Deep Dilemma Should Assets be Stored in a Cold Wallet or Exchange How to Choose

Author: OneKey Source: X, @OneKeyCN
Lately, both Binance and OKEx have been experiencing turbulence. Binance users reported that a malicious plugin named Aggr bypassed Binance’s Multi-Factor Authentication (MFA) and stole users’ assets through keylogging. On the other hand, OKEx users claimed that hackers used AI deepfake technology to bypass MFA, change their phone numbers, emails, and Google authenticators, and then stole their assets.
The affected users wrote detailed accounts of their experiences, causing a stir in the community. Screenshots and rumors circulated, urging people to quickly withdraw their tokens in a panic.
But is simply withdrawing tokens enough? Perhaps, the underlying question reflects a flawed mindset.
Security has never been a simple multiple-choice question.
Understanding the defense line of Web2 account security: MFA
If you had to choose between a cold wallet and an exchange, you are essentially choosing between “private keys” and “MFA Multi-Factor Authentication.”
For MFA, if you’ve been surfing the internet for years, you may already understand that a simple password isn’t enough anymore. SMS codes, email verifications, and even facial recognition or Google authenticators have become the new “heroes.” Some domestic apps don’t even require passwords, only phone verification.
This is understandable because most people’s passwords are not secure enough (many password databases have been compromised numerous times by various websites worldwide), so they need layers of protection:
The first layer consists of information only you know, such as passwords and security questions.
The second layer includes items only you possess, like SIM cards, phones, and Google authenticator dynamic passwords.
The third layer involves features unique to you, such as fingerprints, irises, facial recognition, and voice.
A common combination of authentication factors: password + email verification code + phone verification code + Google authenticator dynamic password + user facial identity information.
Doesn’t that sound foolproof? In theory, with complete MFA enabled, an account should be very secure. Even if one layer is breached, hackers cannot access the account unless they also have other authentication factors.
However, this is not always the case in practice.
In the processes of major internet companies, they may adopt dynamic and selective verification to simplify user operations.
At this point, what truly matters is whether their risk control measures (e.g., recognizing abnormal logins, detecting remote logins) can cover the edge cases of user operations.
For example, in September 2023, Ethereum founder Vitalik fell victim to a SimSwap attack on Twitter – hackers used social engineering to convince T-mobile to transfer Vitalik’s phone number to their device. Subsequently, fraudulent tweets were posted from Vitalik’s account, resulting in a loss of approximately $690,000.
Afterward, Vitalik lamented on Warcast (a decentralized social platform) that a phone number was enough to reset a Twitter account’s password, showing that phone numbers are not secure. The Chief Information Security Officer of SlowMist Technology also stated that SimSwap attacks are inexpensive, with even prices for hijacking SIM cards in the black market (source: https://x.com/WuBlockchain/status/1701407498174108136, https://chaincatcher.com/article/2101231).
This demonstrates that even with MFA in place, if phone number verification has excessive permissions and failed to identify abnormal logins, Twitter did not prevent the hacker’s attack. Of course, this could also be a balance between efficiency and security for Twitter.
This balance poses a significant challenge for exchanges that manage users’ assets.
Taking the example of Binance users losing assets due to a malicious plugin. In reality, hackers cannot directly steal users’ assets by withdrawing to the chain, as it would require passing through MFA. Therefore, hackers engage in wash trading through transactions, profiting from the volatility by executing back-and-forth trades with a low market cap token. They then swiftly withdraw from another account to complete the theft.
However, for exchanges operating under logged-in states, most users prefer swift and efficient trading. No one wants to go through several layers of MFA during fast-paced trading. In this regard, Binance can only solve this by upgrading to more complex risk control measures (such as identifying wash trades) instead of using MFA to impact user trading efficiency.
Giving up the one-size-fits-all approach, the wise prepare multiple defenses
After reading the previous section, you likely understand that MFA is not a perfect solution and requires a balance between efficiency and security through risk control measures. Even world-class giants need constant upgrades.
Choosing private keys means taking on the responsibility of managing risk control measures, placing the pressure on yourself to upgrade.
Are you prepared to have complete control over your crypto assets? You might start by simply copying private keys from a hardware wallet to a piece of paper, but you will soon realize that it is not enough.
You still need to:
– Protect your computer from hackers with the same intensity;
– Stay vigilant against the latest phishing and social engineering attacks;
– Allocate funds between commonly used hot wallets and cold wallets, while managing authorizations;
– Incur additional costs, such as using hardware wallets to isolate and protect private keys, or even more advanced solutions.
At this stage, you will understand that the question of whether to store assets in a cold wallet or an exchange is not a straightforward one. Both private keys and MFA have their advantages and trade-offs.
For systematically managing asset security, it is more important to consider these questions:
– What are the risks? For most users, it involves preventing hacker intrusions and phishing attacks;
– How can risks be diversified? By reducing the risk of a single point of failure through diverse and redundant strategies; in the DeFi community, there is a saying, “one mine, one address,” which you may find enlightening;
– How can risks be mitigated? Take various preventive and control measures within your capabilities, such as installing security plugins, using hardware wallets, or even implementing multi-signature security;
– How can risks be addressed? Develop emergency response and disaster recovery plans, such as how to quickly contact security organizations