⚠️WARNING: If you have lost the seed phrase to the wallet containing your Hotspot's NFT or if your wallet has been compromised and the NFT has been stolen, there is nothing that MNTD./RAKwireless, Nova Labs, or any other party can do to recover your Hotspot NFT. |
It is imperative to protect your wallet seed phrase/private key at all costs as it is the sole source of control over your Hotspot. If anyone gains access to your private key, they can transfer ownership of your Hotspot to their own wallet where you can never get it back.
For more information, refer to the Helium Docs page for Wallet Seed Phrases, where you will find this warning:
Hotspot Identities
In the Helium ecosystem, the identity of a physical Hotspot is represented on-chain via a Solana-based NFT. During onboarding, this NFT is sent to the wallet you are onboarding the Hotspot to.
Each Hotspot contains a physical security chip known as ECC608. The ECC stores a public and private key-pair similar to those used for cryptocurrency wallets. The public key of this key pair - known as the pubkey - is the unique identifier of that specific piece of Hotspot hardware. The Hotspot NFT contains the pubkey of your specific mining hardware. In this way, the NFT is intrinsically linked to the specific Hotspot hardware.
The use of ECC608 and the key pair is required for a manufacturer to be allowed to produce Helium Hotspots and was introduced by HIP-19. You can read the details of HIP-19 on the Helium Github page here.
Various functions related to Hotspots such as ownership, updating of location and antenna information, and claiming of rewards are tied to the Hotspot NFT. To perform any of the various functions, your wallet must contain the NFT for the Hotspot you wish to take action on. Because of this, if you lose access to the NFT (due to losing access to the wallet that owns it, or your wallet becoming compromised and the NFT being transferred out) you will not be able to take any action on the Hotspot including claiming mining rewards from it.
Due to the way Hotspot identity is managed in Helium, if you lose access to your Hotspot NFT (due to losing access to the wallet that owns it, or your wallet becoming compromised and the NFT being transferred out) there is no way to recover your Hotspot. It is impossible to link your hardware to a new NFT as the NFTs are tied to the pubkey of the Hotspot hardware. It is also impossible to change the pubkey to a new, unused pubkey due to the ECC608 chip being physically soldered to the board. Interchangeable ECC chips would also circumvent the spoofing protection and security features of HIP-19 and thus is not permitted.
For these reasons, it is imperative to protect your wallet seed phrase/private key at all costs as it is the sole source of control over your Hotspot.
Basics of Cryptocurrency Wallets
For an in-depth explanation of cryptocurrency wallets along with blockchain technology in general, refer to our article on the subject.
Cryptocurrency wallets are essentially a pair of keys - a public key and private key. The public key is your identity on the blockchain and your tokens (including Hotspot NFTs) are associated with this public key, which is also known as your wallet address.
The private key is mathematically linked to your public key and serves as a way to prove you are the owner of the associated public key. It can be thought of as the password to your wallet. The private key is required for any transactions to take place regarding tokens or NFTs associated with your wallet.
A seed phrase is simply an easy to read form of your private key. Therefore, anyone that has the seed phrase to a particular wallet has control of the tokens and NFTs associated with that wallet.
Typical Dangers to Avoid
Lost Seed Phrase
The seed phrase is a backup of your private key. In the event you need to restore access to your wallet (such as when your wallet has been signed out of the Helium Wallet app or your device is broken and needs to be replaced) you will need the seed phrase in order to import the wallet into the Helium Wallet app (or any other Solana compatible wallet software).
If you have lost your seed phrase, you no longer have the private key associated with your wallet and without the private key, your tokens and NFTs (including Hotspot NFTs) are lost forever. For this reason it is critically important to ensure you have a backup of your seed phrase at all times.
Unauthorized Seed Phrase or Wallet Access
If a third party gains access to your seed phrase or access to a device with your wallet signed in, they will have control of your tokens and NFTs and can transfer them out to a wallet they own, which you do not have the private key for. Once this happens, there is no way to recover the lost funds or NFTs. This is because as we covered previously in the Basics of Cryptocurrency Wallets section, only the private key associated with a wallet can control the funds and tokens. In order to take back the stolen tokens/NFTs, you would need the private key of the third party's wallet, which you have no way of gaining access to.
Fake Tech Support
Oftentimes bad actors will pose as legitimate technical support for crypto projects or hardware manufacturers in order to trick users into revealing their seed phrase so they can steal the tokens and NFTs from the wallet. Always be wary of anyone offering technical support, especially if it is unprovoked/unsolicited or offered to you without you seeking out the support first.
Legitimate technical support for all crypto projects and hardware manufacturers will never ask for your seed phrase to troubleshoot an issue. Assume anyone trying to gain access to your seed phrase is acting in bad faith and intends to steal your funds and never reveal your seed phrase to anyone!
Fake Wallet Software
In the same way that willfully giving a third party your seed phrase will allow them to steal your tokens/NFTs, unknowingly downloading a fake version of wallet software will do the same thing. Bad actors routinely create fake versions of popular wallet software which mimics the visual look and functionality of an existing wallet complete with very similar website/domain names. However, the difference is that these fake wallet programs have additional functionality to expose your private keys to the malicious third party which allows them to drain your wallet of tokens/funds.
Always ensure you are downloading wallet software programs/apps from legitimate sources or accessing web wallets from legitimate websites or browser plugins. When in doubt, spend a few extra moments to do additional research - view the total number of downloads and reviews, Google search for "legitimate wallet software download link", and check results closely!
Scam NFTs
Bad actors will sometimes send malicious NFTs to a large number of wallet addresses. These NFTs falsely claim you have won some form of airdrop or free tokens and instruct you to "Click here to collect your free tokens!" however interacting with the NFT will ask you to confirm a transaction with your wallet. Instead of giving you an airdrop of tokens, this transaction is programmed to send all tokens from your wallet to the hacker's wallet. Approving the transaction authorizes the draining of all tokens from your wallet. Never interact with unknown NFTs or NFTs which were sent to you unsolicited, especially NFTs claiming you have won some contest or airdrop you've never entered!
Keyloggers and Malware
A less common but still prevalent way wallets become compromised is due to keyloggers and other malware. If keylogger software is installed on a computer or phone and you type in your seed phrase to import your wallet, the hacker operating the keylogger will be able to record what you typed in and later import the wallet themselves and drain it. Wallet software can also become compromised due to malware or other exploits.
Always follow good online security practices including performing routine malware scans of your system, and refrain from storing seed phrases in electronic form as they are easily compromised by malware!
Updated