After reading this horrifying story : http://forum.bitcoin.org/index.php?topic=16457.0
from a guy who lost half a million bucks and a bunch of posts from people who were wondering how to stay safe (some of which had good ideas, some horrible) I decided to put together this little guide. If someone doesn't make a better one (or there isn't one already) the moderators might want to make this thread a sticky so new people coming to this forum can read usefull safety tips and protect themselves.
Bear in mind this guide is meant more for those with LOTS of bitcoins, as in huge stashes worth a fortune (mostly early adopters), but can also be usefull to starters with small stashes (even though they risk less and are far less likely to be targeted). A 100 $ is worth a lot more to someone living in Zimbabve than someone living in Beverly Hills.
Before I begin, I should mention I'm a newbie myself (just found out about bitcoins several days ago) but I believe I've read enough of other people's good ideas and done enough of logical reasoning and carefull thinking to put this guide together. Nevertheless this isn't the ultimate guide so if you have something to add, or you don't agree on something, or you wish to correct a mistake of mine please say so and I'll ammend this post.
One last thing, if you wish to thank me for the considerable time and effort I'm about to put into writing the following, you can send your BTC to the following address : 18wJXRnB8ihPVL5viVHrUfrDrNNdzYKBKq
(though that's not the main reason I'm doing it, the main reason is I need a nice, structured reminder myself, so I might as well share it).1. Silence is golden
This one is pretty simple. You heard the saying : "If you got it, flaunt it." ?
Well that goes for T & A, sure.
And for Ferraris, and swimming pools, and yachts, and certainly for private jumbo jets.
But not for bitcoins (or dollars). If you were an ordinary middle-class middle-aged guy a few years ago, and now suddenly you're filthy rich and swimming in BTC thanks to being an early adopter, you don't need to tell all your neighbours, coworkers, friends and family how you acquired the wealth, where your stash is stored, how they can get some BTC and so one. The more attention you attract to your newly acquired BTC fortune the more likely you're going to be targeted for either a physical theft or a digital theft. Most people still have no idea what the hell bitcoins are, and aren't going to have any idea where your sudden wealth came from unless you tell them. So the worst they can do is try to steal your Ferrari, and you can keep that in your private underground garage protected by an alarm and security cameras. As for the nosey neighbours, let them just think you're a drug lord incognito. 2. Don't put all your eggs in one basket
Some rich folks keep all their money, jewels and other valuables in a big, strong, expensive safe in their house. Then a clever and sneaky safecracker sneaks into the house one night when they're away on holiday in Barbados, drills into the safe, and relieves them of their valuables.
Others put their life savings (desperately saved over many years) in a bank, and then that bank gets robbed (in spite of their high tech security systems and armed guards) and they lose their hard-earned money (well actually they don't, banks are all insured, but imagine it was the Wild West). Successfull bank robberies are unlikely with today's security, but they do happen.
Now if you split your money and put it in ten different banks (big, professional, secure banks, maybe even in different countries) NO ONE can relieve you of your hard-earned money, at least not all of it. Theoretically all ten banks could be robbed in succession, but simple mathematics tells us the odds of that happening are such that you would likely be hit by lightning a billion billion times before they all get robbed, so you would be atomized into vapour and wouldn't care much about being robbed.
The same applies to bitcoins (and eggs
), if you spread out your BTC life savings over multiple wallets in different locations on a computer or better yet in different physical locations, you'll be much safer than with just a single big wallet. If one is stolen or lost you will survive.3. Stay off the Grid, Big Brother is watching !
You don't really have to access your bitcoin wallet to add coins to it. You simply declare to the bitcoin network you're transfering the coins (from some other wallet or website account) to that account and voila. So your wallet can lie in some dusty vault (on a USB drive for example) for years and years and still accumulate a fortune in it, your fortune. And if it's not accessible, it's not stealable.
The only times a wallet has to be accesible and therefore vulnerable is when it's created and when you're sending / spending funds from it. At those times it is under inescapable risk of being stolen, if your computer is infected with various kinds of malware. The risk is always present, no matter the OS or antimalware apps (though it can be minimized of course).
The solution is simple (relatively). Use one wallet for your everday receiving and sending of funds, and another wallet, or better yet a set of wallets for storeing your BTC life savings. Keep your everyday wallet on your everday computer (like you keep your real wallet in your trousers) and do whatever you like with it, and don't even worry about the risks. Who cares if you lose a few bucks ? Meanwhile, keep the storage wallets that contain your savings offline on cheap external memory (like a USB memory drive) and hidden in various different places. Hide one under your bed, put one in the closet, shuffle one into the pile of junk in the basement, tape one to the wall behind the water tank in the bathroom, plaster one into a wall in the attic, bury one in the garden (right next to that annoying neighbour you wacked because he wouldn't stop talking about his boring family), leave one at your grandma's cottage, give one to your sister-in-law for safekeeping (telling her it's a worthless emotional keepsake of course), stick one into the hollow wooden leg of the drunk who hangs out under the pier (while he's passed out of course), and store several more into safety deposit boxes in several different banks (on several different continents). Of course you have to be sure you remember the locations of all of these. And don't tell ANYONE where you hid them !
But digital memory doesn't last forever, so use USB memory drives or CDs or 2.5" external drives, whichever lasts the longest and is safest for the least money, and remember to renew them every 10-15 years !
This solves the problem of safely daily receiving and sending, but you still have to "download" the money from those storage wallets some time (to sell it), and they obviously have to be created before everything else, so how to do that safely ?
Simple, to create those wallets use a brand new computer / laptop with a fresh and clean OS install, or just format your HD and do a clean OS install, and then without even connecting that computer to the web (so you can be absolutely sure it's not infected !) create as many wallets as you need and move them to external memories.
When you need to "download" the money from them simply plug in the memory and do it and discard that wallet. It doesn't matter if you download it on your everyday computer, the risk is negligible that the malware will be waiting for you to make the wallet available for a second, and if it does you haven't lost all of your wallets and all your money, just a small part.
EDIT : As was said in another thread (and I failed to remember) you can also use a bootable CD or better yet a bootable USB drive. You'd probably have to install the Bitcoin client program each time you use it though.
I seem to remember reading something about a bootable USB drive with some version of WinXP on it, where you could change settings and they'd be remembered, if that's true than it could be presumably also get infected in theory.4. Encryption is next to cleanliness
Well not really, but it has it's uses. Encryption is really more of nuissance to deter crooks than a full-proof measure. ANY safety measure invented by a human being can be defeated by a human being (with enough time, determination and money) !
You can't keep your everyday wallet encrypted (it would be a lot of bother encrypting and decrypting it all the time !) but you should encrypt your stored wallets before you store them (even though hiding them is your first line of defense you can never be too carefull). Just make sure you remember the passwords (use the same one, if they're hidden in different places the crook shouldn't be able to find them all).
Any wallet you store on a public server HAS TO be encrypted ! Anything else would be foolish. But why store an encrypted wallet on a public server anyway when you can stick it on a long lasting memory drive and hide it in a safe place or safe places...5. Don't put all your eggs in one basket
You may think I'm repeating myself, but consider this a variation on the theme (I can't help it if the proverb is so good !).
The unlucky victim mentioned in the beginning of this thread kept half a million dollars of gold in BTC. I don't know how much else he owned, but I'm presuming that was most of his wealth (that may or may not be true, but there are surely many others who keep all their BTC-earned wealth in BTC).
Keep in mind bitcoins are barely two and a half years old, almost completely unknown in the general population of any country, mysterious even to those who deal with them, and of questionable legality and sustainability to everyone. So are you SURE you want to keep your entire life savings in this volatile currency which no one knows if it will last or burst like a bubble ?
Do you think any billionairs on the Forbes list keep all their wealth invested in one thing ? Of course not, most of them have stocks in dozens or hundreds of companies, money in various currencies in various banks (in places like Switzerland and the Cayman Islands), private stashes of gold and other valuables in safes, various real-estate and so on.
Now I'm no expert on this, but I think that once you reach an amount (in BTC) you ABSOLUTELY CAN NOT AFFORD to lose (an amount which would cause suicidal depression or a lifelong trauma to you if lost it) you should sell 1/2 or 3/5 or 4/5 of the amount in BTC and invest in other things which yield much less profit but are more reliable, like stocks of big and stable companies, and stable commodities like gold. Heck, if there's another great international market collapse like in the 30's all the BTC and dollars and stocks may become worthless, but gold will always be gold. Even if WW3 comes and everything gets nuked to hell cockroaches and gold will survive.
So my personal opinion and advice is this - spread out your earnings so you still earn a decent amount from the incredible BTC growth (presuming it continues) but still have something left if the BTC market crashes.6. Backup, backup, backup
Like everything else, backup your wallets, so you don't lose money due to technical failure.
Points #2 - #4 still apply.
Well, that's all for now, and I hope someone will find this usefull (and that I won't get a lot of rude replies
). Cheers !