4 Worst Methods to Store Cryptocurrency
I have already wrote plenty of tutorials about storing cryptocurrency safely, and there were many others who did the same, yet there are still people who store large amounts very insecurely and then wonder why they lose it.
If you haven't read my tutorials, then please do to have an idea about this:
- https://steemit.com/cryptocurrency/@profitgenerator/cryptocurrency-storage-method
- https://steemit.com/howto/@profitgenerator/strategy-to-store-wealth-in-cryptocurrencies
- https://steemit.com/security/@profitgenerator/generate-secure-random-passwords-or-private-keys
- https://steemit.com/steemit/@profitgenerator/tutorial-secure-your-steemit-account
- https://steemit.com/bitcoin/@profitgenerator/tutorial-generate-bitcoin-private-keys-securely
- https://steemit.com/security/@profitgenerator/top-5-things-you-thought-were-secure-but-are-not-100-sp
- https://steemit.com/security/@profitgenerator/passwords-and-dices-tutorial-to-create-secure-passwords
- https://steemit.com/technology/@profitgenerator/biometrics
- https://steemit.com/security/@profitgenerator/what-is-a-safe-password-or-private-key
So as you can see, I have been writing a lot about this, and so did many others here on Steemit and Bitcointalk...
1) Online Wallets
By "online wallet" I mean services where you don't have direct control over the coins. You can't withdraw money directly, you need to ask their permission, and then they will send you the money, or NOT.
This includes exchanges, crypto debit cards, mobile wallets, basically most Bitcoin services operate like this, they are a custodian of your funds, and you don't really own the coins, you just have a claim over them, which most of the time will be fulfilled, however it's enough if it is not only 1 time, and your money is gone.
Of course there are online wallets that promise that the keys are generated locally, and only you have control over them, like Blockchain.info, I am not sure if they still operate like that since their outlook has changed since I last used them.
But even if online wallets promise that the keys are generated locally, you can't prove this. I mean even if they open-source their code, you can't prove that the code running on the website is the actual open sourced code.
C'mon people, the point of open source is that you can compile the code yourself, and in the case of a website running a code this is impossible to do. Unless somebody invents a deterministic website building software, but until then this is not a proof.
So anyone can say anything, just like your e-mail provider pre-2013 said that they are not spying on you. Well it turned out to be a bad joke.
If you have decent amounts of coins 10,000$+, don't use online wallets, the risk is just too big, and you might never know if they will get hacked or not, or who knows what else.
In fact it's not even the hacker that are the biggest problem but the civil asset forfeiture. Most Bitcoin are tainted by illegal activity.
So you bought a 5$ gift card from a person who also sells drugs? On the blockchain it looks like you have bought drugs, because in the eye of the investigator, it's just a transaction. Now the Government will seize all your 10,000$, it's just that simple. And you will never get it back, even though you are innocent.
2) Mobile Wallets
People who advocate for mobile wallets are idiots. It's not just a bad joke, to have money stored on a "communication device", that can transmit data both ways, but it's also encourages systematic risk from cyberwars.
Banks started giving out mobile-banking apps to customers, but there at least the money is inside the bank, and you just have access to a read only platform where you can check your account balances. I don't know whether you can send wire transfers out of a mobile banking app, but I hope they have daily withdrawal limits there. Of course from a desktop online-banking platform you can send out wire transfers, which is a huge problem, but that's another topic.
With Bitcoin mobile wallets the risk has doubled essentially, it's not just that you have no privacy, after all it's a communication device, and the proprietary operating system is probably backdoored. So they can just send out your private keys via SMS and you are literally fucked.
The security risk with phones is huge:
- http://www.computerworld.com/article/2860742/chinese-android-phone-maker-hides-secret-backdoor-on-its-devices.html
- https://www.digitaltrends.com/computing/apple-vs-fbi-backdoor-to-data-already-exists/
- http://investmentwatchblog.com/nsa-monitoring-your-cell-phone-code-insterted-into-android-operating-system-spy-proof-app-in-the-works/
- https://theintercept.com/2014/12/04/nsa-auroragold-hack-cellphones/
- https://www.scmagazineuk.com/nsa-hacks-70-of-global-mobile-phone-networks/article/540915/
- https://www.theregister.co.uk/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/
- https://www.theguardian.com/technology/2015/feb/20/mobile-phones-hacked-can-nsa-gchq-listen-to-our-phone-calls
- https://arstechnica.com/tech-policy/2014/12/exposed-nsa-program-for-hacking-any-cellphone-network-no-matter-where-it-is/
- http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html
Not to mention we have no idea how good the random number generator of a phone is, so that is a secondary problem, however it pales in comparison to the malware problem, where the private keys can just be smuggled out via SMS and all your money that you store on the phone can be gone in an instant.
You know the Government is really stupid, they created all these spying devices and malware, but now due to their trendy nature, everyone is using them now, for finance, and now that cyberattacks and hacks are happening, the population is caught with their pants down.
Don't fall into this trap. Storing Bitcoin on a phone is like printing out the private key on your T-shirt and walking around in the city.
3) Desktop Wallets
Well they can't send out the private key through SMS, but they can via wireless, bluetooth, internet, and even the blinking of the LED lights on your computer can be used to send out private keys in Morse Code to a nearby hacker:
But of course these are low threat events, their probability is lower, and you can somewhat defend against these by removing the wireless card from your PC, covering up LED lights, remove microphone and webcamera, and plug out the network cable when working with keys.
Essentially you need to have an Airgapped PC, but even that is not perfect security, althought I bet it already eliminates 99% of threats, and hackers always go after low hanging fruits, so probably the mobile phone users will be their targets.
But even then some malware or a bad RNG generator is enough to steal money. Computer random generators are pretty weak, and you should probably use at least Linux, where the /dev/random system has been shown to be pretty robust.
4) Hardware Wallet
Hardware wallets are pretty much the best bet you have now, although I don't know how good their random number generator is. It might as well be pretty flawed, unless it used some kind of secure electric component to generate it , like a Zener Diode that can be used for perfect random number generation.
Now we don't know how they do this, they can just use the CPU clock, which is a big problem, since that contains too little entropy. So unless they have a good RNG device built in it, it's rubbish.
Some wallets allow you to add your own entropy, which is necessary, then I guess the device is secure,unless there is some code vulnerability on it.
Of course there are claims that private keys can be extracted from a Trezor via Power Analysis attack:
So I guess it's not perfect, but still these attacks are very impractical in nature, so you should have no worries about storing large amounts on hardware wallets if the above conditions are met.
Sources:
https://pixabay.com
So these are the 4 worst methods, what are the best methods? I would have thought these were the only methods.
I like this comment - we're looking for solutions. Part of the cryptocurrency component that people like is the accessibility - not sure about how we can access easily without our phones?
Well accesibility is a 2 sided sword, the more easily you can access your money, the same way a thief can also.
I think people should separate their wealth into 2 , possibly 3 caterogories:
I agree with that. Especially the long term storage - I wouldn't be upset if I lost $100 compared to having $100,000 drained - so that's a great point. It's amazing to see the growth in the crypto field - and with that growth there's always wolves lurking. :)
Yes I mean having 50-300$ in a mobile wallet is no big deal, so if you go into a grocery shop you could probably use that to buy food and other stuff easily.
But storing all your wealth there is madness.
NIce.....I hope it can help you to make more money
Steemit MONEY making strategy and TRICK.......it's kind of HACK steemit
https://steemit.com/security/@kaiju/steemit-money-making-strategy-and-trick-it-s-kind-of-hack-steemit
I was thinking the exact same things.
Well the last of the worst is the best in the list, currently.
Of course it's not the best best in the sense that it has no flaws. I am still waiting for some open source hardware, these pesky chip manufacturers can't be trusted. They put all sorts of crap backdoors inside computer components.
And there are already better methods to store cryptocurrency, like an encrypted paper wallet or brainwallet.
The same four! ha ha ha.
Actually, offline media like paper wallets are considered the safest. Generate a random key by throwing a dodecahedron 76 times or flip a coin 256 times. That should give you a 256-bit key. Then enter this on the PS/2 keyboard of an offline computer in order to compute the bitcoin address. Print out both. Send your bitcoin to that address.
Printing out private key is not a good idea, a printer stores the cache of what it printed out, so anytone who hacks the printer can know what was printed out.
Work out the address by hand. :)
Paper or brain wallets are certainly best.
But I'm already thinking how could i hide my secret pass phrase from mind readers. Because the damn neuroscientists already managed to read monkey's minds. It turned out to be easier than expected.
Relax it's not possible, the human mind changes states about 10-12 times / second, it's like a giant haystack that where the needle is always shuffled around.
Those "mind reading" experiment are very misleading, they just have the monkey think about a banana, and then some electrical activity happens in one side of the monkey's brain which is responsible for food.
This is nothing, I mean what did you expect? We already know what parts of the brain light up under certain inputs, there are several parts of the brain responsible for different things (hearing, vision, emotions, hunger ,etc...).
It's not like you think of a password and then the password will be extracted.
This is what I mean: Faces recreated from monkey brain signals - http://www.bbc.co.uk/news/science-environment-40131242
By looking at the activity of only 200 neurons it is possible to identify and recreate the face of any individual about whom a person or monkey is thinking.
I know it is not like reading a pass phrase but I expect it to be similar, at least if someone prefers visual memory. And they have to open the skull and put sticks in the brain, which can not be done by remote on us, but by force theoretically. I think the latter fact is the bigger obstacle. The future "gold" diggers and robbers will get increasingly interested in brain surgery I guess.
Tinfoil hat was yesterday, in future we need steel hats, lol. Paranoid I am today, sorry.
Yes it's concerning that such things exist, but I don't think it's as bad as it looks like. If you read the paper it clearly shows that they first showed the picture to the monkey, and then alalyzed how the brain responds.
This is like a high-tech version of the power analysis attack, when they know what to look for and then just search for it.
But the whole point of a password is that they don't know what to look for. If the password is random, then they can never guess it.
What is it like 5-10TB of memory that the brain can store? And then combine each piece of that data randomly, you almost have infinite number of combinations.
One thing I worry about is brain chips, make no mistake about it, those will be a huge problem. The guy in the article already wants police to use this technology to "catch criminals". I can't believe people are this stupid, this will be easily abused.
Good article. I will add advise for begginers: don't keep your coins in exchange markets, because they can shut down or something and you can lose all your coins.
I was surprised this wasn't #1.
This is very informative. Thank you for this post 💯🔥
Well, according to your post, you also included the Hardware Wallet to being "not safe". Which would you recommend ?
I mean, I don´t see Paper Wallet being much better, except if you have a bank vault, where you place your paper wallet into, and that you can access only 8-10 daily hours on business days, not in the middle of the night when you think you might wanna access your 20 BTC because some coin is dropping.
thanks for this valuable information
This is such a crucial topic! Thank you.
Thanks for the info