Skip to main content

Security

Blockchain technology is extremely secure when you follow best practices. In fact, many view it as more secure than the traditional banking system. Blockchain technology uses cryptography so strong that it would take much longer than a century for all of the super computers in the world to crack a single account.

There is a saying in cyber security, "a chain is only as strong as its weakest link." This adage applies to keeping your wallet secure, too. The cryptography protecting your account is rock solid. Nearly all crypto vulnerabilities originate from user errors.

Never reveal your account secrets

The Avana Wallet team will never under any circumstances ask you to reveal your account secrets.

Avana Wallet Security

We focus on security and a robust code base to protect our users. We participate in Bug Bounty programs to encourage security researchers to test our systems and proactively report potential issues.

Our wallet has been designed with security as a top priority. All of your data are encrypted on your device, and only you have the keys to access it. We follow all best practices for safeguarding your data.

When your device communicates with Avana Wallet servers, we use multiple layers of encryption and validation checks to prevent adversarial attacks. In addition to using standard TLS encryption, we use server-side crypto signatures to sign and verify sensitive data. Your device verifies that the content originated from Avana Wallet and was not tampered with during transit.

Security Best Practices

Following these best practices to help keep your account secure:

  • Lock your account when you are not using it (see Auto-Lock Feature)
  • Use two-factor authentication (see Two Factor Authentication)
  • Never tell anyone your account secrets
  • Never store your account secrets in clear text on your device
  • Be careful browsing the internet. Mistyping a URL or visiting a malicious site could end up installing malware on your device
    • A good way to preventative measure is to install NoScript to block javascript on untrusted sites
    • Even trusted sites can get hacked, and the hacker can direct that site to install malware on your device
    • Consider using one device for your crypto, and another device for browsing the internet
  • Keep your system clean and only install trusted software
    • Antivirus programs can give you a false sense of security. In fact, it is estimated that antivirus programs only catch one-third of viruses and malware
  • Consider keeping your crypto funds in multiple accounts - one on your device ("hot wallet"), and another off your device in a Hardware Wallet ("cold wallet")
  • Never open email attachments from senders you do not recognize

Cold Storage Wallets

Avana Wallet is designed to help you maximize your security options and works with cold storage devices such as Ledger. See Hardware Wallet for more information.

Many people prefer to keep their private keys stored in a hardware wallet, such as Ledger. Hardware wallets are often called "cold storage" because your private keys are stored off of your computer or mobile phone (as opposed to "hot wallets" where your private keys are stored on your computer or mobile phone).

Cold storage wallets can include many forms:

  • Separate digital device such as Ledger Nano S, Ledger Nano X, or Trezor (Trezor does not currently support Solana)
  • Written on a piece of paper and kept somewhere safe
  • Memorized recovery phrase (not recommended!)

Cold wallets offer greater security than hot wallets because they are not connected to the internet. Hot wallets are on a device connected to the internet - if the device ever becomes compromised with malware or a virus then persons with access to the device are one step closer to accessing the crypto private keys stored on the device.

Hackers can install a key logger on your device to record your keystrokes when you enter your wallet password, and then use that information to access your hot storage crypto wallet.

While cold storage wallets are more secure, they are less convenient. They require more time to approve transactions, and they require you to carry a physical device with you (everything in life seems to be a tradeoff 🤷).

We recommend using a dual approach - maintain both a hot wallet and cold wallet. Keep larger amounts of funds offline in a cold storage wallet that does not need to be accessed regularly, and keep smaller amount of funds in a hot wallet where it is easy to access and use. When you need to top up your hot wallet (for example, maybe once per month) you can transfer funds from your cold wallet to your hot wallet.

Hot Wallet / Cold Wallet Dual Approach

A dual approach of maintaining a hot wallet and cold wallet is similar to keeping both a savings account and a checking account at a traditional brick and mortar bank. You can use your checking account for everyday transactions, and you use your savings account for storing funds.

One way you can put your cold storage funds to work and generate yield is by participating in a staking program.