It is technically more secure but I'm not sure it'll actually do much, most hacks target standard wallets other than virus vulnerabilities that edit the dashboard and such...
I'm thinking of making a guide for making a very secure bitcoin wallet (putting everything on paper which can then obviously be put into a safe), the idea being that you no longer would need to have to trust the manufacturer of the computer (there's not getting past having to trust hasbro for the dice you're using unless you want to use a fairly random scatter with another piece of data.
Topic: Prevent your Electrum wallet Hack - Guide (Read 215 times)
BTW, another user already made similar guide few months ago at https://bitcointalksearch.org/topic/m.46238384
My bad that I did not notice that.Your 'Guide' is an example for dangerous sciolism.
I wanted to explain the steps of creating a multiSig wallet. Of-course this was done in one computer to demonstrate how it works. My bad that I should have explain it better but I thought using different device, writing down (or printing then deleting the soft copy) the seeds and key in a paper should be the basic understanding.
By the way I have added the mentions from jackg and pooya87. ETFbitcoin and jackg has the same suggestion so there is no point to add ETFbitcoin's proposal too.
Any other suggestions are welcome
Anyway, one of the secure way to keep bitcoin in your Electrum wallet is to use a multisig wallet instead of a normal wallet. At least use 2/2 multisig wallet. This adds an extra layer for your security.
This adds an extra layer of security if done properly.
Your 'Guide' is an example for dangerous sciolism.
The whole sense of a multisig wallet is to have multiple people (or devices) signing a single transaction.
In your example, you are just signing the transaction twice (from the same device). This doesn't do anything for the security.
Also, as pooya87 has mentioned, saving sensitive information unencrypted in a textfile on a windows machine is like asking to get funds stolen.
All you do with this guide is to show how to increase the feeling of security AND increase the fees of your transactions while still being on the same level of security.
Quote
Important Copy the seed and save it in a text file.
the bold part is a terrible advice because you should try to avoid storing something as sensitive as your seed which is literary the "key" to your "money" digitally in a text file that can be stolen, hacked,... try writing it down on a piece of paper (these are seed "words" for a reason after all).
It's not very secure to have both seeds on the same machine. For small amounts use a normal wallet, for large amounts use 2 devices. You could use 2fa but I'm not very trusting and 2 seeds are exposed on your computer...
If you need to use 2 devices, you can use a phone for one of the seeds if you want multisig it'll make it more secure.
If you need to use 2 devices, you can use a phone for one of the seeds if you want multisig it'll make it more secure.
This news of Electrum wallet hacking gave me some hard time last few days.
There has been an increased number of "fake" electrums out there, be careful.
my electrum wallet (NEW VERSION) has been hacked
I feel sorry for those who lost their BTC. Looking at the address it makes me sad that the hacker already stole 245.36119465BTC before everyone got the news. I could be a victim. Thank god that I found the topics.
Anyway, one of the secure way to keep bitcoin in your Electrum wallet is to use a multisig wallet instead of a normal wallet. At least use 2/2 multisig wallet. This adds an extra layer for your security.
How to create and send BTC using a MultiSig wallet
MutiSig1
# Open Electrum (Change name from default_wallet to MutiSig1 or name anything) > Click Next
# Chose Multi-signature wallet from the options > Click Next
# Chose the number of cosigner and number of signature (This case both will be 2. We are going to create a 2/2 multisig wallet) > Click Next
# Choose Create a new seed from the options > Click Next
# Chose a seed type (Standard in this case) > Click Next
# Important Copy the seed and save it in a text file. Lets call is seed1 > Click Next
# Confirm the seed (In this case seed1) > Click Next
# Important you will be give the Master Public Key. Save it in the same text file. Let's call it MasterKey1 > Click Next (At this point just close the Electrum no need to move further. In fact you can not go any far.)
MultiSig2
Follow the same steps and create seed2 and MasterKey2 for MultiSig2
You have your 2/2 MultiSig wallet is ready. MultiSig1 and MultiSig2 both have the same address set but the privet keys are different for the addresses.
Sending funds from a MultiSig wallet
- Make sure you have sent a small amount of BTC. You can send it from a standard wallet to your MultiSig wallet.
- Open your MutilSig wallet. You will need MasterKey2 if you are going to Open MultiSig1 and if you are going to Open MultiSig2 then you are going to need MasterKey1.
- Before spending/sending any BTC from a MultiSig wallet ensure that you are connected to a Cosigner Pool. Tools > Plugins > Cosigner Pool (Double check the option is checked)
Steps:
Assuming we have the seed for MultiSig1 meaning we have seed1, MasterKey1 and MasterKey2
#Nothing special. Send > Pay to (enter the address) > Amount > Adjust fees > Send (Preview if needed)
- Once you click Send button, you should be seeing a new window open up. Click Send to Cosigner. This allows the transaction to send to the 2nd wallet. In our case, the transaction has sent to MultiSig2 wallet.
Open the MultiSig2. In this case, you have seed2, MasterKey2 and MasterKey1
# Once the wallet open, you will be seeing a popup saying "An encrypted transaction was retrieved from cosigner pool. Do you want to open it now?" Click "YES"
# You should be seeing another pop up to sign the transaction. Just click the "Sign" button.
The status will show Partially Signed (2/2)
This means your transaction has been broadcasted now. Very soon the receiver wallet will receive the btc.
Hope this was helpful. Keep you bitcoin safe. Always have a Hardware wallet in mind first. Feel free to leave your feedback. Thanks
Tipping address: 36R1ivmR1JXSBVcFDaLGbwbeWiR7VbaycA <= This is a 2/3 MultiSig address by the way. Check this transaction, This was the test transaction to see how it works.
Update with some important tips
the bold part is a terrible advice because you should try to avoid storing something as sensitive as your seed which is literary the "key" to your "money" digitally in a text file that can be stolen, hacked,... try writing it down on a piece of paper (these are seed "words" for a reason after all).
Another guide but with picture:
There has been an increased number of "fake" electrums out there, be careful.
my electrum wallet (NEW VERSION) has been hacked
I feel sorry for those who lost their BTC. Looking at the address it makes me sad that the hacker already stole 245.36119465BTC before everyone got the news. I could be a victim. Thank god that I found the topics.
Anyway, one of the secure way to keep bitcoin in your Electrum wallet is to use a multisig wallet instead of a normal wallet. At least use 2/2 multisig wallet. This adds an extra layer for your security.
How to create and send BTC using a MultiSig wallet
MutiSig1
# Open Electrum (Change name from default_wallet to MutiSig1 or name anything) > Click Next
# Chose Multi-signature wallet from the options > Click Next
# Chose the number of cosigner and number of signature (This case both will be 2. We are going to create a 2/2 multisig wallet) > Click Next
# Choose Create a new seed from the options > Click Next
# Chose a seed type (Standard in this case) > Click Next
# Important Copy the seed and save it in a text file. Lets call is seed1 > Click Next
# Confirm the seed (In this case seed1) > Click Next
# Important you will be give the Master Public Key. Save it in the same text file. Let's call it MasterKey1 > Click Next (At this point just close the Electrum no need to move further. In fact you can not go any far.)
MultiSig2
Follow the same steps and create seed2 and MasterKey2 for MultiSig2
You have your 2/2 MultiSig wallet is ready. MultiSig1 and MultiSig2 both have the same address set but the privet keys are different for the addresses.
Sending funds from a MultiSig wallet
- Make sure you have sent a small amount of BTC. You can send it from a standard wallet to your MultiSig wallet.
- Open your MutilSig wallet. You will need MasterKey2 if you are going to Open MultiSig1 and if you are going to Open MultiSig2 then you are going to need MasterKey1.
- Before spending/sending any BTC from a MultiSig wallet ensure that you are connected to a Cosigner Pool. Tools > Plugins > Cosigner Pool (Double check the option is checked)
Steps:
Assuming we have the seed for MultiSig1 meaning we have seed1, MasterKey1 and MasterKey2
#Nothing special. Send > Pay to (enter the address) > Amount > Adjust fees > Send (Preview if needed)
- Once you click Send button, you should be seeing a new window open up. Click Send to Cosigner. This allows the transaction to send to the 2nd wallet. In our case, the transaction has sent to MultiSig2 wallet.
Open the MultiSig2. In this case, you have seed2, MasterKey2 and MasterKey1
# Once the wallet open, you will be seeing a popup saying "An encrypted transaction was retrieved from cosigner pool. Do you want to open it now?" Click "YES"
# You should be seeing another pop up to sign the transaction. Just click the "Sign" button.
The status will show Partially Signed (2/2)
This means your transaction has been broadcasted now. Very soon the receiver wallet will receive the btc.
Hope this was helpful. Keep you bitcoin safe. Always have a Hardware wallet in mind first. Feel free to leave your feedback. Thanks
Tipping address: 36R1ivmR1JXSBVcFDaLGbwbeWiR7VbaycA <= This is a 2/3 MultiSig address by the way. Check this transaction, This was the test transaction to see how it works.
Update with some important tips
It's not very secure to have both seeds on the same machine. For small amounts use a normal wallet, for large amounts use 2 devices. You could use 2fa but I'm not very trusting and 2 seeds are exposed on your computer...
If you need to use 2 devices, you can use a phone for one of the seeds if you want multisig it'll make it more secure.
If you need to use 2 devices, you can use a phone for one of the seeds if you want multisig it'll make it more secure.
Quote
Important Copy the seed and save it in a text file.
the bold part is a terrible advice because you should try to avoid storing something as sensitive as your seed which is literary the "key" to your "money" digitally in a text file that can be stolen, hacked,... try writing it down on a piece of paper (these are seed "words" for a reason after all).
Another guide but with picture:
Jump to: