Blocto Crypto Wallet Security: How to Set Up a Secure Crypto Wallet

How to Set Up a Secure Crypto Wallet

Crypto scam alerts! Add an extra layer of security to your crypto wallet.

Why is crypto wallet security important?

Crypto scams and thefts have been increasing at a steady rate. According to the latest data presented by blockchain data firm Chainalysis, over $14 billion of digital assets were stolen by crypto-related scams in 2021, a new all-time high that is twice the $7.8 billion taken by scammers in 2020.

Compared to the traditional web infrastructure, blockchain provides a relatively more secure environment as a distributed ledger. Since its data is stored among multiple ends, hacking blockchain algorithms is unlikely. Yet the flaws within a compromised smart contract are still susceptible to hacking incidents. Furthermore, phishing scams are on the rise as well, which prey on crypto investors by sending scam emails or messages to trick the victims into exposing their private keys.

From this perspective, protecting one’s private key is crucial to crypto wallet security. Storing your private key, your password to your vault on the blockchain somewhere safe avoids hackers laying hands on your tokens without permission.

Blocto’s 2FA and biometric authentications allow you to add an extra layer of security to your wallet account. What’s even better, you have the option to switch from custodial mode to non-custodial mode anytime to give more protection to your crypto assets. Let’s find out.

Custodial vs non-custodial wallet — your choice

Being a smart contract wallet allows Blocto to run on a mixed-custodial key management model. You can set your Blocto wallet in either custodial or non-custodial mode. In custodial mode, your private key is stored in our secure server, while in non-custodial mode, you are the sole keeper of your key. Since your private key under non-custodial mode is no longer in our server, if you lose access to your account, we won’t be able to help recover your wallet.

For custodial wallet users

In custodial mode, Blocto manages the private key for you. The easy onboarding experience and swift fund transactions are for the custodial account. Since your custodial account is connected to the internet, you can sign in via your registered email address. If you lose your device under custodial mode, you will be able to recover your wallet account by submitting a generated passcode sent to your email. 

Little do you need to worry about remote cyberattacks. Our custodial key management service is built on Google Cloud Service, and we currently use a secured KMS service for private key management. Cloud KMS, together with Cloud HSM and Cloud EKM, manage all the private keys in the Blocto server to provide superior security.

Besides our crypto security system that supports a wide range of compliance mandates of key management, Blocto’s 2FA and biometric authentications add one more layer of security to your crypto wallet.

Here’s what you could do:

Enable biometric

  1. Update your Blocto App to the latest version
  2. Go to “Settings” in the bottom right corner
  3. Click on “Security”
  4. Enable biometric through “Passcode Unlock” 

Enable 2FA

  1. Update your Blocto App to the latest version
  2. Go to “Settings” in the bottom right corner
  3. Click on “Security” and click on “2 Factor Authentication”
  4. Download Google Authenticator or Authy in Google/Apple Store to continue
  5. Click “Get Started”
  6. Blocto will send an email with a one-time password directly to your registered email account
  7. Enter the password in Blocto App
  8. Scan the QR code to create a synced account in Google Authenticator or Authy
  9. Enter the six-digit token provided by Google Authenticator on the page of Blocto App
  10. Now you are all set!

For non-custodial wallet users

In non-custodial mode, you have complete control over your private key. What’s great about keeping the private key in self-custody is that you take full responsibility for the safety of your digital assets. What’s not so great is that self-custody leads to more authentication methods in crypto transactions. Also, if you accidentally lose your device under non-custodial mode, you can only use your recovery password to log in to your account. If you lose your recovery password, nobody can help you to recover your wallet. So, think carefully before making the decision. Once you switch to non-custodial mode, it cannot be undone.

Here’s what you could do:

  1. Go to “Settings” in the bottom right corner
  2. Click “Security”
  3. Click “Non-Custodial Mode”
  4. Set the recovery password and click “CONFIRM”
  5. Attention! Once you switch to non-custodial mode, you can never change it back!
  6. You will receive an email with your encrypted private key in a JSON file
  7. That’s it! Remember, never share your recovery password and private key with anyone!

You can add extra security by enabling biometric and 2FA (2-Factor Authentication) in your non-custodial Blocto wallet as well. Once enabled, it will take extra steps to access your wallet or send transactions.

🔗 If you want to learn more about our mixed-custodial key management model, please refers to our technical documents: