👤 THE HUMAN FIREWALL

Lesson 6: Wallet Security, Keys, and Operational Security (OpSec)

1. The Vault's Master Key: Your Keys

In Lesson 2, you learned that cryptographic keys secure your assets. In practice, you interact with these keys through a **Wallet**. Understanding how your wallet holds these keys is the most critical security step.

🗝️ Seed Phrase (Recovery Phrase)

This is a list of 12 or 24 words (e.g., `apple fence tiger rocket...`). It is **NOT** your password.

**What it is:** The Master Key (Private Key) that can regenerate **ALL** your individual crypto addresses and their funds.
**Danger:** If an attacker gets this, they empty all your accounts instantly.

**WARNING:** Never type this into a computer connected to the internet!

🔑 Private Key

This is a single, long alphanumeric string (e.g., `E987DAF3...`).

**What it is:** The key that controls a **single** specific cryptocurrency address.
**Analogy:** The key to one specific lockbox inside the vault.

🚨 Lab 6.1: Key Exposure Simulator

You have three keys. The goal is to keep the **Seed Phrase** in Cold Storage (safe/offline).

🔥 Hot Storage (Internet Connected)

Transaction Signature

Individual Account Private Key

12-Word Seed Phrase (Master Key)

Public Key / Address

❄️ Cold Storage (Offline & Secure)

**Drag only the MASTER KEY here.**

2. The Two Types of Wallets

Wallet security is categorized by how often the keys touch the internet.

🔥 Hot Wallet

**HIGH RISK**

Always connected to the internet (e.g., MetaMask browser extension, mobile app, exchange account).

❄️ Cold Wallet

**LOW RISK**

Keys are stored offline (e.g., Hardware Wallets like Ledger/Trezor, paper wallet).

🔒 Lab 6.2: Hardware Wallet (The Physical Check)

The strength of a hardware wallet is the **physical barrier**. The private key never leaves the device.

**Scenario:** You need to send 1 ETH. This is how the process works with a secure device:

🖥️ Computer

1. Creates unsigned transaction.

⬇️ USB CABLE ⬆️

🔐 Hardware Wallet (Offline)

2. Displays transaction details on its small screen.

3. The Human Firewall: OpSec Principles

Operational Security (OpSec) is about protecting information and assets through careful practices. **You** are the first and last line of defense.

🛡️ Principle 1: Defense in Layers (Multi-Sig)

For large funds, never rely on one key. A **Multi-Signature (Multi-Sig)** wallet requires multiple private keys (like 2 out of 3 people) to sign a transaction.

**Analogy:** A bank vault that requires the Manager's key AND the Assistant Manager's key to open.

🛡️ Principle 2: Separation of Funds (Hot vs. Cold)

Never keep all your crypto in one place. Treat your wallets like checking and savings accounts:

**Checking (Hot Wallet):** Small amounts for trading/daily use. (High Risk)
**Savings (Cold Wallet):** Large, long-term holdings. (Low Risk)

🛡️ Principle 3: Revoke Permissions (The Smart Contract Risk)

When you use a decentralized app (DApp), you often give the DApp's smart contract **permission** to spend your tokens (an 'Allowance'). If that contract is hacked later, an attacker can drain your funds using that old permission.

🚫 Lab 6.3: Revoke Old Permissions

You approved two contracts a year ago. One is known to be hacked. Find the risky contract and revoke its allowance!

DApp Contract 1: NFT Game Marketplace [ Click to Inspect ]

Allowance: 1,000 DAPP Tokens

Status: Unknown Risk

DApp Contract 2: Ancient Yield Farm [ Click to Inspect ]

Allowance: **Unlimited** DAPP Tokens

Status: **🚨 HIGH RISK / COMPROMISED**

4. Final OpSec Assessment

Question 1: What is the primary advantage of a **Cold Wallet** over a Hot Wallet?

Question 2: What crucial security function does the **Hardware Wallet** perform during a transaction?

Question 3: If an attacker steals a smart contract's allowance (permission) to spend your tokens, which OpSec principle did you likely forget?

Question 4: What is the only key/phrase that can regenerate ALL your accounts?