Topic: Is There a Lasting Soulution to Bitcoin Wallet Hacking (Read 171 times)
Hackers will always do anything and everything they can to hack and steal your bitcoin. As for me, I will just secure my bitcoin. I will always change my password and pin. Also I will not login into public internet nor will share any of those information to anyone.
The safest options to you is the following :
1. DO NOT store large amounts of coins on exchanges. {These exchanges are frequently hacked}
2. Store the majority of your stash on cold storage. {I store 80% and more on paper wallets}
3. Create paper wallets on a air-gapped computer that are not connected to the internet.
4. When you transfer coins from your wallet, be it a hardware or software wallet, you should also verify the destination. Some
Malware hijack the clipboard and replace the Bitcoin address with their own address.
This is a good start....
1. DO NOT store large amounts of coins on exchanges. {These exchanges are frequently hacked}
2. Store the majority of your stash on cold storage. {I store 80% and more on paper wallets}
3. Create paper wallets on a air-gapped computer that are not connected to the internet.
4. When you transfer coins from your wallet, be it a hardware or software wallet, you should also verify the destination. Some
Malware hijack the clipboard and replace the Bitcoin address with their own address.
This is a good start....
hardware or paper wallets. i don't really trust anything else. but hardware wallets might be subject to man in the middle attacks if you don't validate on device. it's gonna be interesting to see how hardware wallets develop. at the moment they're still pretty clunky and mom and pop would not find them at all easy to use. we need something a five year old can figure out.
majority of "exchange hacks" are not hacks at all. they are exchange CEO exit/retirement plans.
but lets deal with the few cases that are exchange hacks
the key solution is not to have private keys stored on the system/server that customers link to(public servers). this can be achieved in many ways
but the simplest way is instead of programming a server to make tx's when a customer wants a withdrawal and the server has the privkey..
instead the server just has a 'request database' for withdrawals. and its then a separate remote system that listens in on the database, that makes the tx's.
to secure the requests. a customer link/register a personal fresh public key as their identity.. and then when they want a withdrawal they sign a unique message on their home system using their pubkeyID. and post that signed message to the exchange.
so all the exchange server stores is
username|publickeyID|withdrawal message|signature
(withdrawal message includes destination and amount)
where no private keys are stored.. thus a hacker cannot make a tx or even make a withdrawal request/alter a withdrawal request
and doesnt even store data about the exchanges remote system because its not pushing out withdrawal requests, its just storing withdrawal requests..
then its upto the remote system listen into the exchange, validate the ID+message withdrawal request and make the TX's separately
but lets deal with the few cases that are exchange hacks
the key solution is not to have private keys stored on the system/server that customers link to(public servers). this can be achieved in many ways
but the simplest way is instead of programming a server to make tx's when a customer wants a withdrawal and the server has the privkey..
instead the server just has a 'request database' for withdrawals. and its then a separate remote system that listens in on the database, that makes the tx's.
to secure the requests. a customer link/register a personal fresh public key as their identity.. and then when they want a withdrawal they sign a unique message on their home system using their pubkeyID. and post that signed message to the exchange.
so all the exchange server stores is
username|publickeyID|withdrawal message|signature
(withdrawal message includes destination and amount)
where no private keys are stored.. thus a hacker cannot make a tx or even make a withdrawal request/alter a withdrawal request
and doesnt even store data about the exchanges remote system because its not pushing out withdrawal requests, its just storing withdrawal requests..
then its upto the remote system listen into the exchange, validate the ID+message withdrawal request and make the TX's separately
First of all, there are no bullet proof solutions, and although hardware wallets are safer they are not invincible, as we recently hear about a vulnerability with the ledger wallet, that is supposed to be one of the safest wallets, on pair with trezor. Not so long ago we also heard about the vulnerability with electrum, that is also one of the most respectable desktop wallets. You only mentioned bitcoin, but there are reports of problems with wallets for other coins as well.
I agree that everything has downsides, but hardware wallets are still far and away your best choice if you want to keep your coins secure. There hasn't ever been any vulnerability to any hardware wallet yet that lets people steal remotely from them. That means if you keep your hardware wallet physically safe, it's essentially hacker-proof.
As for Electrum, but it has to be noted that there are no confirmed cases of losses due to the vulnerability -- either because it was patched too quickly, or because any password protected wallet was still somewhat protected anyway.
All in all, I'd say hacking, specifically, is much more of a problem for exchanges, but not the regular users who know how to protect themselves.
The safest solution from hacking perspective is a cold wallet (if properly executed), but it is on another hand prone to human errors (not completely air-gapped system or copy-pasting data around during creation of a cold wallet) which may lead to lost founds too. Also, the usability of a cold wallet is very low (to use the founds, you must first bring the wallet hot and then trade)
The next solution when it comes to safety is a hardware wallet. It is very secure too, the device (even if stolen or lost) preserves the security of your founds, but it has a weak spot in a form of 24-word backup which must be protected and not disclosed to others. Hardware wallets have high usability (the founds are basically ready to be traded or sent as payment)
Then come all kinds of desktop wallets, their security depends on many factors like:
1. if it is open or closed source
2. if it is password protected or not
3. if the user has any backup or not
4 ...others ....
Then, online wallets and exchanges, they are generally better to be avoided unless you need to trade your founds online. They can be coupled with 2FA for increased security
And then, there are all kinds of mixed solutions, like a desktop or online wallet protected with a hardware wallet to store your keys (desktop Electrum or online MyEtherWallet (for Ethereum) they both can be paired with a hardware wallet), or using a hardware wallet to provide 2FA for an exchange.
As you can see, the options are limitless, especially when you want to deal with mixed solutions.
The rule of the thumb is that when your private keys are protected on a hardware wallet, you can consider your founds very secure and unless you do something very dumb (like disclose your 24 word backup to anybody) you should be OK.
EDIT: and, of course, keep a low profile. That is: don't boast how much money you have there in your bitcoins.
The next solution when it comes to safety is a hardware wallet. It is very secure too, the device (even if stolen or lost) preserves the security of your founds, but it has a weak spot in a form of 24-word backup which must be protected and not disclosed to others. Hardware wallets have high usability (the founds are basically ready to be traded or sent as payment)
Then come all kinds of desktop wallets, their security depends on many factors like:
1. if it is open or closed source
2. if it is password protected or not
3. if the user has any backup or not
4 ...others ....
Then, online wallets and exchanges, they are generally better to be avoided unless you need to trade your founds online. They can be coupled with 2FA for increased security
And then, there are all kinds of mixed solutions, like a desktop or online wallet protected with a hardware wallet to store your keys (desktop Electrum or online MyEtherWallet (for Ethereum) they both can be paired with a hardware wallet), or using a hardware wallet to provide 2FA for an exchange.
As you can see, the options are limitless, especially when you want to deal with mixed solutions.
The rule of the thumb is that when your private keys are protected on a hardware wallet, you can consider your founds very secure and unless you do something very dumb (like disclose your 24 word backup to anybody) you should be OK.
EDIT: and, of course, keep a low profile. That is: don't boast how much money you have there in your bitcoins.
Cyber crime is in the rise and we often hear that hackers made away with millions worth of bitcoins, is there a lasting solution to this problem?
What measures have you guys put in place to secure your wallets and have they worked for you so far?
Do not give your personal information to others then do not believe to those ads that you have won and cryptocurrency and thos ads that are saying that they are giving free btc or eth. Those are click bait so you will give your information about your wallet.
Cyber crime is in the rise and we often hear that hackers made away with millions worth of bitcoins, is there a lasting solution to this problem?
What measures have you guys put in place to secure your wallets and have they worked for you so far?
First of all, there are no bullet proof solutions, and although hardware wallets are safer they are not invincible, as we recently hear about a vulnerability with the ledger wallet, that is supposed to be one of the safest wallets, on pair with trezor. Not so long ago we also heard about the vulnerability with electrum, that is also one of the most respectable desktop wallets. You only mentioned bitcoin, but there are reports of problems with wallets for other coins as well.
So basically, what I'm trying to say is that you can't believe that using wallet x or y is good enough to feel safe because it's not. Whatever wallet you use you must always keep an eye on official updates. If you use a desktop wallet you must also keep your computer safe with a complete internet security solution, including malware of course, that a lot of people still ignore.
A really good rule though, is to keep you coins on a cold wallet (meaning a wallet with no internet access).
Also with a small amount in crypto I think it´s worth to buy a ledger or another hard wallet.
It´s save and you learn it from the beginning with small amounts.
Another part is to not use open networks, like wlan in the train or something else.
We all know the consequences.
It´s save and you learn it from the beginning with small amounts.
Another part is to not use open networks, like wlan in the train or something else.
We all know the consequences.
Cyber crime is in the rise and we often hear that hackers made away with millions worth of bitcoins, is there a lasting solution to this problem?
What measures have you guys put in place to secure your wallets and have they worked for you so far?
The solutions are there and people do use them.. well, at least the ones that have the patience to read a little.
There are paper wallets, there's always the cold wallet option and there are hardware wallets. And there's the common sense, like "don't keep big bucks on exchanges" and "keep your computer safe".
Cyber crime is in the rise and we often hear that hackers made away with millions worth of bitcoins, is there a lasting solution to this problem?
What measures have you guys put in place to secure your wallets and have they worked for you so far?
Jump to: