How To Keep Your Crypto Coins Safe | The Right Way

in cryptocurrency •  7 years ago 






The thing people regret most is not taking time to secure their crypto coins when they have lost them. Do you have your crypto coins stored on exchanges or in a wallet on your computer/phone? Well, let me tell you they are not safe. We think our crypto coins are safe until something like this happens:

All my BTC and LTC lost because someone hacked my Macbook, It was a personal attack.
The hacker knows my phone number, name, email , job etc...

The whole story on Bitcointalk


This is a guide on how to keep your crypto coins safe by minimizing the chance of theft by hackers or thieves. There is no method which is 100% safe for storing your crypto coins. As is with real money. Banks can be hacked or can go bankrupt. Money we keep under our pillows can be stolen.

I have written this guide for people with zero knowledge about how crytos work. I provide brief explainations on how everything works, because for me I found it a relief understanding a bit of the whole system when I was storing my coins.

For the more informed people, I have practical tips which I haven't seen in other guides. Skip the basic explainations to get to it.

Before we start I wanted to note: storing your coins safely takes time, so don't rush this.

Let's get into it :)

What do you need to protect?

  • Your private key(s)

What is a private key?

Private keys from different cryptocurrencies look like this:

CryptocurrencyPrivate key
Bitcoin5KX66Xb1zVK5f5EdLv4CLjERyYCVJBQDWYCgw4MHWiNMbdCjDVi
Ethereum1a9dc2267c114f387a294ee6874961a07f939b219205be6c1903b310c002f8ba
RipplesahNuLCUqzqvoB7tkiBh78MzYm1ft

It is long line of numbers and letters, that give access to your coins. At first sight a private key may look a bit complex, but it is not.

For every private key there is a public key. They are called key pairs. The pairs are linked together through a mathmatical algorithm. However, it is a one-way algorithm. The consequence is that the public key can be derived from the private key, but you can not derive the private key from the public key. Which is a good thing or else everybody can find out your private key if they know your public key.

The public key is used to store your coins and the private key allows you to send the coins that is stored in the public key.

For example, the public key which "belongs" to the bitcoin private key above is:

Bitcoin
Private key5KX66Xb1zVK5f5EdLv4CLjERyYCVJBQDWYCgw4MHWiNMbdCjDVi
Public key1MrJeJWt6ftMu3bjgKp13v8t5d65Hpbo8g

In practice, the public key (sometimes called 'adress') is the line you copy paste to other people when you want to receive coins, therefore you are fine with everyone knowing your public key.

On the other side you want nobody to know your private key, because the private key allows you to spend the coins people have sent to you.

Now you may wonder why you haven't seen any private key even though you have stored your coins.
Good question, read on :P

Example of receiving and sending bitcoins


Say you want your friends to send you 3 bitcoins. Then you would copy paste the public key to them: 1MrJeJWt6ftMu3bjgKp13v8t5d65Hpbo8g

After they sent the bitcoins, the only person who knows the private key: 5KX66Xb1zVK5f5EdLv4CLjERyYCVJBQDWYCgw4MHWiNMbdCjDVi
can resend the 3 bitcoins (or steal them).

How do you generate private and public keys?

There are software and applications (also called wallets) that can do this for you

What is a wallet?

In essence a wallet is a file where different public and private key pairs are stored. A wallet makes interacting with your private keys easier.

Similar to a banking app the convenience of a wallet are:

  1. All private keys are stored in 1 file. So to backup your wallet you only need to copy the wallet file.
  2. Send coins without having to enter private keys
  3. Displays your current net balance
  4. Can add passwords as extra protection
  5. All private keys can be recovered with usually a 12 or 24-word phrase

You lose all your coins when you lose the file where your keys are stored.

However, newer wallets provide a 12 or 24 word recovery seed. The seed phrase is used to make the private keys in the wallet. Remembering/saving the recovery seed is enough to recover all the keys generated in the wallet (very convenient).

The recovery seed also can be written down and consist of words we recognize unlike the private key.

So, effectively you can store digital wallets on paper. More details below!

Why wallets on exchanges are not safe

If you make account on an exchange it automatically creates wallets for you. The private keys are stored on the exchange. You are basically trusting that the exchange will keep your private key safe, which is very risky!

Hackers can get to your private keys by hacking the database of the exchange. In this case your account password won't protect you from the theft. Almost all exchanges have been hacked.

The most infamous hack is that of Mt. Gox which was the largest bitcoin exchange at that time. The hackers stole a jaw-dropping 850.000 bitcoins!!

More recently, one of the oldest exchange BTC-e was shut down by the US government. The case is still unclear. There are allegations of fraud, sales of drugs and money laundering. There may be even ties to the Mt. Gox hack.

We can learn from this don't keep your money on exchanges or atleast keep it to a minimum.

What is the key to keeping your crypto coins safe?

To keep your coins safe equals keeping your private keys safe.
So we must generate and store them in a way so that

  • Hackers and
  • Thieves

cant get to them.

How hackers can steal your keys

Hackers are smart. They use software specifically designed to find your private keys. When your computer gets infected, the malware searches the computer's harddrive for wallets. If it recognizes the wallet file it will attempt to copy the private keys and send them to the hacker.

Nowadays wallets are more secure because they offer password protection, however a hacker can easily find out that password (or all your other passwords) by using keyloggers. What a keylogger does is that it records every key(!) you have pressed and sends that input to the hacker.

To top it up, there are malwares which continuously take screenshots of your screen! So even if you use a digital keyboard (such as on your phone), they will be able to see each input you make from the screenshots.

How you can lose your coins to thieves

When you give them easy access to your computer, USB or phone without password/PIN protection.

They find your private keys or recovery seed written down on a piece of paper.

The 3 security rules

  1. Offline key generation and storage
  2. Encryption
  3. Back-up

Offline storage protects you from hackers.

Encryption is useful against theft. In addition to your private keys the thieve will also need to know the encryption (which is usually a password) to spend your coins.

Back-ups of your private keys decreases the chance of you losing your coins due to hard disk faillure, natural disasters and your parents throwing away your stuff. But having back-ups also protects you from yourself. We can be forgetful or sloppy sometimes.

Following these rules should reduce the chance of theft significantly. For each rule I am going to broadly explain what you should do. It is up to you, to research all the different software you want to use.

Pay attention whether the software you are using is trustworthy and also if it offers extra security features. I will do my best to include links and examples :)

Rule 1: Offline key generation and storage

The first rule is to generate and store your private keys offline. By generating and storing your keys offline a hacker has to use other methods for which the hacker has to be physically close to your device, to steal your private keys. Offline storage is more commenly called cold storage.

Types of cold storage

The safest way to store your private keys is writing them down! A good old fashioned piece of paper provides 100% protection against hacks, because (obviously) a piece of paper is not hackable! Additionally, it is the cheapest method to create back-ups.

The next safest option is a hardware wallet. A hardware wallet is basically a USB with a wallet software that allows you to send and receive coins just like a normal wallet. Hardware wallets are designed to protect your private keys from mallware attacks when you have your device connected to an infected computer. The keys are always kept in the hardware wallet.

Hardware wallets are falsely claimed to be the safest way of store your coins. It is true that up till now there is no record of a "software" hack". However people have demonstrated at a hackers conference (Def Con 25) that the Trezor and KeepKey can be "hardware hacked". This means that a hacker can find out your private keys if he gets hold of your hardware wallet.

For more information read this article by a Medium user, who explains the hack in more detail.

I would recommand to use paper wallets for storage. However for people that want to use their crypto coins regularly or want to trade, I understand that a hardware wallet is more convenient. In this case you should store the coins you don't plan on touching for a while in a paper wallet and all other coins in a hardware wallet.

There are no real security advantages using a normal USB. After you saved your private keys in it you don't want to connect the USB to a computer with internet, basically making it useless to store other files. That is an expensive investment for storing a few bytes (not to mention when you want to make back-ups).

How to generate keys offline: The air gapped computer

I have mentioned three types of software that can generate keys offline: desktop wallets, webbrowser clients and hardware wallets. Hardware wallets already generate the private keys offline while for the other two methods you need to prepare what is called an air gapped computer.

Air gapping is isolating your computer from any connections hackers can use to get into your computer such as the internet and bluetooth.

I am going to focus on making your computer internet air gapped, because other threats are much lower I think. If you think you are a hot target for hackers then I would recommand you to research how to make your computer more air gapped.

To create an air gapped device you use an old computer which you don't mind keeping disconnected from the internet for ever.

To disconnect from the internet it is not safe to simply turn off the Wifi. There are mallware which can turn on the Wifi in the background. Instead take out the Wifi card (or Network Interface Card) which ensures there is no way your computer can make an internet connection.

Also as an extra safety measure clear your computer from viruses.

Here is tutorial on air gapping and making a paper wallet.

Alternative

If you can't make an air gapped computer then you should make sure you computer is not infected with mallware. Running a virus scanner doesn't remove all mallware. The best virus clean are a full hard disk wipe. You can do this by factory reset or use cd software, which usually offer better results (this applies more for Windows).

You can also use a freshly bought computer from the store.

Generate your keys

When you have your air gapped or mallware free computer ready (make sure you are disconnected from the internet), you need to transfer a key generator to it using a USB! Don't download the software on the air gapped computer because you will need to connect to the internet for it!!

Use a software which displays the keys for you such as bitadress. Bitadress is a browser client sofware. Most of these software (if programmed to allow for offline generation) are downloaded by right clicking anywhere on the page and then choose the option "safe as". See this video here for detailed steps.

After you have the software on your air gapped computer you can start generating and copy the keys to a piece of paper.

Why you should make atleast 3 or more key pairs

  • To split your fortune, so that if one private key gets stolen or lost, you don't lose everything (more over below in back-up)
  • If you ever need another safely generated adress you will have a few ready.
  • If you made a mistake in copying the first private key

Copy mistakes: Be very careful!

Pay extra attention to this part, because if you make a mistake in writing down the private keys you will lose your coins for ever. Private keys contain numbers and upper and lower case letters. It is easy to make a mistake.

How to avoid copy mistakes?

  • The best way is if you could check if you made a mistake offline. Luckily, some key generation softwares such as Bitaddress offer this. After you have written your private keys down, close the software (so that the keys are erased). Open the programn again and enter the private key you have written down. If you done this correctly, you will also see the corresponding public key.
  • You can check if the public key is correct. There are two ways to do this. First you can send a small amount to the public adress. If you can send it it means that the public adress is correct, because almost all wallets and exchanges check first if the public adress is valid. In rare cases this might be not the case.
    The second method is an addition to the first method. All transactions of crypto currencies are visible, that means if you know the public adress if somebody else you can check the balance and all transactions to that specific adress. This is one of the characteristics of the blockchain. All transactions ever made in the bitcoin network can be found on this site. Each crypto currency's transactions can be checked on similar sites.

Good to know: you can always find what your public key is with the private key, but not the other way around. However, sometimes you will need to enter you private key online, so it is better to copy the public key right correctly too.

Also don't worry about if your private key is valid. It doesn't need to "connect" to the network first. The beauty of crypto currency is that everything is mathematically connected. The network will do a calculation to check if your adress is valid. That being said you should always start with sending a small amount to your adresses and check if they have arrived.

Remove any trace of the private keys

After you have moved your keys to cold storage, you need to be sure no one can have acces to it digitally! This means delete every trace of your private keys.

The most skilled hackers can still find your private keys even if you have "deleted it from your trash can". If you want to be 100% sure nobody can ever retrieve your keys, destroy your hard disk. Or do another clean hard disk wipe atleast.

Destroying your hard disk is kind of an extreem safety meassure. But hey, this what this guide is all about :P

Before you do all this!!

Practise with a small amount of coins to get use to the process. Try to generate a few adresses. Write them down. Send coins to the publick keys and try to move the coins again to another adress.

Don't rush this, I was surprised how many mistakes I still made.

Rule 2: Encryption

The purpose of encryption is that even if a hacker or thieve somehow gets hold of your private key, he or she will need to know the encryption to spend your coins.

Key generation software allow you to encrypt your private key with a password.

Most wallets asks you to input a password before you can open the wallet and will ask this password everytime you want to send coins.

Having your private keys encrypted is a very powerful boost to the safety to your coins. However, if you ever forget your encryption you will lose your coins permanently even if you have the private key. So, think carefully if you want to use encryption, but having a simple encryption such as one password for all your private keys, keeps your coins significantly safer.

Do's and don'ts with encryption

  • Don't store your password in the same place as your private keys
  • Use different passwords (preferably one password for each private key)
  • Never tell anybody (same applies to your private keys)
  • As for all passwords don't use a word which is easy to guess, such as your parent's name or your birth date

Final note about password encryption. The best passwords are long ones. You can use sentences such as: this_is_a_very_long_password1234!

Contrary to popular believe your password doesn't get a lot safer with sophisticated signs like $@&23()%. This is because a hacker can preform what is called a brute-force attack. The hacker will try to find your password by trying out billions of combinations. However, putting a few unusual signs is enough to increase the difficulty for the hacker.

Paper wallets are the dream of a thieve

A paper wallet provide the best protection against hackers, but when it comes to protection against theft it is useless. Leaving your paper wallet at home is as safe as leaving the keys to your house at home.

Some people print their paper wallets with a QR-code included. That is outrageous! It will only assist the thieve by saving him time to enter the private key. If the thieve is in the act of stealing and happens to have his phone, he can scan the code and put the paper wallet back. You will never know anything happened until your coins are gone.

Encrypting paper wallets

In addition to setting a password for your private keys you could encrypt your writing. What you want is that when somebody reads your private key, he or she will see the wrong private key, because you made changes to it. For example you could replace all the lowercase letters f to an uppercase letter U. It will be very hard for the person to figure out you made this change.

Note to the example: you will need to keep generating keys to find one with no uppercase U.

Such a simple encryption as in the example is already very powerful. You can release your own creativity to make it as hard as possible for the thieves!

Rule 3: Back-up

There are many people who could have been rich today if they made a back-ups of their bitcoin wallets. Many hard disks with bitcoins some worth millions of dollars in today's value were thrown away.

The benefit of holding cryptos unlike real money is that you can have it at multiple places. The necessity of having multiple back-ups is self explainatory but:

Some Do and Don'ts

  • If you want to make more back-ups of your wallet don't connect it to a computer with internet use the air gapped computer.
  • Keep your back-ups in other places than your home. It is required to encrypt them first (in writing). Give them to people you trust. Or you don't tell them at all. You could ask them something like to keep some important documents.
  • Check regularly if your back-ups are still intact.
  • Don't write down where you have put your back-ups.

I hope you found my guide useful!

If you want more guides like this don't forget to follow me :)

If you have some useful tips or spotted mistakes tell me and the others in the comments!


Lots of love,
Future Thinker

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Nice Guide....Thanks!
There is one question though! Once you have downloaded a hot wallet I understand that you could disconnect from the internet to generate the private key or the password. How do you use the air-gaped computer generated key? Once you go back on line you can't type in the pvt key without being on line and that of course defeats the purpose of the cold computer. However, one must register the new off line computed pvt address in some manner on line, No? As I type this I realized that I am confused how the on line wallet and the off line computer actually interrelate.
I would love to get all of my hot wallets protected as you describe but some of them don't seem to be able to do this. It may be my naivte though.
Thanks,
Alwayssaturday

First of all thank you for reading my guide! @alwayssaturday

A "hot" wallet means when you keep it connected to the internet. When you download a wallet, you are basically downloading a key generation software. When you disconnect from the internet and then generate your keys, but later on you go online again, it defeats the purpose of generating your keys offline.

How the blockchain works is: you don't need to register your adress online, but you will the right key generation software (wallet). The beauty of how the blockchain works is that it will recognize any address created by the software. You *dont need to connect to the internet first to "register" your addresss.

The safest way to protect your keys, is to generate them on a device that will never be connected to the internet again. Even if the device were infected the keys could never be stolen through the internet (there are other methods but it would require the hacker to be near your device).

If you make an air gapped computer it means never connecting it to the internet again. I would recommand using an old computer for it.

Excellent tutorial

Thank you @edkarnie :)

upvoted

Thank you #anja-caballero :)

Nice post! Im still lost, will have to reread. I just want simple safe and im also into trading. Thanks :)

Haha let me know if it helped you!

One of the best posts I have ever seen on Steemit. Thank you!

Wow this comment made my day :)

Long article! But Nice tips! Upvoted. :)

Haha glad you liked it @topic4lunch !

Good summary!

@futurethinker got you a $6.55 @minnowbooster upgoat, nice!
@futurethinker got you a $6.55 @minnowbooster upgoat, nice! (Image: pixabay.com)


Want a boost? Click here to read more!

Thank you for the effort you put into this.

That is a very informative guide, you could have edited it and made it small for the reader to grasp the content properly, read here to read in a summarize way- https://blog.coinswitch.co/how-to-protect-your-crypto-holdings-with-a-private-wallet-ad2c6070778d