Welcome to the continuation of the crypto wallet security & management part 2.
In part 1 of Crypto Wallet Security & Management, we saw how Cody Brown lost about $8,000 in cryptocurrencies which I believe we all learned from. If you never saw it, this is the complete guide on how not to lose your money.
So, today, after waiting for some time to see new developments; security wise (which I will discuss the hacks below), I am going all out to defend the title by laying out more ways that can help you protect your cryptocurrencies and wallets from hacker and intruders.
The bad news?
In part one, I never took out time to explain how wallets work and what happens in the cryptograph. So, in order not to write another post on it, the good news is that I will fix it in here for your maximum advantage.
And just to observe, you are free to tell me more hacks you’ve got in the comment section which could help us fight a common challenge. Thanks.
Before we go on, let me show you probably what might be a big deal for you.
You may not be told, but if you are a crypto beginner, always go here first.
Again, you want to see the best qualities of the best crypto exchange suited for you + How to be a successful cryptocurrency investor/trader in 35 steps; based on experts recommendations.
Should you want to overcome fear and buy bitcoin on your own, then see this, and see the recommended safe places to buy crypto/blockchain projects in your country.
If you want to be hacked or scammed, see how I was scammed and what lead to this site, and see how Cody Brown was hacked wherefore he lost $8,000 cryptocurrencies.
Starting an online project like a website or whatever blog can be daunting as I was taunted unless you use a reputable and ANYTIME back one guaranteed service. If you want the best, see my travail and learn.
WHO TOLD YOU? 😥
You don’t have to trade Cryptos to be on top of your game (on your own). Let the automated machines work for you. Earn big in crypto by automating trading from Home. Start a got dam Free trial.
Note: (Back off if you don’t the results after 1 month, I doubt…) Start for free.
- 0.1 WHAT HAPPENS WHEN YOU CREATE BITCOIN WALLETS ON EXCHANGES?
- 0.2 THE EASY DECRYPTION OF YOUR WALLET
- 0.3 USING ONLINE EXCHANGE WALLETS
- 0.4 HOW TO SECURE YOUR CRYPTOCURRENCIES USING ONLINE WALLETS
- 0.5 THE BEST ONLINE WALLETS?
- 0.6 WHAT IS A HARDWARE WALLET?
- 0.7 WHY YOU NEED A HARDWARE WALLET?
- 0.8 ARE HARDWARE WALLETS THE SOLUTION AGAINST HACKERS?
- 1 WHY YOU NEED A HARDWARE WALLET – THIEVES QUESTIONS
- 1.1 (1). DO YOUR PRIVATE KEYS EVER TOUCH THE COMPUTER OR THE INTERNET?
- 1.2 (2). WHAT HAPPENS IF SOMEONE STEALS YOUR HARDWARE WALLET?
- 1.3 (3). HOW DOES HARDWARE WALLETS FIGHT MALWARE AND KEYLOGGERS?
- 1.4 (4). WHAT DO YOU DO WHEN FORCED AT GUNPOINT TO OPEN YOUR WALLET?
- 1.5 (5) HOW DOES A HARDWARE WALLET SURVIVE A SIDE-CHANNEL ATTACK?
- 1.6 (6) HOW CAN A HARDWARE WALLET SURVIVE REVERSE ENGINEERING?
- 2 THE HARDWARE WALLETS WITH SD CARD
WHAT HAPPENS WHEN YOU CREATE BITCOIN WALLETS ON EXCHANGES?
When you create Bitcoin wallets on exchanges, your encrypted wallet is automatically backed up to their servers.
To safely store your wallet, some of the outstanding ones will add another layer of security by encrypting your wallet the second time thereby obtaining a kind of brute force to securely store your wallet on their servers.
This encryption in connection with your wallet ensures that you can access your wallet from any (and all) devices.
With the end in mind that you’ve got your password, this acts as your decryption key to both lock and unlock your wallet.
Meaning that your wallet cannot be accessed without it.
This is it.
The baseline is that as far as your private key is all about “you”, (yourself), no real exchange website can know your password talk less of even resetting it.
Only you, are able to unlock and decrypt your wallet using your private key.
So, that tells the degree of importance your private key commands. Again, do not lose your private key.
I lost mine once and that was it. Luckily, it was a kind of tutorial account on one of the exchanges.
THE EASY DECRYPTION OF YOUR WALLET
We get excited because our wallet can be easily decrypted, right?
Now, this is how it works.
When you access your wallet with your wallet ID (a unique identifier specific to your wallet) and password, your browser uses a protocol known as Application Programming Interface to download your encrypted wallet backup, before safely decrypting it on your device.
So, that is how cool it is to easily decrypt your Bitcoin wallet.
USING ONLINE EXCHANGE WALLETS
Using an online exchange wallet is a bad idea, but not entirely because starting out means at a point you will need an online wallet.
For instance, if you are just excited about buying your first bitcoin on Coinbase, you wouldn’t need to go and use a hardware wallet, right? You start with the simple wallets till you figure things out .
Why online exchange Wallets are not good enough.
Well, it is simple.
As far as your private key is not with you, you cannot say you are in control, right?
So, a compromise on the online exchange means a compromise on your wallet + money.
HOW TO SECURE YOUR CRYPTOCURRENCIES USING ONLINE WALLETS
(1) A MINIMALIST BROWSER
I know that Mozilla and Chrome are fantastic web browsers. Yet, at a point, you might need to use an anti-chrome which is Brave.
I have the brave browser but I am reluctant to leave Mozilla.
However, if you sense the need to upgrade your current browser, I think going with brave is a great thing to do.
With the brave browser, you have many security options to go for. In fact, it even has the option of managing and blocking third party cookies, and all of that.
You just need to check it out for other advanced options. See a graphic below.
Check out brave – https://brave.com
(2) A BETTER EMAIL ACCOUNT
I don’t know if you had already done this but I will keep advocating you create another email address for-just-only-cryptocurrency business.
I did recommend Gmail since a 2FA can be enabled. Yet, there is another company I think you even need more. And it is Proton mail.
Without going too far, Proton was meant for cryptographic projects like the cryptocurrency. It has all the nice options to get you covered.
All you need to do is verify the account, and if done successfully, you are in.
N/b: they might need a little support but don’t let that deter you.
Just check it out first, and if it does not fit into what you actually want, then, you want to stay with Gmail. (I doubt you wouldn’t need it).
Check out proton mail; https://protonmail.com/
(3) TWO FACTOR AUTHENTICATION
I know you already know how to set up two-factor authentication. If not, this is the guide for you.
I just observed something about using Google Authenticator, and it is the disadvantage of not being able to transfer your authenticator tool to another phone.
I mean, once set up in one phone, that is it. And believe me, that is not all that good.
So, what is the way forward?
You have two options. Authy or a $30 – $50 phone.
With Authy authenticator, you have flexible options as you can back up your authenticator or say transfer to another phone and still use it.
So, the baseline here is going for an Authy authenticator if you have not already set up two-factor authentication.
A $30 – $50 Smartphone
This option came from a crypto user I read about online.
I think, apart from Authy, you can get a $30-$50 (or even lesser) smartphone to manage your authentication needs.
This is what I mean.
If I buy a $30 smartphone, I can enable all online exchange wallets there (Binance, Coinbase and a lot more).
This smartphone I am talking about will not serve as a regular phone, but only to be used when the need arises. Does this make sense?
If it does, I think, it might be useful for you to get a $30 – $50 smartphone; solely for the authentication processes.
However, what bans this process is using a simple hardware wallet that backs up everything for you.
➡ Check out Google Authenticator (with a $30 – $50 smart Phone)
(4) AVOID ROOTED COMPUTERS
Gotten from Digital Bitbox, to be on the safer side, you want to avoid a compromised or rooted computer in the quest to access your wallets.
This avoids the man-in-the-middle attacks on computers that have been fully compromised (i.e. rooted).
An alternative to this is using a mobile phone that has a large screen, and of course, that is 2FA enabled.
(5) ALWAYS OBSERVE THE EXCHANGE SITE URL
I know this recommendation is common, yet we want to be more careful about it.
The thing here is all about observing that the URL you use is security wise; with an SSL protection; HTTPS.
For an example – https://iwillteachucrypto.com
THE BEST ONLINE WALLETS?
Well, I wouldn’t argue much on this because I wouldn’t recommend any fully (you don’t own the private keys).
A lot of Crypto enthusiasts think that Coinbase wallet is the best.
They haven’t been compromised before, and they also have a great team of engineers always working on the security base of the wallet and company.
Again, your money can be insured. But you know, if there is a compromise, before you receive it, it might be a long work to freedom.
Well, the truth is, I have used Coinbase online wallet myself and for over three years now, I can say they are pretty good.
Another online startup crypto enthusiasts believe is good enough is the Binance wallet.
I have some funds on Binance but just enough not to lose my head if something happens. (0.00002+BTC).
WHAT IS A HARDWARE WALLET?
A hardware wallet is a physical tamper-proof electronic device that performs the functions such as generating and storing one or more of your private keys, creating a valid transaction using same privately keys, and lastly broadcasting it the signed truncation to the network for execution.
Okay, this is a simple tense blog, so, I will make it simple enough.
A hardware wallet is simply a physical wallet that you can manage your cryptocurrencies.
With a hardware wallet, you are totally in control of your private keys as well as the safety of your coins.
WHY YOU NEED A HARDWARE WALLET?
There are so many reasons about it but for now, the truth is that a Hardware wallet presents you the best option for managing your digital coins.
If you use a software wallet or external exchange websites, they are in control of your private keys.
This is it,
With a hardware wallet, your digital assets cannot be hacked, or stolen by any authority hacker, or Wi-Fi robots.
While we have experienced the holocausts of using crypto wallets such as online and paper wallet, with hardware, up till now, there has not been an issue of a missing cryptocurrency (not a compromise though).
ARE HARDWARE WALLETS THE SOLUTION AGAINST HACKERS?
No other wallet commands great audacity as Hardware Wallets.
We know that the resilient nature of hardware wallets generally against virus and malware and more options gives them the edge over other wallets.
Even the paper wallet that is believed to be another safe zone might prey on you if you are not careful.
I have seen the travail of man that used a paper wallet losing up to 50BTC, and again, a crypto enthusiast soliciting for the support of other enthusiasts to lay a complaint about a crypto exchange that locked up his cryptocurrencies rounding up to 5 figure digits.
And by all means, I do not want that to happen to you, and, I am not in his shoe to know or judge why he kept such money there.
But the truth is, we have been saying it over and again; use an offline wallet.
While a great crypto thought leader like Antonopoulos will tell you to keep your money in a crypto bank; but for those that cannot afford the bank, the only option is hardware wallet which is another bank or a paper wallet if you can use it rightly.
So, the judgment here is simple; use the best wallet and keep your money.
All in all, after going through this post, you would have figured out which route to take, (either to buy a one-time safer hardware wallet for your bitcoin or better still, store it with a safer online exchange like Coinbase or Binance wallet; if you are on a low budget).
WHY YOU NEED A HARDWARE WALLET – THIEVES QUESTIONS
(1). DO YOUR PRIVATE KEYS EVER TOUCH THE COMPUTER OR THE INTERNET?
It depends on the hardware wallet you use. But for the dogged wallets, not even during the initial setup or backup.
What happens is that the onboard micro-controller generates a wallet (BIP32) using a high-quality hardware random number generator to create entropy. (That is if it has such an option).
Also, the onboard slot for a micro SD card allows offline backup and recovery.
And as such, there is no need to expose your wallet while typing on a keyboard or displaying recovery information on a screen, leaving it susceptible to theft by keylogging, screen captures, and cameras.
The sweet thing here is using a robust hardware wallet that has this option where in addition, you can even backup your wallet at any time and as often as you like.
(2). WHAT HAPPENS IF SOMEONE STEALS YOUR HARDWARE WALLET?
If a supposed hacker steals your hardware wallet, he/she will also need to steal your password in order to steal your coins.
To your advantage, if you had enabled two-factor authentication, they will also need your second-factor device (such as a mobile phone).
After several unsuccessful attempts to guess the password, the wallet will erase all secrets and reset. This prevents brute force attacks.
For instance, with a Digital Bitbox wallet, after 15 unsuccessful attempts to guess the password, the BitBox will erase all secrets and reset. Still, this prevents brute force attacks.
(3). HOW DOES HARDWARE WALLETS FIGHT MALWARE AND KEYLOGGERS?
We know that hardware wallets are designed to prevent the majority of malware, such as keylogging and file stealing, from allowing someone to get your coins.
With this design, even if an intruder knows the wallet password, the keys stay buried inside the hardware wallet.
And as such, using the keys may require a physical pressing of the hardware button and, optionally, two-factor authentication (2FA) using a mobile app.
And of course, with the mobile app, even handcrafted malware on a fully compromised computer, such as a man-in-the-middle attack (MITM), would be avoided.
Many have lost out because they simply ignore so a great opportunity. Don’t be like them!
(4). WHAT DO YOU DO WHEN FORCED AT GUNPOINT TO OPEN YOUR WALLET?
Not like an embarrassment, but a crypto enthusiast was asked to open his wallet at the checkpoint.
At this point, if you think that something is not right or they don’t have the right to see the inside of your wallet, what would you do?
I don’t know what your answer would be but the hack here is that with a hardware wallet, using a security option like PD, can prevent an intrusion to your inner wallet.
This is what I mean.
At gunpoint or an inspection, use the security option known as plausible deniability (PD) to hide your password.
How does it work?
The plausible deniability gives out an option to generate a secondary password;
And a secondary password can open a hidden wallet.
When generated, all you need to do is put some change there to add plausibility.
Or, in case you are forced to recover a wallet from a backup, entering the wrong password will create a valid but different wallet.
(5) HOW DOES A HARDWARE WALLET SURVIVE A SIDE-CHANNEL ATTACK?
One of the things crypto users do not know is that improper cryptographic algorithms can leak secrets from only one signature.
The good news is that algorithms exist that make side-channel signals, such as power usage and electromagnetic waves, very hard to distinguish.
And the best news is that some crypto hardware wallet like the Bitbox uses the same cryptographic library used in Bitcoin (secp256k1) which gives you an advantage over the side-channel attacks.
So, with a hardware wallet, you are always covered.
(6) HOW CAN A HARDWARE WALLET SURVIVE REVERSE ENGINEERING?
Reverse engineering, meaning what?
In a situation a thief breaks open a hardware wallet and physically wanting to extract private data, this is called Reverse engineering.
Now how does a hardware wallet survive such a situation or test?
For some high-level hardware wallet, the secrets (keys and passwords) are stored isolated on a separate high-security chip designed specifically to keep your secrets secure.
Now, not all hardware wallet can manage this, but for the ones that possess this option, they can survive the Reverse engineering.
Digital Bitbox for an example, can.
THE HARDWARE WALLETS WITH SD CARD
KEEPING YOUR SD CARD AND THE WALLET TOGETHER, HOW NICE?
Just like separating your paper wallets, if you are using a hardware wallet that has SD card as Digital Bitbox, I think, it is not wise to keep the two at the same place because someone might get hold of it which might mean a free access to your wallet.
So, what to do is to unplug the SD card and store it in the safe place. And make sure not to lose access to your SD card else, if your wallet gets broken, all of your assets are gone.
OPENING AN SD CARD ON THE PC ALONE, HOW NICE?
By recommendation, it is important not to open your hardware SD card on the PC alone.
As recommended by Pav, if you want to do that, please use a fresh installation of Tails and for the love of God, do not connect to the internet when doing it.
HOW TO PRINT YOUR WALLET SECURELY
With an SD card hardware wallet, you don’t want to print from the SD card if your printer has a WiFi or Bluetooth. Why?
Those two “WiFi or Bluetooth” can cause a compromise. And of course, we know about the Wi-Fi robots.
So, never print from the SD card on a third-party printer.
DO YOU REALLY NEED TWO (2) HARDWARE WALLETS?
On the surface, it is a bad idea. I mean, the cost is a factor.
But in terms of security options, I think buying two hardware wallets is a good recommendation. Why?
Ideally, if you have two wallets, the other one will be your backup in case the need arises for restoration.
Using online wallets is not that bad as a beginner. But as a more advanced crypto believer, it is not that bad to get a few dollars hardware wallet at our convenience.
Again, if not, then consider using all the available armories such as 2FA, a secure email account wherefore, at the end of the day, you are protected from any loss.
Going over to hardware wallets,
Some of the wicked and frequently asked questions by thieves or say concerns are on how to manage reverse engineering and hijacking our wallets at gunpoint.
My verdict here is that this was not too complicated for us to actually see how to use plausible deniability to survive the gunpoint or a bad timing situation (which might never happen).
And also, I believe that we saw how to hack through reverse engineering and ultimately overcome side-channel attacks (in terms of how they work).
Be it as it may, I still believe that we will not allow procrastination or negligence to dawn badly on us to avoid using the above best practice hacks to protecting our wallets and cryptocurrencies.
All right, over to you, have you any other hack to being safe online, protecting hardware wallets? Do let me know also if this added value to you.
IT'S NOT TOO LATE. BECOME A CRYPTO/ BLOCKHAIN NERD!