Komet Wallet: Your safest way to access digital collectibles

Komet

Feb 26, 2024 • 6 min read

The first thing any degen does while stepping into the web3 world for the first time is creating a wallet. While it may not appear that crucial initially, being the centre of all your transactions, it largely dictates your overall web3 experience.

A wallet in web3 is more than just a place to store your crypto. It’s your identity, your bank, your UPI and the gateway for you to access a plethora of airdrops out there. Understanding how a wallet works is crucial. It’s not just about storing your assets, but also about interacting with various protocols, making transactions, and even participating as a contributor.

Some degens stick to the mainstream hot wallets (wallets that are on your device as a software) while some take an extra step and get a cold wallet (hardware wallets that you can find in the form of a pen drive or sometimes even just a paper). Among the former category of hot wallets, there are still custodial and non-custodial wallets: wallets whose private keys are with the crypto/NFT exchange and wallets whose access is solely given to its owner.

Which wallet you go for depends on your use case and more importantly, how secure and trustworthy it is. Over $88 million worth of assets were stolen up until mid-2023 and the number must’ve increased further since then. Wallet hacks are not new and it’s non-negotiable to protect your assets. Let’s first look at the possible vulnerabilities of your wallet, followed by how you can fix those loopholes.

Possible Threats and Vulnerabilities

Crypto wallets, while essential for managing digital currencies, are susceptible to various vulnerabilities. Here are some potential risks:

1. DeFi and dApps Integration Risks: Wallets often feature integration with decentralised apps (dApps). This introduces several threat vectors such as communication between the wallet and the dApp, malicious dApps, and potential platform risks for web and mobile. Even if dApps are from a “trusted source,” they could still be malicious or compromised.

2. Third-Party Libraries and Dependencies: Crypto wallets often incorporate dependencies and libraries that can access sensitive wallet data. If a library or dependency has a vulnerability, this can result in the entire wallet having this vulnerability or something even more serious.

3. Malware Attacks: Malicious software, commonly referred to as malware, can infect your device and compromise the security of your crypto wallet. This malware can include keyloggers, trojans, and ransomware, all designed to steal your private keys or access your wallet.

4. Hacking Attempts: Hackers are constantly evolving and devising new methods to breach the security of cryptocurrency wallets. They may exploit vulnerabilities in wallet software, conduct brute force attacks, or employ social engineering techniques to gain unauthorised access to your accounts.

NFTs are often targeted by code exploits rather than the NFTs themselves and these vulnerabilities can put your fungible tokens at risk too. So, how do you protect your assets against such activities? By using a secure wallet. And how to know whether a given wallet is secure or not?

What to look out for in a wallet

While it’s hard to guarantee if a given wallet is secure or not, you can look out for a few features to see if the wallet is at least meeting the basic criteria. Here’s a checklist of such features:

Non-Custodial: You’re the sole owner of your private keys, giving you complete control over your cryptocurrency.
Multisig: Requires multiple keys to authorise a cryptocurrency transaction, providing an additional layer of security.
Two-Factor Authentication (2FA): A security measure that requires two types of identification before accessing your wallet.
Encryption: Your private keys are converted into unreadable code that can only be deciphered with a secret key or password.
Backup Options: An option to backup your private keys, a safety net in case you lose access to your device.
Compatibility: The wallet should be compatible with different operating systems and devices.
User Interface: The wallet should be user-friendly, even for noobs.
Transparency: The wallet’s code should be open for everyone to see, allowing for collective development and auditing.

How Komet keeps you secure

Komet Wallet is a non-custodial, multisig social wallet that is protected by various layers of tech. At Komet, you can rest assured that:

Your keys are safe
Your data is confidential
No third party app can harm your wallet
Your wallet isn’t vulnerable to hacking attempts

How? Let’s look at it one by one:

Komet has implemented JWT (JSON Web Token) API to ensure secure information exchange between parties.

The JWT is signed by Komet’s server and contains encoded information about the user. When a user logs in, the server generates a JWT, signs it, and sends it to the user. The user then includes this JWT in the header of their requests to authenticate themselves. The server validates the JWT by verifying its signature. This method allows for stateless authentication, as the server does not need to keep a record of individual tokens.

2. Komet has partnered up with various platforms (such as Bharatbox, Sedax and InDAO) and it uses technology like Google Access token and ZK to safeguard your credentials on each one of them.

The partner requests a signer with the user’s bearer token and the partner’s credentials. In response, the Komet server provides an encrypted signer that can only be decrypted using the partner’s credentials.

3. To keep your keys safe, again the JSON Web Tokens (JWT) and Google Access Token features come in picture to help with authorization and key management.

JWT is a compact, URL-safe means of representing claims to be transferred between two parties. It is used to authenticate requests to the server. Google Access Token, on the other hand, is used to authenticate the application, allowing it to interact with Google APIs. Both of them together provide a fool-proof security framework for managing access to your assets.

4. At last, Komet utilises Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA) as encryption algorithms in conjunction with an API gateway to ensure the security of our requests.

This approach helps safeguard the integrity and confidentiality of data as it is transmitted between different systems, further enhancing the security of our operations.

A few other security measures that are embedded in Komet are as given below:

With all these layers of security, there’s little to no chance of any kind of breaches. And although the team is constantly working on making it even more safe and secure, there are a few things you do for your wallet yourself to make sure you don’t get rugged.

How you can ensure the safety of your assets

Here are a few things you, as a degen, can do to secure your wallet by yourself:

Update passwords and enable 2FA if compromised.
To protect your seed phrase offline, split it and store it in two places.
Use a secure hardware wallet and keep it updated.
Verify email senders before sharing information.
Keep your seed phrase private and off devices, or use a wallet like Komet Social Wallet that allows you to not worry about the seed phrase at all.
Buy hardware wallets directly from trusted vendors and consider shipping to a locker.
Avoid SMS authentication, use app-based 2FA.
Disconnect your wallet from dApps after use.
Use burner wallets for unfamiliar sites or minting/airdrops.

And with that alpha, you’ve got everything you need to know regarding wallet security. Remember that a safe wallet is the first step towards wealth creation and that’s exactly the vision we had for Komet Wallet.

So, take a step ahead to dive into the NFT realm in the smoothest way possible with Komet. Head over to app.komet.me and know for yourself!