STEEM Cold Wallet - How to protect your funds from anything

in #steem7 years ago


Source

After the Utopian-IO Hack yesterday, it got me thinking about a cold wallet for STEEM. Luckily funds were never at risk yesterday, but if you haven't noticed there has been a huge increase of phishing attempts and hacked accounts in the last few months.

I wrote a post a few weeks ago about how to Be Smart and don't get hacked which I recommend everyone reads if you are not comfortable with computer security, even then I recommend you check it out to see if you pick up something anyway.

Steemit is an interesting place, every action has a financial result, but also means it doesn't take much to accidentally send all your funds to someone or be phished if you are not super careful. In the crypto world, you typically protect your funds using a cold wallet.

What is a Cold Wallet

The concept of a cold wallet is simple, think of it like your bank account. You don't have easy access to those funds and must jump through hoops to get to them. These hoops being, write a check, goto the bank, transfer money, and so on. While a cold wallet is a little more than that, it's good enough for this example.

Next, you have a hot wallet, this is your wallet you use for day to day spending, think of this as the wallet in your back pocket or the one in your purse. This is what you use for your day to day spending and is always at risk of being stolen, pickpocketed, lost, or just misplaced.

While your hot wallet is a lot riskier, you don't typically carry much on you so you won't dramatically affect your lifestyle if it is lost or stolen. On Steem(it) most everyone is using the concept of a hot wallet. All their funds are in their main day to day account and at risk on a day to day basis.

You might use DLive and decide to use SteemConnect to give authorization to your main account. This is two third-party services (DLive & SteemConnect) you are exposing to your account. Fortunately, Dlive only uses your posting key but SteemConnect does require your Active key to make the change. While SteemConnect has been considered safe it may not always be the case. Every time you enter a private key into a third party site you are at risk and are giving up some form of security.

If you haven't noticed lately, there has been an alarming increase of phishing attempts via comments and posts attempting to trick users into giving up their active private key. If these attempts are successful, you will quickly see your funds drained and sent to a third party account and quickly sold on Bittrex or some other exchange.

Phishing account @dana1365

Another example of a cold wallet is a hardware wallet like the Leder Nano or the Trezor. These hardware devices act as a safe storage of your private keys and your private keys never leave the device. Unfortunately, they do not support STEEM or STEEM Backed Dollars.


Source: Trezor.io

So what can I do?

There are a two options, the first being send any funds you don't need on a day to day basis to an Exchange. They have a lot more security and are not being used day to day as a social media account. While this may seem to be more secure than leaving into your account, I highly recommend you do not do this.

Exchanges are notorious for freezing and stealing funds. I wrote two posts on this a while ago and highly recommend reading them as it shows you how unregulated and unsafe Crypto trading is.

I don't recommend using an Exchange as your cold wallet and I don't even recommend keeping funds in there unless you are actively trading.

So what do you recommend?

The solution I propose is simple, create a new account on STEEM and send all excess funds to it. In most cases, you should never need to log in to the account and most certainly won't need to log into it on a day to day basis or connect it to any third party apps. The fact you hardly ever log into it will give you far more security than storing funds on an account that you use on a day to day basis and connect to unknown third parties.

This secondary account does not and should not have any third party accounts linked to it like Utopian, Busy, Dlive, DTube, or any other future apps coming in the future. The goal is to interact with it as little as possible and don't login in or out of it on a daily basis. Think of it as a savings account.

While it is not perfect, those storing a decent amount of STEEM and STEEM Backed Dollars would be much safer doing this than keeping it in an account that you interact with daily and are actively sharing private keys with "trusted" third party apps.

Be safe and be smart with your money, your future self will thank you!

X48EJ

Why you should vote me as witness

Witness & Administrator of four full nodes

themarkymark.png

My recent popular posts

STEEM, STEEM Power, Vests, and Steem Dollars. wtf is this shit?
The truth and lies about 25% curation, why what you know is FAKE NEWS
WTF is a hardware wallet, and why should you have one?
GINABOT - The Secret to your Sanity on Steemit
How to calculate post rewards
Use SSH all the time? Time for a big boy SSH Client
How to change your recovery account
How curation rewards work and how to be a kick ass curator
Markdown 101 - How to make kick ass posts on Steemit
Work ON your business, not in your business! - How to succeed as a small business
You are not entitled to an audience, you need to earn it!
How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!
Building a Portable Game Console

Sort:  
There are 3 pages
Pages

good helpful post. this is very alarmini and informative post. everybody halpful post.

I couldn't agree more @mdnajir..

Yes, the security risk is certainly the biggest downfall (IMO) for the entire crypto space. I hope that someone will come up with a wallet that is both easy to use and absolutely secure.

You explained well the difference between Hot and Cold wallet. Honestly speaking, I didn't knew its real meaning until now. After a year of immersing myself on Crypto space. This truly adds value to the reader of protecting ourselves from the hacker. No one will protect us if we messed up so be better gear up. Thanks @themarkymark

A month ago, here I described how to create such a cold wallet, which will be perfect for hodling :)

I've also linked there another article of mine, which describes, how to set a password for your steem account, which is not generated by Steemit website :)

Also, I am right now in the middle of my power-down process to transfer all my SteemPower from @noisy, to @noisy.cold, and to be honest... I feel much more secure since I started :) Of course, I delegate all that SP from @noisy.cold to @noisy, so... actually, nothing changed for in terms of my voting power :)

Was a great article! I have it saved to check out the code later.

That is really a good idea. I never thought of that.

This is really cool @noisy!

But i put all my ETH, Ripple and BTC to STEEM so i don't need to worry about storing it from exchange. All i worried about is the phising technique used by hackers, so it's better not to click the link that we don't trust and never put your password in the other website make sure you login to STEEMIT.COM.

This is why a cold wallet is a good idea, you rarely ever log into it.

I know, but i can't put my STEEM into cold because i need it from my posts in steemit.

not everyone is in the situation to need this. Sounds like the case for you. Those that do, this very well save them from losing a lot of money.

Some good ideas! Thank you.
I'd never seen the actual little letters on a card before. Awesome idea.
Thanks again for showing us some possible better ways.

Thanks for this AWESOME tips

thanks for helping people store their money

Great advice! Much appreciated! I'm going to get on that! Thanks for the share! Resteem

Yes, safety first!...:)...

The Tree of Life, or Etz haChayim (עץ החיים) has upvoted you with divine emanations of G-ds creation itself ex nihilo. We reveal Light by transforming our Desire to Receive for Ourselves to a Desire to Receive for Others. I am part of the Curators Guild (Sephiroth), through which Ein Sof (The Infinite) reveals Itself!

This is a good idea and you could even power up the account and delegate it to your active account so that its not all unused savings.

i think ill work on getting that done. it'll take 2 weeks the way steemit registration is these days lol

There are a few ways to buy accounts instantly. You do not need to use the Steemit Inc faucet.

lol im a cheapO so i personally would wait :)

would be cool =)

Nice post. If you set up a secondary "low use account" make sure to delegate to your active account. You will not receive any utility from the Steem if it just sits in an inactive account.

Cool, and keep up the hard work.
DAMN fishers,
D.

I would say a multisig wallet will also be a good idea

Thanks for STEEM Cold Wallet, this way is the most safe.

With our money safe then nothing like it and doing day today spending with hot wallet than nothing like it . Even if our set is broken or stolen then alos our money is safe

Brilliant idea @themarkymark on creation of a secondary steemit account for use as a cold storage. What about using the savings feature of the wallet, is it a secure option?

It could be but it is very possible can drain the funds before you recover your account if a hacker gets it.

In theory you should be able to recover in 1-2 days but many times it can take longer as much as a week.

I too had been thinking about the lack of a cold wallet for Steem. The community should lobby Trezor & Ledger to include Steem in their roadmap.

I don't see Trezor or Ledger ever supporting it as it isn't a Bitcoin spin-off and would require a very hacky integration to make work. Using a good password manager like 1 Password would get you pretty much the best you going to get cold storage for STEEM.

so true, steemit isn´t like bitcoin or other cryptos.

But they already did it for a few other coins without bitcoin heritage...

So basically you are saying make yourself a @RanchoRelaxo account. Put all your funds there. Delegate some back to your account. And then place your Ranco account on auto upvote for your 10 post a day. Gotcha...

I knew I was doing this wrong. Now I know how to be a winner at Steemit. Can someone please delegate 300 Million SP to @Rancho-Relaxo for me? Thanks in advance.

this is very alarming and informative post ever.thanks to share with us.

super!!!
I was looking for this, thanks alot. you are awesum!

Thank you so much for this post.

Exchanges are notorious for freezing and stealing funds.

This is so true. Thank you for the reminder.

And the idea about having another account is really good. Never really thought of it that way. Thanks

I am still confused with the concept of hot and cold wallet. Did you mean cold wallet is a place where your transaction need approval first with high security and the hot one is a wallet with low security, where you can transfer your funds eaisly.
The rest of the article is very helpful. thanks for that

A hot wallet you use daily, like a normal wallet/purse. You don’t have a life changing amount of funds in it so if it was lost or stolen you wouldn’t loose much.

This might be a mobile app or something you access daily and should be secured but easily accessible.

A cold wallet is more like life savings. Security is critical and convienience is secondary to security. You might need to jump through hoops to get to the funds but that’s ok as you rarely ever need to draw from it. If these funds were lost or stolen it would dramatically affect your life style.

The point of a cold wallet is to increase security and reduce convienence.

Hope that does a better job at explaining it.

very good tip. was already wondering what the option would be before you mentioned extra account. But dont you think steemit need to discaurage scammers by ensuring all accounts comes with extra security like those in most exchanges. Introducing 2FA or Google Auth is not rocket scince and i did write on it earlier but as usual, folks always say steemit is secured already. Once we have active 2fa, then phishing stops. thanks for this insight. upped

What I took away from this was not to use SteemConnect!

Thank you for a useful tips

I think that this is the best solution. However, I would say that the best feasible solution for active participants who care about the size their accounts have on the community would be to put it all in SP. That way, even though you would not be entirely safe, a phish attacker would still need to power down for a week and that would give you more than enough time to log into your account, cancel the power down and change your password.

Another way to increase the safety of your account that many people don't do is to only use your posting key on other sites. That way, if something gets stolen, it's just a password allowing them to vote and comment. I think that Steemconnect should start enforcing and recommending this so that people don't go around putting their Master Password in unnecessary places, since this creates very big security risks.

STEEM Power is the way to go, but there are many reasons to keep liquid funds, and there are accounts that have thousands and even hundreds of thousands of liquid funds sitting in it.

Why would someone store hundreds of thousands of Steem and/or SBD on their account? I suppose it's a matter of ease of access. In that case, I think you're right and that the way to go would be a "paper wallet", or a "paper password".

don't you think folks who own huge sbd or steem prefers it in one account bcos of the respect and reputation it accords them. I still insist as i submitted earlier on 2FA and i know steem(it) has the programmers to work on it. nice point though... @cryptosharon

There are people who use 2FA to store their passwords even though it is not implemented on Steemit. It's worth a shot, I think.

Sure. Glad to have someone who agree with my submittion. Let's keep in touch 💪

¯\_(ツ)_/¯

Just rich people things.

There are much much smaller accounts that can still use the advice.

Actually this advice is more crucial for the smaller accounts. Big account owners most of the time know how to secure their accounts. That’s why they are still rich :) With the advent of bidbodts smaller accounts now enjoy possibility of having bigger upvotes. Since they need liquid steem on daily basis they can neither use savings facility nor Powerup their accounts. Even yesterday there was a steem user asking for help on SMT Telegram channel regarding his compromised account. This one and abundce of other cases tell us that it wouldn’t be logical to feel safe because you are not rich. Keep in mind that scammers also know that you think this way and you don’t pay attention to security. Big scammers might not be chasing you but there are lots of “plankton scammers” who would pursue even 0.01 steem on your account.
It’s a smart advice and i’ll take it. Better than being sorry :)

That was really helpful.

Sounds like a plan.

Although most of us wont have too much liquid floating around, I like the idea of having an account that doesn't ever connect to 3rd party apps holding what liquid STEEM/SBD I do hold.

outstanding... need to be very careful as we store our assests

I’ve mislaid my bitcoin paper wallet.

I put all my bitcoin in cold storage on a piece of paper and put it in the back-pocket of my jeans.

I thought “No worries, I can always make a copy tomorrow”. I threw my dirty jeans on the floor and went to sleep.

In the morning, I woke up. My jeans weren’t on the floor any more. I really need them as that paper cold-storage wallet is really worth a ton of money.

I would have asked my wife, but she’s gone out. She won’t be back for 10 hours.

I guessed the magic pixies came in the night, picked up my creased jeans, ironed them, and put them folded neatly in one of the cupboards. That’s what usually happens to the clothes I throw on the floor. But this time I looked in all the cupboards, and my jeans are not there. Now I am really worried that my millions in bitcoin won’t be found for days.

If any reader of this can give me an idea where to look, I’ll try it. There’s nobody here to ask. I am alone in the house. It’s eerie quiet, except for the distant sound of the washing machine in the basement.

Just brilliant. One of the most funniest things I've read in the past weeks.

Unless it's really true 😩🙃

If you’re absent during my struggle, don’t expect to be present during my success.

yes we need steem cool wallet

Thanks for shearing this post bro

I want to be a good world to trust each other.

Thanks for spreading this knowledge and attention! Cheers

Thank you for putting this post and reminding people of the ever present scammers that are always at the door.
I started my account on early march of this year and I have had a number of people trying to rob me.
I have also had very good advice from arcange, bullionstackers, abusereports. I have also uploaded a post regarding this matter which I like to share with our Steemit community.
I just like to help our community and to bring awareness to the ever present threat of phishing.
"Warning" This person "monicafrederick" has been posting link on my post. Please do not clink on the link because it will still your account.
Desktop 6-05-2018 9-09-09 AM-867.png

https://steemit.com/steemit/@cosmophobia/rwfn9y9r#@cosmophobia/6958x5c21

Useful information that should be taken advantage of

Except then you wouldn't have any voting power on your day to day, though I suppose there are people rolling in it who have an excessive amount I can't imagine!

Liquid funds cannot be used as voting power, Steem Power is already protected in the sense it has to be powered down (which takes 7 days to even get 1/13th of your funds) and by then you should be able to complete the Account Recovery process and regain access.

Right, but people without much VP probably don't hold liquid, because any Steem we get, we're putting into VP. My SBD I play with, in that I either sell it into various cryptos to pay bills and such, or I convert it to Steem and power up. I just don't imagine people holding liquid unless they're using it for something else.

It is not for everyone just those who hold a decent amount of liquid.

The STEEM / SBD would be what you were wanting as liquid - only Vested STEEM counts towards your voting power.

Andd, I didn't fresh after reading the post.

oops I almost done wrong but Thanks for your advice sir! This is really effective @themarkymark

Really need more thinking about security.

I think I really buy your idea of having a secondary account on steemit only for the purpose of saving unused funds.
Nice one @themarkymark

Your post alwayas useful and informative .Good job , i like it .

Your post is always different i follow your blog everytime , your post is so helpful . I always inspire of your post on my steem work . Thank you for sharing @themarymark

Follow my blog @powerupme

That would be so cool if i had funds to place in a cold/hot wallet. With 0.5$ of steem in account what should i worry for? :D Nice post mr mark anyways its good information for big whales like you

Thanks buddy for sharing the news with I salute you🙋🙋🙋🙋

Thats exactly what I do. Sending excess steem/sbd to another account. Since I don't use that account too often, chances of it getting hacked is at a minimum. This is better than putting into savings or converting to sp, which is less liquid.

This is a really really good idea
I would have never thought of it this way

Its a very good concept. You people should consider it making the reality. Steemit is facing this hacking problem very frequent..

You got a 13.05% upvote from @postpromoter courtesy of @themarkymark!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

There are 3 pages
Pages