Topic: What are your biggest challenges around securing your crypto? (Read 524 times)

Hack and physical theft could the security challenge around me. sometimes physical theft information may not be useful to culprit and may just cost absolute loss. Demise of some individual may not give access to the coin, the fear of crypto loss due to demise came up as a challenging problem in recent dailies. I think this is enough or good idea for crypto enthusiasts to look into and create a project from.

I don't want to rely on a person per se, I prefer to rely on a system I think. I got trouble last year when my father passed away suddenly.
I know there's a metal thing to keep your seeds, cryptosteel or something like that, but I was in a hurry, I give it to a notary since I also need to use him for others stuff.

You could invest in a fire and water proof safe, and place it underneath your floorboards or bury it in your garden if you have one. Or inscribe your seed on some metal plates which would withstand the heat of a fire. Alternatively, use something like Shamir's Secret Sharing to give parts of your key to some trustworthy friends.

The challenge I had was to keep the seeds in a safe place. At home, you will say, yes sure, but what about if there's a fire in your house. Your home insurance will do nothing. You can have the backups in all the rooms, all of them will be gone with the fire. I don't really have a family anymore so can't even ask someone to keep a piece of paper. I managed to store the seed somewhat but it cost me some buck

The way I've done it is with a old laptop (10+ years) I had kicking around. It was serving no purpose anyway, other than gathering dust, so I simply opened it up and removed the WiFi card, so it will never accidentally connect to the internet. The hardware is old and it would struggle to run most modern software. Hell, I don't think it would even manage a modern version of Windows or a resource heavy browser like Chrome, but it's quite capable of running Linux and signing bitcoin transactions.

The other vector of attack is obviously physical attacks on the device. I have full drive encryption on this laptop - it might be worth looking in to that for your SSD.

With regards to using computers that have never had access to the net - I'm thinking of removing the hard drive from a notebook, and installing Linux on a couple of USB SSDs. I can then boot the computer from one of the SSDs. If I keep personal info on the one that never accesses the net, then that should give me a bit of extra security.

For the best security, your seed should never touch an internet enabled computer, especially if you are storing it in plain text. Even although you are using a different OS, since you are connecting to the internet with that OS you have no guarantee that it has not been infected with some kind of malware. I would store your seed on paper and not on a flash drive at all, or if you insist on storing it on a flash drive, only ever connect that flash drive to a completely air-gapped machine.

Other than my daily driver Windows 10,  I dual boot Win7 in another HDD for the sole purpose of wallet sync and transaction. No browsers, no other programs just the wallet. I backed up my wallet.dat file along with my seed on a flashdrive which i never plug on another computer just mine with the  Win7 OS. That's how i deal with it.

Are you using an extension to get the 2FA code? That is not how it is meant to be used. 2 Factor means, it's the second way of proving it is you. THe first way is password. And if you use your 2FA this way, then it's really only 1 factor. The use of the 2fa seed in many places will increas the chance of it being stolen. You could just install a 2fa app on a phone not connected to the internet.

For 2FA, you have to have a strategy to securely store the backup of your 2FA as well cause you don't want that falling under the wrong hands either.

This is a reasonable thought process. Also, you can use two password managers - one password - to store passwords that are not risky. Ie for regular accounts and such that will not cause you to lose lot of money. Using a file based offline password manager like Keepass to store sensitive passwords and keys.

This is a huge security risk. Using the same password for things like email, social media, forums, and exchanges is just asking to be hacked. There have been some pretty major password leaks from some very reputable companies over the past few years - it is highly likely that less reputable companies like small crypto exchanges will leak your password at some point. If an attacker was to gain access to one of your accounts, you could lose everything.

If you are struggling to use different passwords or remember them all, then just use a secure password manager like KeePass.

For sure. This sounds a reasonable way to go about it. Also, the security doesn't have to be one solution for everything. YOu can have higher level of security for larger amounts. And reasonable security for lower amount of assets.

You could increase the security of the above method by using a client side encrypted storage space  instead of dropbox or gdrive - ex: Sync.com or Spideroak

My biggest prpblem would be password manage. I mostly use one password for most of my operatiom and don't update it regularly. For my private key i preface to go the traditional way by writing and keeping it some where safe

This is exactly the problem I want to tackle and educate people on it. It's hard to find relevant guides to security in one place. There are some that offer just generic information but don't discuss the details of how to do it.

Although the PIN in hardware wallets is important, in case it is forgotten, it is possible to recover wallet by entering 3 times incorrect PIN and then restore wallet from seed. But I can not agree that PIN should not be written down, it is 8 digit number (in my case - Nano S), and can easily be forgotten. If someone finds four digits or eight digits number, without the device itself it will not have any use of it. But if seed is compromised, wallet can be restored in different ways, regardless of PIN.

Pass code? Do you mean your PIN for accessing the wallet? It should never be stolen or found because you should never write it down. The only thing you should be writing down and storing securely is your seed.

The easiest way to transmit funds after death is to tell your spouse or family member your PIN/location of your seed/paper wallet, etc. or include said instructions in your will or a dead man's switch.

A hardware wallet is great, but what if the pass code is stolen or found? How will funds be transmitted to relatives after death? In my view, these are issues crypto will have to solve in the coming decade. More than likely, we will need some centralization to resolve some of these concerns.

The issue with this is that you all three pieces to restore your seed. If an attacker steals one, you can't restore the seed from the other two. You could of course leave multiple copies of each piece in different locations, but the more locations you use the more chance of someone finding one.

There are other ways to securely store your seed on paper. For example, you can use methods like Shamir's Secret Sharing or a modified one-time pad technique to split your seed in to 3 parts, and require any 2 of them to recover your seed (or 3 out of 5, or any other combination you fancy). Each piece on its own is useless.


To encrypt it on your computer, it must at some point be on your computer unencrypted. This is not safe. You should only be doing this on a permanently airgapped device.

Thieves could get to your seed phrase by robbing the bank but in cases like that they are usually looking for cash, gold, diamonds etc. You would have to be unlucky to get your deposit box robbed by thieves looking for crypto.

Bank deposit boxes can't be opened by the bank employee alone. You need two sets of keys. One key belongs to the bank and the other to the person leasing the box. Consider it a 2FA of some sort.

You can store an encrypted seed and keys on a computer but it shouldn't be one that is connected to the Internet. It has to be free of malware and in good condition both hardware and software wise.

I wouldn't advice uploading to a cloud/drive. A safer option is to keep an encrypted copy on a password protected USB drive for example. One that is only used for that purpose and not for storing any other files.

Well if you want to sell any significant amount of bitcoin you are pretty much forced to give you perosnal info to an exchange.  These exchanges are run by humans and all it takes is one bad employee or a data hack and your information is out there.

It must be a constant worry of crypto celebrities like Roger Ver, Vitalik, John Mcafee.  I'm sure they are worried about being kidnapped and torture for their coins.

What about where to store your seed?  You put it in your house, well a fire, theft or something like that could destroy it.  So you put it in 2 or 3 different locations?  Of course doing that exposes it even more.


Now if you have 24 word seed, you do write it in 1 piece of 2 piece or 3 pieces?  Example 12 words, its only half the seed.


Now where can you store it where its safe?  Bank deposit box?  What if thieves drill through it and steal the boxes as i have heard of cases like this?  If your seed is in the box with 24 words, well thats it.  But if nothing like that happens, couldn't an employee or someone on inside open the boxes up?  If its cash, they taking it would mean the person putting it there would know when they check the box.  The seed, well they can take picture of it or write it down.




Now what about making your seed look like something not noticeable?  Example you write the words and say 3rd grade spelling words or something like that?  What about you writing the 24 word seed but you do it as a code.  Like A = Z  B = Y etc.  Or something like A = E etc.  Then if someone gets access to it, they won't have a clue what that is because those are not words.  Of course if you do this, you need to remember what the letters a mean such as does it mean a is e or z etc.



Does anyone know of any safe storage spaces for this?  I know people say never store your seed online.  But what if you store it in your computer but encrypt it with say axcrypt.  Then upload it to say dropbox or google drive.  So let say someone was able to hack your dropbox or google drive. 


They still need to



Know your password for lastpass or keepass.




Now what if you encrypt lastpass or keepass as well?  Now they need to know the password for axcrypt and also lastpass or keepass.  A risk of this would be if you forget both passwords.


Thoughts on that?  Which of these seem to be the best?  I always thought having an online backup was good in case anything physically happened.

I like that question also (on are your prepared for loss and recovery if devices all stolen) and I've asked myself and others a few times in the past.

1. Most people would probably not be able to recover a lot of things, browser accounts, email accounts, much less a Bitcoin wallet. I know I could recover several of those at least from memory alone.

2. This for me is also the weak point, that most people use 2FA on a device, exposing them to at least the Password axis you mentioned. Myself I use a Google Authenticator for 2FA, as an extension only linked to 1 browser account. Browser and extension are uninstalled quickly after use. And means I could recover all my online accounts quickly from a new device with 2FA and change passwords. I expect this method opens me up to other vulnerabilities... anyone care to share?

All the possible technologies that exist today to keep crypto safe is not worth anything if it is not used in the right way. Most agree that hardware wallets are safe way of keeping crypto, and for now it is shown that this is correct. But security of hardware wallet is worth nothing if user is not aware of importance to make backup of seed words, so in case device is broken or stolen coins are lost.

My opinion is that the biggest challenge is how to educate people to use the available technology in the right and safe way, which is crucial for security of their coins. When something bad happens, then it's too late.



Why you use only your memory for passwords? Nobody is so perfect to remember hundreds of passwords, and the simplest solution is to write them down of paper. Then you only need to store that paper in the best possible way, there is no great wisdom in that.

Nobody knows that you have bitcoin if you don't tell people you own bitcoin. Bitcoin is semi-anonymous and their users should stay that way as well. Only your circle of trust should know what you are doing and nobody else.

4 of them (Browser, network, software, email) are circumvented by storing your coins offline.

A strong password is necessary to be secure against physical access (e.g. hardware wallet / cold wallet on a computer).
Regarding the hardware wallet: Most do wipe the data after X wrong attempts to enter the pin (e.g. ledger nano after 3 times).
Regarding the cold wallet on a PC: You could use an encryption algorithm with tons of iterations to slow down the decryption process -> Bruteforcing no longer possible even with only a 6-8 char alpha numerical password.




Simple question.

If your coins are stored on a hardware wallet: Nothing lost, you still have full access as the only person.

If your coins are stored on a desktop- / mobile wallet:

• One should always have his wallet protected (encrypted private keys trough password / android mobile always encrypted (which is default with android 7+) + no developer mode + not rooted + locked with a pin)
• One should always have a backup of the seed used

If both points apply, it is not a problem within the next few hours / days / weeks in which you should recover your coins with your backup and send them to a freshly created wallet.

This is a complex topic, because each system has its own vulnerabilities and if the engine is perfect the vulnerability is the human factor. That's how the technology works, we can create complex encryption systems but we can not make a perfect human who doesn't make mistakes.

I think the best way to secure our coins, is in paper wallets in txt files inside zip folders with passwords. That's it, but this is the way i feel secure, for sure other people has it's own way.

I would say the biggest challenge is physical security.  I've read the horror stories of people being tortured for their bitcoin.  There are people in the world will kill for a few dollars, no matter how good your computer security is you are always vulnerable. 

Not just software wallets, but also things like 2FA. Many people either don't have back ups for their 2FA, or back up to another electronic device (such as phone and laptop). As OP says, if both are stolen, you can lose access to all your trading accounts (and web wallets if you are silly enough to use them).

On internet accessible computers, at least. It is perfectly reasonable to store your wallets on an airgapped computer, provided you take appropriate precautions to ensure the device is not infected with anything when setting it up, and securing it from physical attacks as well (whole drive encryption and storing it securely, for example).

This is one of the bigger problems when it comes to crypto. People relying on desktop and software wallets. Storing them in their computers and eventually losing access to them either due to hardware or software failures. 

Sensitive and financial information shouldn't be stored on computers. We have hardware and paper wallets for long term storage. If for some reason you do end up doing it at least password protect the sensitive files. Hide it from plain sight and don't make it easy for a hacker to find it by calling it All my BTC private keys.txt

i think these are probably the most asked questions that i found in this forum:
- what wallet that i should use?
- how to store my backup?
- how to keep me protected if i connected to the network?
- how can i make sure that nobody steal my seed/private key?
- what happen if i lose my backup, how to recover my bitcoin securely?
etc.

The only way to secure bitcoin wallet is to create the private keys within a safe environment (a computer that has never connected to the internet, or at least, formatted the HDD and then installing an OS that never seen the internet). It's the only way. Then you must learn how to pass a transaction made on the offline computer within the online node. What can you do? it's the only way to go. Many find it annoying but it's what it is.

The main problem for me is passwords. I have bad memory, I always lose my passwords. I have lost access to all encrypted stuff because I lost the passwords.

As far as backups, im not sure about that. Putting your wallet on the internet doesn't seem like a good idea, even if encrypted... too paranoid. But also too paranoid to trust electrum seed's model. So what's the solution? Be careful to not burn your house or have thieves... I can't tell you anything else right now.

‘Use a strong password’ ‘Buy a hardware wallet’ are the most common security solutions to manage your crypto. But is that enough?

Are you overwhelmed with how to manage your crypto and be assured that they are secure?  
For instance:

 * Do you know of the 5 axis of attack areas you should be aware about - Browser, Network, Software, Email, Password
 * If both your phone and laptop were stolen tomorrow, are you prepared against loss of assets and for recovery?

I want to create educational material around easy solutions to managing and security crypto for fund managers/analysts/traders/developers.


What are some questions you need answered?
What are some common frustrations you have around this topic?
Or find out what are the right things to do is?