Ivo Georgiev for Cointelegraph: Secure Storage of Crypto Is All About Key Management
Ambire CEO Ivo Georgiev discusses the essentials of secure crypto storage and the role of key management.
Ambire’s co-founder and CEO prompted for insights in Cointelegraph’s 2022 Report
Cointelegraph has recently released its most recent analysis of the DeFi industry. A deep dive into numbers and possible outlooks, the report titled “Does the future of DeFi still belong to the Ethereum blockchain?” shows how the Ethereum leader is in a market of contenders for honing the mass shift from TradFi.
One of the key industry leaders featured in the report was our CEO, Ivo Georgiev. In a short interview, he spoke on how users and investors can enforce protection and autonomy while leveraging tech. See the interview below.
Cointelegraph: How can cryptocurrency investors avoid being front-run?
Ivo Georgiev: There are a few definitions of front-running when it comes to cryptocurrency investing. For one, when buying altcoins, it’s possible that there are early investors in that particular altcoin that you don’t know about. They bought at a much lower price before the coin was publicly traded so they are incentivized to sell and bag in a profit. To avoid this, cryptocurrency investors need to do deep due diligence and analyze the whole circulating supply of a specific coin/token before investing.
Second, when you buy/sell tokens on a DEX, you may get front-run or sandwiched, allowing bots to benefit from your allowed slippage. Slippage in DEXes is the difference between estimated execution price before the trade and the execution price when the trade actually happens (when the transaction is mined), and sandwiching is inserting transactions right before/after your trade to manipulate the spot price, so that your trade is executed at the worst allowed price for you. It’s still a form of front-running because the bot benefits from knowing your trade before it happens, and it’s the most widespread form. To prevent this, you can use a technology like Flashbots, which is a way of directly negotiating mining of your transactions with a miner, without broadcasting them publicly. The easiest way to do that is to use a wallet that has Flashbots built-in, like Ambire Wallet.
Cointelegraph: Is secure storage of Layer 1 cryptocurrencies like Ethereum different from secure storage of Layer 2 cryptocurrencies like Polygon (Matic)?
Ivo Georgiev: Secure storage of cryptocurrencies is the same regardless of whether it’s a L2 or L1 — it’s all about key management, and the industry standard for secure key management is to use a hardware wallet like Trezor/Ledger.
There is one caveat to that — bridged assets that exist on Ethereum but not natively on Polygon, but are bridged to Polygon, carry the extra bridge risk — for example, if the bridge gets hacked, the Polygon wrappers of those assets may suffer. As such, it’s better to keep those on their native chain (Ethereum).
Cointelegraph: What are the best blockchains for earning yields in DeFi and what yields per annum can investors make potentially?
Ivo Georgiev: This varies by the day, but UST on Terra is pretty popular these days, allowing over 30% yields on their native stablecoin. Of course, as a less proven chain, this is probably riskier than lending USDT/USDC on Ethereum for something like 3–5%. A middleground in terms of risk/reward is earning yield on stablecoins on Polygon, with a couple of solid options: Aave and Tesseract (Yearn alternative on Polygon), both allowing yields between 5–10%. Whatever the case may be, all these yields are at least ten times better than what banks can offer you, especially in this low-interest economic climate.
Cointelegraph: What are the risks with DeFi, and how can investors mitigate those risks?
Ivo Georgiev: The biggest risk in DeFi is the so-called rug pull, which can be generalized to any action by the project team that is unexpected and harmful to investors, but often immensely profitable to the project team.
To some extent, DeFi allows more opportunities for such actions, because the space is new, quick-moving, and investors are hungry for new opportunities and projects to invest in. This is why they often skip doing detailed due diligence. Furthermore, due to the complex nature of smart contracts and DeFi composability, it’s often possible for a big risk to be hiding in plain sight, and unless you’re experienced in reading Solidity and actually put in the time to do due diligence, you won’t spot it.
For example, when Sushiswap vampire-attacked Uniswap, they had a so-called migrator contract as part of the design. The contract owner could set this migrator contract to a malicious address and withdraw all LP tokens. While this didn’t happen in Sushiswap, many of it’s forks exploited this to steal all the liquidity staked, even if a migration was never on their roadmap.
One way to protect yourself from such risks is to check if a project has been audited by a reputable security firm, but a significantly better way is to be able to read the code and understand the contracts yourself, as this will allow you to understand “intended behavior” that would pass an audit but allows the project team to “rug pull”, such as the one given in the example. If you’re unable to, just trusting your intuition in terms of whether something seems shady or too good to be true goes a long way.
Over time, DeFi will actually become more resistant to this — because of its open nature, anyone being able to read code can actually feel safer putting their funds in a DeFi project rather than a centralized exchange or platform. As the industry matures and more people learn how to analyze these projects, DeFi’s strength of being fully transparent and auditable will shine.
Interested in Ambire? Follow us:
Discord | X (Twitter) | Reddit | GitHub | Telegram | Facebook