HACKED? All my Cardano gone from my Deadalus Wallet — Steemit

cardano
wallet
daedalus

#43

Its not possible to generate a wallet in daedalus disconected from the internet!?


#44

You should not use any if you were referring to the “Password Safe” password manager on computer.
But, it depends on a proper risk assessment as @gazhayes has mentioned.

How much money are you talking abt, what is the probability for losing them by hackers (high enough), natural disasters (low) or mistakes (high forgetting password etc), HW faults (low but increase by time) , your expertise in security etc.

Imagine you put everything there and your disk fails and no backups, as usual. Whoops, oh to prevent this you create multiple copies and put them different locations etc. etc.
As I mentioned, you introduce more complexity without any security gain but opposite losing security.

And also it depends, on how your comp is or can be compromised. If they can access to your screen remotely and use some keylogger, then you’re out of luck no any Password manager would help.

Why not paper w/ pencil/pen? There is no any hacker who can reach it from computer.
If you’re a kind of paranoid then buy Cryptosteel (for fire an/or water damage) put it in a safe in your home or buy two and put the 2nd in a bank safe deposit.

So, I would say that paper copies (max 2 or 3) are the best with an optional very-easy-to-remember password for plausible deniability (e.g. somebody rob your place and finds your seed recovery phrases).
If you afraid of losing it by natural disaster, make one or max two copies put the second to some safe deposit box in a remote Bank e.g. one in your parents’ city. Check Andreas’ advises and do not try to be smart in computer security if it’s not your expertise.

I even use KeePass but not for my crypto savings.


#45

You can use cardano-cli for generating wallet addresses offline. See an example below:

$ ./cardano-cli blockchain new test
local blockchain 'test' created.
$ ./cardano-cli wallet create testwallet
'You can add a recovery wallet password. You can set no password, however you won`t benefit from plausible deniability'
recovery password: 
confirm password: 
'Please, note carefully the following mnemonic words. They will be needed to recover your wallet.'
english: 'leg name destroy mask afraid dinner cart boring skin style unveil certain cliff suggest juice enrich scorpion truly unable bleak tennis win square flag'
'Set a wallet password. This is for local usage only, allows you to protect your cached private key and prevent from creating non desired transactions.'
spending password: 
confirm spending password: 
wallet `testwallet` successfully created.
$ ./cardano-cli-Linux wallet attach testwallet test
Wallet successfully attached to blockchain.

$ ./cardano-cli-Linux wallet address testwallet  0 0 
Enter the wallet password.
wallet password: : 
Ae2tdPwUPEZMftYG7NJLeo3xaUFAgvkBmcMLfrTZ7m98GphhKcSJcRXFQA5

#46

What an idiotic response!
I wrote this to warn people.
Even if you would click on this link, nothing would happen.
You actually have to download and install the application on your computer.
This is why I wrote this, so people can recognize the threat


#47

For crypto in general I use the following:

Hot wallet (something you use for daily expenses, not needed if you are just hodling)

  • Hardware wallets like Trezor and Ledger are great for this, so if a currency is supported on one of them, I use it.
  • My next option is a computer that usually stays offline. Use Linux unless there’s a good reason not to. Keep it offline unless you actually need to send a transaction. Avoid using Windows. Do not use the computer for any other purpose.
  • Smartphone wallet: when I want to use crypto when I’m out and about. I use Breadwallet.

Cold storage:

  • I use hexadecimal dice to generate entropy. For Bitcoin, I wrote my own script because I’m paranoid. I have 99 dice (all 16 sided hexadecimal). I put them in a bucket, swish them around, and pour them out onto the floor. Then I use a stick push them all into a single line. Then I use those numbers (in order) as the randomness to generate a private key. I don’t trust the random number generators in operating systems for long term storage, but again, I’m paranoid.
    For Cardano, I do the same, but I have a slightly modified cardano-cli that lets me use custom entropy (so I can use the dice).
  • After the private keys have been generated I engrave them (or the corresponding seed words) onto three stainless steel plates. I then put the three plates in three separate (and very safe) locations.

#48

Thanks for your answer. I have it on paper but just thought it could be more convenient if I could have it with me all the time. And since my crypto assets are not worth very much, losing my passwords would be much more of a problem than my coins. I have always a backup of my password manager to avoid losing my passwords.

If a password manager is not save enough against hackers, this is a very bad thing. But imagine what happens if I have all my crypto pass phrases only on paper and want to access it, I have to insert my pass phrase into a computer with internet connection and again hackers will have a chance to get them. So it’s not really hacker-proof. Or do I miss the point?


#49

“The fact that I’m paranoid doesn’t mean no one’s after me.”

Thanks for your answer! If I ever get reasonable amounts of crypto I’ll invest in some dice too! :sunglasses: