Creators Program: A Klever Conversation On Security
"In the case of the Klever wallet it guarantees you the full possession of your money & that you can withdraw or move it as you wish at any time," says Peter in his conversation with Enzo on Security.
The problem of security in the field of cryptocurrencies is extremely important.
For this reason I had a discussion with Peter, my adoptive nephew, who deserves the credit for introducing me to crypto through his enthusiasm. For the benefit of those who read this, I say that with Peter and other friends we have a finance and trading chat that we have been managing for over 5 years, and during this period we’ve seen many things but above all we have become great friends in mutual respect.
Peter is a blockchain and IT theoretical expert even if he does not carry out this activity in a primary way, and the following is the transcript of our conversation:
Enzo - Hi Peter, thank you for participating in this discussion regarding the security of cryptocurrency wallets. We always start from the fact that you are the expert and I’m the newbie uncle who does not understand anything.
Tell me a little about cryptographic security, what is this security? Can we use the term cryptographic or should we speak exclusively of Cryptocurrencies?
Peter - Hi uncle, let's get straight into the topic. Let’s say that the blockchain uses cryptography to allow the exchange of assets which in this case are cryptocurrencies, so one thing is cryptography and one thing is cryptocurrencies.
In general, we can say that there are various episodes related to computer security (cryptography) connected to cryptocurrencies, we can first talk about the most striking cases that involved some exchanges, even of large caliber, and then about the way to keep their coins.
Without necessarily generalizing, there are cases in which putting money into an exchange is not safe, because not all of them are as big as Binance or Coinbase which have an enormous degree of reliability. Even big exchanges are not free from hacking as we have seen in the case of Binance where someone managed to steal coins and luckily, those who had lost those coins were compensated in full, thanks to the seriousness of the exchange. Another very close example of a different nature, this time of reliability, is the case of Digifinex where, currently, those who have deposited their KLVs are no longer able to withdraw.
All these problems personally make me prefer self-custody.
In the case of the Klever wallet it guarantees you the full possession of your money and that you can withdraw or move it as you wish at any time.
This is a key difference between private custody and custody on an exchange. But beware, for me private custody is not for everyone.
Enzo - Wait a minute, let's take a step back. I say, I have cryptocurrencies and I want to be safe, are these cryptocurrencies safe in the first place? I mean is it a safe investment? Can people somehow go into these cryptocurrencies and take them without me noticing? Or is a stupid question?
Peter - It depends on many factors and is linked to what I said before that paradoxically private custody is not for everyone. Let me explain: the more careful you are in keeping your data, the better. The only way someone can take my cryptocurrencies is to steal my access codes, and mind you I'm saying steal.
Enzo - My question is from a person who does not understand anything: I have a cryptocurrency, let's say BTC, and consequently I have a contract or something similar on the blockchain, can this contract be hacked?
Peter - The strength of the blockchain lies in the fact that it cannot be altered, when a transaction is recorded on the blockchain it must be validated by nodes that are essentially computers where that operation is validated, and this remains immutable and irreversible.
So, from that point of view, having a coin registered in the blockchain is very safe.
Peter - It is not physically attackable. I can see the other coins of the blockchain and in fact there are sites where you can explore the blockchains and all you can do is look at the coins that are there and read a public address.
For example, if there is a million BTC in one particular address, ok, you can just see them through an explorer. Another matter is if I can take them, in this case no you cannot take them.
They are recorded in the blockchain and you see them, but in order to access that money you have to be the owner. Another person cannot take them, only those who are the real owner of the money can take them.
Enzo - So this money is linked to something that in turn connects it to me?
Peter - Of course, because the fundamental difference is that I see that money through the public key, while the private key, which is an encrypted mix of numbers and letters that form an address, is connected to me and only so I can access that money: without the private key I can't use them but I can only see them.
Enzo - Well, I'm finally starting to understand something. Now explain to me the difference between a hardware wallet and a wallet like Klever, where does it reside? Since both have a hardware structure in which in the first there is a dedicated device while in Klever there is a telephone dedicated to this purpose?
Peter - The main difference is the fact that a Klever-type wallet needs a mobile phone to work, you install it on an Android or iOS device and from that device you access Klever, which is a wallet that gives you the possession of private keys.
Instead, when you have a hardware wallet and you want to access your coins, you have to connect it to a computer and physically enter the device PIN in order to access. This also means that if you don't put your hardware in the computer those coins are always offline. So the way you have of being able to access those coins is only online at the time of linking.
Basically, since Klever is installed on a phone, it could suffer the risk of intrusion of the phone itself, because there can be no risk that someone will take your private keys from your Klever as you have to enter a PIN for each operation. If you want to access it from some other location, you have to steal the private keys to be able to do so. This is what can happen. But both systems, hardware wallet and Klever, are safe from this point of view.
Enzo - I always think for excesses, let's say I'm a hacker and you are using your hardware wallet on your computer. I put on your PC a spylog, a trojan or whatever, can't I access the PIN of your device? I understand this is a stupid question, but to access your funds you always need to have the hardware wallet connected, right?
Peter - Exactly. The hardware wallet interfaces with a program.
Enzo - So theoretically I can put on a trojan that when you connect your hardware wallet I can do you a huge damage or is it my impression that I can do a similar thing?
Peter - This is not possible because in addition to the operations you do with the software, you have to confirm them via the device PIN. So even in the presence of a spylogger, when you interface with the computer, if you put a trojan that sees my desktop live what I'm doing, you will see nothing except for my coins. You can also see which wallet I'm sending them to, you can collect all the information you want, but the fact remains that when I have to move them from my hardware wallet to an exchange, for example, I need to confirm the operation on the device as well. Moreover, this operation requires several steps, so even if you have hacked my computer you do not have the possibility to withdraw my coins.
Enzo - Of course, let's move on to another point, we talked about the importance of private keys, so what is the difference between owning private keys and instead relying on others to manage your wallet? We said that other wallets are more easily hackable, is it just that?
Peter – Are we talking about a mobile wallet right?
Enzo - Sure, so a Klever type wallet.
Peter - A wallet like Klever in itself is safe are the attitudes of the users that determine some vulnerability, let's take a few examples. Let's say that on my mobile phone I start installing applications from unknown sources, skipping all the security checks and deactivating safe protect from the Playstore, or I take the trouble to participate with my wallet, via browser app, in pyramid programs where they make you sign smart contracts that maybe have some hidden function inside them that allows you to be able to withdraw coins from your address without your consent, I am seriously risking my security. The problem is always this: user negligence.
The moment I install my wallet, I have marked my private keys on a sheet of paper and I keep this in a drawer or in the safe deposit box of the bank, and with my mobile I do nothing but normal things, that wallet it's safe. It always depends on the user. This is why I say that self-custody is not for everyone.
In this regard, I give the example of a friend of mine who recently wrote to me that his wallet had been hacked, my first response was, it is impossible that this happened, the wallet is safe.
Enzo - Wait let me understand, what did this friend of yours hack his wallet? Are we talking about Klever? Explain it to me?
Peter - This friend made a basic mistake, the error is upstream, when Klever was still TronWallet he installed the wallet and negligently left the private keys of the wallet inside the phone in a file. He didn't know that there are programs made specifically to scan files that have private keys or seeds inside them. To understand better, he had left the seeds for his wallet in his phone for two years. If you have not observed the security rules, or you have installed unverified programs or whatever, you have put your money at risk because with those keys everyone can access the functionality of the wallet. So the thing you should never do is keep your keys inside the phone, because you are putting the keys of the safe next to the safe.
If these keys were with me or in a safe deposit box in a bank or in another safe place, maybe the thief will go in search of another safe in another apartment. The same goes for Klever's private keys.
Enzo - Then your friend had inadvertently forgotten the wallet keys on display in a file that reads "to restore the wallet use these keys". How did you notice that something was wrong?
Peter - As I said before there are programs created specifically to find seeds or private keys on devices. My friend wrote me that his KLVs had been thawed out of staking, which meant someone had taken his seeds, installed a new wallet on another phone and restored the wallet.
Enzo - So, first of all, we thank the Klever function which allows the availability of the unstaked sums after 7 days.
Peter - This is a very good thing, because 7 days gives you time to run for cover. If your keys are stolen you may not know, but if you are staked and they unstaked you, you can take the necessary measures.
In this case my friend wrote to me describing the problem, obviously he was panicking. I told him: look, do a simple thing, install Klever on another phone or rather buy another fresh one, create a new wallet and as soon as the countdown ends, immediately transfer the sums to the new wallet. He was wondering how all this was possible, so I started asking questions: did you install something wrong? Do you have any Trojan horses in your phone? And so on. Eventually it turns out he had the seed file still in his phone and it was a couple of years back. So I thought someone was able to access this file.
For these reasons, I say that self-custody is good, but it is not for everyone. Not everyone is able to have the foresight of managing their keys.
Enzo - So let's say that this discussion on security is not so much about Klever, but about user behavior is a must. And how did it turn out?
Peter - He, as I said, was careful to wait for the countdown and as he had the availability of the sums, he transferred them to the new wallet and did not lose anything.
Enzo - Everything is good what ends well. One question, this is certainly a good experience and a good lesson, in your opinion how many really understand the importance of their own security, to keep these private keys in a safe place?
Peter - Well, I have had let's say different experiences about it, for example not everyone understands it because they think that these keys can be restored in some way and many people are used to not saving passwords anymore, so it is no longer necessary to know the password or Klever's 12 words, but that doesn't work because it's the basis of security.
You have these 12 words, the seeds, that allow you to restore your wallet and you also have a private key for each wallet address. So it is good practice to save one and save the other. Some still, indeed many do not understand that you cannot restore a wallet through customer service that returns your private keys to you. It is still not clear that by having those 12 words you have the availability of the money in that wallet. So once this is clear, you can also understand that there will never be a chance to get your 12 words back, these are yours and that's it. And this is the strength, it is not a bank where you withdraw money from your account with your access keys, because in the case of the bank you gave your money to a physical institution, in Klever wallet instead you have the money in your hand, money is not from Klever. Klever is simply a tool to interface with the blockchain. With the 12 words you have your own money and you manage it yourself. This is the big difference between self-custody and relying on an exchange.
Enzo - Excellent. Feel a bit in life, however, things can go wrong in any case, not necessarily the phone can be hacked, but it can be broken, let's say alternatives to backup not only written or engraved in stone, what else could be in your opinion?
Peter - There could certainly be another reliable system, at least in my case I have adopted this solution because mine KLVs have grown a lot and therefore it is no longer a game.
We are talking about large numbers so safety comes first. For example, if my phone falls and the screen breaks and I can no longer access Klever, I don't want to have the thought of having to restore my wallet or that I also know that I cannot sell immediately, so at home I have another phone where I loaded Klever by restoring the wallet and now I keep it locked in a drawer. So in my case I have a double protection: I have my private keys stored separately and to be more secure yet another backup phone.
Enzo - This second phone is an excellent solution and it could be a really good idea.
Peter - There are many solutions, but I want to point out another aspect, never take screenshots! This seems the easiest way to register private keys, because maybe at that moment you don't have a pen and paper available and you are instinctive to press and do it screenshot of your wallet keys. This is something you should never do because you don't know if maybe at that moment you have activated the sharing of photos on Google or iCloud, and therefore if that photo goes to the cloud it can happen that the online services are hacked.
A friend of mine took the screenshot, for example, and he had never saved the 12 words and his private keys on paper. He had a problem with his phone that could no longer charge and for this reason he took him to assistance where they fixed the damage to the phone but they also reset the device and do you know what happened? Goodbye money.
Enzo - In this case he was unable to access the cloud? Not even?
Peter - No, he had saved the file in the private memory of the phone, I had explained to him in the past that in case of problems he would not be able to restore his wallet, evidently he underestimated the problem and lost his money. In fact, when the unexpected happened he cursed himself for what happened to him, but at that point you can't do anything about it.
Let's say that among other alternatives you could take a pendrive, encode it, put a text file with the private keys inside it and use it on a computer that never goes online. So in case of need I turn on the computer that is offline and access my key, I put the passwords to decrypt the pendrive and recover the seeds, then I close everything and go. This would be another system.
Enzo - This is another good idea, other advice we can give? It seems to me that we have faced a bit of everything.
One thing instead, how do you see the future perspectives for Klever's security, especially regarding the news that has leaked about the hardware wallet?
Peter - Klever's hardware wallet is interesting for what I think it can do.
Enzo - Yes, because in reality we don’t know anything, we only know that there will be a black hole where personal keys will be contained and it will be inaccessible, even if we do not know the real functioning.
Peter - Klever's hardware wallet could be the natural evolution of Klever's security, let me explain: the wallet installed in the phone can suffer from the security of the operating system in which it operates, if I hack the Android or iOS operating system ...
Enzo - Wait a moment before continuing, another thought is coming to me, if I install on the phone with root permissions a modified version of the OS, which is not certified by anyone, then I also run the risk!
Peter - Of course. I don't know if you've ever had a phone with a modified ROM and active root, many programs warn you that the device is rooted, although there are ways to hide this modification. Currently many applications of the Banks are gearing up to not be able to run on rooted phones.
Having a phone with a modified ROM could also mean that there is a backdoor to be able to remotely access and verify the contents of the phone. There are obviously modified ROMs that offer guarantees, but I would never have the peace of mind of having my phone, with my money, run by a modified system. It would be better to have only one phone dedicated exclusively to the wallet, ok? Without even having it as your main phone. This could be a good method.
Enzo - This could be interesting and maybe we wait for the presentation of Klever's mobile phone. This, in association with the Klever hardware wallet, will certainly be a super secure system, in the meantime we obviously have to adopt all the most up-to-date security measures.
Peter - Yes. As for the Klever hardware wallet, I think that as you said before, the natural evolution of security is a hardware that interfaces with my software wallet and allows me to confirm transactions only in association between the two systems. This could put an end to the problem of seed theft. Because right now that's the thing one anyone has to worry about.
Enzo - In this way don't we risk complicating our life? I mean, phone for the wallet + additional hardware for confirmations, they become two devices to manage.
Peter - I think that when one has $10k and up in his wallet, life has to be complicated. Because he has to protect his money. Because the very fact of giving birth to his financial freedom must also give birth to his awareness that the safety of his money depends on himself. So, having a secure system that protects you even if you have to put an extra PIN is a must for me.
Enzo - With what you are saying you are making me anxious, and as you know I hardly get anxious.
Peter – Well, actually we are talking about the figures that a western worker earns in months and months of work, so having $10k in a wallet you have to take the necessary measures to stay safe. Because Klever being a rapidly evolving project, it might as well be that $10k in three or four years becomes $100k or more, so in the end one has to take the time to keep his money safe. Consequently, he has to put in place all the tools to do this. If you are not a very careful person, you have computer gaps, then you rely on the Klever Exchange which is based on PW and your Google account and you will have a certain degree of security even if you do not hold the keys to your wallet.
I would like to add something about the Klever wallet, regard to the possibility of having many sub-folders in the wallet relative to the various blockchains. The world of cryptocurrencies is affected by the fact that you have to store your coins in many different wallets in relation as I said to the blockchains that there are. Let's say the case of Metamask, before Klever gave you access to the Ethereum or Binance blockchain, you needed Metamask to interface with the Ethereum blockchain or the Binance BSC.
Now, with Klever, you have the possibility to access multiple blockchains, so with your single wallet, with a single seed you restore and access all the blockchains so the need to jealously guard the seeds becomes more and more important.
Enzo - Exactly, what Klever is doing.
Peter - Yes, Klever gives you access to multiple blockchains and is simplifying how you interact with Dapps.
Each address has its own private key, there are wallets that interface with Cardano for example and if you want to have Cardano you have to go to those wallets. Little by little, Klever is adding all the folders to have a single blockchain home and thus become a cross-chain, because the future will be interchangeability between various blockchains.
Enzo - Excuse me if I allow myself, but it is this reason that in July of last year made us embrace the Klever project.
Peter - Yes, actually last year was a good year, because we saw this project, we saw the team, we saw what they were building and what they wanted to build and in fact we made the right choice, also because they paid us back abundantly, and they are still paying us back.
Enzo - And still the best is yet to come as the Klever Roadmap teaches. But I would add that Klever has gone from 40 employees to 120 employees in just under a year and if I am not mistaken there should now be almost 3 million Klever users, so it is a young and rapidly expanding company. So much so that in my opinion a chain reaction is taking place whose consequences are only conceivable.
Peter - We must also take into account that in the world of cryptocurrencies we must not be in a hurry, because it is a world where most of the world population has not yet entered, we can define ourselves as pioneers, the results will arrive sooner or later it is normal that this is the case.
Enzo - As if we have not had concrete results so far, well, obviously it was a joke. Okay Peter, it seems to me that a good discussion has come out on the security aspects, we hope to be able to sensitize people, at least not to underestimate what can happen.
Peter - Thanks for this chat to you too, we really hope that the safety issue is no longer underestimated.
Interview and text by,
Enzo M & Peter
Enzo is the Medical Director and Quality Manager for an Italian Public Health Company
Peter describes himself: “I’m a 41-year-old man, I was born and raised in Sardinia where I studied up to graduate, I can say that I have been studying computer science for about 22 years using the extraordinary interaction between chats and the various how to the network, I could be framed as a problem solving, I have a job as an office clerk, I define myself as a determined person, my best quality is to never give up, I entered cryptocurrencies at the end of 2017 on the wave of overtime boom of bitcoin, from that moment I have dedicated my life to studying the blockchain and its various nuances, I started with the tron network and then moved on to other blockchains, to date I can define myself as an informed enthusiast of crypto, I actively participate in discussions on various telegram channels and I am very proud to have participated in this interview with my beloved Uncle.”
Disclosure: We have a position in #Klever $KLV; we wrote this article by ourselves, and it expresses our own opinions. We have no business relationship with any company whose coins or tokens are mentioned in this article.
If you enjoyed the article by Enzo M and Peter, make sure to leave the a KLV tip in their Klever address below: