A Holochain Leadership and Org Update

Wallets vs. Exchange Accounts vs. Holo(Fuel) Accounts

Leadership & Org Update 03

We’ve been talking these past weeks about “controlling your identity,” “owning your data,” and having both the seed and private keys for your account. But what does that mean? In this post we’re aiming to further define the way that wallets, exchange accounts, and HoloFuel accounts work and explore some of the security mechanisms that each employs.

A common claim among early cryptocurrency enthusiasts was: “If you don’t own your private keys, you don’t own your bitcoins.” This understanding is essentially an extension of one of the main criticisms of national monetary systems; people question the control one truly has over one’s own national fiat money if it is stored in a bank or other account that is open and accessible to be changed by the bank itself, or even governmental institutions.

Issues that can happen with accounts are even more problematic in the wild west of crypto. Without the initial safety protocols and regulatory oversight to which the banking industry is subject, exchanges and the accounts within them have been the target of many hacks. Blockchain Graveyard, a list of cryptocurrency exchanges that have been hacked, continues to grow. With more than $927M stolen from cryptocurrency exchanges and other platforms by hackers, as reported by CipherTrace’s industry report, it’s absolutely justified for the owners of cryptocurrencies to be worried about the security and integrity of their funds when hosted on various platforms.

But this gets ahead of things a bit — let’s step back and do some definitional work to understand the different types of storage available for cryptocurrencies and the types of security they use. Our primary goal will be to distinguish wallets from exchange accounts and introduce the concept of the Holo Account — in particular, the HoloFuel Account.

Wallets

There are two basic categories of wallets: those that are cold, which typically means the private keys are totally offline, and those that are hot, which run on Internet-connected devices. Cold storage options include paper wallets and hardware wallets; hot wallet options include mobile wallets, desktop wallets, and online (web) wallets.

One of the fundamental reasons for the creation of cryptocurrencies is that the owner is able to safeguard their own money and doesn’t need to be dependent on another trusted third party to do so. The choices between Hot or Cold wallet options essentially contrast speed and efficiency with security concerns.

Cold storage, in which keys are totally offline, is the best protection you can have according to the majority of security analysts. Using an offline wallet may help you keep your own money — but if you lose your private keys, you automatically lose your money with no way to restore it. There is no option to reset your password. Paper wallets remain the cheapest form of cold wallets available in the industry. Once you transfer coins or tokens to a public address, the funds are safe. Paper wallets work as banknotes; they can be stolen, and are subject to being physically destroyed in the instance of fire or flood. Paper wallets are risk-free from malware and hackers if created on safe devices, but they might be confusing for beginners.

Hardware wallets are more expensive. They are physical devices that you purchase, such as a Trezor or Ledger Nano S. Such devices store private keys offline so they can’t be hacked, which means they are relatively safe, even if they are connected to a malware-infected computer. In a hacker’s attempt to compromise a transaction, funds will be not available since the hacker will not be able to access the private keys used.

While cold storage is kept disconnected from the Internet, hot wallets are the connected options, and often considered the easiest way to store small amounts of cryptocurrencies, making spending and receiving payments as convenient as possible. In general, it’s not recommended to store large amounts of cryptocurrencies in a hot wallet. Web wallets offer the lowest level of security; their strongest advantage is the fact that they are accessible from any Internet-connected device. You also can’t lose online wallets like a mobile wallet. Web wallets, however, are the easiest targets for fraudsters and hackers. Further, there are providers who may not allow you to keep complete control of the wallet,effectively transforming a wallet into centralized account. These are not advised. Desktop wallets remain the most common type of hot wallet out there — easy to use, relatively secure, a variety of options to choose from, and free to download. Most of the desktop wallets are only accessible from the machine on which they are installed.

Exchange Accounts

Most people likely understand that if you do not control the private keys, you do not control the account. This is what primarily distinguishes an exchange account from a wallet.

From a security perspective, most exchanges keep the vast majority (97%+) of their assets in cold storage. That means that keys are hosted offline, making the funds inaccessible to hackers.
When it comes to cryptocurrency exchanges, the most vulnerable operation is an attack on the hot wallets that are used when users are transferring cryptocurrencies in or out of the account.

There are other risks associated with holding funds in a cryptocurrency exchange account that are not related to the exchange itself. Among these are unsafe computers, unsafe WIFI networks, untrusted plugins, impostor and fraudster websites with domains similar to original websites, weak passwords, lack of 2-factor authentication, unauthorized access to user’s email or telephone number, and violation of the account. These exploits target mainly inexperienced users, and potentially, users keeping funds in personal wallets. Risks may also be related to regulation, since it’s possible for governments to freeze the funds in an exchange if the exchange is involved in criminal activity. Cryptocurrency exchanges are the targets of hackers and DDOS attacks, can be shut down by authorities, and can prove unreliable and unavailable at the time you want to access your funds. Fundamentally, a vast majority of these risks are driven by the underlying fact that you do not control the wallet where your crypto is being stored.

Holo(Fuel) Accounts

A direct comparison between Wallets, Exchange Accounts, and Holo(Fuel) Accounts is difficult because as conceptual categories go, they are not quite the same thing.

Holochain is a distributed application framework. Holo is a distributed hosting platform. HoloFuel is a currency and an application that runs on top of the Holochain framework and is part of the Holo hosting platform. In the previous Holo AMA, you may have heard me describe Holochain as a data integrity engine. This is because Holochain is designed to enable distributed apps that work inside of a shared, secure context.

With HoloFuel, you cannot send or debit your agent account without simultaneously crediting another agent’s account. This creates an effect similar to double-entry accounting; where each agent chain is the equivalent of a single account in the chart of accounts. The rules of this accounting game are defined in code. Both participants first make sure they are playing by the exact same rules, then that transaction satisfies those rules. If you’re reading our developer documents, these rules (code) are expressed as DNA.

Now, let’s summarise what we mean by the secure context for Holochain apps and your HoloFuel Account.

1. Mutuality & Consent: Cryptocurrencies typically operate based on a single signature from the spender. There is no evidence for the receiver to know that they are even party to a transaction, much less a crime if funds are being stolen. With HoloFuel, transactions are between agents who are mutually aware and consenting, and this consent is demonstrated by the countersignatures of each agent on the transaction saved to both chains.
2. Immutability and Verifiability: Transactions are immutable and verifiable because of how they interact with the distributed hash table (DHT). Agents first inspect the state (signature history) of the other party and cryptographically sign their agreement. The headers are then saved to the DHT.
3. Key Management: If your device with your keys and chain is lost or stolen, as long as you wrote down your master seed as advised, you can revoke those keys and instantiate new ones to prevent anyone else from using them, keeping control of your account.
4. Possession of both the account (source chain) and the private keys is required to produce valid transactions of HoloFuel.

We hope this introduction to Holo and specifically HoloFuel Accounts, is useful. A more technical post will be forthcoming in the next week, and we are planning to have one or more of our developers with us at the next AMA to help answer some of our community’s more technical questions. As always, we welcome your input and feedback.

As a reminder, the milestones and releases that will be coming out are:

Promised in February

1. Holo Closed Alpha Testnet

Dates To Be Announced

1. HoloPorts Shipped
2. Holo Open Alpha Testnet
3. Holo Full Feature Testnet
4. Holo Beta Mainnet

— Holo Executive Director, Mary Camacho

Some Rights Reserved