41 Show Time Episode 3 - Kushen Wallet: With the halving approaching, how to protect the security of blockchain assets?

【AMA First Question】

Li Quan: Thank you for the attention of the host and listeners. KuShen Wallet Company was established in November 2016. It is a high-tech company focusing on providing secure storage and management solutions for blockchain assets. It is also the only wallet company selected by the Ministry of Industry and Information Technology to publish two official blockchain industry reports. It has patented technology, software copyright and global electronic product import and export qualifications.

Kushen's mission is to be the "blockchain asset protection god" and its vision is to become "the world's first-class blockchain asset security service provider". So far, Kushen has launched a series of personal and enterprise-level smart hardware wallet products, covering many countries and regions around the world including China, Japan, South Korea, the United States and Southeast Asia.

Kushen hardware wallet is a true "cold wallet" that can store a variety of digital assets. The QR code and NFC communication methods ensure that private keys never touch the Internet, completely eliminating the risk of being stolen by hackers.

【AMA Question 2】

Li Quan: To facilitate your understanding, I will start with the most basic wallet. In fact, a digital asset wallet is a tool for storing and managing private keys, including basic functions such as balance query and sending transactions. In fact, there are many types of wallets, and there are different types from different dimensions. According to whether the environment where the private key is stored is connected to the Internet, it is divided into cold wallets and hot wallets. According to the integrity of data storage, it is divided into light node wallets and full node wallets. According to the storage method of private keys, it is divided into centralized wallets and decentralized wallets. According to the main chain relationship, it is divided into main chain wallets and multi-chain wallets. According to the private key signature method, it is divided into single signature wallets and multi-signature wallets, etc. This is a professional subdivision.

For ordinary users, the current common mainstream wallets are mainly divided into three types: cold wallets, cloud wallets, and app wallets, which differ in the way the private key is stored.

A cold wallet is a wallet that stores digital currency offline. Users generate digital currency addresses and private keys on an offline wallet and then save them. A cold wallet stores digital currency without any network connection, so hackers cannot enter the wallet to obtain the private key. It is the wallet with the highest security level.

The cloud wallet stores assets on the wallet platform address, and provides users with a simulated digital account. Only when withdrawing money will the platform actually transfer the assets to the user's address. Its advantages are simple and convenient operation and low threshold. Its disadvantage is that if something goes wrong with the platform, the user's assets can basically be irrecoverable.

The app wallet stores the private key in the mobile phone, and the assets are controlled by the user. The user is required to back up the mnemonic phrase himself. However, since the mobile phone is connected to the Internet, hackers may attack the phone through the Internet and steal the encrypted assets.

【AMA Question 3】

Li Quan: The frequent thefts of coins in exchanges are caused by hackers, exchange code issues, server vulnerabilities, human violations, and theft. For users, they are all asset security issues of the same nature. I can answer this from three aspects:

1) First, let’s talk about why exchanges are the hardest hit by asset security incidents.

We can first think about why the country has so many laws and regulations and license requirements for the financial industry, because finance is too close to money and the benefits are too great. Then back to our blockchain industry, the blockchain industry is still in its early stages of development. The interests involved in the exchange are too great. The role is basically equivalent to the China Securities Regulatory Commission plus the Development Committee, securities companies, etc., which is equivalent to a traditional financial industry that does everything in the securities industry. What's more, user assets are concentrated in the hands of the exchange, so there is no corresponding legal and regulatory supervision. It is inevitable that some people will be tempted to do some high-risk things when it comes to such a large interest. In addition, this industry has not yet been officially recognized by the country, and there are actually some policy risk issues.

2) Second, let me talk about how exchanges are being hacked. Exchanges usually divide assets into two parts, that is, about 90% of the assets are stored offline in the cold end. In theory, this part of the assets will not be stolen because the storage environment is not connected to the Internet. Another 5% to 15% of the assets are placed in hot wallets for daily user deposits and withdrawals. Since the private key storage environment of this part of the assets is connected to the Internet, there is a possibility of being stolen at any time, so there are now a large number of professional underground hacker teams. They are professionally organized and precisely attacking exchanges with large asset volumes. Because of the anonymous characteristics of encrypted assets, there are no relevant laws and regulations for the time being, and the industry is in the early stages of development, and the technology and management standards are not mature enough. From the perspective of hackers, the risk is small and the return is high, so some online comments say that the currency circle has become a cash machine for hackers.

3) Third, let's talk about the impact on the industry. The frequent currency loss incidents in exchanges have exposed the immaturity of various technologies and imperfections in the management system in the early stage of the industry to some extent. The industry has been experiencing various asset security incidents. Exchanges have continuously upgraded and iterated products and technologies, and improved various loopholes in the management system, which has helped the industry to develop more and more in the direction of formalization. The formal development of the industry must be recognized by the state and have corresponding laws and regulations. Otherwise, the stronger the industry develops, the higher the price of the currency, and the greater the risk of accidents in the industry. Therefore, with the development of the industry, more and more exchanges will adopt our more thorough cold storage management solution such as Kushen, or upgrade their own codes and servers to deal with the escalating hacker attacks, and the number of currency loss incidents will decrease. So don't be pessimistic about the industry or exchanges. In fact, there have been many exchanges that have had accidents in history, so the remaining exchanges have also experienced a wave of elimination, so the remaining ones are still doing relatively well.

[AMA Question 4]

41 Finance Four Young Masters: How can ordinary users ensure the security of our stored digital assets?

Li Quan: I will answer this question from two aspects: the basic knowledge of asset security and our common storage methods:

First, let's talk about the correct investment perspective. In fact, there is a basic common sense about investment, that is, when investing in something, you must understand what it is about before investing. If you invest in something you don't understand, you will most likely suffer losses.

I used to work as a consultant for a consulting company in Shanghai, mainly helping some investment institutions with market and business model consulting work in the coffee and new retail sectors. Before investing in something, they would usually do their own research, then count the problems they didn’t understand, and then pay us to consult about its basic operating principles, market, and industry prospects before making an investment.

The blockchain industry is different from the traditional financial industry. Investors not only face investment decision-making issues, but also the requirement for basic knowledge of blockchain assets, as well as various asset security issues caused by the industry's early non-standardization. This can be seen from the various platforms in the industry's history, such as the Fcoin run and the theft of whale accounts. There are also some cases where individuals store and manage private keys improperly, such as printing on a piece of paper, the paper is damaged, storing on a USB flash drive, and the USB flash drive is broken, resulting in asset loss or theft. Once, the Irish drug dealer printed the private key of Bitcoin on A4 paper and hid it in a fishing rod. The landlord threw it into the garbage dump and burned it, resulting in the loss of 46 million pounds worth of Bitcoin. It sounds funny, regardless of whether it is true or not, but it is indeed a mistake made by many investors in reality.

Therefore, we need to understand a most basic question: where are the blockchain assets, in what environment are the assets stored, and what risks do they face.

Let me give you some basic knowledge. First of all, blockchain assets are recorded on the address of the public chain. The owner of the private key of the corresponding address has the right to use the assets at the corresponding address. Therefore, the core issue of blockchain asset security is the storage and management of private keys. At this time, listeners can think about where their assets are currently stored, whether they have control over their private keys, and whether the control of assets is with the platform, mobile APP, or in a cold wallet. Or do you store your private key in text form on a USB flash drive or metal card, or even on paper. Asset security risks come from the platform, network attacks, or the risk of loss that may result from improper plaintext storage. In short, we must understand the essence of encrypted assets.

Second, let's talk about the most common asset storage method for ordinary users. First of all, assets with high trading frequency can be placed in reliable exchanges. This can be judged from the scale of the exchange and the owner. For some large long-term assets, cold wallets must be used for storage, because it truly allows users to have full personal control over their assets and avoid hacker attacks and various policy risks.

In general, it means paying more attention to asset security, having a sense of security, and being responsible for your own assets.

【AMA Question 5】

41 Finance Four Young Masters: How does KuShen help individuals and companies to protect the security of their assets?

Li Quan: Okay, actually, as we mentioned above, hackers can attack exchanges because the private key storage environment may be connected to the Internet. In fact, from the creation of private keys to the signing and storage, as long as the storage environment has the possibility of being connected to the Internet, there is a possibility of being hacked instantly. Technical solutions at the code level will not completely solve the problem and there is still a possibility of being hacked, so KuShen chose a solution for offline private key storage management in all links.

The KuShen wallet is divided into two parts: an offline cold-end hardware wallet and a hot-end App. The cold-end wallet is mainly responsible for storing assets, constructing transactions and digitally signing transactions. The KuShen App is responsible for querying address balances and broadcasting transactions. Both use QR codes and NFC to communicate so that private keys never touch the Internet, fundamentally solving the risk of assets being stolen by hackers.

At the same time, Kushen adopts the industry's original and unique segmented encryption technology to protect private keys. That is, the private key will not be stored in the cold wallet. Instead, the user enters the correct payment password and combines it with the seed password to restore the private key on the cold end. At the same time, the signature is completed instantly, and the private key will be erased instantly after completion, thereby solving the possibility of accidental leakage of the backup seed password or the possibility of a bypass attack on the hardware after the cold wallet is lost and disassembled.

This is the core solution of the KuShen Wallet. In fact, the idea sounds quite simple, but there will be many problems in its implementation. KuShen has been in trouble for more than three years since its establishment and has experienced various problems. Today, KuShen has found the best solution between security and convenience, and provides users with the best, convenient and secure cold wallet products. Everyone is welcome to learn about and pay attention to the KuShen Wallet.

This concludes the introduction to Kushen security solutions.

【AMA Question 6】

41 Finance Four: We all know that KuShen Wallet attaches great importance to asset security. We all want to know KuShen’s layout this year and whether it has opened up new business lines?

Li Quan: This year, our most important task is to do a good job in cold wallet management. We have always believed that helping users protect the safety of their assets is the top priority. We will continue to develop and upgrade cold wallet products. Only when users are sufficiently satisfied and trust our products can we get closer to users and do more things. At the same time, we will continue to do a good job in financial derivatives such as pledge lending and financial management to solve capital turnover problems for users. At the same time, our KuShen APP recently launched a real-time trading function to provide users with real-time trading data from industry experts. The data comes from the Huobi backend and there is no chance of fraud, providing users with more reliable investment guidance.

Finally, I would like to thank again the guests and media friends who participated in this AMA.