Check yourself
This post serves as a reminder to know where your keys are and ensure they are stored in a safe manner.
Yesterday I saw this post on reddit:
To summarize, the poster had checked in code to a public git repo that accidentally contained the 12 word seed/recovery phrase for a wallet address. A bot caught the phrase and drained the account all within a matter of minutes of it being posted.
Not your keys, not your crypto
One of the most common mantras of the crypto-world is "not your keys, not your crypto". The basic idea is that if you are using a service that interacts with a blockchain, and they vault the keys on your behalf, but you don't actually possess the keys then you don't actually own the crypto. But it can also be said that if you you post your key to a public place, that it's not your key any more and also not your crypto.
What to do?
- First, be absolutely certain keys aren't posted to public websites. But the private key (or recovery phrases) shouldn't be posted to any cloud service. They are intended to be written down and stored in a safe place.
- When developing or testing things, don't use your real account and stick to test networks. It doesn't cost anything to spin up a new address for testing, and then forget about it when you are done.
- Keep your keys in offline formats. A paper key or USB drive as examples. I suppose you could use a CD-R which would add to the inconvenience since no one actually has a CD drive to read or write the things any more ;)
- Any storage format should include encryption so that the data is as safe as possible when at rest. Theoretically though, once the data is accessible (i.e. connected to a computer and decrypted) it is vulnerable. I personally go through the extra step of using GPG on the keyfiles themselves so the risk is further minimized. So the file contents are encrypted, and then stored in an encrypted container. The plain-text version of the key is read out at use and never stored on disk.
- For additional peace of mind, you can utilize something like etherscan.io to monitor transactions on accounts that you care about so you know when something is happening. Though in many cases it's probably already too late by that point.
- While it might be a little less convenient, splitting your crypto between accounts or using a multi-sig wallet would add some protection so that if one key is compromised, you don't stand to lose everything.
Is all this really necessary?
Probably not, until it is, and that's the point. Multiple layers of encryption are extra hoops to jump through that will probably just be more of a pain for your general use and your keys are probably not that at risk. But it only takes one slip-up, and then there is no going back. So ensuring secure practices from the beginning further lessen the chances of any crypto assets being stolen.
Call to action!
So go check your wallets and key storing practices and make sure that you are managing your keys in a safe manner. Also ensure your private keys are not ever stored in a public location; including services like DropBox or Google Drive.
Dear @darkloris,
This is something all newcomers should read ! Thank you.
I wanted to make you aware of a new community focused on Crypto on Hive. It is called HODL and is aiming to reward underrated Crypto content creators.
You can read more below and be part of it now, we are waiting for you.
Here is where you can find us https://hive.blog/trending/hive-126009
Best,
Fully upvoted by @hodlcommunity
Congratulations @darkloris! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
You can view your badges on your board And compare to others on the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Do not miss the last post from @hivebuzz:
Support the HiveBuzz project. Vote for our proposal!