STEEM Cold Wallet - How to protect your funds from anything

in steem •  2 years ago 


Source

After the Utopian-IO Hack yesterday, it got me thinking about a cold wallet for STEEM. Luckily funds were never at risk yesterday, but if you haven't noticed there has been a huge increase of phishing attempts and hacked accounts in the last few months.

I wrote a post a few weeks ago about how to Be Smart and don't get hacked which I recommend everyone reads if you are not comfortable with computer security, even then I recommend you check it out to see if you pick up something anyway.

Steemit is an interesting place, every action has a financial result, but also means it doesn't take much to accidentally send all your funds to someone or be phished if you are not super careful. In the crypto world, you typically protect your funds using a cold wallet.

What is a Cold Wallet

The concept of a cold wallet is simple, think of it like your bank account. You don't have easy access to those funds and must jump through hoops to get to them. These hoops being, write a check, goto the bank, transfer money, and so on. While a cold wallet is a little more than that, it's good enough for this example.

Next, you have a hot wallet, this is your wallet you use for day to day spending, think of this as the wallet in your back pocket or the one in your purse. This is what you use for your day to day spending and is always at risk of being stolen, pickpocketed, lost, or just misplaced.

While your hot wallet is a lot riskier, you don't typically carry much on you so you won't dramatically affect your lifestyle if it is lost or stolen. On Steem(it) most everyone is using the concept of a hot wallet. All their funds are in their main day to day account and at risk on a day to day basis.

You might use DLive and decide to use SteemConnect to give authorization to your main account. This is two third-party services (DLive & SteemConnect) you are exposing to your account. Fortunately, Dlive only uses your posting key but SteemConnect does require your Active key to make the change. While SteemConnect has been considered safe it may not always be the case. Every time you enter a private key into a third party site you are at risk and are giving up some form of security.

If you haven't noticed lately, there has been an alarming increase of phishing attempts via comments and posts attempting to trick users into giving up their active private key. If these attempts are successful, you will quickly see your funds drained and sent to a third party account and quickly sold on Bittrex or some other exchange.

Phishing account @dana1365

Another example of a cold wallet is a hardware wallet like the Leder Nano or the Trezor. These hardware devices act as a safe storage of your private keys and your private keys never leave the device. Unfortunately, they do not support STEEM or STEEM Backed Dollars.


Source: Trezor.io

So what can I do?

There are a two options, the first being send any funds you don't need on a day to day basis to an Exchange. They have a lot more security and are not being used day to day as a social media account. While this may seem to be more secure than leaving into your account, I highly recommend you do not do this.

Exchanges are notorious for freezing and stealing funds. I wrote two posts on this a while ago and highly recommend reading them as it shows you how unregulated and unsafe Crypto trading is.

I don't recommend using an Exchange as your cold wallet and I don't even recommend keeping funds in there unless you are actively trading.

So what do you recommend?

The solution I propose is simple, create a new account on STEEM and send all excess funds to it. In most cases, you should never need to log in to the account and most certainly won't need to log into it on a day to day basis or connect it to any third party apps. The fact you hardly ever log into it will give you far more security than storing funds on an account that you use on a day to day basis and connect to unknown third parties.

This secondary account does not and should not have any third party accounts linked to it like Utopian, Busy, Dlive, DTube, or any other future apps coming in the future. The goal is to interact with it as little as possible and don't login in or out of it on a daily basis. Think of it as a savings account.

While it is not perfect, those storing a decent amount of STEEM and STEEM Backed Dollars would be much safer doing this than keeping it in an account that you interact with daily and are actively sharing private keys with "trusted" third party apps.

Be safe and be smart with your money, your future self will thank you!

X48EJ

Why you should vote me as witness

Witness & Administrator of four full nodes

themarkymark.png

My recent popular posts

STEEM, STEEM Power, Vests, and Steem Dollars. wtf is this shit?
The truth and lies about 25% curation, why what you know is FAKE NEWS
WTF is a hardware wallet, and why should you have one?
GINABOT - The Secret to your Sanity on Steemit
How to calculate post rewards
Use SSH all the time? Time for a big boy SSH Client
How to change your recovery account
How curation rewards work and how to be a kick ass curator
Markdown 101 - How to make kick ass posts on Steemit
Work ON your business, not in your business! - How to succeed as a small business
You are not entitled to an audience, you need to earn it!
How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!
Building a Portable Game Console



Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

good helpful post. this is very alarmini and informative post. everybody halpful post.

I couldn't agree more @mdnajir..

Yes, the security risk is certainly the biggest downfall (IMO) for the entire crypto space. I hope that someone will come up with a wallet that is both easy to use and absolutely secure.

You explained well the difference between Hot and Cold wallet. Honestly speaking, I didn't knew its real meaning until now. After a year of immersing myself on Crypto space. This truly adds value to the reader of protecting ourselves from the hacker. No one will protect us if we messed up so be better gear up. Thanks @themarkymark

  ·  2 years ago (edited)

A month ago, here I described how to create such a cold wallet, which will be perfect for hodling :)

I've also linked there another article of mine, which describes, how to set a password for your steem account, which is not generated by Steemit website :)

Also, I am right now in the middle of my power-down process to transfer all my SteemPower from @noisy, to @noisy.cold, and to be honest... I feel much more secure since I started :) Of course, I delegate all that SP from @noisy.cold to @noisy, so... actually, nothing changed for in terms of my voting power :)

like it ! :)

Was a great article! I have it saved to check out the code later.

That is really a good idea. I never thought of that.

This is really cool @noisy!

But i put all my ETH, Ripple and BTC to STEEM so i don't need to worry about storing it from exchange. All i worried about is the phising technique used by hackers, so it's better not to click the link that we don't trust and never put your password in the other website make sure you login to STEEMIT.COM.

This is why a cold wallet is a good idea, you rarely ever log into it.

I know, but i can't put my STEEM into cold because i need it from my posts in steemit.

not everyone is in the situation to need this. Sounds like the case for you. Those that do, this very well save them from losing a lot of money.

Some good ideas! Thank you.
I'd never seen the actual little letters on a card before. Awesome idea.
Thanks again for showing us some possible better ways.

Thanks for this AWESOME tips

thanks for helping people store their money

Great advice! Much appreciated! I'm going to get on that! Thanks for the share! Resteem

Yes, safety first!...:)...

The Tree of Life, or Etz haChayim (עץ החיים) has upvoted you with divine emanations of G-ds creation itself ex nihilo. We reveal Light by transforming our Desire to Receive for Ourselves to a Desire to Receive for Others. I am part of the Curators Guild (Sephiroth), through which Ein Sof (The Infinite) reveals Itself!

This is a good idea and you could even power up the account and delegate it to your active account so that its not all unused savings.

i think ill work on getting that done. it'll take 2 weeks the way steemit registration is these days lol

There are a few ways to buy accounts instantly. You do not need to use the Steemit Inc faucet.

lol im a cheapO so i personally would wait :)

would be cool =)

Nice post. If you set up a secondary "low use account" make sure to delegate to your active account. You will not receive any utility from the Steem if it just sits in an inactive account.

Cool, and keep up the hard work.
DAMN fishers,
D.

I would say a multisig wallet will also be a good idea

Thanks for STEEM Cold Wallet, this way is the most safe.

With our money safe then nothing like it and doing day today spending with hot wallet than nothing like it . Even if our set is broken or stolen then alos our money is safe

Brilliant idea @themarkymark on creation of a secondary steemit account for use as a cold storage. What about using the savings feature of the wallet, is it a secure option?

It could be but it is very possible can drain the funds before you recover your account if a hacker gets it.

In theory you should be able to recover in 1-2 days but many times it can take longer as much as a week.

I too had been thinking about the lack of a cold wallet for Steem. The community should lobby Trezor & Ledger to include Steem in their roadmap.

I don't see Trezor or Ledger ever supporting it as it isn't a Bitcoin spin-off and would require a very hacky integration to make work. Using a good password manager like 1 Password would get you pretty much the best you going to get cold storage for STEEM.

so true, steemit isn´t like bitcoin or other cryptos.

But they already did it for a few other coins without bitcoin heritage...

So basically you are saying make yourself a @RanchoRelaxo account. Put all your funds there. Delegate some back to your account. And then place your Ranco account on auto upvote for your 10 post a day. Gotcha...

I knew I was doing this wrong. Now I know how to be a winner at Steemit. Can someone please delegate 300 Million SP to @Rancho-Relaxo for me? Thanks in advance.

this is very alarming and informative post ever.thanks to share with us.

super!!!
I was looking for this, thanks alot. you are awesum!

Thank you so much for this post.

Exchanges are notorious for freezing and stealing funds.

This is so true. Thank you for the reminder.

And the idea about having another account is really good. Never really thought of it that way. Thanks

I am still confused with the concept of hot and cold wallet. Did you mean cold wallet is a place where your transaction need approval first with high security and the hot one is a wallet with low security, where you can transfer your funds eaisly.
The rest of the article is very helpful. thanks for that

A hot wallet you use daily, like a normal wallet/purse. You don’t have a life changing amount of funds in it so if it was lost or stolen you wouldn’t loose much.

This might be a mobile app or something you access daily and should be secured but easily accessible.

A cold wallet is more like life savings. Security is critical and convienience is secondary to security. You might need to jump through hoops to get to the funds but that’s ok as you rarely ever need to draw from it. If these funds were lost or stolen it would dramatically affect your life style.

The point of a cold wallet is to increase security and reduce convienence.

Hope that does a better job at explaining it.

  ·  2 years ago Reveal Comment

Source
Spam is discouraged by the community, including comment spam.

More Information:
The Art of Commenting
Comment Classifications

Source
Spam is discouraged by the community, including comment spam.

More Information:
The Art of Commenting
Comment Classifications

very good tip. was already wondering what the option would be before you mentioned extra account. But dont you think steemit need to discaurage scammers by ensuring all accounts comes with extra security like those in most exchanges. Introducing 2FA or Google Auth is not rocket scince and i did write on it earlier but as usual, folks always say steemit is secured already. Once we have active 2fa, then phishing stops. thanks for this insight. upped

What I took away from this was not to use SteemConnect!

Thank you for a useful tips

Sounds like a plan.

Although most of us wont have too much liquid floating around, I like the idea of having an account that doesn't ever connect to 3rd party apps holding what liquid STEEM/SBD I do hold.

I think that this is the best solution. However, I would say that the best feasible solution for active participants who care about the size their accounts have on the community would be to put it all in SP. That way, even though you would not be entirely safe, a phish attacker would still need to power down for a week and that would give you more than enough time to log into your account, cancel the power down and change your password.

Another way to increase the safety of your account that many people don't do is to only use your posting key on other sites. That way, if something gets stolen, it's just a password allowing them to vote and comment. I think that Steemconnect should start enforcing and recommending this so that people don't go around putting their Master Password in unnecessary places, since this creates very big security risks.

STEEM Power is the way to go, but there are many reasons to keep liquid funds, and there are accounts that have thousands and even hundreds of thousands of liquid funds sitting in it.

Why would someone store hundreds of thousands of Steem and/or SBD on their account? I suppose it's a matter of ease of access. In that case, I think you're right and that the way to go would be a "paper wallet", or a "paper password".

don't you think folks who own huge sbd or steem prefers it in one account bcos of the respect and reputation it accords them. I still insist as i submitted earlier on 2FA and i know steem(it) has the programmers to work on it. nice point though... @cryptosharon

There are people who use 2FA to store their passwords even though it is not implemented on Steemit. It's worth a shot, I think.

Sure. Glad to have someone who agree with my submittion. Let's keep in touch 💪

¯\_(ツ)_/¯

Just rich people things.

There are much much smaller accounts that can still use the advice.

Actually this advice is more crucial for the smaller accounts. Big account owners most of the time know how to secure their accounts. That’s why they are still rich :) With the advent of bidbodts smaller accounts now enjoy possibility of having bigger upvotes. Since they need liquid steem on daily basis they can neither use savings facility nor Powerup their accounts. Even yesterday there was a steem user asking for help on SMT Telegram channel regarding his compromised account. This one and abundce of other cases tell us that it wouldn’t be logical to feel safe because you are not rich. Keep in mind that scammers also know that you think this way and you don’t pay attention to security. Big scammers might not be chasing you but there are lots of “plankton scammers” who would pursue even 0.01 steem on your account.
It’s a smart advice and i’ll take it. Better than being sorry :)

That was really helpful.

:)

outstanding... need to be very careful as we store our assests

I’ve mislaid my bitcoin paper wallet.

I put all my bitcoin in cold storage on a piece of paper and put it in the back-pocket of my jeans.

I thought “No worries, I can always make a copy tomorrow”. I threw my dirty jeans on the floor and went to sleep.

In the morning, I woke up. My jeans weren’t on the floor any more. I really need them as that paper cold-storage wallet is really worth a ton of money.

I would have asked my wife, but she’s gone out. She won’t be back for 10 hours.

I guessed the magic pixies came in the night, picked up my creased jeans, ironed them, and put them folded neatly in one of the cupboards. That’s what usually happens to the clothes I throw on the floor. But this time I looked in all the cupboards, and my jeans are not there. Now I am really worried that my millions in bitcoin won’t be found for days.

If any reader of this can give me an idea where to look, I’ll try it. There’s nobody here to ask. I am alone in the house. It’s eerie quiet, except for the distant sound of the washing machine in the basement.

Just brilliant. One of the most funniest things I've read in the past weeks.

Unless it's really true 😩🙃

If you’re absent during my struggle, don’t expect to be present during my success.

donald-dick.jpg

yes we need steem cool wallet

Thanks for shearing this post bro

I want to be a good world to trust each other.

Thanks for spreading this knowledge and attention! Cheers

Thank you for putting this post and reminding people of the ever present scammers that are always at the door.
I started my account on early march of this year and I have had a number of people trying to rob me.
I have also had very good advice from arcange, bullionstackers, abusereports. I have also uploaded a post regarding this matter which I like to share with our Steemit community.
I just like to help our community and to bring awareness to the ever present threat of phishing.
"Warning" This person "monicafrederick" has been posting link on my post. Please do not clink on the link because it will still your account.
Desktop 6-05-2018 9-09-09 AM-867.png

https://steemit.com/steemit/@cosmophobia/rwfn9y9r#@cosmophobia/6958x5c21

Thank you, I didn't know about the increased amount of fishing, really good idea with a second steemit account.

I agree that there should be a #coldwallet for #steem or a backup account, if the system gets hacked the backup account would be hacked in a high probability, although if you never log into it and don't interact with others apps, seems a safer way for storing your funds.
Money tree edit2.jpg

Except then you wouldn't have any voting power on your day to day, though I suppose there are people rolling in it who have an excessive amount I can't imagine!

Liquid funds cannot be used as voting power, Steem Power is already protected in the sense it has to be powered down (which takes 7 days to even get 1/13th of your funds) and by then you should be able to complete the Account Recovery process and regain access.

Right, but people without much VP probably don't hold liquid, because any Steem we get, we're putting into VP. My SBD I play with, in that I either sell it into various cryptos to pay bills and such, or I convert it to Steem and power up. I just don't imagine people holding liquid unless they're using it for something else.

It is not for everyone just those who hold a decent amount of liquid.

  ·  2 years ago (edited)

The STEEM / SBD would be what you were wanting as liquid - only Vested STEEM counts towards your voting power.

Andd, I didn't fresh after reading the post.

The advice is pretty good. I like the idea of a second account. Isn't Steemit against users having multiple accounts? I saw a post about how it is not recommended.

Not at all. Many users have multiple accounts. It is what you do with those accounts is the concern. As long as you are a good user there is no problems.

Ok thanks. As long as I've heard it from the witnesses mouth..

vote for witness
@themarkymark

Thanks mate. I voted for him too. Great guy!

It's certainly amazing that even in the light of Mt.Gox, and others that have gone up in flame, users still put full faith in their exchanges. Sure you have 2FA to prevent somebody else from stealing your funds directly but you have very little to protect you from an exchange hack or theft that leaves you unable to withdraw tokens and coins still visible in your account. NEVER LEAVE WHAT YOU CANNOT AFFORD TO LOSE AT THE EXCHANGE

Really need more thinking about security.

To say it in American way we're screwed

thank you for this helpful post

You got a 13.05% upvote from @postpromoter courtesy of @themarkymark!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

Useful information that should be taken advantage of

I think I really buy your idea of having a secondary account on steemit only for the purpose of saving unused funds.
Nice one @themarkymark

This is not a bad idea to have a separate accountto act as a saving s account. I wish there was support for Steem on something like a trezor.

Wallet security, a very hot button topic. Thank you for the knowledge.
Happy weekend @themarkymark!!

thank you , will be safe in steemit

Thank you for the heads up, but please allow me to ask, how exactly do you know the account you pointed out is a phishing account? And is it really okay to call out other accounts like that? Should it not be flagged for review by someone with the necessary authority to do so?

Also, concerning the proposal to use exchanges and the corresponding warning, this is mainly true for centralized exchanges since those can actually freeze your funds, right? However, using a decentralized exchange should allow you to avoid that risk, shouldn't it?

I know because it has phished multiple users. I know one who lost all their funds to the account.

Very interesting article. Thank you

@themarkymark great info......

I do this and work with vessel too.

very educative article

Nice piece
Very educative
I'm reading this from my chrome browser news headings

Cold Wallet ... It would be good if it were available here.

Your post alwayas useful and informative .Good job , i like it .

Your post is always different i follow your blog everytime , your post is so helpful . I always inspire of your post on my steem work . Thank you for sharing @themarymark

Follow my blog @powerupme

Hmmm.
I understand your point but STEEM in the main paradigm of steem should be invested in VESTS. With my 'little' account, I cannot imagine to power down and storing part of my steem in a cold account.

Most have some liquid funds, not just STEEM Power, but for the small minnow accounts, you don't likely need it. Just something to keep in mind.

cool

Like Post.JPG

Thank you, this post was very informative for me. An extra account sounds like a good idea, I would never ever think about it could be a kind of security.

That would be so cool if i had funds to place in a cold/hot wallet. With 0.5$ of steem in account what should i worry for? :D Nice post mr mark anyways its good information for big whales like you

good post, incredible, very useful.👍👍👍👍👍👍👍

great thank you

your amazing post is very good and useful for me and for all my steemian friends. i am very awesome postingan.terima for your suggestion that very extraordinary good this.

Thanks buddy for sharing the news with I salute you🙋🙋🙋🙋

oops I almost done wrong but Thanks for your advice sir! This is really effective @themarkymark

How would all that play into your voting power if you put your funds into a low use account?

It would be liquid steem and steem dollar which isn’t votable.

Great post! Will try to find a secure way for my funds (once the start rolling in that is) !

All good advice. I have a Ledger Nano, best investment ever! However, creating a second Steemit account sounds smart too... But is it not frowned upon?

so much money but you explained so little. whats up with the links too? why a hardware referel? I got a phone.

Thats exactly what I do. Sending excess steem/sbd to another account. Since I don't use that account too often, chances of it getting hacked is at a minimum. This is better than putting into savings or converting to sp, which is less liquid.

If only someone can come up with a STEEM software wallet than one can download to their PC or mobile device, and store STEEM/SBD offline, it would be great..

There is two.

Cli_wallet and Vessel

Thanks for the update..i was absolute clueless

This is a really really good idea
I would have never thought of it this way

Wow beautiful view in snow

From #venezuela supporting your work friend, greetings and as always I wish you continue to be successful in #steemit ....
@themarkymark

Gracias por tomar la iniciativa de alertarnos sobre los peligros que pueden existir, es una información muy útil que todos deberían conocer

Congratulations @themarkymark!
Your post was mentioned in the Steemit Hit Parade in the following category:

  • Pending payout - Ranked 3 with $ 601,02

Hm. Exchanges are definitely at risk of being hacked. I would not really look into that solution.

However I think someone once said putting the less used SBDs into Savings, which at least if your account is being compromised, the accounts in Savings will serve as a slowed down attempt for the hacker to withdraw your hard earned rewards.

(Since it takes 3 days to do so... unless I missed out something that they could speed up the process??

)

Another one for those who does not want to go through a secondary account, fearing someone else might accuse us of "circle jerking" attempts (I think that was what it meant), perhaps powering up would also be a good choice if immediate withdrawal is not necessary. That could have dramatically slowed down hackers from getting the earnings.

That was something I read before when I first joined Steemit.

Hello friend, excellent publication, I liked it a lot. Count on me, I invite you to visit my profile and count on you too, Regards

I was curious.
Thank you.

thanks for the info man! great post

Thanks for the information

You didn’t mention just powering up!

That's always an option and an obvious choice, but I see a lot of users with liquid funds in the hundreds and thousands and after yesterday and some more things I think will come to light soon got me thinking about it a lot lately.

A paper wallet would be better, but it is a good solution... Thanks for sharing

it's also good that phishers have to pay phishees to phish :D

Anybody else loved the first picture? Is magical!

Interesante post, @themarkymark.

Hello friend, excellent publication, I liked it a lot. Count on me, I invite you to visit my profile and count on you too, Regards

Its a very good concept. You people should consider it making the reality. Steemit is facing this hacking problem very frequent..

let's help each other vote on each other @zuhrafriska

Helpfull, and thank you lot that for
This secondary account does not and should not have any third party accounts linked to it like Utopian, Busy, Dlive, DTube, or any other future apps coming in the future. The goal is to interact with it as little as possible and don't login in or out of it on a daily basis. Think of it as a savings account. if this right.

let's help each other vote on each other @juninho

Thank sudah merespon @themarkymar

  ·  2 years ago Reveal Comment

Nothing to do with my post.