Topic: Conspiracy guide to storing your Bitcoin (Read 340 times)

What if the hypothetical situation happened where the physical copies of the wallets were damaged? A security oriented person would take this into consideration and protect against any outcome that they can think of. That is what you are taught to do in cyber security. What you are describing is getting complacent and opening the potential to get burned.

if you mean for security then it doesn't make much sense because if one of your keys is compromised while being created the right way (offline, clean computer, encrypted,...) then there is no reason to believe the other one(s) wouldn't be compromised either.

but if you mean for different purposes then that is obvious! just like what you do with your fiat (pocket money, money in your debit card, credit card, money in bank, in safe,  ...) you also split your bitcoin into different wallets: pocket money=hot wallet on phone, spending money (larger amount)=hot wallet on desktop, cold storage for storage (not touching)=paper wallet, cold storage with regular access=hardware wallet.

Additionally, if someone have enough funds and want to secure their bitcoin themselves, they should have some devices to store their bitcoin. Those devices should be used only for storing their bitcoin, not any kind of altcoins. Because the risks will become higher if you store other altcoins in the same devices you store bitcoin. Who knows those altcoins' wallets are safe. Furthermore, those devices should not be used for daily actitivites like web surfing or anything else. Solely be used to store bitcoin, and only open when you have demands to move your bitcoin to somewhere else.

---

The more time your devices used to store bitcoin connect to Internet, the higher risks of being exploited. So, keep them in frozen condition, and only connect them to Internet when you have reasons to move your bitcoin.

I think it's worth having your funds in at least 2-3 different wallets with different seeds. They may all be hardwallets or paper wallets properly made.
Because everyone can make a mistake... If you have multiple wallets you want lose all your money

A security oriented person doesn't need multiple wallets. If your wallets are offline and your keys and seeds and properly stored you are good with one paper or hardware wallet. If you are careless and have your private keys all around the place you are likely to get one or all your wallets stolen.

What are your thoughts on diversifying your funds on multiple wallets? I think everyone should consider a paper wallet and a hardware but even more so what about a handful of wallets?

Your bitcoins are  safe  as long as the secrets ( SEED, prvkeys, anything else) to access them  remain inaccessible  for everyone except you. Use Shamir Secret Sharing Scheme (SSSS) to ensure  strict security  in the storage  of  those secrets. Over there I've described in more detail my own procedure for SSSS using.

When it comes to cryptocurrency then it is most important to reduce the risk to the smallest extent possible. This means that the risk exists with each of these storage methods, and ranges from very high risk to the one who could be call the minimum risk.

The highest risk is without any doubt any kind of storage where the user does not have complete control over their private keys, and this includes all online crypto services / wallets / exchanges. This method should in any case be avoid in case of some bigger amount which the user owns.

If we compare paper and hardware wallet, both have their own advantages and disadvantages. For long-term storage paper wallet can be an excellent choice, if the process of creating of such wallet is performed in a safe and correct way. A paper wallet is just an expression, as OP say it can be any other material which is more durable then paper.

Hardware wallets have so far proved to be a very good way of storing private keys in a safe environment, so even infected PC will not compromise private keys. For users who want to combine safe storage with hot wallets this is the ideal way of handling with cryptocurrency. Such wallets also need to be protected by seed backup, so it is almost same procedure as for paper wallet.

Mobile wallets have their purpose, but should not be used for storage of large amounts of coins. As for brain wallets, OP is say all that was needed, so if you have brain do not use such a way of generating private keys.

I think so, too. As long as you store the seed in a safe place (bank, ...) they are as secure as any paper wallet but way more comfortable. You can view your coins anytime (especially easy with eg. Ledger Live) or you just need to plug in the device if you want to send your coins. If the device breaks, you can easily recreate your wallets via your seed. So I would rank them at #1 due to the fact that they are as secure as any paper wallet but way easier to handle.

in my opinion it is best to call this category "web wallets" since based on your explanation you are talking about wallets such as blockchain.info and then use the term "online wallet" as general explanation of any wallet that is connected to the internet  and that can cover both "desktop wallets" and "web wallets".
then it creates a new category called "bitcoin accounts" which call themselves wallets but they are accounts since they control everything, the example is coinbase.com

ps. you should also mention encryption specially when you use paper wallets.

# I would like to add multiSig wallet.

I use 2/2 MultiSig wallet where each key is stored in each device. The keys were never copied or stored in the same device.

You can print the keys and store them in two different place so that in case the computer corrupts or anything happens with the soft copies then you can recover the wallet using the information in the printed paper.

This is an excellent write-up on the capabilities and drawbacks of wallet storage methods. +1 Merit to you, and my best wishes that any newbie who comes on this forum will take the time to read through your guide and, if not follow your advice, at least begin to consider the security threats of online or hot wallets.

I would like to correct you.

"some" hardwallet may have had vulnerabilities.
I didn't see/read any real vulnerabilities with the nano S ledger. ( I mean something that is not straight out of SCI-FI)

Also, you are right, the device itself doesn't last forever, but no need for it to do.
The secret seed is transferable to any compatible wallet.

I believe that hardwallet is the way to go, so I am a little bit biased.

Back when I first got into Bitcoin I decided that using a live cd of Ubuntu would do the job as I was just starting out and not holding a large amount of coin. However circumstances have changed over the years which has made me evaluate and do my own research on whats the best storage method for myself. Despite conducting the research myself and pulling information from many different sources I'm still open to suggestions from knowledgeable people on how I can improve security. However until then I'm going to be providing you with the pros and cons of storage methods for storing your coin and some real possibilities which could happen rendering you Bitcoin-less. Some of the examples will be extreme and very unlikely however over the years I've come to the conclusion that being prepared for anything and everything as much as you possibility can is the best option in life.

Firstly, there are a number of different methods which can be using multiple storage methods is not unheard of because of the suitability for each method. A great example of this is when you are holding a small amount of coin as "hot" change which means that this amount is only a fraction of what you hold in your "cold" wallet.


What is a "hot" wallet?
A hot wallet is usually connected to the internet in one way or another. If your wallet can connect to the internet it should be considered a hot wallet despite the way it was created. If you have a paper wallet which the private key was generated using a machine connected to the internet then you should consider that a hot wallet as its been exposed to the internet. This includes any funds stored on a exchange or wallet provider.  

What is a "cold" wallet?
A cold wallet is the exact opposite to a hot wallet. These are usually created offline and stay offline the beauty with Bitcoin is you can create your public address and private key completely offline and still use it to store funds. Creating your wallet on a live CD of Ubuntu is one of the ways that this can be done. However this also exposes you to certain risks and to be the safest you can be you should consider "deep cold storage".

What is "deep cold storage"
Deep cold storage is when Bitcoin funds are stored offline but in a means that its far easier to deposit than it is to withdraw. A example of this is storing your offline generated private key in a vault which is immune to fire, water and only authorized personal can access. However there are multiple methods this can be achieved.

This is the way that anyone serious about Bitcoin should be holding their Bitcoin and in fact big companies and exchanges often use this method. This doesn't mean that you can safety store your Bitcoin on a online exchange. What this means is exchanges keep their reserve in a deep cold storage method.

What are we looking to protect against?
1. Theft
Preventing theft should be a given. However many people are neglecting the fact that their funds are stored on a insecure storaage method just because its "convenient" for them.
2. Accidental loss
This could come from accidentally losing the private key, forgetting credentials, getting dementia and losing your funds. These are all possible things that should be considered when storing your Bitcoin. I don't care if they are far fetched if you are serious about this its time to consider all possibilities and neutralize them as much as possible.
3. Damage
Preventing damage either through malicious actions or acts of god should all be considered. For example not storing your private key printed on paper in a area known to flood might be obvious but have you ever considered not storing your private key on the bottom floor because of hidden pipes under the ground having the potential to burst at any given moment?

My ranking list of best ways to store Bitcoin

#1 Paper Wallet
Paper wallets are usually generated offline and kept offline. Don't store them digitally and have them stored securely in a offline storage area. Paper wallets are what I consider the best method of storing your Bitcoin. When done properly and generated offline they can be the best option. Paper wallets are immune to corruption, and sometimes damage. Remember that paper wallets don't necessarily have to be on paper and could be placed on something which is far more resistant to both damage and theft. Storing a paper wallet in a secure location could mean that you could return 100 years later and it would still be there intact with no damage and little degradation. This is the only method that is risk free from corruption as its the only one which does not exist on a electronic device. Many people use this in conjunction and as a backup to their devices without realizing it. Have you ever written down your private key just in case of hardware corruption? Effectively you've created a paper wallet.

Insecurities: Paper wallets are as secure as you make them. They can be completely impenetrable if you make them so or they can be just as bad as the lower ranking listings on this thread. YOU make it as secure as you want it to be.

#2 Hardware Wallets
Hardware wallets such as the Trezor/Ledger are created specifically for storing Bitcoin and other alt coins within its infrastructure and is designed with security in mind. However, there are criticisms to be made when talking about hardware wallets. Currently, hardware wallets are a lesser target for hackers and viruses due to the amount of people that use them. However, in time this could change and viruses could be made to target those that use them. As well as being a physical electronic device it is hard to safeguard this from both theft and damage. However hardware wallets are designed with being used to connect to the internet and are definitely safer than a ordinary wallet. What you could do is directly buy from the manufacturer and never connect the device to the internet and store it in a secure place which prevents natural occurring damage then this is a far superior way to store your Bitcoin. Login credentials still need to be remembered otherwise you risk losing access to the device. Sometimes people opt to generate and store a seed but you must make sure that you follow the same security tips with this as the device itself.

Insecurities:
Yes hard wallets have been known to have vulnerabilities themselves which could put your device at risk depending on the vulnerability. This is a risk whenever you use any sort of hardware wallet or software wallet as bugs and exploits likely exist. Devices don't last forever and can easily be corrupted.


#3 Airgapped PC
An airgapped PC is a computer which has had its connectivity removed. Preferably never been online. Despite this being considered the safest way to store Bitcoin I would have to disagree. Although this method is secure you would need to take into consideration the target market of viruses and storing the computer. Windows then Linux are considered the biggest target markets for those wishing to infect other computers with viruses and you have to be absolutely sure that the computer hasn't been exposed to this prior to hosting any of your funds on it.

Insecurities:
Corruption, theft, and damage are all needed to be considered. Corruption of hard drives cannot be helped and knowing the long term health of a hard drive is something which cannot be done. Theft and damage can be solved by storing in a secure location which would be immune to fire, water, other natural occurrences and theft.



#4 Mobile Wallets
Mobile wallets are exactly that wallets which rely on running on either the android OS or apple. Which by the way are usually always connected to the internet and have to be connected to the internet at some point to download the app. The mobile market is a huge target for attackers because of the amount of games and apps people install its easy to get malicious code within one of those and steal your Bitcoin by targeting Bitcoin wallets hosted on the mobile phone.

Insecurities: Where to begin? Like I've mentioned already you are exposed to malicious code injected via mobile apps. You have to connect to the internet at some point to download the app or the .apk.

#5 Online Wallets
Online wallets whether you control the private key or not are insecure in my opinion. I have a large emphasis in this thread about connecting to the internet. As soon as you connect to the internet you are opening 1 other possibility of attack. Thus anything hosted online is exposed to an extra risk that other physical offline methods don't have making it that much less secure.

Insecurities: Prone to man in the middle attacks, viruses, online wallet services going offline, needs a internet connection to connect. The list goes on. Online wallets that give you the private key doesn't mean that they are suddenly any safer.

#6 Brain Wallets
Brain wallets deterministically and statelessly converts a secret passphrase into private/public key pair. For example if you were to type the secret passphrase of "I love theymos cats" this would generate both a public and private key. However the problem with this is if anyone else decides to generate a public/private key this way and types the exact same passphrase as you they will have access to your funds. Remember that we aren't unique individuals and our minds think alike. You don't think someone else in the world likes a quote that you like? You don't think someone else would have thought of creating a wallet based on that quote? Especially relevant considering people think in the now and generally come up with passphrases that are relevant to them at the point of creation. A great deal of passwords are created by what people have currently in their head or in their environment. Trends if you will.

A brain wallet uses SHA-256 to hash a passphrase into a 256-bit string that on the surface looks random to anyone else that sees it. However we know that this was generated via our private passphrase. SHA-256 is good enough at the time of writing to be considered secure however its not what brainwallets use to generate the keys that's the problem. Its the end user that is inputting their passphrase that is.

Insecurities:
Prone to dictionary attacks, random password guessing, and human psychology. Its also worth noting that there are several tools out there dedicated to cracking brainwallets which are likely running 24/7 on botnets. They likely have already generated wallets that they keep in a database and as soon as they see money entering that address they will automatically withdraw from it.


That just about covers my opinion on the different storage methods available today. Please let me know your thoughts.