Video presentation https://www.youtube.com/watch?v=p4JQZxkyStI
Now you want to buy some Bitcoin as a savings (store of value) vehicle.
Now, the question arises, how do you securely store your Bitcoin, or other crypto assets long term?
There are 2 major risks you have to mitigate:
- you can lose your Bitcoin (lose your private key, and the ability to spend your coins)
- your Bitcoin can be stolen
Let's talk about what options you have and what are the risks and benefits of each option and what sorts of attack vectors you should be aware of:
- Keep Bitcoin in custody (on exchanges)
- Mobile wallets
- Desktop wallets
- Hardware wallets
- Privacy and physical attacks
2. Bitcoin vs. Bank Paradigm
● There are no coins
● Database - list of addresses and balances
● Private keys allow spending balances from
the corresponding addresses
● Protect your key
● Lost key = lost bitcoin
● Exposed key = stolen bitcoin
Task - have enough private key backups, so you can always recover it, and
keep the key secret, so no one else can find it.
3. Private Key
● 256-bit number
● One private key - one address
● Example in HEX format:
E9873D79C6D87DC0FB6A5778633389F4453213
303DA61F20BD67FC233AA33262
Secret number mathematically related to a bitcoin address that allows
bitcoins to be spent
4. Hierarchically Deterministic Wallet
● Uses Master Extended Key (512 bits)
● Derives private keys and addresses
● Backup only the Master Extended Key
● Represented by a seed phrase (12-24
words out of 2048 standard word list)
● BIP32 standard (recover anywhere)
5. Seed Phrase
Not safe to invent your own seed phrase- humans are bad at
randomness. Allow the wallet software to generate it.
● Two-factor seed phrases
● Encrypted with password
● Something you “have” + “know”
● “Seed extension”. “Extension word”,
“13th/25th word”
Warning: Forgetting this password will result in the bitcoin wallet and
any contained money being lost. Do not overestimate your ability to
remember passphrases especially when you may not use it very often.
6. Storage of Bitcoin
● Protection against accidental loss
● Verification that the bitcoins are genuine
● Privacy and protection against spying
● Protection against theft
● Easy access for spending or moving bitcoins
7. Protection From Loss
● Backup Seed Phrase
● Pencil and paper
● Even a damaged word is identifiable
● First four letters are enough to uniquely
identify the word from the standard list
8. Storing Seed Phrases
● Memorizing
● Metal engraving
● Chiseling into stone
● Writing on paper
● Acid free paper (archival)
● Use pencil - doesn’t fade
● Store in the dark
● No temperature or moisture extremes
9. Bad Seed Phrase Storing
● Splitting the Seed Phrase into different
locations weakens security. If one part is
found - easier to brute force
● Use multisignature instead
● Adding decoy words to the list - bad idea
- easy to weed out by comparing with the
standard list
10. Verification and Privacy - Run a Full Node
● Seed phrase stores private keys
● Wallet software verifies you received Bitcoin
● Full node verifies if Bitcoin is genuine
● Lightweight wallets (SPV) are good for smaller
amounts or when you trust the sender
● SPV exposes to the full node all your addresses,
balances and IP-address
11. Protection from Theft
● Private keys = money
● On computer or smartphone private keys
stored in memory and can be extracted
remotely
● Hardware wallets keep private keys in a
separate device and never share them
12. Hardware Wallets
Pros:
● Malware resistant internal storage for private keys
● Only transmits signed transactions, sometimes air
gapped
● No risk even if computer is compromised
Cons:
● Recognizable device
● Supply chain attacks
● Physical attacks
● Possible to extract keys with special equipment
Special purpose security-hardened devices that is trusted to
generate private keys and sign transactions.
13. Multisignature Wallet
● Requires multiple signatures to send a tx
● Exponentially higher security - difficult to
compromise several devices
● m-of-n signatures (3-of-5)
● Best used with Hardware wallets from different
manufacturers
● Solution now: full node + electrum server +
electrum wallet + HW
● No user-friendly solution yet
14. Custodians
Pros:
● Their security is better than yours
● Easy recovery and inheritance
Cons:
● Honey pot for attackers, while you are not
● Inside job attacks
● Government seizure
● Not the same as bank (irreversible, not insured)
Solution: Custodian keeps one key from a multisig, that can be used for recovery if
you lose one of your keys, but not enough to spend your bitcoin
15. $5-Wrench Attack
● Don’t talk about your wealth
● Use multsig with keys in
multiple locations
● Bear arms, hire guards, rely on
police or army
There are two ways to beat this attack: by hiding or by defending yourself.
You can't be your own bank without
bank-level security.
16. Tips
● Backup your seed phrase
● Never Keep Coins on Exchanges
● Don’t buy altcoins
● Learn about security
● Denis Serebryakov
twitter.com/ThatCryptoTO