After the Utopian-IO Hack yesterday, it got me thinking about a cold wallet for STEEM. Luckily funds were never at risk yesterday, but if you haven't noticed there has been a huge increase of phishing attempts and hacked accounts in the last few months.
I wrote a post a few weeks ago about how to Be Smart and don't get hacked which I recommend everyone reads if you are not comfortable with computer security, even then I recommend you check it out to see if you pick up something anyway.
Steemit is an interesting place, every action has a financial result, but also means it doesn't take much to accidentally send all your funds to someone or be phished if you are not super careful. In the crypto world, you typically protect your funds using a cold wallet.
What is a Cold Wallet
The concept of a cold wallet is simple, think of it like your bank account. You don't have easy access to those funds and must jump through hoops to get to them. These hoops being, write a check, goto the bank, transfer money, and so on. While a cold wallet is a little more than that, it's good enough for this example.
Next, you have a hot wallet, this is your wallet you use for day to day spending, think of this as the wallet in your back pocket or the one in your purse. This is what you use for your day to day spending and is always at risk of being stolen, pickpocketed, lost, or just misplaced.
While your hot wallet is a lot riskier, you don't typically carry much on you so you won't dramatically affect your lifestyle if it is lost or stolen. On Steem(it) most everyone is using the concept of a hot wallet. All their funds are in their main day to day account and at risk on a day to day basis.
You might use DLive and decide to use SteemConnect to give authorization to your main account. This is two third-party services (DLive & SteemConnect) you are exposing to your account. Fortunately, Dlive only uses your posting key but SteemConnect does require your Active key to make the change. While SteemConnect has been considered safe it may not always be the case. Every time you enter a private key into a third party site you are at risk and are giving up some form of security.
If you haven't noticed lately, there has been an alarming increase of phishing attempts via comments and posts attempting to trick users into giving up their active private key. If these attempts are successful, you will quickly see your funds drained and sent to a third party account and quickly sold on Bittrex or some other exchange.
Phishing account @dana1365
Another example of a cold wallet is a hardware wallet like the Leder Nano or the Trezor. These hardware devices act as a safe storage of your private keys and your private keys never leave the device. Unfortunately, they do not support STEEM or STEEM Backed Dollars.
So what can I do?
There are a two options, the first being send any funds you don't need on a day to day basis to an Exchange. They have a lot more security and are not being used day to day as a social media account. While this may seem to be more secure than leaving into your account, I highly recommend you do not do this.
Exchanges are notorious for freezing and stealing funds. I wrote two posts on this a while ago and highly recommend reading them as it shows you how unregulated and unsafe Crypto trading is.
I don't recommend using an Exchange as your cold wallet and I don't even recommend keeping funds in there unless you are actively trading.
So what do you recommend?
The solution I propose is simple, create a new account on STEEM and send all excess funds to it. In most cases, you should never need to log in to the account and most certainly won't need to log into it on a day to day basis or connect it to any third party apps. The fact you hardly ever log into it will give you far more security than storing funds on an account that you use on a day to day basis and connect to unknown third parties.
This secondary account does not and should not have any third party accounts linked to it like Utopian, Busy, Dlive, DTube, or any other future apps coming in the future. The goal is to interact with it as little as possible and don't login in or out of it on a daily basis. Think of it as a savings account.
While it is not perfect, those storing a decent amount of STEEM and STEEM Backed Dollars would be much safer doing this than keeping it in an account that you interact with daily and are actively sharing private keys with "trusted" third party apps.
Be safe and be smart with your money, your future self will thank you!
Witness & Administrator of four full nodes
My recent popular posts
STEEM, STEEM Power, Vests, and Steem Dollars. wtf is this shit?
The truth and lies about 25% curation, why what you know is FAKE NEWS
WTF is a hardware wallet, and why should you have one?
GINABOT - The Secret to your Sanity on Steemit
How to calculate post rewards
Use SSH all the time? Time for a big boy SSH Client
How to change your recovery account
How curation rewards work and how to be a kick ass curator
Markdown 101 - How to make kick ass posts on Steemit
Work ON your business, not in your business! - How to succeed as a small business
You are not entitled to an audience, you need to earn it!
How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!
Building a Portable Game Console