I’m glad people are using the donation widget I put together on do•rai•me. Anything that leads to adoption is good for the RaiBlocks community.
Thanks to that effort, I received a couple of donations (thanks!) but didn’t know about them until I logged into RaiWallet. It made me think others, especially those accepting donations, were having the same problem.
That’s why I decided to build an alert system for received transactions. You tell it what account you want to monitor, and you can receive an email notification and/or trigger a GET/POST webhook. The email notification is useful just to be notified of some money rolling in, but the webhook lets you connect external apps. Maybe you want to automatically update a donation tracker on your site with the amount of money you’ve gotten? Or maybe you’d like to automate sending 10% of your donations to your favorite charity? Whatever it is, the webhook will sort you out.
In February of 2014, a company by the name of Mt. Gox, at the time the largest bitcoin exchange in the world, halted all bitcoin withdrawals. Soon after, they revealed that almost 850,000 bitcoins were lost and suspected stolen, and a collective groan was heard by geeks all across the world. At the time, the value of all that coinage was roughly $473 million. As of writing, the value would be about $14 billion. Similar “oopsies” and thefts have happened over the years at various exchanges including Bitstamp, Bitfinex, Poloniex, and BTC-e.
People lost their money, and more people will continue to lose their money because people are stupid. The goal of this post is to mitigate some of that stupidity by teaching you some of the most basic ways to safeguard your cryptocurrency (crypto).
But first: What?
Unless you’ve been living under a rock that has itself been living under a rock, you’ve heard all about cryptos, more specifically: Bitcoin. Bitcoin is the 2016 Kevin Spacey of digital currencies: well-known, popular, and will go down in flames in a year. That last one is just wild speculation, of course, but that’s the nature of cryptos these days. There are lots of others including Ethereum, Litecoin, Ripple, etc. They all rely on blockchain technology to function. I won’t bore you with an explanation of what blockchain is, instead I’ll suggest you watch a two-minute basic explanation of it.
Now that you understand it a little bit, let’s say you bought some crypto on Coinbase, which seems to be the most popular source for newcomers these days. It’ll show you your “wallet” and the total number of crypto you have. OK, that’s cool, but have you wondered where that crypto actually is? Is it on your phone? On Coinbase’s servers? On whatever the hell the cloud is?
The answer is: it’s on a bunch of strangers’ computers. Like you learned in the video that you’re supposed to have watched (and if you haven’t, then watch the goddamn video), Coinbase doesn’t store your crypto. It exists on the blockchain, and the blockchain is distributed and decentralized on computers all over the world. The “wallet” that Coinbase provides for you is simply a set of public and private keys you use to read from, and write on, the blockchain.
A simplified explanation of how a transaction occurs with most crypto is as follows:
I want to send you 1 bitcoin for 1 lb of cocaine. I don’t know what the street value of cocaine is and which one of us is being ripped off, but stay with me.
You use your wallet to generate a new address, which will look something like 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy. That is your address (public key). The transaction, which is comprised of other data including the amount sent, sender, and recipient, gets signed with my private key.
Math happens on a bunch of computers racing to solve the problem needed to include the transaction in the blockchain.
The transaction is confirmed, and the ledger is updated. Now the address 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy (your wallet address) has 1 more bitcoin than it previously had, and my wallet address has 1 bitcoin less than I had before.
Your private key is essential to the whole puzzle, because without it, you can’t sign transactions you make as a sender, or unlock transactions as a recipient. To get into your bank vault (wallet) you need the safe combination (private key).
When you use Coinbase as a wallet, they hold your private keys, not you.
Let that sink in. If you don’t own your private keys, you don’t own your crypto. The holder of your key is the only one who can spend that money. Back to the bank vault analogy, imagine you stored your money in a bank safe, but the only person with the combination is some dude named Jimmy. Jimmy can just go in your safe and take all your money. “Nah, Jimmy is chill, he would never do that,” you say. Perhaps he wouldn’t. But what if Braden threatened Jimmy’s family? That’s the kind of thing a dude named Braden would do.
When exchanges get hacked, Braden takes everybody’s keys.
Regardless of the type of crypto you’re interested in, you’re going to have to keep it safe. Moving your money out of an exchange is the first step you need to take.
Get your own wallet.
There are different types of wallets, and they offer different degrees of security. Let’s go over some of them, and you can choose which one is right for you.
A paper wallet is a simple print-out of your public key (wallet address) and private key. They’re encoded with a QR code for simple scanning and copying of the address. The idea is you generate it on a site like https://liteaddress.org/ (for Litecoin) and print it out from a non-networked printer using a computer you’re certain is free of any malware. Since both the public and private key are visible, you’re going to want to obfuscate the private key by folding it nicely so it’s not easily visible.
Pros: Very simple to get started. Nothing to buy, and if you’re savvy and download the source code for the wallet generator site (linked in the footer of each site) you can generate a paper wallet on a clean, air-gapped (offline) computer, print it on a non-networked basic printer, and it’ll basically ensure it’s hack-proof.
Cons: Somebody can just take your sheet of paper from you or snap a quick photo of the private key when you’re not paying attention. Or you can lose it easily. At that point, your money is gone forever.
A software wallet is an application that will store your keys for you. Usually they have you save a set of seed words or passphrase that you need to write down on paper and keep very, very safe. That is your method of recovery should you lose your wallet for any reason (corrupted hard drive, stolen device, etc.) On your computer, popular ones include Exodus, Electrum, and Jaxx. On your phone, Jaxx, BreadWallet for Bitcoin, and LoafWallet for Litecoin.
Pros: Also simple to get started, and offers good security provided you have no malware on your device. Simple to restore if your device is lost/damaged provided you still have the seed words.
Cons: Hackable. If you have a virus on your computer, there’s a decent chance it’ll scan your computer for your private key, in which case it’s game over. Then again, this sort of danger is present against your bank account info as well if you’ve ever done online banking.
The most secure of the bunch, hardware wallets are specialized devices that resemble a USB stick and plug into the aforementioned port. If you got a genuine, sealed device direct from the manufacturer, you can be pretty certain it won’t be hacked and the only way you can lose your money is through your own stupidity. Someone would have to steal the wallet AND your passphrase to gain access to your funds. At that point, Braden would have to threaten your family. Trezor and Ledger are the two big players in the hardware game.
Pros: The most secure wallets around. Your keys can’t get any safer since they’re never, ever exposed to anything outside of the little device.
Cons: They’re going to cost you. You’re looking at around $68 for the cheapest Ledger and $105 for the Trezo offering. If you’re holding an amount of money you’d cry over, consider it a worthwhile investment.
Sending your crypto.
Since most newbies are getting started with Coinbase, I’ll use that as a reference point, but the general idea is the same from any exchange.
From Coinbase, you’ll want to send it to your wallet address. There’s a network fee (about $10 for Bitcoin, but pocket change under a buck for Litecoin), but you can avoid that by signing up with GDAX which is owned by Coinbase and transferring it from Coinbase to your GDAX wallet. It incurs no fee, and you can also withdraw from GDAX into any supported wallet (currently Bitcoin, Litecoin, and Ethereum) for free as well. Coinbase basically eats the network cost through GDAX, which is great.
That’s really all there is to it. Buy your crypto at an exchange, and once the transaction clears, move it out to your personal wallet. If you want to trade it on an exchange, simply move it back and make your trade.
Giving Jimmy control of your money is never in your best interest, because nobody cares about your money more than you do.