How to keep your cryptocurrency safe

[latindev]

nice... so if (god forbid) you'll get hit by a bus tomorrow your wife or whoever you care about and who is supposed to inherit your wealth will have an interesting quest ahead... not only gathering the shamir chunks but also looking for your software, source code to compile or documentation to your proprietary algorithm

I already thought about that, pieces are also on her clouds encrypted with her own generated password and she has an app on her phone that takes care of putting all the pieces together once she gets them (at the beginning I thought about creating a small device with a raspberry pi but then I felt it was overkill, her phone is already pretty secure thanks to the device's own security process).

In my opinion using encrypted pieces on devices is actually the future, but the crypto space still can't handle it and I think it's because the UI/UX is not that easy yet unless you create your own solution for your own needs

who said that?

Satoshi in the Bitcoin whitepaper when he presented the idea to avoid using third party financial institutions because of trust issues, paper money is a banknote made by a financial institution.

 

[void]

I already thought about that, pieces are also on her clouds encrypted with her own generated password and she has an app on her phone that takes care of putting all the pieces together once she gets them (at the beginning I thought about creating a small device with a raspberry pi but then I felt it was overkill, her phone is already pretty secure thanks to the device's own security process).

In my opinion using encrypted pieces on devices is actually the future, but the crypto space still can't handle it and I think it's because the UI/UX is not that easy yet unless you create your own solution for your own needs

hopefully her phone will not break, you don't travel together etc. - in a way I respect your effort but this is the wrong case where to get creative, good luck anyways

Satoshi in the Bitcoin whitepaper when he presented the idea to avoid using third party financial institutions because of trust issues, paper money is a banknote made by a financial institution.

I don't see any connection with "paper form" of the backup but whatever...

 

[JohnLocke]

I was wondering why you guys won't trust a Ledger device or Trezor device with 1 million US$ as an example?

 

[void]

I was wondering why you guys won't trust a Ledger device or Trezor device with 1 million US$ as an example?

that's what the device is designed for, the discussion above is about the backup of the seed

 

[latindev]

hopefully her phone will not break, you don't travel together etc. - in a way I respect your effort but this is the wrong case where to get creative, good luck anyways

If her phone breaks, she can get a new one and get everything done with the new one... that's the whole point of this: Not having a single point of failure. It's a little creative, but hardware wallets like Trezor and Ledger knows this is the proper way to do it and the reason they already implement it (Ledger with her latest service and Trezor doing the separation of the pieces itself)

I don't see any connection with "paper form" of the backup but whatever...

I didn't say they are connected, I said (and I quote myself): "Cryptocurrencies were made in order to not trust paper money... Yet I find it hilarious that we still use a piece of paper to back them up (the keys)", basically that I find hilarious that we use simple paper to back up the keys of something it was created to not trust paper money

I was wondering why you guys won't trust a Ledger device or Trezor device with 1 million US$ as an example?

I use both, I think people just like to overreact with reading headlines like "trezor device hacked" and "ledger deploys new firmware that can extract your seed phrase" because they don't know how it works

 

[Semso]

No joking, have been doing it for many years without issues and yet I have never lost a single key. I developed my own shamir secret sharing tool and I break my seed phrases into different pieces which they are encrypted and saved on different clouds. Cryptocurrencies were made in order to not trust paper money... Yet I find it hilarious that we still use a piece of paper to back them up (the keys).

So pretty much sharding right, what Ledger does with their Ledger everywhere service, just for you offline. Well thats a very good solution, but nothing for the ordinary crypto users. And I still see a lot of points of failures for noobdy users.

who said that?

Everyone. Paper money = worthless, if not backed by anything.

 

[troubled soul]

Lets Look into deep how Crypto legend store their private key......
Legendary couple of Bitfinex Lichtenstein and his wife, Heather R. Morgan

https://www.justice.gov/d9/press-releases/attachments/2022/02/08/statement_of_facts_pacer.pdf
LICHTENSTEIN’s cloud storage account

First, to Wallet 1CGa4s, an unhosted wallet11 containing over 2,000 BTC addresses (which were saved, along with their associated private keys, in LICHTENSTEIN’s cloud storage account), where the stolen funds remained dormant until January 2017;

If you trust the Media .....
SBF also used cloud storage....even without encryption ...

FTX CEO Slams Exchange for Keeping Private Keys on Amazon Web Services
https://www.theblock.co/post/194706...thout-encryption-the-exchanges-new-chief-saidhttps://decrypt.co/125866/ftx-private-keys-amazon-web-services-aws

Seems so many people trust Cloud for storage of secret key....

IMHO...I also believe Cloud storage option is not that bad as some people claiming....But Keep in mind that Nothing is 100% riskless in this world....

 

[jafo]

Lets Look into deep how Crypto legend store their private key......
Legendary couple of Bitfinex Lichtenstein and his wife, Heather R. Morgan

https://www.justice.gov/d9/press-releases/attachments/2022/02/08/statement_of_facts_pacer.pdf
LICHTENSTEIN’s cloud storage account

This case blew my mind! It shows the power of propaganda & indoctrination. I mean, one of them was Russian for God's Sake. They had ~120,000 bitcoins. They could have moved BACK to Russia, SWAPPED 1.2 bitcoin to XMR, and cashed 200 XMR (€30K - fees included) each (so €60K) every day for cash or in kind and NOBODY would have been the wiser! That would be equal to +130 years before they ran out of money!

Seriously, they can't be the ones that masterminded this. It's just SHOCKING to me!

Same as with Ross Ulbricht! Imagine having 144,000 bitcoins! Why would you stay in a place that will throw you in a cage? Feds were already at his house delivering fake IDs and questioning him. I would have BOUNCED!

Ross Ulbricht could have gone to an island. If you see anyone other than a "native" or a regular, you bounce! Some smart people just blow my mind!

I'm glad I traveled the world from a young age and know that there are so many great places around the world that I don't have to be on someone else's plantation.

Gentlemen, if in doubt, then there is NO doubt! Bounce!

 

[troubled soul]

Seems winner is
1. Multisig wallet
2. Hardware wallet + passphrase
3.Hardware wallet

 

[USDT]

I was wondering why you guys won't trust a Ledger device or Trezor device with 1 million US$ as an example?

At the end of the year, Ledger plans to release an update that can extract the seed phrase from the secure part of the device. If they can do this after the update, it means that they could have done it all along. In other words, if someone gains physical access to your hardware wallet (government agency), they might be able to access your cryptocurrency.
Trezor can also be hacked - here's a short video.

Regarding the backup of the seed phrase - instead of keeping one small piece of paper with the seed phrase, you can cut it into two parts and store them in two different locations in case someone discovers it. Alternatively, you can use Shamir backup. And, of course, it's essential to use a complex, non-dictionary 25th-word passphrase.

 

[jafo]

At the end of the year, Ledger plans to release an update that can extract the seed phrase from the secure part of the device. If they can do this after the update, it means that they could have done it all along. In other words, if someone gains physical access to your hardware wallet (government agency), they might be able to access your cryptocurrency.
Trezor can also be hacked - here's a short video.

Regarding the backup of the seed phrase - instead of keeping one small piece of paper with the seed phrase, you can cut it into two parts and store them in two different locations in case someone discovers it. Alternatively, you can use Shamir backup. And, of course, it's essential to use a complex, non-dictionary 25th-word passphrase.

1. Which hardware wallet do you use?
2. Which is the best USDT non-custodial wallet to use for everyday payments?

 

[USDT]

1. Which hardware wallet do you use?
2. Which is the best USDT non-custodial wallet to use for everyday payments?

I keep using Trezor and Ledger, understanding their risks.
Ledger is very convenient for daily use (incl. USDT).
However, I haven't found a good solution for HODLing yet; perhaps SafePal could be an option

 

[latindev]

At the end of the year, Ledger plans to release an update that can extract the seed phrase from the secure part of the device. If they can do this after the update, it means that they could have done it all along. In other words, if someone gains physical access to your hardware wallet (government agency), they might be able to access your cryptocurrency.
Trezor can also be hacked - here's a short video.

Regarding the backup of the seed phrase - instead of keeping one small piece of paper with the seed phrase, you can cut it into two parts and store them in two different locations in case someone discovers it. Alternatively, you can use Shamir backup. And, of course, it's essential to use a complex, non-dictionary 25th-word passphrase.

I just want to add something important regarding this:

If they can do this after the update, it means that they could have done it all along.

This is true for ALL hardware wallets created today and for ALL of the hardware wallets that will be created in the future, that's how software works and the only way you won't be able to do this is with disposable hardware wallets which means that with each update in the blockchain space you will need to buy a brand new hardware wallet and completely send your current device to the trash. Any device that can be updated to sign new types of transactions, can extract the seed with an update

 

[USDT]

I just want to add something important regarding this:


This is true for ALL hardware wallets created today and for ALL of the hardware wallets that will be created in the future, that's how software works and the only way you won't be able to do this is with disposable hardware wallets which means that with each update in the blockchain space you will need to buy a brand new hardware wallet and completely send your current device to the trash. Any device that can be updated to sign new types of transactions, can extract the seed with an update

I won't argue, if it's possible to create such a cold wallet. The main thing that Ledger lost is trust, as they claimed from the very beginning that it was technically impossible to extract the seed phrase after wallet initialization. But I haven't heard of anyone being able to programmatically retrieve the seed phrase from a Trezor either.

 

[latindev]

I won't argue, if it's possible to create such a cold wallet. The main thing that Ledger lost is trust, as they claimed from the very beginning that it was technically impossible to extract the seed phrase after wallet initialization. But I haven't heard of anyone being able to programmatically retrieve the seed phrase from a Trezor either.

I'm not trying to defend Ledger, I'm just saying that that's the same for ALL of the wallets and will be always like that no matter what the manufacture tells you so basically the idea of my comment is that no one should fully trust a device that can be updated so it signs new types of transactions, because that by definition means they can update it so the seed could be extracted in the future

 

[void]

instead of keeping one small piece of paper with the seed phrase, you can cut it into two parts and store them in two different locations in case someone discovers it

that's a bad idea - leads to trouble

Alternatively, you can use Shamir backup. And, of course, it's essential to use a complex, non-dictionary 25th-word passphrase.

this is 100% correct and the optimal way these days

 

[USDT]

that's a bad idea - leads to trouble

what risks do you see?

 

[void]

what risks do you see?

splitting it into parts (2 or 3) increases the chance of loosing the seed (by loosing any part)
it also makes the recovery process more complicated and you have to choose between geographical distribution and convenience

at the same time you're increasing the number of seed fragments that exist and each part found by someone unauthorized is a convenient way to brute force attack the seed - be aware that knowing 6 words out of 12 doesn't make it half easier to crack it but exponentially easier

if you're uncomfortable with storing your 12/24 word seed in one copy (and I understand this can easily be the case depending on your situation) then use shamir fragments and/or password

I will repeat myself but NEVER try to come up with your own security protocol or tweak the well known ones - many more probably way smarter guys thought about all the cons/pros before and distilled this into couple of generally available implementations and documented it for you to be able to give it an hour or two, educated yourself and choose appropriately what fits your situation

 

[latindev]

So pretty much sharding right, what Ledger does with their Ledger everywhere service, just for you offline. Well thats a very good solution, but nothing for the ordinary crypto users. And I still see a lot of points of failures for noobdy users.

Yeah the process is exactly the same as what Ledger does, the only difference is that I'm not using their servers... And I agree about points of failures for non-skilled users, UI/UX needs to improve a lot before everybody can finally ditch the papers.

The good news is that even Apple knows this is the correct way of doing it and they are now playing with social encryption restoration, probably they will came up with a proper UI/UX others will follow and at the same time will teach their users how to use encryption to backup their data (there are wallets finally doing this too but to be honest I think Apple will be the one who finds the easier UI/UX option)... But I don't think this switch will be easy, I feel it's something that will take time because people is not used to this type of restoration scheme

 

[USDT]

be aware that knowing 6 words out of 12 doesn't make it half easier to crack it but exponentially easier

Is it possible to brute force a seed, knowing the first 12 words out of 24?