Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Protecting Bitcoin and cryptocurrency Keys

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 30 Anzeige

Weitere Verwandte Inhalte

Aktuellste (20)

Anzeige

Protecting Bitcoin and cryptocurrency Keys

  1. 1. PROTECTING CRYPTOCURRENCY KEYS DIMITRIS TSAPAKIDIS @DIMITRIS LINKEDIN.COM/IN/DIMITRIS DECEMBER 2022
  2. 2. “THE ONLY MEANINGFUL ADOPTION METRIC IS PEOPLE WHO SELF CUSTODY BITCOIN” @HODLONAUT
  3. 3. AGENDA • Exchange & custodial threats • Self-custody threats • What to protect? • How to protect?
  4. 4. NOT YOUR KEYS, NOT YOUR COINS • Custodial wallets can be hacked • Exchanges might not be solvent • Bankruptcy takes years and you get cents on your Euro • Exchanges selling you paper Bitcoin also suppress the price • Exchanges might ask your for strict KYC and Source of Wealth documentation • Having exchanges hold a large % of all Bitcoin is a systemic risk • Bitcoin is not valuable if it can be confiscated and you need to ask permission to send it
  5. 5. NOT YOUR KEYS, NOT YOUR COINS • Use 2 Factor Authentication, without SMS • Journey from exchange to personal custody • Learn about sending coins to your personal (non-custodial) wallet • Learn about sending coins between wallets • Practice and become confident • Buy a hardware wallet • Don’t wait for a bank (exchange) run to start!
  6. 6. BITCOIN KEYS abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase Public Private Bitcoin private keys Bitcoin receive addresses 0.3BTC 0.5BTC
  7. 7. THREATS • Theft • Destruction • Take them with you to your grave • Multiparty/Institutional ownership • Receiving coins on your behalf: web server, teller/waiter • Privacy • Low-entropy keys abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase Public Private Bitcoin private keys Bitcoin receive addresses 0.3BTC 0.5BTC
  8. 8. THREATS • Dust • Kidnap/robbery: https://github.com/jlopp/physical-bitcoin-attacks
  9. 9. TOOLS • Use these tools to protect your coins • They are building blocks to mix and match like LEGOs
  10. 10. MEMORIZE THE SEED PHRASE • Useful if you have to walk from Syria to Germany and you have to swim across the Mediterranean abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase
  11. 11. CRYPTOSTEEL • Store your seed phrase • Protects against fire • Protects against water • Split in two: password and encrypted seed abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase
  12. 12. GENERATE YOUR OWN SEED PHRASE https://iancoleman.io/bip39/ abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase
  13. 13. KEYS NEVER EXPOSED HARDWARE WALLETS Key generation Transaction signing Ledger Trezor KeepKey
  14. 14. RISKS OF SOFTWARE WALLETS • Insecure, general-purpose computing devices • Seed copied off screen • Private keys stolen after you unlock your wallet • Keyboard sniffers or learning/prediction algorithms
  15. 15. VERIFY DESTINATION ADDRESSES • Are you sending money to the correct address? • Computer clipboard can be altered
  16. 16. ONE ADDRESS PER TRANSACTION • Wallets automatically generate new addresses • Preserve your privacy • Preserve everyone’s privacy
  17. 17. MOVE KEYS IN PARALLEL • How to destroy your privacy: • Bought a shiny new Trezor or Ledger and merged all your keys into one • Split your keys for a coin fork and merged all your keys into one • You could clone keys one by one :) Some software to automate the process would be great!
  18. 18. DEAD MAN’S SWITCH • “If something happens to me” movie line • Does nothing as long as we are alive • Acts when we stop demonstrating signs of life • Google’s Inactive Account Manager • Test it!
  19. 19. LAST WILL AND TESTAMENT • Gifting €5,000 vs gifting €500,000 • So your loved ones can spend your coins • Read articles by Pamela Morgan https://medium.com/ @pamelawjd
  20. 20. SHAMIR’S SECRET SHARING • Break any secret into X pieces • At least Y pieces required to reconstruct the secret • Y<=X • e.g. 3 out of 5 • https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
  21. 21. MULTISIG ADDRESSES MULTISIGNATURES 2 of 4 keys
  22. 22. MULTISIG USE CASES • Authorizing payments as a group of people: 2 of 3: CEO, CFO, Accountant • Gift your coins to your descendants after you get hit by a bus: 2 of 4: your phone, your hardware wallet, bank vault, a relative • Use your coins with untrusted wallets: your phone, your computers, bank vault. Optionally: go Seedless. • Use your coins with an offsite wallet: your phone, authenticated payment provider, bank vault. See https://greenaddress.it • Payment escrow: 2 of 3: Buyer, Seller, Trusted Escrow Agent. See https://www.openbazaar.org
  23. 23. MULTISIG WALLETS • CoPay/Bitpay • Electrum • Casa (Seedless) • Bluewallet • Sparrow Wallet • Multisig has extra backup requirements • You need to backup a copy of everyone’s public key (xpub)
  24. 24. COLD WALLETS • Private keys only used on an offline computer • Private keys can be permanently or temporarily stored • Can sign transactions • http://docs.electrum.org/en/latest/coldstorage.html abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual Mnemonic Seed Phrase Public Private Bitcoin private keys
  25. 25. WATCH-ONLY WALLETS • Wallets with public addresses only • Can view balance • Can generate receive addresses • Can generate transactions but cannot sign them (cold wallet will do the signing) • Can broadcast signed transactions Public Private Bitcoin receive addresses 0.3BTC 0.5BTC
  26. 26. TIERED WALLETS • Cellphone: spending cash • Hardware wallet: savings • Multisig with cold wallets: long term investments
  27. 27. SEED BACKUP & RESTORE • Restoring a seed might show no or less funds!!! • Keep in mind derivation paths! • You can try them all, there are only a few options • Keep in mind the 20 address gap! • Your family should also be aware of this
  28. 28. DISTRESS WALLET • A distress wallet has some coins and looks plausible. You can give up this wallet • Offered by Ledger and Trezor
  29. 29. NLOCKTIME TRANSACTIONS • Sign a transaction with nLockTime into the future e.g. next year • Give the transaction to recipient • Move the funds off your address if you are still alive and repeat • Bitcoin Core wallet is introducing support for such non-standard transactions
  30. 30. THANK YOU!

×