Bitcoin Forum

I originally posted this in 'Altcoin Discussions' but I realised noone sees it there because people are just responding to various threads,
here in Beginner-category, there is a Bitcoin Wallet guide, so this seems like it would fit better here!  :D

I am no expert, but I believe this could be helpful as it was things I wondered when I started.
if you find any flaws/wrongs please write and I will edit!

The wallet-guide covers mostly Ethereum-wallets, but the same applies to most other cryptos!

MyEtherWallet is a popular wallet.
However, it's an interface, they don't save your keys, they can't help you if you lose your keys/funds.
MyEtherWallet is only a bridge to communicate with the blockchain easily.
I believe MyEtherWallet(short: MEW) is the most common way to interact with the ETH blockchain.
due to this DNS hack last week, and other hacks that has happened,
I thought I would make a simple guide about MEW, but also about general security!

I suggest that if you want to keep using MyEtherWallet, do it offline!
Here's a guide on how to use MEW offline: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html
Always make sure the lock icon next to the url bar is Green when visiting any site like MyEtherWallet!

MyEtherWallet allows you to 'generate' a wallet. The safest choice would be to download an encrypted keyfile and use that to login.
This means that even if someone were to access your keyfile, they'd require the password used to encrypt the file.
However, if you submit this data to a phishing site, you'd still lose your funds!
Entering your private key in plain text is unwise as a keylogger/middleman could read this data.

Another popular choice is MetaMask.
https://metamask.io/
MetaMask is a browser plugin which basically lets you do all your transactions in a little browser window, instead of going to for example MyEtherWallet.
MetaMask is great because it also allows you to easily interact with any type of dApps with ease.
MetaMask also protects you versus phishing sites.
As I understand it, MetaMask stores a file locally encrypted with a password.
The public key is seen in MetaMask, however you can also export the private key.


Hardware wallets
I personally advocate for Trezor as it is open source(therefore all code can be verified to be safe).
The most popular wallet however, I believe is Ledger Nano.

Basically how a hardware wallet works is, keys are generated inside it.
Whenever you want to do a transaction, all that happens is that the transaction is signed inside your hardware wallet,
and this signed transaction data is broadcasted. The private key never leaves your wallet.
The recipient address could still be changed by a virus!
Hardware wallets generally have a screen and buttons to confirm transactions and you can confirm the address.

In my personal opinion, hardware wallets are the best choice for most people - they are foolproof and safe.
You get a recovery phrase you write down in case you lose your wallet.
To access it, you need to enter a PIN that you choose on first time setup.
Trezor/Ledger supports many different cryptos, not only bitcoin/eth.

However, a physical device comes with a cost - ~$50-100 depending on which one you go for.
If you believe your crypto will one day be worth a lot, or already is - it's definitely a sound investment!

sites:
www.ledgerwallet.com
www.trezor.io

I know that many computer-people think hardware wallets are stupid, and sure they could be, but they are easy and safe.


Keeping funds on an exchange
This is quite popular, and I guess there is nothing wrong with it.
But, people need to be aware of the risks involved.
Any funds kept on an exchange, is not truly your funds!
All it is, is their database saying that your account holds [these cryptos].
It doesn't mean they actually have coverage to cover everyone in case a mass cashout(probably a small risk), or their wallets could be hacked, they could exit etc.
This happened in 2014 with Mt.Gox (https://en.wikipedia.org/wiki/Mt._Gox), the largest exchange at the time, and that is still shaking the market.

What is more important, is to consider what this means - they're in control of your funds,
and theoretically, they can very easily prevent you from ever receiving your funds.
Of course, this is not something that one has to worry about in general - however, just keep in mind that it's not actually yours.
It's like a bank.

If someone gained access to your account, they could steal your funds.
The basic requirement for this would be your account + email account.
Unless, you have 2FA (2 Factor Authentication), which requires certain actions to be confirmed on another device,
usually your phone. You should have this activated for maximum exchange-security!

This also means that if your account is hacked, or if the exchange itself is hacked, you might end up lose part of/all your funds.
Hot wallet: this is the wallet(s) the exchange uses to payout/receive to, and usually holds a small percentage(<10%) of all funds.
So if an exchange were hacked, they shouldn't be able to lose more than what is in their hot wallets.

Cold wallet: These are wallets that are not exposed to the internet (in terms of private key access by software etc).
An exchange should keep the majority of their funds here.

Summary
This is my personal opinion
Ordering by safety
1. Hardware Wallet (it protects people from themselves)
2. Paper Wallet (if you take necessary precautions)
3. MetaMask (simple because it protects more)
4. MyEtherWallet (still you are in control, but you are exposed to potential 3rd party hacks)
5. Exchange (you are not in control)

I would like to expand on one topic regarding safety:
a more 'technical savvy' person, could be perfectly fine with his private key in plaintext.

in general, one should be cautious of exposing your private key(in any form - plaintext, encrypted), to any sort of software.
If you have a virus, an encrypted file isn't enough, because the moment you decrypt it, it's exposed.
If you are using many different plugins in your browser, they might be reading your data(check permissions).

There are too many risks, and many people lose their crypto.
Don't do it too late, ensure that you're safe today, because in the end - noone can help you.
Part of what's great about crypto is this aspect; isn't it? You and only you are in control of your funds, in all aspects - including safekeeping.

Here are a few tips I think could be useful:

• Scan your computer for viruses on a regular basis(Malwarebytes AntiMalware is a good choice)
• If possible, use a second computer with a factory state OS
• use a different browser without any plugins(apart from MetaMask if that's your choice)
• always ensure that any site you access and intend to put your crypto information in, has a valid certificate.
• (valid certificate: click the green lock next to the URL bar, check the info, confirm it's always the same).
• no company handling money would let their certificate expire.
• if you only want to check your funds, use etherscan.io and search your public address

if you are using Windows, you can also install a second OS - for example Linux Mint.
It's free, and only requires a CD/USB. You can have dualboot setup, so when you want to access your crypto,
just restart your computer, enter Linux Mint, do your business, and restart back into Windows!

Also, you can run Linux Mint without installing it, simply by inserting the medium(USB/CD), restart and boot from the medium.
There you have access to Firefox to do your crypto business. This is likely the best way to do it, even if you have Linux Mint installed.

A useful browser plugin is NoScript which prevents any site from running javascript without your manual approval.
Other useful plugins in my opinion(somewhat unrelated): uBlock Origin, Privacy Badger, Cookie AutoDelete, Disconnect  ::)

Finally, if you are not at all a technical person, it might be better to leave your crypto at an exchange.
Surely the exchange is not the safest place, but a virus riddled computer or general risk behaviour is definately not safer!


(Use at your own risk)
Wallets
https://trezor.io/
https://www.ledgerwallet.com/
https://myetherwallet.com/
https://www.keepkey.com/
https://metamask.io/

Other
https://tinywall.pados.hu/ - simple firewall
https://www.malwarebytes.com/ - virus scanning
https://www.ccleaner.com/ - clean up in general
https://linuxmint.com/ - free and secure OS

Plugins
https://noscript.net/
https://www.eff.org/privacybadger

added some more security things like firewall, but it could be redundant if your computer is up to date,
make sure for example Windows Firewall is active atleast!  ;D

I personally think people demonize exchanges and their safety. Holding coins on different exchanges with different passwords is still a better way than holding all the coins in 1 personal wallet on your computer. If a hacker gets access to your computer, he would still not be able to access your coins on any exchange that has a 2fa enabled.

Well it can happen, but I keep all my stuff on a hard drive that is unplugged after use. The main thing about keeping coins on exchanges is that they can delist them or keep you from transferring.

it's very true! I agree with that, that's why I said that for people who aren't very technical-knowing, it's maybe better to leave it at an exchange.
however, in my opinion, one does expose themselves more by keeping them on an exchange.
sure, hot/cold wallet makes a difference and only a small part could be lost by that, but the exchange could possibly shut down in some way, or exit-scam, etc.
+ considering maintenance and things like that is bad if one wants to access their crypto  :-X
+ we don't support Decentralization if we use exchanges for safe-keeping, then they're like banks!  8)

on a hardware wallet = as long as there's no online threats(like a flaw in the software so private key is exposed), it's in my opinion, safest, simply because one requires a PIN-code + physical access.
however, I have read that people in the past in various ways and for various wallets has been able to retrieve the private key, but! it still requires physical access + alot of knowledge, it's not something I could do to my wallet even if I wanted to, I think  ::)

just keeping a keyfile or something like that, is unsafe if someone has access to your computer Or you got a virus, so that's double exposed.

printing a paper wallet offline and then always taking necessary precautions when doing transactions, I see why it's very safe - but it does require more technical knowledge.
considering you aren't exposing yourself to any potential software issues (hardware wallet), it maybe is safest. but one small mis-step and it's not so safe anymore.

thank you for the merit! :D

Wow.. Very educating. I'm overly enlightened by this post. But I came across a post online about adding custom contact address on MEW and the possibility of getting hacked because of adding unknown tokens. How true is that? Can MEW be hacked through adding custom contact address?

I'm 99% certain that there's no possible way to lose money from adding a token contract. How would it work?
a contract can't reach in and grab your funds! but if you somehow send tokens to it, then it maybe won't send any back.
but, 99% sure - hopefully someone more knowing will answer!  ;D

You can try mycrypto wallet (https://mycrypto.com) with the interface and usage exactly like Myetherwallet, it's easy to switch to the newbie

Your post is very helpful for most beginner in crypto space, this is sample of constructive post and high quality post in my opinion. Safety tips for wallet is surely important for every crypto holder, otherwise the wallet can be easily hacked.

Surely it's better to hold them on your personal paper wallet since it is extremely safe but a lot of people, me included, are not holding coins for a long period of time, I personally trade almost every single day and even when I hold I don't do it for more than a few days or weeks so it is not an option for us to print a paper wallet offline. There are some decentralized exchanges like IDEX but they will never accept USD.

Oh, in such a situation it seems like not keeping on an exchange would be very tedious  ;D
not much to do except keeping them on an exchange as you say, maybe a decentralized exchange, but they're not really up to quality yet?

Decentralization sounds really good in theory but in practice can be really hard to apply to certain things. There aren't many decentralized exchanges, IDEX being the most famous one, they are, for obvious reasons a bit slower than normal exchanges, also you can't use usd or any fiat currency. Then again most normal exchanges are crap too, cryptos are still in early stages. IDEX basically uses your ethereum wallet so you do have control over your wallet but they are known to be prone to hacks.

can't they just list USDT, then the only issue would be getting fiat into crypto initially?
or actually is that what you mean? still one barrier to overcome, no easy way to purchase from other people?
there is localbitcoins but usually it's above market price + most sellers ask for private info anyway  :-\
wonder what the solution will be.. maybe some sort of private smartcontracts

Great writeup! We also briefly touched on the security of digital assets for the beginner/inexperienced users in our community.
https://steemit.com/bitcoin/@savantpr/securing-your-cryptocurrency

Yeah they can use USDT but that's just really another cryptocurrency and I certainly do not trust USDT although sometimes I'm forced into using it. I definitely think it's not safe to have a lot of USDT because it can collapse at any moment. Personally if I want to hold fiat for long periods of time I use bitstamp or any other exchange that supports real USD.

I see, about trusting USDT, are you referring to the idea of having one pegged to USDT or do you mean the company backing USDT isn't trustworthy?
I know there were lots of discussion about USDT in the start of the year, but seems like nothing bad came from the audit?
also isn't there a couple of new various real-world currency pegged crypto? I think so, like DAI is one.
although I'm not qualified to say which one is better of anything like that, what is your opinion?

Added a note on 2 Factor Authentication for exchanges now! Does anyone else have any good security tips?
Any software related? as I don't really use one and it'd be good knowledge!

Which audit are you talking about? As far as I know they haven't had a real audit yet. https://cointelegraph.com/news/canceled-audit-and-issuance-of-300-mln-new-tokens-whats-going-on-with-tether

Hello!  I'm a new fish in the pond, but I need help.  Hope this is okay to post this here...  I sent a direct message to achow101 and they were very helpful, but I'm not allowed to send any more messages to them today due to my new status on this website.  Anyway, my eboost wallet is corrupted.  I made a back up wallet, but can't for the life of me figure out how to correctly use it to restore my wallet.  I removed the original wallet.dat and replaced it in the data folder with my backup and renamed the backup as "wallet.dat"  Then I tried opening my wallet again and I just keep getting this message:

A fatal error occured. eBoost can no longer continue safely and will quit.

EXCEPTION: 22DbRunRecoveryException       
DbEnv::open: DB_RUNRECOVERY: Fatal error, run database recovery       
eboost in Runaway exception

I was told that I may need to "try starting your wallet with the -salvagewallet option". 

I have no idea how to do this.  Desperate for a little help.

Oh, that's my mistake.. hmm, concerning what might happen then, seeing as people are saying Tether is somehow pumping Bitcoin..!  :o

Excellent guide with some really helpful tips for non tech savvy people or beginners.

thank you for your input! in the future, try not to quote the whole big text  ;D