Before we dive into the details of security, we'll review the various blockchains available as platforms for development, and how they differ.
Managing Your Keys
Attack Vectors and Prevention
For each of the limits of a system, there are a number of ways that a malicious party might exploit them for personal gain. In this module, we'll review the various attacks and provide some suggestions as to how they can be mitigated.
With disintermediation comes reduced support and increased risks of personal compromise. In a public context, there is no backup plan or password reset. If you drop your wallet on the sidewalk, you lose your money. Similarly, if you don’t look after your house keys or private keys, it could result in being irrevocably locked out.
Especially in public environments, proper key management is incredibly important. If your project is running on a public blockchain, a compromised key could mean having your funds hijacked, or smart contracts compromised. Currently, there is little in the way of “undo” functionality for these types of scenarios. In private blockchains, an ecosystem where there may be a greater degree of control, it’s still very important to ensure that information can still be securely added and stored on the chain. In the same way that it’s important for users to secure their passwords for personal accounts, they should ensure that their keys are stored securely and backed up to minimize risks of being lost or inaccessible.
In the case of decentralized applications, this means that there is always a risk that your organization could lose control of a smart contract or other assets if the keys are lost, and there is no recourse. As a result, it is always recommended to consult with technical experts prior to engaging in any on-chain business or when dealing with large amounts of cryptocurrency. They can help ensure that proper recovery techniques are in place including multi-signature shared control.