Pages:
Author

Topic: Bitcoin Wallet & Seed Storage Question? (Read 660 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
October 28, 2019, 09:34:04 AM
#42
Get yourself a set of metal stamps for 10$ and a couple 4" electrical box cover plates from the hardware store $3. 
I like this one. I've also been looking at all sorts of alphabet and number craft things, but most of them are plastic or foam or wood, which is not much better than paper when considering their survival rates in a house fire.

In case that's still acceptable, I've also thought of using embroidered letters sewn to cloth strips, which you can hide anywhere and also be able to bring with you on your person if needed.
legendary
Activity: 2730
Merit: 7065
October 28, 2019, 04:46:09 AM
#41
If you contact insurance providers and say "Do you insure this exchange", then chances are they aren't going to divulge specifics of their business dealings or other customer's details.
All true, yes. But you can do it in a smarter way. Asking the insurance providers if they provide crypto insurance in order to insure a new crypto exchange. If they ask for more details and information about the exchange they have in some form admitted that they are providing such services depending on who they are insuring. If they reply negatively it means they aren't.
legendary
Activity: 2268
Merit: 18748
October 27, 2019, 04:42:58 AM
#40
Whether or not it is true can be checked by contacting the companies and asking about such services but that is not something that is very high on my to-do-list
It can't, though. If you contact the exchange and ask "Are you really insured" then of course they are going to say yes. Again, you are taking them at their word. If you contact insurance providers and say "Do you insure this exchange", then chances are they aren't going to divulge specifics of their business dealings or other customer's details.

The exchange in question should be posting proof that they are insured as they claim, by posting formal documents of their policy or notarized letters from the insurance company stating as such. As far as I know, none have done so.
legendary
Activity: 2730
Merit: 7065
October 27, 2019, 02:56:41 AM
#39
That's my point - there is no independent confirmation of any of these insurance policies. There are news articles which reference each other or blog posts from the exchange in question. I am yet to see (and someone please correct me if I'm wrong) a statement from a bank or insurance provider saying "We are insuring exchange X for the amount of Y bitcoin", or a documented insurance policy, or a claim which has been fulfilled, or any true verification that this insurance exists.
Seeing how much governments, including banks, are fighting crypto I think crypto insurance is not something they would proudly highlight as part of their portfolio. Another article I found mentions that groups like Allianz and AIG have insurance packages for crypto exchanges.
https://cryptoslate.com/report-banks-are-secretly-offering-cryptocurrency-insurance-to-businesses/

Whether or not it is true can be checked by contacting the companies and asking about such services but that is not something that is very high on my to-do-list  Cool
legendary
Activity: 1463
Merit: 1135
October 27, 2019, 12:26:10 AM
#38
I'd highly advise you not to obscure your seed phrase in books, invisible ink, etc. With these ideas you are more likely to lose your seed than have it stolen.
Here is a solution I like.
Get yourself a set of metal stamps for 10$ and a couple 4" electrical box cover plates from the hardware store $3.  
Spend an afternoon stamping your seed on the metal plate.  Once finished, bolt the 2 plates together (words facing inwards) with short bolts and nylock nuts.  Bolting it together makes it so tools must be used to even see that something is written on the other side of the metal. It does not look valuable and you can hide it wherever you want. Perhaps bolting it into an unused electrical outlet in your home and covering it with drywall if you're worried you'll be broken into, or hide it under a corner of your carpet for easier access. Perhaps hidden in plain site as paperweight base with some cheap bobbly head toy glued to the top. Get creative with that part but don't be the guy who loses access to his funds because half was stored at grandmas or some other difficult to access location.


legendary
Activity: 2268
Merit: 18748
October 26, 2019, 05:28:21 AM
#37
-snip-
That's my point - there is no independent confirmation of any of these insurance policies. There are news articles which reference each other or blog posts from the exchange in question. I am yet to see (and someone please correct me if I'm wrong) a statement from a bank or insurance provider saying "We are insuring exchange X for the amount of Y bitcoin", or a documented insurance policy, or a claim which has been fulfilled, or any true verification that this insurance exists. theymos could quite easily write an announcement saying all forum funds are insured, but that doesn't make it true.

Perhaps I'm being overly cynical, but my faith in centralized exchanges given how many times they have been hacked and the huge amount of shady activities they have taken part in over the years is a big fat zero.
legendary
Activity: 2730
Merit: 7065
October 26, 2019, 04:41:20 AM
#36
I wouldn't share the name of which exchange you are storing them on, but are you sure they are insured?
According to this article> https://flagshipcrypto.com/which-cryptocurrency-exchanges-are-insured/ there are 4 crypto exchanges which are in some way insured. Those are Coinbase, Circle, Gemini and Xapo. It was published back in February so it is possible there is a longer list.

Another source confirms that the insurance of Coinbase covers up to $255 million for the assets they hold in their hot wallets.
https://www.coindesk.com/coinbase-insurance-coverage

Furthermore, insurance only protects against a single method of failure - the exchanges themselves being hacked. It wouldn't protect against them exit scamming, shutting down, freezing your accounts, demanding ridiculous KYC, your account being hacked, you being phished, you having clipboard malware, and so on.
+1
That is the most important thing we should remember! Any mistake on the user's part are not covered by the insurance.
hero member
Activity: 1358
Merit: 635
October 26, 2019, 04:10:08 AM
#35
I just want to thank everyone for all of your input so far. I still haven't decided yet how I want to store my seed phrase. I bought two Ledger Nano X's but my crypto is still on an exchange. I know that, "If it's not your key, it's not your Bitcoin". Still, I feel safe with it so far because the exchange is insured for up to $250,000. I know. I am being stupid by putting trust in an exchange.

IMHO, the only way to justify the storing  on exchange is to trade there and receive profit that equals iterative covering of the pertaining risk, but even in that case I would repeatedly withdraw part of the gained fund to my own wallet.    
legendary
Activity: 2268
Merit: 18748
October 26, 2019, 03:30:25 AM
#34
I wouldn't share the name of which exchange you are storing them on, but are you sure they are insured? I'm not sure I know of any exchange which has had to claim on insurance to refund customers. Anyone can simply write "Deposits are insured" when they aren't at all. Have you seen any paperwork or documentation stating that?

Furthermore, insurance only protects against a single method of failure - the exchanges themselves being hacked. It wouldn't protect against them exit scamming, shutting down, freezing your accounts, demanding ridiculous KYC, your account being hacked, you being phished, you having clipboard malware, and so on.

There's a reason that every good hardware wallet suggests that your mnemonic phrase should be written down on paper; that's the best way to store it. If you are concerned about somebody finding it, then use a long passphrase, write that down on paper, and store it separately (I would argue everyone should be using passphrases regardless). If you are still concerned about both these things being found, then you could use something like Shamir's Secret Sharing to split it in to parts, and then an attacker would need to find 3 (or 4, or 5) different pieces of paper to steal your funds. It you are still concerned, then encode it in some way when you write it down. Just be aware that every additional step you add, whilst making it harder for your coins to be stolen, also makes it harder for you to recover them, especially if you forget one of the steps or where one on your hiding places is.
newbie
Activity: 21
Merit: 11
October 25, 2019, 01:35:24 PM
#33
I just want to thank everyone for all of your input so far. I still haven't decided yet how I want to store my seed phrase. I bought two Ledger Nano X's but my crypto is still on an exchange. I know that, "If it's not your key, it's not your Bitcoin". Still, I feel safe with it so far because the exchange is insured for up to $250,000. I know. I am being stupid by putting trust in an exchange.
hero member
Activity: 1358
Merit: 635
October 25, 2019, 12:36:24 PM
#32
snip

So secondly, what should I do about storing my seed phrase?


I don't know if that helps, but I have used  Shamir scheme  to split my SEED phrase into six parts with the ability to restore it via any 3  of 6  and shared those ones ( in form of QR codes printed on the back of my family pictures) among my relatives, each received one piece. Whenever anyone asked about those QRs, I gave an answer they are related to ID of studio that made pictures of my family.


Interesting choice, but there's high risks of rolling your own backup/restore method and it's not something that regular user would do.

It sounds like example, but do you plan to ask your relative to show your family's picture out of nowhere if you need to restore your seed/mnemonic phrase?

I'm visiting  them  every  year and they all like to share memories. They do it  by browsing trough  the pictures  what  in fact is one of their favorite activities. That is why,  as I checked,  taking  QR code on the sly is not a big task for me.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
October 25, 2019, 10:51:16 AM
#31
Your email address is hidden to everyone except admins of the forum. And before I think you may be referring to the contents of your email, that depends on your provider and the kind of authentication you have for it, passwords and two factor, and who else you gave it to.

If you access your email from a compromised computer (like if a keylogger was installed on yours), then someone else may already have access to it.

As for the seed words. Write it down with normal ink. Stick that paper in an envelope or a book, if that's your thing. I would probably use a laser printer and make a QR code of the whole thing, but be aware that this could lower security (printers get hacked, the software you use to make the QR code gets hacked, or the computer you do it all on is already compromised), unless you take proper precautions.

Just write it down is best. You could also find a way to encode it in an existing book (marking letters and such), or just write it in the margins of the pages of the book using permanent ink.
hero member
Activity: 1358
Merit: 635
October 23, 2019, 04:23:16 AM
#30
snip

So secondly, what should I do about storing my seed phrase?


I don't know if that helps, but I have used  Shamir scheme  to split my SEED phrase into six parts with the ability to restore it via any 3  of 6  and shared those ones ( in form of QR codes printed on the back of my family pictures) among my relatives, each received one piece. Whenever anyone asked about those QRs, I gave an answer they are related to ID of studio that made pictures of my family.
legendary
Activity: 2268
Merit: 18748
October 22, 2019, 03:30:42 AM
#29
-snip-
+1 for this. Passphrases are great, and everyone should be using one (one long and random enough that it can't be easily bruteforced).

I prefer to use "Set temporary passphrase" rather than "Attach to PIN code", for a couple of reasons. Firstly, if you use "set temporary", then you have to physically enter it each time you use it. Since most people (incorrectly) don't back up their passphrase on paper, it serves as a memory aid every time you enter it. There have been a couple of posts I've seen on this forum of users attaching passphrases to PINs, forgetting the passphrase having never had to use it in months, and then losing access to their coins.

Secondly, this article: https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/. I appreciate this article is about a Trezor device, but the premise is the same. This attack on the Trezor device is now possible with around $100 of equipment. Given enough time, money, equipment, and expertise, it is conceivable that an attacker would be able to extract your seed from a Ledger device. If you have your passphrase attached to a PIN, then your passphrase must be stored somewhere within the secure element, and therefore available as an attack target. If you set the passphrase temporarily each time, then (as far as I am aware) it is used to generate your keys, but is not stored on your device and is wiped after you unplug, therefore protecting you against an attack such as this.

The obvious downside to this is the time it takes to enter your passphrase every time can non trivial (5-10 minutes if you are using a long and random passphrase as you should). However, given that my passphrase protected wallets are used for long-term cold storage, I'm not accessing them often enough that this becomes too much of an issue for me.
sr. member
Activity: 443
Merit: 350
October 22, 2019, 02:39:54 AM
#28
I have read the topic and did not find anything about one very useful ledger's security option.
Instead of buying 2,3,4 or more Ledgers it is better to make 2 different PIN-codes on one ledger, creating the additional passphrase and splitting the accounts between 2 different HD wallets within one device. It works in the following way:

1) You activate your ledger at normal way: it generates 24 seed words and set of accounts based on these words. You also create PIN code, for example 1234. This is your HD wallet #1
2) After that you add a passphrase (actually this is a 25th word for your security seed), and attach this passphrase to another PIN code (let's say 5678). That passphrase actually generates for you the completely different set of addresses, so you actually receive "another" wallet. This is your HD wallet #2. Do not write down this passphrase together with the 24word secreet seed. Keep in in mind or separately.
3) Now if you input PIN-code 1234, you will access wallet #1. If you input PIN-code 5678, you will access wallet #2.
4) So, split your funds between wallets #1 and #2. Put to first wallet small amount let's say USD500, but put to the 2nd wallet the main funds let's say 10,000USD.

This is very useful. If somebody finds your secret seed, he will enter these 24words and has the access to wallet #1 with USD500. If somebody finds your hardware wallet, and physically (drawing the knife) ask you to provide the PIN, you will call PIN 1234 and povide the access to wallet #1 with small amount. Only you will know how to open your wallet with main funds: entering another PIN 5678, or if you lost a ledger device, order another one and recover with your 24words seed + passphrase.

I like this option very much. Perfect!

This is a video tutorial for Nano S (the same feature works in Nano X as well): https://youtu.be/RJzSQtGVaA0
copper member
Activity: 832
Merit: 18
Create your coin for FREE ★mintme.com★
October 19, 2019, 12:09:25 PM
#27
O.K., So I think I have made up my mind as to what I'm going to do. Tell me what you think of my ideas.

1. As stated, I purchased two Ledger Nano X's. I will hide one with my Bitcoin on it somewhere in my apartment. I will keep the second Ledger brand-new, unused in my desk drawer. This way if a thief comes into my apartment they will think that they found the Ledger with the Bitcoin on it. Also, in the future, if the Ledger with the Bitcoin on it wears out for some reason, I will have a back-up.

2. I will use the random BIP39 seed word that the Ledger Nano X generates. (Thank you for saving me here, guys!) I will also use a PIN.

3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)

O.K., So there it is. Is it a sound and effective plan? Thank you.

P.S. I wish I had the "NeuroticFish" username because that's what I've become. A computer I am not.

Well, I believe this would be effective, yet I can't shake the feeling that you're overdoing it and all of this could be undone with a mistake that no one would notice now

Also, the invisible ink thing seems a lot like security by obscurity which is something unadvisable.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
October 05, 2019, 01:58:30 AM
#26
3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)
Why are you like to handover your seed like post office box? I know you will secure it by something else. But do you know that no system is safe? Seems you are too much worried about your seed how to store it. Why not make it simple? Store your seed on multiple safe places. Even 1 would burn another will survive. Safe zone means under your control, it might on your house or some other places. If you think your home wouldn't safe then think what will happen if you die ? So there is no guaranty actually. That's life, and I has no guarantee. So it would be nice solution, write your seed on multiple good paper and store it on multiple safe place and check occasionally if your seed is fine.
newbie
Activity: 21
Merit: 11
October 03, 2019, 01:06:20 PM
#25
Since I started this thread, I heard a podcast with Anthony Pompliano and the founder of ZenGo, which uses ZoOm, a facial recognition security app to secure Bitcoin. I’ve had a couple of discussions with Ouriel Ohayon from ZenGo about the benefits of ZenGo over Ledger. In comparison, Ledger already seems antiquated but has ZenGo been vetted enough to trust that ZenGo is secure? Since ZenGo uses ZoOm I can see how one party would blame the other party if hacking were to occur. I am not a security expert. What do you all think of ZenGo?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)

It's good solution IF you're absolutely sure only you who know about this information, even though it's highly unlikely that someone who know you in real life also know you're using method and have power/connection to access deposit/P.O box.

I have doubt about P.O. box to secure important information though.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
Just remember, a hardware wallet depends on whatever the wallet connects to, to ensure the wallet is correct.
It's not a full bitcoin node, so it doesn't verify the blocks and transactions necessary, it allows someone else to do that ...
Pages:
Jump to: