are seed phrases and private keys vulnerable to loss or theft?

In practical terms, there are a number of ways in which seed phrases can become exposed. If you are opting for self-custody, then you will face the various risks of storing your seed phrase on paper and having it either lost, destroyed or stolen. 

Will you store it at home, or hide it elsewhere? If there is a fire, do you have your seed phrase written in titanium, or is it on burnable paper?

 If you commit your seed phrase to memory (and we do not recommend this approach!) you’re dependent on the reliability of your own human memory storage system, which may not be as infallible as you think. 

A further problem some crypto hodlers have sadly faced is simply being threatened and having seed phrases extorted from them. There have also been plenty of social engineering scams focused on extracting assets from users, whether by installing malicious software via a clicked link, or more sophisticated "pig butchering" and dating scams targeting known crypto holders.

Another issue that private keys present for institutions is the difficulty in sharing signing authority between team members, without exposing the company funds to insider threats. Qredo tackles this problem with a sophisticated approach to the creation of team policies, with secure governance over who can access and move funds around.

For more horror stories about private keys being exposed or lost forever, check out this post on the subject from our very own Qredo CEO, Anthony Foy.

Mistakes made in the creation of private keys

There have also, unfortunately, been mistakes made during the very creation of private keys, leading to them being vulnerable to theft from day one. In some cases, errors in code have shortened private keys, making them far easier to guess. In a few cases, users have been allowed to set their own private keys, which are often considerably simpler and easier to guess, much as normal passwords can be brute-force solved depending on their complexity.

At least one infamous (yes anonymous) user has become very rich from these errors already, known only as the “blockchain bandit”, this user amassed what was at one point worth almost $100 million USD in Ethereum from wallets with these kinds of vulnerabilities.

A litany of crypto hacks have exposed numerous private keys

Many of the recent hacks that have taken place in crypto are ultimately successful only because the single point of failure exists in the form of private keys. Exposure of keys protecting cross-chain crypto bridges has been a major theme in recent years. One of the largest was the Ronin Bridge / Axie Infinity hack, which drained over $600 million USD and is believed to have originated in North Korea. This hack succeeded thanks to a social engineering scam involving a job offer being sent to a senior engineer which contained an infected file. 

Custody battles over crypto

Self-custody is the golden standard in a revolution in asset ownership that blockchain technology has enabled. We have all seen the recent disasters attendant on allowing centralized entities like FTX to take custody of users' assets. Custodian services are a growing industry and are improving their offerings, but will never be truly comparable with having full control and custody over your own digital assets. 

It is vital, however, that we eliminate the critical flaw in self-custody systems, which afflicts paper wallets and cold wallet technology alike – the single point of failure inherent in the design of private keys. 

Irrespective of the issues afflicting the self-custody of seed phrases and private keys, Qredo remains a passionate champion of the importance of self-custody for digital assets. 

This is because we recognize the significance of self-custody and what it means for asset ownership. It is also because our product is all about solving the single point of failure problem with private keys.

We are proud to say that our Qredo Wallets have enhanced security designed into them from the beginning -  helping to protect your assets from all of the issues outlined above.

So even though we do utilise seed phrases for individual users to have a backup, this is never the only protection you have with Qredo.

Firstly anyone accessing your seed phrase would also need to know which email address to link it to, providing an added layer of security.

Secondly of course for our institutional accounts and any other wallets with team access, you can customize policies governing who is needed to give permissions, meaning that any exploit of one user's wallet access would remain insufficient to access or move funds.

Read on to find out how Qredo is changing the face of crypto wallet security.

Qredo’s decentralized multi-party computation: Self-custody, distributed

Qredo's revolutionary decentralized multi-party computation (dMPC) solution for secure self-custody is in a sense inspired by the very blockchain revolution that came before it – that of decentralized ledgers themselves. Our secure solution is also distributed across a network, which is what makes it so strong.

The computation which unlocks a Qredo Wallet itself takes place in a distributed manner, adding an unprecedented level of security to the process, meaning that a single private key need never exist in any one location when users access their wallets. 

This means that there is in fact no single point of failure when it comes to Qredo Wallets – no one thing which can be lost, stolen or broken to cut you off from your digital assets.

With Qredo, you have control of your digital assets. We are always working to increase the decentralized nature of our offering, making it ever more robust and giving you ever-enhanced levels of control. 

As we continue to develop our cutting-edge technology, we are confident that Qredo Wallets will remain a leading solution in cryptocurrency wallet security for many years to come.

Sign up for immutable peace of mind over your digital assets and set up your Qredo Wallet today. You'll never worry about your private keys again!

Open a Qredo Wallet