62
63

I just bought 5 bitcoin. (self.Bitcoin)

MichelPlatini 投稿

Currently stored in Blockchain Wallet.

What is stopping blockchain from stealing it?

全 120 件のコメント
並べ替え:
ベスト
トップ新着論争中古い順Q&A

[–]uglymelt 42 ポイント43 ポイント  (42子コメント)

if you have the money to buy 5 bitcoins spend 60-100$ for a hardware wallet like ledger nano s or trezor

[–]MichelPlatini[S] 4 ポイント5 ポイント  (35子コメント)

are they reliable? i have ha usb drives and sd cards corrupt before.

[–]nastypoker 7 ポイント8 ポイント  (17子コメント)

You don't need the hardware to be reliable necessarily. You will create a seed which can be used to restore your bitcoins on any compliant wallet. So if you lose or break your hardware wallet, no worries.

[–]fuyuasha 5 ポイント6 ポイント  (13子コメント)

Exactly, I second getting a Trezor at anything > 0.5 BTC level, and as nastypoker said, seed words are UR friend, 1st thing I did was practice restoring 0.001 BTC loaded on my Trezor in Mycelium until I was comfortable and had personally documented how to do it.

[–]DexterousRichard 0 ポイント1 ポイント  (7子コメント)

I love trezor but I've been wondering about its seed.

Why does trezor use a 24 word seed when other HD wallets only need 12 words??

[–]-johoe 5 ポイント6 ポイント  (5子コメント)

Currently the recovery procedure needs 24 words to be secure, because it leaks the words to the local PC but not their order. There will be a new firmware soon, that supports a new recovery mode that does not leak anything about the seed.

[–]DexterousRichard 1 ポイント2 ポイント  (1子コメント)

Does that mean that seeds will go to 12 words?

So are they presently using some proprietary algorithm to divide entropy among the words?

[–]-johoe 2 ポイント3 ポイント  (0子コメント)

Trezor uses BIP39, which allows 12, 18, or 24 words seeds. Most other wallets use bip39 with 12 word seeds.

I'm not sure if it's planned to change the default in the UI soon. Trezor already supports 12/18/24 words, however, the UI only allows you to choose the number of words on recovery and will always use 24 words when you create a new seed.

[–]JasonPollack36redditor for 20 days 0 ポイント1 ポイント  (2子コメント)

Meaning there are 24 bits of security? Taking about 3 nanoseconds to crack?

[–]-johoe [スコア非表示]  (0子コメント)

No, with 11 bit per word (2048 possible words), these are 256 bit plus checksum. If you know the words but not the order, there are still 79 bit. See the Trezor FAQ for a discussion.

[–]s7orm [スコア非表示]  (0子コメント)

No. For example if you assume the word list is 256 words long, that means it's 8 bits of seed per word, so it's a 24*8 = 192 bit seed. This is a simplification, read the standard for actual technical details.

[–]fuyuasha 0 ポイント1 ポイント  (0子コメント)

Trezor uses BIP39

[–]mrbearbear 0 ポイント1 ポイント  (4子コメント)

Would you recommend ledger too? Or just trezor?

[–]Coinosphere 1 ポイント2 ポイント  (2子コメント)

Keepkey is the most durable, in fact.

[–]stickac 1 ポイント2 ポイント  (1子コメント)

I really doubt that. Bigger display means less durability.

[–]221522 [スコア非表示]  (0子コメント)

So insecure lmao. Not a good look to keep talking shit about competitors and calling their satisfied customers shills.

[–]221522 -1 ポイント0 ポイント  (0子コメント)

Both are good as well as KeepKey.

[–]Anduckk -1 ポイント0 ポイント  (2子コメント)

So if you lose or break your hardware wallet, no worries.

Losing it would be bad. Keys can be read from Trezor with the correct tools. And probably from other hardware wallets too, but it requires a lot more. (Security chips are harder to break than non-security chips.)

[–]nastypoker 4 ポイント5 ポイント  (1子コメント)

Whilst true, if as soon as you lost the wallet you got your moved the coins somewhere safe then you should be OK.

[–]Anduckk 1 ポイント2 ポイント  (0子コメント)

Indeed!

Btw, also the transaction history would be leaked.

[–]vamprism 4 ポイント5 ポイント  (1子コメント)

Are they reliable? Vastly more reliable than storing them on a Blockchain mobile /web wallet.

I think most people would feel quite comfortable storing millions on some hardware wallets.

Recommendations: Trezor or Nano S

[–]xbach 1 ポイント2 ポイント  (4子コメント)

Trezor has been on the market for many years and not a single bitcoin was hacked from it. If the device breaks, then you have a backup in form of the recovery seed, which you can use on any BIP39 compatible wallet

[–]JasonPollack36redditor for 20 days 0 ポイント1 ポイント  (3子コメント)

If someone steals the seed, can she take bitcoins using another trezor? If yes, trezors are no more secure than paper wallets (of course nobody can remember 24 random words so it must we written on a piece or paper somewhere)

[–]stickac 1 ポイント2 ポイント  (0子コメント)

The difference is in spending coins. You cannot safely spend bitcoins from paper wallet, but you can do this with TREZOR.

[–]xbach [スコア非表示]  (0子コメント)

They are, since you can spend securely our of a TREZOR. With a paper wallet you cannot do this. The paper backup is supposed to stay hidden and secure, while you use your TREZOR. This, btw, applies to all hardware wallets.

[–]geofflosophy [スコア非表示]  (0子コメント)

Also they would still need your pin and passphrase, which ideally you would store in an alternative location.

[–]Coinosphere 1 ポイント2 ポイント  (0子コメント)

Yes, they're powered through the USB cable and don't have an operating system so they don't crash. Basically they're just encryption keyrings that hold your private key very tightly and never let it onto your PC where hackers can get them.

If you manage to run over one with your car or something, you can still access your money with the seed phrase that they force you to write down on paper.

[–]gonzobon 0 ポイント1 ポイント  (0子コメント)

Trezors are reliable and you can back them up with a paper seed.

[–]magasilver -1 ポイント0 ポイント  (0子コメント)

are they reliable? i have ha usb drives and sd cards corrupt before.

They are trusted number crunchers, not storage despite their marketing. Your memory or a scrap of paper are more then enough to store all the bitcoins in the world.

Really, a trezor or ledger wallet should only ever be loaded up with your secrets when you need to spend it. by default i think it is best to leave them blank. Generate the first 100 or so receive addresses, print them out, then delete the thing's memory.

When you want to spend, recover the mnemonic into the device so it can make transactions. If they broke in the meantime, you are only out the price of the electronics.

Pay attention to compatibility: only choose bip44 compatible hardware or wallet software.

[–]keymone 0 ポイント1 ポイント  (5子コメント)

What are best non-physical alternatives atm?

[–]Spilop 6 ポイント7 ポイント  (0子コメント)

TAILS with Electrum :)

[–]killerstorm 2 ポイント3 ポイント  (3子コメント)

Depends on how you want to use it and your level of technical competence.

[–]hihhsredditor for 2 months 0 ポイント1 ポイント  (2子コメント)

what's the best alternative for cold storage?

[–]fijifhfhwiredditor for a day 0 ポイント1 ポイント  (0子コメント)

Multiple encrypted paper wallets stored in different locations. With a damn good bip 38 encrypted password, don't use a random password generator. Generate wallet on tails, on a computer that is not connected to the internet.

Or get a trezor, ledger, keepkey...etc. Don't buy Chinese knockoffs.

[–]killerstorm [スコア非表示]  (0子コメント)

Probably something like "Boot Tails Linux, generate a new seed and write down seed & addresses".

Personally, I used this. People who are paranoid might prefer something based on libsecp256k1, as it is thoroughly reviewed.

[–]Anderol 6 ポイント7 ポイント  (0子コメント)

get the ledger nano s, its slick as fuck

[–]glockbtc 7 ポイント8 ポイント  (0子コメント)

They don't see your keys

[–]coolfarmer 5 ポイント6 ポイント  (0子コメント)

Bro, truste me, buy a Ledget Nano S Hardware wallet. It's the best decision you can take.

[–]maynihc 10 ポイント11 ポイント  (13子コメント)

Nothing really. That's why you should send it to a wallet you control as soon as possible.

[–]MichelPlatini[S] 3 ポイント4 ポイント  (9子コメント)

I would but I have already lost $200 when I bought 1BTC before which was in a paper wallet. :(

[–]WalterRyan 5 ポイント6 ポイント  (1子コメント)

How did you lose it?

[–]nikiu 3 ポイント4 ポイント  (0子コメント)

Probably lost the paper wallet.

[–]dbvbtm 4 ポイント5 ポイント  (0子コメント)

You could try Mycelium wallet on your mobile phone.

Just write down the seed and store it somewhere safe.

[–]BitcoinQA 4 ポイント5 ポイント  (0子コメント)

Michel - owning Bitcoin means being in possession of cryptographic keys.

One way or another - you possess these keys. If you don't possess anything, you don't own Bitcoin.

With Blockchain.info, your keys are converted into the form of a login, a password. They claim they don't keep a copy of your login/password, and each time you login, their app converts your login/password back into the raw key form, and uses their web interface to let you access the Bitcoin associated with your key.

However, if Blockchain.info disappears, you'll need a way to convert your login/password back into a a raw key, and then use a different interface to transact using that key.

If this happened, it's a safe bet someone will build a quick converter to help themselves with this problem, then share it with the community.

Since you have to posses cryptographic keys anyway, you're better off keeping them in a form that is more universal, like a paper wallet (for long term storage) or a 12-word seed (for semi or regular usage in a variety of Bitcoin apps)

[–]ebaley 1 ポイント2 ポイント  (3子コメント)

Leave it on blockchain.info if you don't know what you're doing but download a backup.

[–]DajZabrij 0 ポイント1 ポイント  (1子コメント)

If he don't know what he is doing, he is soft target for phishing.

[–]jarfil 0 ポイント1 ポイント  (0子コメント)

If he doesn't know what he's doing, that's like giving $100 banknotes to a kid to play with them next to a fireplace.

[–]romjpn [スコア非表示]  (0子コメント)

If you do that, at the very least setup 2FA and encrypt the back up with 7zip and AES256.

[–]jarfil -1 ポイント0 ポイント  (0子コメント)

Did you also lose a couple papers with "$100" printed on them? No? Then you should reflect on why would you lose a paper with the keywords to a bitcoin account with $200 on it, but not a couple hundred dollar bills.

[–]waxwing 1 ポイント2 ポイント  (2子コメント)

Blockchain.info wallets are controlled by the user, the private keys are not seen by their servers.

[–]Sheemap 0 ポイント1 ポイント  (1子コメント)

Where are the private keys stored then?

[–]waxwing [スコア非表示]  (0子コメント)

blockchain.info only has an encrypted copy. For this reason if you lose the password you lose the coins. Note: I've never used them, but this was always their big selling point, kind of surprised that many in this thread were not mentioning this.

[–]TatianaWisla 10 ポイント11 ポイント  (6子コメント)

Control your private keys. If you don't, you don't own the bitcoins. Period.

There are horror stories after horror stories about people not controlling their bitcoins. Don't be one of those people.

It's not that difficult to obtain, secure and backup your own wallet. When shit hits the fan, you'll be glad you did. Just ask any Mt.Gox user that still had balances when it went 'poof.'

[–]waxwing 2 ポイント3 ポイント  (5子コメント)

Blockchain.info doesn't have access to user private keys.

[–]TatianaWisla 3 ポイント4 ポイント  (2子コメント)

Although I like that Blockchain can't access your keys, if you didn't backup their encrypted cloud storage, and somehow Blockchain.info goes dark, for any reason, you'd still be SOL.

That being said, never give anyone your private keys and, for God's sake, have a secured backup. Then enjoy life.

[–]waxwing 1 ポイント2 ポイント  (0子コメント)

Yeah, I've never used them, and don't like that model generally. They've also had some unfortunate incidents over the years. But we should present the facts, and tradeoffs, accurately.

[–]Rtoddarredditor for 3 months 0 ポイント1 ポイント  (0子コメント)

I use Blockchain. You can back up your wallet as a json file or 12/24 word seeds, which means you own your wallet if they go dark.

[–]wealthandfitness 0 ポイント1 ポイント  (1子コメント)

-needs citation

[–]Cryptolution [スコア非表示]  (0子コメント)

-needs citation

You know they are a open source project right ?

There is all the citations you could ever possibly want or need. The code has been looked at extensively by many cryptographers over the years. It uses in-browser crypto to generate keys and then to store your wallet as a encrypted container on their servers. At no point does the site store your keys because the keys are only used in a local in-browser session.

This is why there have been horror stories of people who created a new address, sent funds to it, then lost all those btc because their connection was shitty/lost so the browser didn't upload the new container with the freshly generated address/keys.

protonmail.com is a example of this technology, except for e-mail.

If you do not understand something, instead of being a snarky little shit, why dont you instead ask for clarification on the issue? Ignorance is fine so long as it is approached with a healthy dose of desire for learning, e.g. ask questions. But this type of response is just trolling with no pretense for wanting to learn. Dont be a troll. Be the guy who actually wants to educate himself and become a better person.

[–]bitusher 4 ポイント5 ポイント  (9子コメント)

Buy a ledger or trezor ASAP.

[–]PumpkinFeet [スコア非表示]  (1子コメント)

What about a second hand laptop off ebay that is is permanently airgapped? Cheaper and more versatile (will handle future altcoins) is it not?

Only problem is less convenient.

[–]bitusher [スコア非表示]  (0子コメント)

As long as you backup the wallet on laptop and store that elsewhere securely and the laptop is locked down and secure than that is fine but more expensive and cumbersome than a hardware wallet.

[–]221522 -2 ポイント-1 ポイント  (6子コメント)

Or KeepKey

[–]stickac 2 ポイント3 ポイント  (5子コメント)

Three times in the same thread? That's pathetic. I hope you at least get paid for this.

[–][削除されました]  (4子コメント)

[removed]

    [–]POTEU [スコア非表示]  (1子コメント)

    I hope you know whom are you calling a moron...

    [–]stickac [スコア非表示]  (1子コメント)

    Haha, how ironic :)

    [–]221522 [スコア非表示]  (0子コメント)

    Wow. I mention keepkey because theres an ongoing trezor/ledger circlejerk and keepkey deserves more love. It has better features than trezor. You sound really mad and super insecure about that. Keep whining about paid shills. Real mature.

    [–]dxne 3 ポイント4 ポイント  (0子コメント)

    Keepkey ;)

    [–]BTC_Foreverredditor for 3 months 2 ポイント3 ポイント  (10子コメント)

    Nobody will steal it from that wallet if you keep safe your backup and stay away from malware.
    I use that wallet from 2012 (mobile and desktop) and I never get robbed.
    But is true that you still don't have full control of your keys in that wallet. You should keep large amount of BTC in a wallet that gives you the option to export your keys and you can import those into another wallet in case you can't access this one.
    Here is my mobile screen :)

    [–]Shitoshi_Fuckamoto 2 ポイント3 ポイント  (7子コメント)

    Looks like you're an easy target for the $5 wrench attack.

    [–]BTC_Foreverredditor for 3 months 1 ポイント2 ポイント  (6子コメント)

    I have only change in there, the heavy amount is on trezors

    [–]Shitoshi_Fuckamoto 0 ポイント1 ポイント  (5子コメント)

    It doesn't change the fact that you're advertising very openly you own bitcoin (I could see the bitcoin icon in your phone from the distance).

    [–]BTC_Foreverredditor for 3 months 0 ポイント1 ポイント  (4子コメント)

    you're advertising very openly you own bitcoin

    Is not obvious if I am posting here? So if I show you that I have several wallets on my phone, what you can do? Watch and scratch your head how to steal my BTC? Please, try it, steal my icons :)

    [–]Shitoshi_Fuckamoto 1 ポイント2 ポイント  (3子コメント)

    Here we don't know who you are, where you live, etc. In the real world if anybody can see you're a bitcoin user there's no plausible deniability and you could become an easy target for the $5 wrench attack.

    [–]jarfil 0 ポイント1 ポイント  (2子コメント)

    In the real world, a $5 wrench attacker might as well think that you may have a couple hundred in your wallet, some credit cards that you could be "asked" to get money from at an ATM, a watch, and a pair of boots.

    Or they might see an umbrella that you left lying in the open inside your car, and smash the window just to get it (true story, they didn't take anything else, a window smashed just for a lousy umbrella).

    [–]igadjeed [スコア非表示]  (1子コメント)

    Heavy rain increases the marginal value of an umbrella

    [–]jarfil [スコア非表示]  (0子コメント)

    Yeah... this was in July, on a sunny >30ºC day, in a southern city in Spain, next to a church.

    Asshole break-in if I know any.

    [–]sQtWLgK 0 ポイント1 ポイント  (1子コメント)

    CyanogenMod!

    [–]BTC_Foreverredditor for 3 months 1 ポイント2 ポイント  (0子コメント)

    Yes is CM, but is modified by a friend. Few things for more security. I never let my phone with the original shit OS.

    [–]PixelPhobiac 1 ポイント2 ポイント  (0子コメント)

    But the million satoshi question is: is it the right time?

    [–]Sk8erBoii 1 ポイント2 ポイント  (0子コメント)

    i have 3 full bitcoins in my blockchain app in iphone

    whats everyone being so paranoid about?

    [–]goxedbux 1 ポイント2 ポイント  (0子コメント)

    Nothing stops them. You should use a local wallet like bitcoin core(resource intensive) or electrum(lightweight)

    But hey, mr Platini, you have better not mess up with Bitcoin. Football is enough :P

    [–]Daparskiredditor for 3 months 1 ポイント2 ポイント  (0子コメント)

    Did you really bought something for more than $3,700 without understanding it?

    If you keep them on blockchain.info DO set 2FA (not SMS - google auth or yubikey) and second password. And don't use the same passwords as your email

    [–]Coinosphere 1 ポイント2 ポイント  (0子コメント)

    The most secure way to store these without paying any more money:

    Make a Tails USB drive https://tails.boum.org/ from scratch, and send them to your Electrum wallet in the tails drive. That wallet will force you to write down your seed phrase on paper, so keep that seed hidden and safe.

    Then only use the tails drive sparingly, so malware can't get on it... Basically keep it as a whole OS for your wallet to use.

    [–]FluxSeer 1 ポイント2 ポイント  (0子コメント)

    blockchain.info is not a very good wallet for keeping large amounts safe. Look into hardware wallets like Ledger or Tezor

    [–]JasonPollack36redditor for 20 days 1 ポイント2 ポイント  (0子コメント)

    You are now in the world's richest 0.1% (well, you grandchildren for sure)

    [–]XfsMonsta [スコア非表示]  (0子コメント)

    you moved the market

    [–]I-am-the-noob 0 ポイント1 ポイント  (0子コメント)

    You never know what can happen to the service. I don't think they want to steal it, but as long as you have your money on a 'bank' you are not the bank.

    [–]chaparrobit 0 ポイント1 ポイント  (0子コメント)

    Buy an hardware wallet. It's safe and easy to use.

    [–]Lite_Coin_Guy 0 ポイント1 ポイント  (0子コメント)

    dont store it if you want to keep it for a longer time...

    [–]lolwerds 0 ポイント1 ポイント  (0子コメント)

    first .. congrats. brand rep stops them stealing it today. exit scams can hit any size operator, especially those operating in countries that make piercing the corporate veil nigh impossible.

    not saying that is what Blockchain.info is doing , or setup to do , I love them TBH , but you asked , so here is a truthful answer.

    bitcoin will go through many of the same issues that cash did , online wallets are like the banks of old , so it's logical, we'll see heists. opsec , devsec , 0day sec at most of these companies is laughable at best.

    trust only what you can control.

    [–]Xenepa 0 ポイント1 ポイント  (1子コメント)

    They don't see your private keys and only store them encrypted. That is at this point in time. Nothing stops them from adding extra code that will log your password AND you don't know if they haven't already.

    Basically, right now, only their reputation.

    [–]Daparskiredditor for 3 months 0 ポイント1 ポイント  (0子コメント)

    not reputation, but TRUST. Nothing stops trezor to do the same trick their next update, or Electrum, or any other service provider

    [–]bitsteiner 0 ポイント1 ポイント  (0子コメント)

    Instead of doing a blockchain.info wallet backup and extracting the private keys, it is much easier to transfer them on the own wallet. Use a BIP-standard seed wallet, then you don't have to care about products disappearing - you just enter the seed if you need to switch wallets.

    The blockchain private key extracting process seems to be quite complicated: https://github.com/OmniLayer/omniwallet/wiki/Exporting-Private-Key-from-Blockchain.info-and-Importing-to-Omniwallet.org

    [–]boomtnt46 0 ポイント1 ポイント  (0子コメント)

    Write down the private keys and secure them.

    [–]guitarHero380 0 ポイント1 ポイント  (0子コメント)

    I'd keep spending money in a mobile wallet and the rest in a hardware/offline wallet.

    [–]FlappySocks 0 ポイント1 ポイント  (0子コメント)

    Get a hardware wallet.

    ALL other options either assume you don't have malware on your computer, and/or your incapable of making a mistake.

    [–]totallysunkdude [スコア非表示]  (0子コメント)

    So is coinbase no Bueno then?

    [–]pazdan [スコア非表示]  (0子コメント)

    round and round we go, god this sub has been rinse and repeat for like 3 years now.

    [–]RoofAffair [スコア非表示]  (0子コメント)

    You are much more likely to click on a fishing link that leads you to something like bIockchain which will drain your funds. Google ads are nefarious for linking to these scam sites.

    I'd highly recommend a cold storage option (created, and stored securely) for larger amounts; and a wallet such as mycelium on android for easy access day to day spending. Essentially amounts you normally wouldn't carry with you, keep in cold storage. Amounts you use and don't mind risking (ie: cash in wallet) keep in an active hot wallet for easy and quick access.

    Bitcoin is not limited to a single wallet. Use as many as you like to spread the risk of one service/device being compromised or failing. Experiment with inconsequential amounts and have fun learning various ways to use, secure, and backup your Bitcoin.

    [–]lerredditredditor for 11 days [スコア非表示]  (0子コメント)

    TREZOR

    [–]tokyopotato [スコア非表示]  (0子コメント)

    Yes follow advice and use a hardware wallet and keep your seed phrase separate. I keep seed phrase in a fire proof safe, and the hardware wallet itself is protected by pin but I keep this in a safe place away from seed phrase for quick access if need be.

    I use the KeepKey

    [–]GibbsSamplePlatter [スコア非表示]  (0子コメント)

    Web wallets are a bad idea.

    Basically any non-web wallet here is a better idea: https://bitcoin.org/en/choose-your-wallet

    The best ideas are using a full node like Bitcoin Core for privacy and full network security, and/or using a hardware wallet, which keeps your keys safe.

    [–]nopara73 0 ポイント1 ポイント  (3子コメント)

    If they steal from you they steal from everyone, since they would have to change their JS code what runs in everyone's browser. Their terrible record with security and bugs are an other question...

    Just do a paper wallet and give some time yourself to figure out how to hide the papers.

    Anyway: One of us.. one of us...

    [–]MildlySerious 0 ポイント1 ポイント  (2子コメント)

    Not gonna argue on the rest, but for the record, what file a server returns on a specific URL is not absolute by any means. They could very easily serve you different files than to everyone else, same URLs and everything.

    Just like your /feed/subscriptions on Youtube is individualized depending for the account logged in, any website could serve a different file on any heuristic available. Cookies, time, IP/Country of origin, using TOR / not using TOR, you name it.

    [–]nopara73 0 ポイント1 ポイント  (1子コメント)

    In desktop wallets the equivalent attack would be if Electrum selectively distributes malicious softwares. This aspect does not differ from web and desktop setups.

    [–]MildlySerious 0 ポイント1 ポイント  (0子コメント)

    That's why hashes are provided for downloads. If the hashes aren't made available centrally but via third party (GitHub, Pastebin, whatever) that is a surefire way to prevent this, with the exception that the downloaded file is an installer that also downloads files.

    The bigger difference is that it's easier to do for an online wallet. Not saying I'm worried about this, but think: Bitcointalk gets hacked again. Last IP per account is leaked. If IP trying to access online wallet is that of a notorious whale in the forums, substitute JS delivered to client.

    Unlike a fishy download, this could be happening on the fly with every access of the wallet, which is more potent.

    [–]BitcoinBoo 0 ポイント1 ポイント  (0子コメント)

    Congrats op, but you should find alternative storage methods.

    [–]witchhoser [スコア非表示]  (0子コメント)

    I say troll, 5 BTC is worth a lot of $

    [–]IllusionDestroyer666 [スコア非表示]  (0子コメント)

    Fuck you, I just bought 10 billion Bitcoin you cuck