Daedalus Security post Shelley

daedalus

#1

Following a rather worrying thread on Daedalus Wallet security the other day when some poor dude posted losing over 700k ADA, the advice seemed to centre around deleting your wallet and restoring it again if/when you want to send/receive ADA. As the Shelley release date approaches and with it the opportunity to participate or lead in a staking pool I assume this can only be done if your wallet is active in your Daedalus. Anyone comments/advice would be appreciated.


#2

To be honest I’m personally very concerned about the security and it’s the main I’m so reluctant to invest my savings - even though I believe in Cardano’s success in the long run.

I really hope this will be addressed by developers and some sort of 2 factor authentication is going to be implemented for those who want this as an option. I don’t trust any apps at the moment. Any computer or device can be hacked and we see this on daily basis. Even exchanges are hacked.

I don’t like an idea of paper wallet. Computers and programming were developed to make paper redundant, not the other way around.

There is still no Ledger option for ADA.

Low security equals low adoption. Low adoption means any crypto is nothing more than a speculative asset.


#3

Dont think the advice or conclusion is correct. The guy who started the post seemed to have used his seed on a fake Daedalus app on android.
It wasnt a problem with Daedalus security but a bad user practice.


#4

No need to be online all the time.
You delegate your stake to a pool and then can uninstall your wallet if you wish (as soon as you have a recovery phrase for your wallet).
Plus Yoroi has Trezor support and soon will have Ledger hardware wallet support, so you’ll be able to delegate from it, while keeping your keys on a hardware wallet.


#6

2fa isn’t very reliable and won’t save you if your key/passphrase gets compromised, Multisig will be the way to go.
Regarding paper wallets, you can keep those 27 words in an encrypted archive or any other vault if you wish.


#7

Yeah I figured it wasn’t a hack and the guy was a bit skimpy on the detail as to how it might have happened. Further reading led me to understand though that it was a general concern amongst ADA users both actual and potential. Evgeny_S seems confident that the wallet can be staked and then deleted which makes sense as the coins are on the blockchain and not on the PC. As long as the performance analytics which are supposed to come with Shelley are available even when there are no wallets stored in Daedalus.

Thanks for all the replies.


#8

Yes you will be able to delegate to a pool and not run Daedalus


#9

Yes, the address with your coins has a separate Staking key, which gives it permissions to participate in staking. You delegate that Staking key to a pool (even your own pool if you wish), and ADA itself doesn’t leave your address/wallet. You can spend it even, it’ll just decrease your stake amount.


#10

I’d like to see one be able to create a wallet offline and be able to conduct transactions through an air gaped PC or Pi through QR codes broadcast to the blockchain. My brother and I are experimenting with a opensource device that makes this easier. It’s gone through several iterations at this point but the video below gives the idea. I believe that the Adalite guys are working on offline wallet creation so hopefully that will be out relatively soon.


#11

Moving this thread to ‘Community Tech Support’ but @alancameron feel free to head back to the ‘Introduce Yourself’ section of the Forum and introduce yourself to the rest of the Cardano community! :slight_smile: