Billions of dollars have been lost from hot wallets, users don’t find these wallets safe.
Infact our teammates private key was compromised a couple of months back and he lost all his funds.
But people still end up using hot wallets for convenience, which comes at the cost of security.
Since hot wallets are always online, it's more convenient to use. To do the same action by cold wallet, users need to find a device (typically a computer) in which to plug their cold wallet, then move the requisite amount of cryptocurrency to a hot wallet, and then perform the action. In addition, while hot wallets are usually free, cold wallets can cost you between $50 and $200.
To solve this:
We are enabling users to authenticate transactions with a second layer of security while maintaining privacy. Users have to provide a second factor in the form of a pin generated on google authenticator to validate a transaction.
So even if the private keys of the user are compromised, the hacker will not be able to execute any transaction.
We also inform the user about the risk of interacting with a account or smart contract so that they don't interact with phishi platforms.
We ran into multiple hurdles and bugs for its implementation due to the lack of documentation and reference projects to look into.
In order to solve this, we took guidance from the people at Ethereum Foundation, read more about the SDK documentation and also took inspiration from the implementation done by ETH-Infinitism.
To increase the security of our Smart Contract Wallet and follow the best industry standards, we decided to use Gnosis safe. However, we ran into a critical issue of needing to be able to integrate it end to end without 2FA authentication. To resolve this, we reached out to the people at Gnosis safe and got to know that we needed to specifically setup and enable the module in the Gnosis safe manager.
While integrating ZK Snarks for generating the proof in the FE, we were getting multiple dependencies issues for which we took help from various online sources and after lot of debugging were able to resolve the issues.