Bitcoin Q&A: Multi-signature and Distributed Storage
Vložit
- čas přidán 19. 07. 2024
- What happens when wallets (personal or at an exchange) are hacked? What is "sweeping" with regards to private keys? After a hack, is it possible to track the stolen bitcoin and identify the hacker? How do you keep bitcoin safe in a group / corporate environment? Is it possible to create a multi-signature setup with Trezor and Electrum? Could passphrases be brute-forced? What is happening with browser extension deprecation?
You will have to evaluate which tools are the best based on the amount of cryptocurrency you own, your circumstances, and your threat model.
"'I Forgot My PIN': An Epic Tale of Losing $30,000 in Bitcoin" - www.wired.com/story/i-forgot-...
Chapters
0:00 When a wallet is hacked, is all that they're taking the private keys, which they can store somewhere else and use the value associated with it? Is there no way to follow the money at all? Is there a way those stolen bitcoin could be laundered?
3:53 If an exchange or wallet is hacked, is it possible to track and identify the hacker?
5:34 What are some suggestions for keeping your bitcoin private keys safe from developers/ coders you hire?
7:12 Multi-sig Trezor wallets with Electrum
13:11 Is setting up multi-sig wallets in Electrum secure? Is it something worthwhile to do, or is it better to stick with a single Trezor and use a passphrase along with storing one copy of your recovery seed at a secure location?
These questions are from the MOOC 9.3 and 9.4 sessions, as well as the (rescheduled) April Patreon Q&A session, which took place on March 2nd, March 9th, and May 5th 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: / aantonop
RELATED:
Software distribution security - • Bitcoin Q&A: Software ...
Protocol development security - • Bitcoin Q&A: Protocol ...
Geopolitics and state-sponsored attacks - • Bitcoin Q&A: Geopoliti...
How to get people to care about security - • Bitcoin Q&A: How to Ge...
Exchanges, identity, and surveillance - • Bitcoin Q&A: Exchanges...
What is the roadmap? - • Bitcoin Q&A: What is t...
Why developers are leaving banks - • Bitcoin Q&A: Why Devel...
Honest nodes and consensus - • Bitcoin Q&A: Honest No...
Why running a node is important - • Bitcoin Q&A: Why Runni...
Lessons from the hard fork - • Ethereum Q&A: Lessons ...
Cryptographic primitives - • Bitcoin Q&A: Cryptogra...
Nonces, mining, and quantum computing - • Bitcoin Q&A: Nonces, M...
Public keys vs. addresses - • Bitcoin Q&A: Public Ke...
Re-using addresses - • Bitcoin Q&A: Re-using ...
Using paper wallets - • Bitcoin Q&A: Using Pap...
Wallet design and mass adoption - • Bitcoin Q&A: Wallet De...
Secure, tiered storage system - • Bitcoin Q&A: Secure, T...
The Courage to Innovate Without Permission - • The Courage to Innovat...
What is Consensus: Rules Without Rulers - • What is Consensus: Rul...
Decentralized Truth - • Decentralized Truth
Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin.
Follow on Twitter: @aantonop / aantonop
Website: antonopoulos.com/
He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters.
THE INTERNET OF MONEY, v1: www.amazon.co.uk/Internet-Mon...
[NEW] THE INTERNET OF MONEY, v2: www.amazon.com/Internet-Money...
MASTERING BITCOIN: www.amazon.co.uk/Mastering-Bi...
[NEW] MASTERING BITCOIN, 2nd Edition: www.amazon.com/Mastering-Bitc...
Translations of MASTERING BITCOIN: bitcoinbook.info/translations...
Subscribe to the channel to learn more about Bitcoin & open blockchains!
Music: "Unbounded" by Orfan ( / orfan )
Outro Graphics: Phneep (www.phneep.com/)
Outro Art: Rock Barcellos (www.rockincomics.com.br/)
Join the aantonop Channel: aantonop.io/joinaantonopyt - Věda a technologie
"Be careful with your seed" - Andreas 2018
:P
Dear Andreas these wallet oriented lectures are one of the most valuable ones in my opinion. Thank You!
Trezor uses a doubling delay and Ledger uses a wipe after X failed attempts for protecting the pin from brute force attacks. Both are effective methods for pin protection.
By far the best friend to the bitcoin community. Thanks Andreas.
Thanks for doing your part Andreas.
Andreas, Thank you for your service work.
Next level!!!!
something about the music at the end gives me a bittersweet aching feeling, somewhat like nostalgia. Except it's a premonitory sort, as if I can already feel how someday I'll look back at now and long for the relative youth or innocence or simple life that I'm current experiencing
Itll be one of the feelings we remember when we're looking at everyone from the moon (: best of luck to you
No one is on andreas level
Thank you
great Andreas thank you
Great info - Thanks
Smashed the like first.....
Omg andreas replyed to me😲 #1 fan here😬
Many thanks for yoir contents au usual.
About tracking stolen crypto.: once the cryptos are moved to an exchange wallet why can't the person be identified? There is an identity behind it (kyc is required) and i guess in case of theft some agency can enforce the disclosure of the identity... what do i miss here?
thanks
for high profile thefts there are companies like chainalysis or elliptic and more than are specialized in reconciliation Wallet adresses to IP adresses. This is how the IRS know who owns what for eg
Always use a strong password and backup wallet.dat, DeepOnion and other QT wallets are the same.
5:59 for Multisig
Please make review about Safe Pal hardware wallet
Question: Im interested in setting up multisig. But my concern is that it will increase the amount of physical seed security needed. Now i got one hardware wallet with rudandacy of 2 (gonna be 3) locations. Already at "2 of 3" multisig i would need to physically protect 3x3=9 seed phrases in different locations!? This is why im hesitant about multisig.
I have the same doubts. I think multisig is really appropriate for organizations, maybe not individuals.
Can you talk about threshold cryptography? Much better than multi sig and will be more prevalent over the next year.
Copay and MT Dox on chain multi signature technology electrum
Sir is copay multisig very safe?
Whats a multisig system?
sir I will appreciate if u please tell me how to recover bitpay multisig wallet if u have all three phrases
I make my own paper wallets :p
6:20 multisig
How are they asking him?
I H i wish i could ask him something
I H thanks for the info and i wont be able to keep up with these guys im more a philosipher😂
Yes, I take questions through the MOOC (which occurs twice a year), but also in monthly sessions via Patreon: www.patreon.com/aantonop
Juber_meme the realist crypto propa ganda
"As soon as an attacker gains control of your private keys, the first thing they will do is do a sweep."
I disagree.
An attacker that has access to your private keys may also have access to the private keys of many other people, accessed by the same unknown exploit or vulnerability that affects the victim(s).
If the attacker sweeps one wallet from one victim, or even several victims, the likelihood of the security vulnerability that led to the compromised keys becoming known increases. Once the vulnerability becomes known, people will react and destroy the attacker's chance of stealing the funds.
If I'm malwaring many different victims via a specific attack vector, it is in my interest as an attacker to wait before sweeping. If I sweep 1-2-3-4 victims, other potential victims will get wise and adjust. As an attacker, I would rather wait until the attack has allowed me access to a larger number of victim's wallets, THEN sweep.
We will see this one day. A major exploit that some attacker sat on for months, or years, quietly accumulating private keys...and then one day...BAM...time to sweep.
The future fucking scares me.
Android User fair point, but the attacker would have to gamble that the security hole remains a secret that only they know about. As soon as it becomes public knowledge, they are in a race to scoop up all the assets before their victims, or other crooks. Or the hole is patched.
Please unblock my Twitter I have no idea why it's blocked. 😐🤨
Who the fuck down voted
Smashed the like first......