/biz/ - Business & Finance

>>26235167
Buy from amazon, not the official site.
Do not tell anyone about your crypto no matter how bad you want to brag/ help someone else.

Always keep your key and wallet in separate places, preferably separate homes if you can do that.

>>26235355
Why amazon and not the actual site?

Are there tricks to protecting your seed?

>>26235469
Because ledger has a history of leaking private customer information

>>26235527
No offence, but I dont see that as reasonable grounds to choose one over the other. The argument can be presented that because of the leak, Ledger has improved security beyond what amazon currently offers. On top of that, amazon could have similar weak points that are just not yet public information/exploited.

>>26235167
I store mine on the exchange

>>26235167
I have my seed phrase printed on two laminated cards. I keep one in my safety deposit box at the bank and one in a safe at home. I also have my seed phrase memorized (this is easier to do than you probably think, just use mnemonics and do a little practice).

My cold wallet is a Trezor T.

>>26235583
except its happened multiple times lmao

>>26235583
Amazon has been secure for basically all of its existence, and transacts for an amount of customers multiple orders of magnitudes larger than ledger, and yet you choose to be retarded? Just go ahead, ignore everything in this thread and lose your privacy, and probably your money.

>>26235167
Trezor, not Ledger. Trezor is open source as well. May want to look at Blockstreams new wallet as well.

As for seed phrase, think about using a book cipher. You can store this digitally so you never lose it. You can be creative with this. Or just hide a small piece of paper with 24 words somewhere, it's not hard.

>>26235355
Don't buy from Amazon. You're introducing at least two third parties here.

>>26235744
>seed phrase
? what is that? what is a seed?

>>26235744
I've heard some people use metal platers that you can punch your words into. Have you considered this? Also, are you concerned with your entire seed phrase being in the deposit box? An interesting strategy I once heard was having the seed phrase divided into A, B, and C, representing 1/3 each. Put A & B in deposit box, B & C in another, and A & C, in another. Has anyone done/considered this or something of a similar level of security?
>>26235816
relax

Is there a reasonable argument of storing your crypto on multiple wallets? Or is that unneeded, additional effort?

>>26236049
You don't need metal plates unless you're seriously worried about flood or fire. You limit the hide-ability here. Ink lasts hundreds of years on paper.

>>26236094
Same reason you'd store valuable things in multiple locations. Mostly overthinking it, but not the worst idea.

Invest in a PO box, a burner proton mail, and a google voip number for buying anything crypto related.
All of this information, which I submitted when I bought a ledger, has now been leaked. But I'm not getting sim swapped and fucked with because I too the precautions.
Do not use your SMS # for 2FA authentication. Use a dedicated authenticator like Googles Authenticator app. hardware keys like a Yubikey can be useful too.
On top of that make sure any email address associated with your crypto accounts of any kind, is secure. Long secure password, multiple accounts.
Store your private keys securely. Before I got more advanced mine were scribbled in the back of my favorite book.
>>26236094
Multiple wallets its a good idea but if you store them all the same way it's pointless as if one is breached they all are breached,

>>26236111
What about the owner of the deposit box. I know it sounds paranoid, but do you trust them in the worst case scenario?

>>26236185
What's a google voip number? The rest is very interesting and useful. So if one has already ordered a cold storage wallet, then are these steps still helpful? Because I imagine you do that to avoid sharing personal information with the supplier, but if that has already occurred, then there is no point, or am I seeing it wrong?

>>26236185
Looking at getting into eth, what the fuck happen to the websites used to be download the client and begin mining but i don't even know what eth mining client is let alone where to find a wallet.

>>26236049
>An interesting strategy I once heard was having the seed phrase divided into A, B, and C, representing 1/3 each. Put A & B in deposit box, B & C in another, and A & C, in another.
I don't want to risk losing a part of my seed phrase.

>>26236340
but in any of these cases, if one set of thirds is lost, the other two compensate. In the case that one set is lost, you just remake the set. Seems the safest route and it's not a problem if someone gains access to 2/3.

>>26236319
Exactly, I wouldn't hold it in a safety deposit box. Defeats the entire point of self custody. Throw some creative book ciphers on Google Docs as well as write them down. No one is ever going to know.

>>26235583
Leak not breach, meaning it's intentional so no reason for them to stop

>>26236401
Yeah, it's an interesting idea. I don't think I can think of a third place I'd want to keep it, though.

>>26236485
i'll hold onto it

>>26236625
I'm also mindful of making matters simpler for my executors if something happens to me. I want them to be able to access my assets so they can sell them or distribute them. But yeah, having instructions about your plan would probably be OK. I'm just turned off by the complexity of it, but it's definitely more secure.

>>26236485
You just pay for three deposit boxes at different commercial banks.

>>26236417
What's a creative book cipher?

>>26236185
What's a google voip number?

Another technical question for anyone. If you're in some sketchy third-world country, can the internet service providers screen watch you? How much access do ISPs really have?

https://ethereum.org/en/wallets/find-wallet/
What wallet is the best?

>>26235167
It depends on how much money you have in crypto, the more you have to more effort you should put into security.

>4 digits: ledger with a seed backup lying around is good enough
>5 digits: make the seed backup resistant to fire and theft. Storing a splitted seed at multiple locations on metal plates is common.
>6 digits: you now care about vulnerabilities that have a low chance to occur, for example a faulty random number generator or other hardware wallet vulnerabilities. Use an additional BIP39 passphrase (25th word) or multiple hardware wallets from different manufacturers.
>7 digits: setup a fake wallet with at least a few thousand dollars in case of robbery, actually you should probably do this when making the passphrase wallet. Ledger allows you to attach the fake wallet to a different pin. Also make sure the passphrase can't be easily bruteforced.
>Bonus1: Memorize your seed. You now can travel anywhere in the world with your crypto.
>Bonus2: Never tell anyone how much crypto you own.

>>26236823
Use a few books that contain all the words in your seed phrase.

I.e.

Seed phrase: mouse forest church

Book 1 (Harry Potter): mouse is 3rd word from second paragraph.

Write down something (also creatively if you wish) like Harry Potter, 3,2

repeat process and you can store it repeatedly and digitally

>>26235744
thank you for the info, anon
a kangz raid squad has been dispatched

>>26237051
>>26237155
Very interesting.

What's a BIP39 passphrase, could you elaborate?

Aside from the leak, is there an argument for the best cold storage wallet?

Do you guys not tell ANYONE about your crypto? When you say that, do you mean you dont tell anyone how much or you also dont tell anyone that you actually trade/hodl crypto?

How do you enable the fake wallet feature?

>>26236319
>>26236823
VOIP is Voice-Over-Internet-Protocol. It's basically a phone number not attached to a phone nor cellphone signal. Google offers Google Voice where you can generate a phone number using a Google account, meaning you dont need to buy a second cellphone to have a second phone number.

You can give this VOIP number out without worrying about remifications like someone Doxing you via phone number, or your real phone number being leaked in data breaches. You can sign up for accounts that need phone numbers without giving your real one away.

My phone # would have been leaked in the ledger Leak, but because I took the precaution of using a VOIP #, hackers now have something worthless. If you already gave them you're info you're fucked, tell your phone company and get your # changed asap, and disconnect the email you used from anything important, disable your phone number from any 2FA like Coinbase right now.

>>26237261
Bro.

I don't even know what wallet features are, when. I got into cryro it was a wallet that's it.

>>26237736
How, How the fuck do i store it on my pc?

I scratched my private keys into an etch a sketch and wired it to a claymore.

You just try to steal my crypto, I dare you

>>26236998
Metamask is great and allows WEB3 interactivity so you can use things like Uniswap. It can also connect between your Hardware wallet.

>>26237781
Yeah but you have to be able to remotely disable the claymore in order for you to get it. Inventive though.

>>26237734
Interesting. So you just have a phone number that is attached to your email basically? You've been super helpful, thank you! I checked the ledger docs that were leaked, and I wasnt included, thankfully.

Regarding the talking about crypto point, does no one know that you're involved in crypto? What do you tell people you do?

>>26237803
and that allows me to create a wallet for mining and buying?

Honestly pick 3 different exchanges and store a 3rd on each.

>>26238003
Yes basically an email phone #. I recommend learning more about all forms of internet privacy just as best practice.
>>26238077
Pic related is a Metamask wallet. It's a browser extension for Chrome or Brave or Firefox. It is a wallet, you can store Ethereum tokens in. Read up on what an ERC20 token is (most tokens). You can store ERC20s in an ethereum wallet as well.
Mining is not really worth it unless you have a dedicated miner rig and live somewhere where electricity is cheap, but yes you could send mined tokens to Metamask.

>>26238194
Any good places to start with internet privacy? :)

>>26238194
And you trust a browser over a decided program?

You know how easy it is to hijack a browser, right?

>>26237942
It's for long term cold storage

>>26238194
no offense but that sounds shizo

>>26238295
It's not stored in a browser. Go look up how Metamask works please.
>>26238252
Rob Braxman Tech on yt I appreciate just because he's a skeptical boomer. Just learn about VPNs, Tor, and Encryption to get started.

>>26238460
>It's not stored in a browser. Go look up how Metamask works please.
It uses a browser, regardless of how it works it still has a major fault that can be exploited.

>>26238615
Go, look, up, how, it, works, newfag.
And most of my crypto is not on metamask btw, its hardware stored, with bitcoin in cold storage paper wallet.

>>26238654
I've come from bitcoin which means store it on your pc, I don't care about someone else handling my bitcoins i'd rather do it myself.

I know alot bout computers and i can tell you when you say that your browser is secure it's not.

You see that banner advert above you, do you trust it? I wouldn't.

>>26238817
Post BTC or gtfo.

>>26238896
no begging, that's a waste of good suffering.

>>26238977
>begging
No, post proof you own any BTC, or gtfo. You don't know how metamask nor wallets work and are larping. Post BTC or gtfo.

>>26235355
>Always keep your key and wallet in separate places, preferably separate homes if you can do that.
why? if they get the seed they have both anyway

For my long term cold storage I use a paper wallet generated on an offline computer. I keep an accessible copy and a doomsday copy that is laminated, sealed in an ABS tube and buried.

>>26241517
ANONS GOLD?!

BETTER GET THOSE SHOVELS, BOYS.

ANONS GOLD!

>>26237261
>Do you guys not tell ANYONE about your crypto? When you say that, do you mean you dont tell anyone how much or you also dont tell anyone that you actually trade/hodl crypto?

Don't tell anyone you are even interested in it. The assumption is that you are rich.

Even though I have only four figures in crypto, the only guy I ever spoke with about it I told him I have nothing anymore and just crying about bitcoin mooning.

>>26236017
A password used to recover your crypto private keys + addresses

Anyone use the hardware wallet feature in metamask? Pretty convenient, also even if someone straight up knows my metamask password they can't do anything without the trezor info I only keep written

>>26235167
Best way to store your seed would be with some kind of physical cypher that only you know how to open.
Seed plates are also a good option because most people wouldn't know WTF they were looking at if they actually found it. (pic related)

>>26235720
Based

What do you think about Exodus?

This is my solution. You'll need two wallets (I bought 2 ledgers), 4 titanium plates, letter stamp kit, safety deposit box, 2 beneficiaries in case of your death, and a last pass/Google account. Write down both of the seeds, then somehow mix them up in some describable pattern. This way youll have two sets of 24 word seeds that idividually mean nothing, but if you know the pattern you can reconstruct the original two seeds. Afterwards use the BIP list and just change a couple of the words, this prevents someone that hypothetically gains access to the mixed seeds phrases from brute forcing your pattern.

Once your personal encryption is done stamp the new seeds into a titanium plate, then do it in duplicate. Should be 4 plates in total. One plate stays in your house. One plate goes to your safety deposit box (with second ledger). One plate goes to beneficiary 1, and the last goes to beneficiary 2. After this is all done, set up a last pass and/or Google drive. I used both. Last pass has a premium setting where someone with your permission may request access to your master account, but it gives you a buffer where you may deny their request. This is for if you die your beneficiaries can get into your accounts. Inside the Last pass youll make a document that tells both beneficiaries the steps necessary to unencrypt their seeds. I also set this up with Google, but instead of the permissioned people needing to request access to the account, Google with give them access after 60 days of account inactivity. I used both Google + last pass for sake of duplicity.

>>26243155
I keep one ledger at home that contains an acceptable loss should someone break into my house. I could also offer my titanium plate instead of the ledger if the nigger actually knows anything, but it's jumbled and useless. My second ledger and titanium plate are in the security deposit box. If some glowie seized the box, it's useless to them. If my beneficiaries conspire to steal my funds, they couldn't brute force it if they wanted to. If I do randomly die my beneficiaries will have instructions on how to use the titanium plates.

I believe this offers maximum security while being fairly easy to execute, didn't take more than a few hours.

Ledger nano S

Seed phrase is in the 111th page of a based book

>>26243449

Oh and my ledger pin is 8 digits

>>26235167
I have a ledger (24 seed phrase) as a long term storage wallet and a trezor (12 seed phrase) that i do my day to day trading on through meta. Nothing is held on hot wallets.

Seed phrases are held in a safe inside a gun safe inscribed in washers bolted together.

>>26235583
> *uses amazon locker*
Norhinf personab

they sell stainless steel seed wallets so it won’t get destroyed in a housefire, flood, mom throws it away, etc

>>26235355
>Do not tell anyone about your crypto no matter how bad you want to brag/ help someone else.
I find that super hard, especially with the all the moons lately.

>>26235583
Yeah, but if you are in the US it's likely that you already use Amazon/a service of a company owned by Amazon, and at that point you are just giving your data up to another company for no reason if you are going with Ledger's site. Just go with Amazon, they already have everything on your data is safe, they have a gorillion users and it's been fine.

>>26235167
on a .txt on a ftp server

>>26241517
What do you use to generate it offline?

>>26235583
you might be the dumbest gorilla nigger on this entire site

>>26243525
Its very easy to brute force that, anon

>>26237781
Jack bauer here, coming for your seed faggot

>>26247424
>being this utterly retarded

>>26247424
It resets after 3 incorrect attempts. Good luck.

>>26235355
you have no idea how easy it is for an Amazon packer to swap an official ledger order with a bugged one that'll allow them access to your coins

>>26237781
>place down my own claymore
>my claymore shrapnel deflects all of your claymore shrapnel
What now, faggot?

I store my 105k link on my trezor one, just as secure as the rest, I also use only 12 word seed and use the advanced recovery.
But I'm planning on upgrading my security:
>buy shitty cheap laptop
>physically remove wifi card, bluetooth, 3g/lte card if present, camera, microphone, speakers, and change hdd with silent ssd.
>use dice to generate 11 words with manual entropy
>enter them on my based laptop and generate 12th word using iancoleman or just bruteforce it, since it only takes at most 16 trials to find a working checksum
>open up my ledger and trezor one and check if both look like the ones on the trezor github board and the ledger website (board has no extra chips etc...)
>recover both with the same generated seed (I trust dice more than their rng generator)
>use a different passphrase on each (long passphrases impossible to bruteforce in less than 10000 centuries, use kaspersky website to try a few)
>put 50k linkies on each and keep 5k linkies on binance for a good future swing opportunity

>>26247675
Yeah I forgot
>burn the laptop after that
I'm rich as fuck now yet still too cheap to buy a 100$ laptop to do this on because conditioned myself to become cheap to accumulate the linkies in 2018

Is it safe to connect ledger nano with metamask but never store the seed if metamask?

>>26235167
Just put that crypto to work on blockfi. Ignore the fud, blockfi is as secure as it gets as long as you 2FA your account.

>>26235167
Number 1 tip, dont buy hardware from a frenchjeet

>>26235167
bip38 paper wallets multiple copies at multiple locations also digital copies

hardware wallets are retard expensive if you are not using them daily just hodl.

>>26248227
WTF THERE ARE STILL 3 BITCOINS ON THAT WALLET!!! ARE YOU CRAZY????

>>26235167
Noob here. I thought crypo security is just about the private key, so why not just use a secure password manager with a strong passphrase? Why the special devices?

>>26248970
you made me look nice troll

>>26249134
Private keys can be stolen by tampered clients, keyloggers, memory scanners, etc. Most malicious software will eventually target this so having an hardware wallet is useful. You don't have to fall into paranoia, but making a clean OS install with the crypto official wallet is usually better than the common trojan filled normie desktop.

Question:

Is it possible for a hacker to simply brute-force a working seed phrase by just trying out thousands of combinations?

i bought mine second hand from ebay, great value

I use an online service called Sneeds Seed Feed. It allows you to instantly Sneed your Seed right into a live feed.

>>26250009
Technically yes, but it takes 0.65 billion billion years on conventional computers (according to https://bitcoin.stackexchange.com/questions/2847/how-long-would-it-take-a-large-computer-to-crack-a-private-key))

>>26247675
>>26247675
If you're gonna do all that why not just a paper wallet?

Laminated piece of paper and hidden in 2 different spots.

safu.ninja

>>26250183
Referencing a dictionary attack here because the attempted seed checks would take up a lot of memory. You could get lucky and guess it right away though. I would recommend buying a lottery ticket instead.

>>26250266
Yeah maybe I'll do that, myetherwallet can generate signed tx as qr, so just use an online pc to get nonce and enter that in airgap mew with tx then sign it, then generate signed qr tx and scan it with phone or online pc and broadcast.

>>26235167
I bought a ledger from a 3rd party ages ago, still packaged.
How can I be certain it’s not tampered with?

>>26245582
>Mom found the seed phrase

On a serious note though I have one of these, they are quite good. Used amongst other methods of course, a lot have already been said in this thread so not going to repeat.
I will say though, in any previous threads like this I am shocked how many people just write the seed on the bit of card that comes with the Ledger and that's it...nothing else, they are in for a big surprise one day.

>>26245582
this is not security it's bullshit.
you fags are being ripped off by these fucking con artists.

>>26250534
by buying a trezor, directly from trezor

>>26250422
I thought the entropy is the same (2048^24 = 2^264 > 2^256), but there are some non-random bits in the selection of words in bitcoin apparently https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic

>>26235744
>I also have my seed phrase memorized

In intentionally don't memorise my seed phrase. What if I get drunk/drugged up and start boasting about my recall abilities? Much easier to give it away than if you have hard copies very well secured.

Are hardware wallets overkill tinfoil?

My Exodus wallet is installed on a macbook that never leaves the house and is only used for crypto, I am also at home like 95% of the time. I have my backup phrase handwritten on a few small pieces of paper which I have strategically planted at various secure locations, I am very careful about this because I know any dumb nigger who finds it and knows anything about crypto will be able to figure out what they are so the hiding spots are pretty solid.

Short of someone hacking into my lan/wifi or physically entering my home and stealing my shit or filming me while I was writing down or looking at my phrases do I really have a lot to worry about in terms of remote online attacks or getting fucked over in general?

>>26236049
I’ve been recommending that strategy on /biz/ a few times. Just split the seed phrase between different family members you trust, don’t tell them exactly what it is (just say it’s some important documents, seal the envelope) and make sure the splits “overlap” so you’ll be fine if one (or several) of your family members lose them. You can also keep part of the seed phrase (but not all of it) in your own house. Make it so that you need codes from 3 family members to complete the seed phrase.

This is pretty much a bullet proof strategy. I told my mom to collect the codes from family members if I die.

>>26251219
>anon dies in accident with a family member
> remaindermen have 2 dead relatives and no crypto

:-/

>>26235355
>Buy from amazon, not the official site.
LMAO yeah so the reseller can write down the 24 words and then steal your fucking coins once he backs up your device to his? You really didn't think this through did you. Ledger's site is fine.

>>26242835
what is the sauce on this product?

>>26249931
>but making a clean OS install with the crypto official wallet is usually better than the common trojan filled normie desktop.
i would even take it that extra autist step and install a VM with linux and let the wallet reside within that.

>>26235583
>>26235527
Ledger's latest "leak" was from two Shopify employees stealing shit tons of customer data from stores all over the platform. Shopify has since tightened its asshole and put huge warning flags and tripwires on another access merchant data when they obviously shouldn't be. It was a huge embarrassment for JML (head of security, who is actually one of the coolest dudes there) and he made damn sure we got shit far better and focused to keep that from happening again. The initial culture of Shopify prevented it, but now its fixed.
>t. Shopify Employee

>>26251261
Maybe I didn’t explain it well. But I’ve set it up so that all of the splits overlap a lot. So it’s not a problem if one of my family members lose their codes. And I have the password for my hardware wallet hidden in my home as well (which my mom knows about).
For me/ my family to lose access to my crypto I would have to lose my hardware wallet AND two of my family members would have to lose their parts of the seed phrase.

anyone know where i can find a durable metal equivalent of pic related? i have a few slips of paper strategically hidden around my place but i would like to atleast encase one of them in metal while i shop around for a good engraving solution.


>>26250541
i have it on 3 tiny slips of paper hidden amongst my house and 2 at my parents. my place is very cluttered and i have all sorts of stashes of old random papers so you would have to know where and what to look for if you every wanted to access them.

>>26235167
coinbase, they are insured and it makes like that much easier. It worth it for the 0.3% fee to sell.

>>26251602
I think the main FUD associated with exchanges is that they are bigger targets for hackers or the government if they ever decided to try and seize everyone's assets.

>Get three different hardware wallets, back up each seed on a different steel plate, split my wealth between those three.
>Distribute the steel plates to my trusted family members, one per geographical location, and keep one in my apartment.
>Set up the same, strong passphrase for all wallets.
>Memorize the passphrase and tell my family members to memorize it as well in case I die (I really want them to be able to inherit my wealth).
>The passphrase will thus never be written down and only exist on the biological media, that is, our brains collectively (and theoretically on PC whenever I enter it to unlock the wallet).
>Keep some decoy funds on the no-passphrase account so I can notice immediately if any of my seeds is compromised (bc of china's quantum computer, theft or other).
>Memorize all the seeds too in case I have to flee the country. I have good memory so it's easy for me.

Assuming I trust my relatives with my life, is this strategy stupid or bulletproof?

t. peak schizo

>>26251539
>not engraving it stone

Another good solution
>trezor model t
>memorize 12 word seed
>use passphrase and memorize it
>keep 95% on passphrase wallets and 5% on no passphrase wallet
>contact coingecko and tell them that if they hear I died they should just substract 100k linkies from the circulating supply forever

>>26252234
not a terrible idea if youre up to the challenge. could prolly use a piece of marble tile sample if you got skill.

>>26252177
>t. peak schizo
>not kms as soon as family members mention the word crypto

>>26252239
>12 words
Ohnononono

>>26235355
Imagine being this dumb.

>>26252177
sounds convoluted weak and expensive.

>>26252965
Why weak though? I don't care about the additional expenses considering how much I hold.

>>26253033
weak because it involves trust.
i like my security schemes trustless.
for example here is what i did:

multiple bip38 paper wallets stored at multiple locations. if i dies my relatives have access to them, they don't know the passphrase however while i'm still alive.

i used shamirs secret sharing to create n of m pieces distributed some pieces to my relatives on secure channels (but their pieces are inadequate to solve the passphrase) and some pieces are in my will and some remain in my possession while i live.

so basically if not all of my relatives survive they can still solve the puzzle but not until i live. and the attorney can't solve the puzzle without colluding with all my relatives while i live and also has no access to the wallets themselves.

so i mostly just trust in people not conspiring on a grand scale. but don1t trust anyone individually.

it also cost nothing, no gadget that can go bad or get stolen... if anyone breaks in to anyone's place they get jack shit.

i have eons of security for $0 instead of hours for fuck knows how many bucks.

>>26235167
NGRAVE ZERO is a new wallet, coldest on the market . www.ngrave.io

Tfw have a cool number of zerps but have to buy more so I'll lose the digits

>Taking all these precautions

Let me guess, your wallet is worth like $114.35?