Topic: Importance of recovery seed/private keys (Read 857 times)

I would always recommend using 2FA for all your online accounts, but there are a few caveats to your statement that 2FA will protect your wallet from hackers.

First, not all 2FA is equally secure. At the very least your 2FA should be an open source authenticator app (not Google Authenticator) such as andOTP, Aegis, or Tofu. Even better than that would be a physical 2FA key, such as a YubiKey or a hardware wallet. You should never use a code sent to you by email or SMS as your 2FA. Emails are frequently hacked, and if an attacker can access your email account, use that to reset your online account password and receive the 2FA code, then that isn't two factors that need to compromised at all. The compromise of one factor (your email account) allows an attacker to access both pieces of information for your 2FA. SMS messages are sent unencrypted, can be intercepted, and phone numbers can be transferred to another SIM with some very straightforward social engineering.

Second, if your wallet offers 2FA as discussed above, that means you are probably logging in to your wallet account,* which means it is a web wallet or an exchange. These kind of online wallets are the absolute lowest in the terms of security, and should be avoided. If you want to protect your coins from hackers, then store your keys offline on either an airgapped device or a hardware wallet.

*Unless the 2FA is a multi-sig wallet where you store your own keys but a third party co-signs your transactions.

The number of scams within the crypto market has increased such a lot that only credible wallets are being hacked So it's difficult to mention which is that the safest but if we will keep the keys of our wallet safe then the probabilities of being hacked are going to be much less. this is often why hackers will never be ready to hack our wallet if they use the 2fa code for wallet usage this may keep our money safe.

Thank you so much for mentioning those important issues among us. Because of i haven't exprienced one of those issues, i am not aware about those problems. But after knowing those issues, now i fell afraid losing my fund

It is quite normal that you do not blindly trust anyone on this forum, including those who give suggestions on which crypto wallet to use. In a world where every mistake can be fatal, everything must be checked.

On the other hand you are already accused of shilling for that wallet, and if you're already doing that, then you should learn some more sophisticated methods so it's not so obvious. That wallet you mention probably has the most accusations of scam on this forum, and I don't think it's a coincidence.

I don't trust all these forum posts and threads. So far I haven't received any negative experience from Freewallet org.

Freewallet has a very bad reputation there are a lot of bad reports right now and the developer are not addressing them, but I agree that we should never use a wallet where we cannot own the private keys, it's a big no no, if you are trading a lot, you are in trouble of possibly losing all your coins with this kind of wallet.

Based on what, exactly? The fact that you haven't yet experienced a problem with them? What about the fact that blockchain.com repeatedly used the same k values resulting in over 250 BTC being stolen from their customers? What about the fact the there are countless reports of people having the accounts hacked, phished, passwords reset, and so on? What about the fact that their system is entirely closed source, meaning you have absolutely no idea how good or bad their security is, you have absolutely no idea how good their entropy generation process is, you have absolutely no idea if they have access to your seed phrase, private keys, coins, you have absolutely no idea how they are storing your coins, you have no idea who or how people have access to your data, etc., etc.

Saying they are "safe and secure" is literally nothing more than a guess, and not even an educated one at that. By using a blockchain.com wallet you are placing your complete and utter trust in total strangers. The whole point of bitcoin is to not have to trust anonymous third parties with your money.

I think those can be risky. I'm using  myetherwallet to store my erc20 tokens+metamask and blockchain for storing my bitcoin, since 4years. And still i haven't faced any kind of problem. I think anyone can trust myetherwallet & blockchain, without any doubt. Those are safe & secure.

Average types of custodial wallets have problems in withdrawal. This is the biggest drawback when developers intentionally embed automation scripts to track user activity. In the end, the wallet doesn't recognize the user and needs excessive proof to convince it even if it's pointless.

That's why sometimes I don't like automation with regard to finance, they are totally inhuman when it comes to problems.

We could see many users losing their seed/private keys and unable to recover their funds. I would suggest going with exchanges like Binance to store your coins if your investment value is less yes many of the users would not be agreeing with storing the coins in exchanges but exchanges like Binance it is pretty much safe even if there is a hack they could make it with the profit of the single quarter. IF your investment is large then using ledger is the best option.

Coinomi is closed source, so it is impossible to tell whether or not it is actually safe. There was an issue discovered last year where Coinomi was sending a users seed phrases unencrypted to Google servers to be spell-checked, which is obviously a massive security risk. Coinomi's statement said that no funds had been lost as a result of the issue, and it has since been patched, but this is the risk you take using a closed source wallet - nobody has any idea what is going on behind the scenes.

Does the fact that you consider yourself "lucky" to not have been hacked not tell you something? My wallets have never been hacked, but it has nothing to do with luck - it has to do with me storing my coins myself with proper security measures, and not trusting complete strangers to do it for me. Just because your coins haven't been hacked/stolen/scammed/frozen/seized/etc. yet, doesn't mean using web wallets is safe.

It is entirely possible to use a Ledger hardware wallet offline, either by disconnecting your internet connection before you connect the hardware device, or only using the device with an airgapped computer. Create a transaction via a watch only wallet, transfer to an offline environment, sign with your Ledger device, and then transfer the signed transaction back to an online environment to be broadcast.

In the case of hardware wallets it is impossible to send money offline but hardware wallets are often used both offline and online. The way you use it is usually up to you Not only hardware wallets but all other wallets are often not sent offline It is better to use offline to protect your currency.

Wallets like Coinbase that you don't have control of your keys are not advisable for long HODL but it is good for temporary use, you can use it to buy crypto conveniently and at the same time, you can withdraw to your banks at selected countries. While non-custodial wallets are fully decentralized, advisable for storing crypto but of course hardware wallets are much better. Most non-custodial wallets only give recovery phrase but there is a tool to convert those into keys but it is recommended to do it offline. Here is sample tutorial from coinomi but it can be applied on other wallets too.

Ledger hardware wallets aren't offline, to send coins from this wallet you will need to connect to the internet on your PC, the moment you successfully send the coins and remove the hardware wallet from PC is when it's no more connected and thus make it OFFLINE, don't talk as if you can send coins offline

The one's where private keys are held by third party are custodial wallets like Xapo, freewallet and they are really not safe since you are trusting a third party for your funds.

Also the online wallets which lets you held the private keys or say, non-custodial wallets are also not that very safe. There are hackers which can exploits some loophole and flaws that could lead to a hack and loss of balance like what happened with inputs.io: https://www.coindesk.com/hackers-steal-bitcoins-inputs-io-wallet-service.

Online wallets whether it be custodial or non-custodial both are unsafe but yeah if I had to choose one, I would prefer non-custodial one over custodial wallets.

By the way, could you consider moving your topic on Wallet software?

Remember, if you are a bitcoin user, these words should always be a reminder for you (not your private key, not your bitcoin). What is the purpose? Of course this is an effort to improve the security of the assets we have. One more thing, exchange is not the right place to store assets. No matter how much your assets are, I firmly say that keeping your assets on the exchange then you only take risks.

It's a matter of how you will secure your wallet in able to avoid any loss by using it. I'm Bitcoin online wallet for more than 5 years and luckily I never experienced any hack attempt. I believe bitcoin online wallet is safe to used compared to other cryptocurrencies wallet out there.

I agree with you that people preferred online wallet can't forced to used other wallet since online wallet is accessible compared to hardware wallet which is very hassle to use since you must carry the physical device in able to use it and we all know that we can't carry anytime so online wallet is the best possible option.

Blockchain has made it possible for users to own their funds, Information etc, and this is done through private keys, backup phrases and so on; that is, when a user have his private keys, it means he owns and can control his funds but once that private keys is not available it shows the user in question is at the mercy of the creators of the platform. Therefore I think all these wallets without private keys shouldn't be used because they can not be trusted.

among the 3 that are listed, its blocbkchain.com wallet that i have tried using back 2015. its the first wallet i know using since i have no idea at first but eventually i learn the electrum and forget my blockchain.com account. i didn't lose any btc though.

we just can't force people not to use online wallets though. this is because they seem to portrait to be honest and that they are in the business for more than 5 years and people use them to pay bills already.  what you just need to do is just store coins that you can afford to lose.

There were issues on Myetherwallet in the past and besides this is an online wallet, there are a lot of phishing sites, it's better you used Mydesktop wallet, it's safe you own the key and the developers always updated the wallet, I've been using it for two years now.

Yes, right. because every wallet has convenience and risk for the users. but I chose to use an online wallet that uses a key or other security code. and of course we have to save / copy this code in the paper and saved manually outside our device.

Is it true that coinomi wallet is not safe as well? I read about it on the internet that some funds are lost, some are blaming the team while some said it's hackers at work, the reason why I asked is because ive been using coinomi wallet for a very long time and I have no single issue or whatsoever

Xapo wallet is obsolete I used to use it when I was minging in btc faucets and I don't think that there are people still using it till now. There are lots of trusted wallets available in the internet or in mobile phone just to make sure to have your private keys safe from anyone,  don't just save it in your phone, take them note down if necessary just in case you've lost your phone you still be able to recover it.

It is the safest way in this market, but I think it is not really necessary. I only use decentralized wallets and currently I'm fine with it, I can still control the private key

True - here Scam Accusations:

1. FREEWallet.org stole 55 000$! be careful SCAM
2. FREEWallet.org SCAM ( Don't use any of their iOS or Android APP)
3. Freewallet.org is a fraudster who cheated me out of 15.2BTC
4. FREEWallet.org is a SCAM
5. Freewallet.org is a scam or they are just never satisfied
6. Freewallet makes me stress asking me proof ID and freezing my wallet

MemoryDealers

no system are safe forever.

even tsunami too?

---

No matter how strong wallet (offline, cold and harware wallet) you are suggested in this post even you are careless about security still your wallet unsafe.

Even the most safest and trusted wallet has the most vulnerable thing and that is privatekey! It is so difficult to behave correctly with the private key, to store it safety on a place where nohody has an access..

How about exchanges? if we are a trader, we usually make a lot of transactions from our wallet to exchanges, sometimes we will sit the amount for awhile as we are looking for the right timing to trade, if we are trading in a centralized exchange, we will be force to just trust the exchange holding only the password and 2FA code if there is a feature, but once the site is hack or compromise, we say goodbye to our funds.

Actually DEX are good, this gives us a chance to trade directly from our wallet, but unfortunately majority of traders prefer CEX that is why DEX was left behind.

The only wallet I'm using is blockchain.com I think it's secured because of the email link verification before you can log in, it's very important that you own the private keys or recovery seed, because if you do not own them you don't own the coins, you've kept on those wallets.

Any wallet that someone does not have independent control over is not to be considered as a store of value.  I prefer using offline or hard wallets anyway because if online wallet are not properly secured time to time, then they are prone to different attacks, that's why we are adviced not leave our coins/tokens on the exchange wallet.

Custody wallets and all online and exchange wallets are more easier to use, when you forgot password you recover it, this people know and use a lot, so do not push them into these wallets when they are not ready for that.

If you do not keep your private key, the wallet is not yours. It is like you are sending money into someone else's wallet and it can disappear anytime. So stay away from wallets concentrated in this market

For me its really better to use a hardware wallet. like trezor
rather than wallets from website and some so called free wallet, its charge a high for transaction and its not that safe.
but still youll need a myetherwallet for ERC20 tokens though

To be fair, most of altcoin holders is not have a good financial. I know web or online wallet is not safe for us, but this wallet doesn't require any cost to get it. You only need email and phone number to sign up, not like hardware wallet... you need around $100 to get it. Also, most of altcoins only is shit coin, scam and not valuable. There is no advantages to hold random shitcoin with expensive wallet, it's why better to use web wallet for this case.
I would recommend use Metamask for ETH or any ERC-20 tokens and Electrum for Bitcoin

IMO you're not really accurate. AFAIK bitcoin.com[1] is web wallet which have access to your private keys. But, it not really safe since it's web wallet (third parties)

---

[1] https://www.bitcoin.com/get-started/how-to-import-and-export-bitcoin-private-keys/

Blockchain.com is also an online wallet that's known to be blockchain.info wallet before.No private keys, you don't hold bitcoins.

Thats true seeds and private keys are very important piece/part of any cryptocurrency wallet, if you don't own the keys it means you are not fully controlled your asset and thats the fact thats why don't hold your crypto assets longer on any wallet that you don't have access to the private keys. I'm using a lot of cryptocurrency wallets since 2016 but today it was narrow to 3 wallets only namely Imtoken 2.0, Magnum, Trust wallets.

Yes, the personal key of the wallet is a very important thing to have in person, and it's not good if it is known by two people or many people, because the result is that you can experience sudden loss of assets.

Same too. For ethereum and erc20 tokens mew is the best so far and metamask. I am doing fine using this wallet too.

For other coin or token I am using their own wallet support. Everybody knows that hardwallet is the best for bitcoin and other coins, so I am planning to avail soon, maybe a Trezor or Nano S is enough for me.

Having the keys of your wallet is one way to get secure of course with the exception of exchange wallet for trading but dont ever put your coin there for a long time if your not gonna use it so you would not be scare for any possible hack.

You also have to keep your private key or Mnemonic seed very safe, don't write on piece of paper because they can get burnt or tore at your back, here is what I do, I find myself a silver steel plate and I carve the recovery seed on this steel plate, this won't die easily

The online wallet that requires private keys or seeds to open every time is very vulnerable to keep it secure for ever. So, always keep your crypto offline or the wallet that is storing your coin in a cold storage will be safe to some extent. But, my suggestion is to always use a hardware wallet like Ledger and Trezor to keep it safe for ever.

I don't use different wallet to store my bitcoin and altcoins.

For altcoins I only use MEW or https://www.myetherwallet.com/ which I believe a secured wallet as long as you keep your keys private.
Also, for bitcoin I am using Electrum Wallet, I think I have been using it for 2 years already.
I have not face a single problem using both wallets.

Thanks for sharing this vital info, not your keys not your coins, it's simple as that, we have dex mobile wallets that are better, the only thing Xapo was good for is faucets, but not faucets don't bring any dime again, here are some good wallets

1) Trust wallet
2) Exodus wallet
3) Coinomi wallet
4) Bread wallet
5) Mycelium wallet
6) Myether wallet
7) Atomic wallet
8. Infinito wallet
9) Jaxx wallet

Another disadvantage of using a third party wallet is you are not able to chose your transaction fees. Freewallet has been in past know to scam users with insanely high transaction fees. Even coinbase which claims to be using flexible transaction fess charges much to users while sends it's transactions in batches that too with very low fees which takes hours to reach 6 confirmations.

if you don't have private keys its not your coins, also many wallet store your seed on the server, stay away from them !!

Every crypto wallets requires the internet but they are of different types, we have online wallets, offline wallets and mobile wallets, I will like to share information about bad wallets that newbies need to stop using right now

Just imagine if your phone get stolen or lost how will you recover your coins or tokens? The fact is on some wallets you will easily recover your coins, but on others you won't be able to

Online wallets are very bad, stay away from them, they give users no access to private keys, they work like centralized exchanges where you have no control of your keys, here are example of such wallets, if you are using them please stop

1. Xapo wallet
2. Bitcoin.com wallet
3. Freewallet
Etc

Any wallet that failed to give you recovery seed or phrases and private key aren't safe