Please explain to me the risk of leaving coin in an online wallet.

[SeeBettor]

So I'm a poker player. I first heard of Bitcoin when it was at about $5.00, because of online poker. I ignored it and didn't research and really learn about it until the Dec 2013 peak. I'll be honest, the initial intrigue to me came about from all of the "get rich quick" stories, the famous $10M pizza order, things like that. I bought a good chunk at several different times, during and after the MtGox stuff was playing out. But, until recently, I never really used it for anything, never even transferred from one wallet to another.

I don't intend to install complicated software on my computer. I'm certainly capable of diving in, doing things the hard way, and learning how to do it this way, and I certainly appreciate the beauty of the fact that Bitcoin doesn't require the trust of a third party. But what has got me super-re-intrigued again was when I decided to use GreenAddress to receive a transfer of coin. I promise you that I have zero affiliation with that company, and I'm not here to spam or advertise. I researched different online wallets; someone had posted a link to a site that lists the comparative differences between the popular wallets (maybe someone can post that link again)...

What I'm trying to say, in a long way here, is that by using this wallet, I finally see, in a tangible way, the amazing and simple utility that Bitcoin can have. Sure, everyone on here talks about all these complicated nuances of the way it technically works, argues over an understanding of the intricacies, but the bottom-line, for most of the remaining potential market, the future users of Bitcoin, it has got to be simple-to-use, and it has got to have a high perceived sense of security.

It appears to me that GreenAddress has gone a long way to attempt to provide a high sense of security, utilizing the multi-party addresses, the ones where the address starts with a "3" instead of a "1" (maybe someone can explain better than me), and this "nLockTime" which gives you sole access to your coins if GreenAddress goes away.

So, what I am wondering, and hoping someone can further explain to me, what are the basic risks to leaving any relatively significant amount of coin in an online wallet, such as GreenAddress, for any long period of time? Is the risk someone hacking into their servers and gaining access to your coins? Does this multi-party address resolve that concern? Is it the risk of GreenAddress having fraudulent internal compromises? Is it the risk of them no-longer being around in the future? I totally understand that the safest way to hold coin is to have a "paper wallet", but what are the specific... or what is the most likely way that an online wallet would be stolen, my private key exposed?

[1653041492]

1653041492

[1653041492]

1653041492

[1653041492]

1653041492

[NyeFe]

This is how it works for centralised exchanges:

-They need direct access to your wallet
-They need direct access to keys used to encrypt your wallets
-Keys are stored in other servers (AWS) or on the current web server

*(-There's a recovery option -- this means either the password is stored unencrypted somewhere and also hashed (since encryption is also used as is authentication), or the exchange uses a master key encryption key hidden some where outside the file systems public directory [...] -- See https://mega.co.nz)*

If the server is hacked the encryption keys are comprised. If the database is hacked, your encrypted private keys are also compromised (some servers don't encrypt these) these would require brute forcing... In the event that both the servers file system and database are hacked into, well, what can anyone do, but learn from mistakes?

The truth is, you can have as many key encryption keys as you like; all it'll do is slowdown a hacker, not prevent them from sorting those data and headaches needed to obtain the targeted information.

[unamis76]

You are trusting someone else your funds. if this doesn't scare you enough, then I don't know what scares you... There are simple ways to have offline storage (search for air gapped computer, offline storage and Electrum)

So, what I am wondering, and hoping someone can further explain to me, what are the basic risks to leaving any relatively significant amount of coin in an online wallet, such as GreenAddress, for any long period of time? Is the risk someone hacking into their servers and gaining access to your coins? Does this multi-party address resolve that concern? Is it the risk of GreenAddress having fraudulent internal compromises? Is it the risk of them no-longer being around in the future? I totally understand that the safest way to hold coin is to have a "paper wallet", but what are the specific... or what is the most likely way that an online wallet would be stolen, my private key exposed?

These are exactly the issues you're facing: hacking.

I don't use GreenAddress, but how's their multisig security? do you have to input your key always to spend your funds?

I think you can be MITM attacked... So even if they have only one part of the key, when you input yours you can be hacked.

[countryfree]

My simple answer would be not to choose. I have 2 online wallets, and 2 others on my home computers. There are risks everywhere, so I just guess to split is the best option. Now, you have to make a difference between exchanges and a service like blockchain.info. I've never used MtGox, and I never leave any money at an exchange, but I kinda trust blockchain.info.

[Xiaoxiao]

For me it all depends on how much you trust browser's security and other businesses when it comes to online wallet security.

[gentlemand]

The weakest link will always be the machine you access your online wallet with. You can have immaculate security practices but you can never be 100% sure that you've caught everything.

[mercistheman]

I believe Coinbase & Circle are insured.

[wadili89]

yes this is valid point that someone else have access to your money when you are using online wallet but if you are playing poker as you said then you are trusting the website you are paying with so you have to trust but be wise which one to choss i trust blockchain.info as i never had any problem from couple of years but when you are using online wallet there are more risks as well like key loggaar or trojan viruses etc also keep on installing a good antivirus in your computer

[Bitware]

The risk is needing to trust others, who often lie, cheat, steal, and make business decisions that can cause insolvency, where creditors then come in for the first bite at the apple of assets, which your bitcoins are a part of if you have them stored with others or invested in something you are not in physical possession of. Also, there is the alleged hacking theft that goes on, which I believe are inside jobs most - if not all - of the time.

Trust no one but yourself.

Develop secure practices and keep your bitcoin computers and devices secure.

Have a dedicated computer or device for bitcoin, and use it for nothing else.

Have multiple backups.

Use strong encryption.

Use long and complex passphrases.

Don't use the same passphrase any two places.

Make it a pain in the butt to access your coins, because if it's a pain in the butt for you, it will be next to impossible for others.

[qwep]

the point of bitcoin is no to trust someone else with your money but for you to be your own bank and only make transactions when is needed.

[Herbert2020]

I believe Coinbase & Circle are insured.

OP says he is a Poker player. so i guess he will be using bitcoin for gambling.
i don't use Coinbase but i have heard that they will ban accounts that use bitcoin for gambling, in other words sending funds to a gambling site will ban your account.

[fryarminer]

Not too long ago people lost their life savings on Mt Gox.
There is no warning when a business goes down, just you wake up one day and you can't access your funds anymore.
If you want to take that risk, go for it. I've been burned far too many times (even though I was not goxed) that I do not trust any of the companies. I use the different companies, but withdraw the funds immediately and put them in my own cold storage, safe under dead bolts and keypads and passwords.

[pooya87]

you have two sorts of online wallets:
1. the kind like coinbase and xapo that you make an account there and your account has bitcoin balance and you never really use your own address to send. the problem is you don't have access to your private keys on the wallet so if they decide to close the website and run away your bitcoins are lost forever.
plus you have to obey their rules! for example you cant use your Coinbase account for gambling!!

2. is online wallets like blockchain.info where you have access to your private keys and the in fact you are only using their service to push the tx to network and never have to download the blockchain. also your private keys are not stored online. the problem with this is if you have week password, using it through Tor, using it on a infected with malware device then you risk losing your account with the bitcoin in it.

[everaja]

If the site like xapo and coinbase shuts down or are hacked then you really gonna be out of all your coins.
so better to use electrum as it has got coldstorage facility.

[odolvlobo]

I believe Coinbase & Circle are insured.

You should check their insurance carefully. They may be insured against theft, but they are not insured against bankruptcy. If they spend all your bitcoins and then they declare bankruptcy, your coins are gone.

The coins they hold in cold storage are not insured. They are not insured against government confiscation.

[Gyfts]

The problem with most online wallets is, as said above, the centralization. But as stated in the terms of service in a majority of online wallet providers and exchanges, they have permission to close your account and withhold all your Bitcoin without any type of reason given to the owner. You risk your Bitcoin being stolen not only through hacks, but through the company pulling either a "security precaution" excuse on your account and suspending all your BTC, or putting some restriction on it in some way.

[Amph]

I believe Coinbase & Circle are insured.

You should check their insurance carefully. They may be insured against theft, but they are not insured against bankruptcy. If they spend all your bitcoins and then they declare bankruptcy, your coins are gone.

can they do this? because it's basically like scamming and it's like saying that bank can spend all your money(they actually do it but this is another story) and run away or something like that, i don't think this is in their policy

The problem with most online wallets is, as said above, the centralization. But as stated in the terms of service in a majority of online wallet providers and exchanges, they have permission to close your account and withhold all your Bitcoin without any type of reason given to the owner. You risk your Bitcoin being stolen not only through hacks, but through the company pulling either a "security precaution" excuse on your account and suspending all your BTC, or putting some restriction on it in some way.

if this is true then it's not surprising that bitcoin isn't growing, no one in his right mind, will ever trust those companies

and after all bitcoin was born to stay decentralized

[tryexcept]

Hi,

GreenAddress' founder here.

The service is quite different from Coinbase and Xapo.


With GreenAddress:

- The service never has access to your fund. It simply doesn't have the whole set of private keys necessary to spend the coins.

- even if the service disappear you can recover your funds (you need to use 2of3 subaccounts and/or setup email recovery as per guided wallet creation process).

- It has true per transaction 2FA authentication and support for hardware wallets, meaning you can in theory use the service from a compromised computer (quick reminder: keep your 2FA on a separate device)

- Has apps for all major platforms desktop and mobile platforms minus windows mobile and symbian

Happy to answer any question.

Cheers!

[LFC_Bitcoin]

There are many hazards that can occur leaving your coins in an online wallet. They can be hacked or go rogue. If you don't have your private key then you're at huge risk.

I have most of my stash in cold storage but if you really have to use an online wallet then blockchain.info is the best imo. Set a complex password, make sure you have 2FA & click paper wallet when you're online, print off or write down the private key. The only reason blockchain.info is remotely safe is because you control your own private key.

Other online wallets don't release your private key so I wouldn't leave any money with them. As another posters said above just split your risk. HODL your coins in about 4 or 5 different ways. Don't let one bit of unluckiness ruin you.

[Pursuer]

if you use an online wallet you should place all your trust in them , which is never good.
this means that if they decide to shut down their service and run away your bitcoins are lost forever.