Topic: Importance of recovery seed/private keys (Read 857 times)

I would always recommend using 2FA for all your online accounts, but there are a few caveats to your statement that 2FA will protect your wallet from hackers.

First, not all 2FA is equally secure. At the very least your 2FA should be an open source authenticator app (not Google Authenticator) such as andOTP, Aegis, or Tofu. Even better than that would be a physical 2FA key, such as a YubiKey or a hardware wallet. You should never use a code sent to you by email or SMS as your 2FA. Emails are frequently hacked, and if an attacker can access your email account, use that to reset your online account password and receive the 2FA code, then that isn't two factors that need to compromised at all. The compromise of one factor (your email account) allows an attacker to access both pieces of information for your 2FA. SMS messages are sent unencrypted, can be intercepted, and phone numbers can be transferred to another SIM with some very straightforward social engineering.

Second, if your wallet offers 2FA as discussed above, that means you are probably logging in to your wallet account,* which means it is a web wallet or an exchange. These kind of online wallets are the absolute lowest in the terms of security, and should be avoided. If you want to protect your coins from hackers, then store your keys offline on either an airgapped device or a hardware wallet.

*Unless the 2FA is a multi-sig wallet where you store your own keys but a third party co-signs your transactions.

The number of scams within the crypto market has increased such a lot that only credible wallets are being hacked So it's difficult to mention which is that the safest but if we will keep the keys of our wallet safe then the probabilities of being hacked are going to be much less. this is often why hackers will never be ready to hack our wallet if they use the 2fa code for wallet usage this may keep our money safe.

Thank you so much for mentioning those important issues among us. Because of i haven't exprienced one of those issues, i am not aware about those problems. But after knowing those issues, now i fell afraid losing my fund

It is quite normal that you do not blindly trust anyone on this forum, including those who give suggestions on which crypto wallet to use. In a world where every mistake can be fatal, everything must be checked.

On the other hand you are already accused of shilling for that wallet, and if you're already doing that, then you should learn some more sophisticated methods so it's not so obvious. That wallet you mention probably has the most accusations of scam on this forum, and I don't think it's a coincidence.

I don't trust all these forum posts and threads. So far I haven't received any negative experience from Freewallet org.

Freewallet has a very bad reputation there are a lot of bad reports right now and the developer are not addressing them, but I agree that we should never use a wallet where we cannot own the private keys, it's a big no no, if you are trading a lot, you are in trouble of possibly losing all your coins with this kind of wallet.

Based on what, exactly? The fact that you haven't yet experienced a problem with them? What about the fact that blockchain.com repeatedly used the same k values resulting in over 250 BTC being stolen from their customers? What about the fact the there are countless reports of people having the accounts hacked, phished, passwords reset, and so on? What about the fact that their system is entirely closed source, meaning you have absolutely no idea how good or bad their security is, you have absolutely no idea how good their entropy generation process is, you have absolutely no idea if they have access to your seed phrase, private keys, coins, you have absolutely no idea how they are storing your coins, you have no idea who or how people have access to your data, etc., etc.

Saying they are "safe and secure" is literally nothing more than a guess, and not even an educated one at that. By using a blockchain.com wallet you are placing your complete and utter trust in total strangers. The whole point of bitcoin is to not have to trust anonymous third parties with your money.

I think those can be risky. I'm using  myetherwallet to store my erc20 tokens+metamask and blockchain for storing my bitcoin, since 4years. And still i haven't faced any kind of problem. I think anyone can trust myetherwallet & blockchain, without any doubt. Those are safe & secure.

Average types of custodial wallets have problems in withdrawal. This is the biggest drawback when developers intentionally embed automation scripts to track user activity. In the end, the wallet doesn't recognize the user and needs excessive proof to convince it even if it's pointless.

That's why sometimes I don't like automation with regard to finance, they are totally inhuman when it comes to problems.

We could see many users losing their seed/private keys and unable to recover their funds. I would suggest going with exchanges like Binance to store your coins if your investment value is less yes many of the users would not be agreeing with storing the coins in exchanges but exchanges like Binance it is pretty much safe even if there is a hack they could make it with the profit of the single quarter. IF your investment is large then using ledger is the best option.

Coinomi is closed source, so it is impossible to tell whether or not it is actually safe. There was an issue discovered last year where Coinomi was sending a users seed phrases unencrypted to Google servers to be spell-checked, which is obviously a massive security risk. Coinomi's statement said that no funds had been lost as a result of the issue, and it has since been patched, but this is the risk you take using a closed source wallet - nobody has any idea what is going on behind the scenes.

Does the fact that you consider yourself "lucky" to not have been hacked not tell you something? My wallets have never been hacked, but it has nothing to do with luck - it has to do with me storing my coins myself with proper security measures, and not trusting complete strangers to do it for me. Just because your coins haven't been hacked/stolen/scammed/frozen/seized/etc. yet, doesn't mean using web wallets is safe.

It is entirely possible to use a Ledger hardware wallet offline, either by disconnecting your internet connection before you connect the hardware device, or only using the device with an airgapped computer. Create a transaction via a watch only wallet, transfer to an offline environment, sign with your Ledger device, and then transfer the signed transaction back to an online environment to be broadcast.

In the case of hardware wallets it is impossible to send money offline but hardware wallets are often used both offline and online. The way you use it is usually up to you Not only hardware wallets but all other wallets are often not sent offline It is better to use offline to protect your currency.

Wallets like Coinbase that you don't have control of your keys are not advisable for long HODL but it is good for temporary use, you can use it to buy crypto conveniently and at the same time, you can withdraw to your banks at selected countries. While non-custodial wallets are fully decentralized, advisable for storing crypto but of course hardware wallets are much better. Most non-custodial wallets only give recovery phrase but there is a tool to convert those into keys but it is recommended to do it offline. Here is sample tutorial from coinomi but it can be applied on other wallets too.

Ledger hardware wallets aren't offline, to send coins from this wallet you will need to connect to the internet on your PC, the moment you successfully send the coins and remove the hardware wallet from PC is when it's no more connected and thus make it OFFLINE, don't talk as if you can send coins offline

The one's where private keys are held by third party are custodial wallets like Xapo, freewallet and they are really not safe since you are trusting a third party for your funds.

Also the online wallets which lets you held the private keys or say, non-custodial wallets are also not that very safe. There are hackers which can exploits some loophole and flaws that could lead to a hack and loss of balance like what happened with inputs.io: https://www.coindesk.com/hackers-steal-bitcoins-inputs-io-wallet-service.

Online wallets whether it be custodial or non-custodial both are unsafe but yeah if I had to choose one, I would prefer non-custodial one over custodial wallets.

By the way, could you consider moving your topic on Wallet software?

Remember, if you are a bitcoin user, these words should always be a reminder for you (not your private key, not your bitcoin). What is the purpose? Of course this is an effort to improve the security of the assets we have. One more thing, exchange is not the right place to store assets. No matter how much your assets are, I firmly say that keeping your assets on the exchange then you only take risks.

It's a matter of how you will secure your wallet in able to avoid any loss by using it. I'm Bitcoin online wallet for more than 5 years and luckily I never experienced any hack attempt. I believe bitcoin online wallet is safe to used compared to other cryptocurrencies wallet out there.

I agree with you that people preferred online wallet can't forced to used other wallet since online wallet is accessible compared to hardware wallet which is very hassle to use since you must carry the physical device in able to use it and we all know that we can't carry anytime so online wallet is the best possible option.

Blockchain has made it possible for users to own their funds, Information etc, and this is done through private keys, backup phrases and so on; that is, when a user have his private keys, it means he owns and can control his funds but once that private keys is not available it shows the user in question is at the mercy of the creators of the platform. Therefore I think all these wallets without private keys shouldn't be used because they can not be trusted.

among the 3 that are listed, its blocbkchain.com wallet that i have tried using back 2015. its the first wallet i know using since i have no idea at first but eventually i learn the electrum and forget my blockchain.com account. i didn't lose any btc though.

we just can't force people not to use online wallets though. this is because they seem to portrait to be honest and that they are in the business for more than 5 years and people use them to pay bills already.  what you just need to do is just store coins that you can afford to lose.

There were issues on Myetherwallet in the past and besides this is an online wallet, there are a lot of phishing sites, it's better you used Mydesktop wallet, it's safe you own the key and the developers always updated the wallet, I've been using it for two years now.