I am seeing about 1 person per day come to me having lost ALL of their TRX coins, and there is nothing I can do, there is nothing Tron can do.

And it isn’t Tron’s fault for having a dangerous implementation, and it isn’t Rovak’s fault for building Tronscan this way.

It is the way the blockchain is supposed to work.

A private key unlocks a wallet address, we all know this. There are about

700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

private key combinations and that’s where the security comes from.

But that’s the interface — Enter PK -> Unlock wallet. No safeguards can be implemented to that because that’s how it works.

When you login via typing the private key it is like handling fire. It’s like riding without a helmet or driving without a seatbelt. It’s a daredevil move that could take you out.

Because all you have to do is type one letter/number wrong.

Of course, no danger at all if you make sure that you unlocked the right wallet address.

But there is this notion that Tronscan is an application that creates a wallet address. It doesn’t. Tronscan is merely an interface for what Tron has built. Enter PK -> Unlock wallet.

There are safeguards, if you choose to use them. They are based on the keystore file that is available to you upon wallet generation. This is an encrypted version of your private key, and it’s safe to leave on your computer (or a thumb drive if that helps you sleep better at night). You unlock this with the password that you chose on creating the wallet. If your password works and logs you in, you are 100% guaranteed the private key is correct and the wallet address is correct.

You can also use a hardware wallet like the Ledger nano s, which is just like the keystore idea. It guarantees that you are unlocking the right wallet.

If you are really security conscious there are two more steps you can take it.

You can build your own wallet with the tron protocol wallet-cli program. It is one of those programs where you type the commands.

https://github.com/tronprotocol/wallet-cli

When you set up a new wallet with this program, it is creating a wallet in the sense that you think it might, wallet-cli will have a folder inside it called ‘Wallet’ where your keystore files are located (N.B. this file is not interchangeable with the one on tronscan). You can, and should backup that file directory as part of your new wallet creation process, along with your private key.

This wallet connects to the Trusted Full Node, or the Solidity Node, whichever you choose. A Full Node will give you immediate real time transaction information, and a solidity node will show you verified, non-reversible blocks. It runs about 30 blocks behind the Full Nodes.

If you’re running wallet-cli, then you need to go the rest of the way and run a solidity node / full node yourself, on the same computer as the one running wallet-cli. This is the truest security since you can have the utmost trust in your own node; its information can not be falsified. You can not create a secure connection to the node — that connection is and must remain an open API but you can put the node behind your own security.

Running a full node for the first time may take a while to sync. One caveat here — a node will not build on a 1 core machine.

Community Node Super Representative Candidate. Informative, Reliable, Rewarding.

Website: www.communitynode.org

Telegram: TRON Community Node & Super Representative

Twitter: @community_node