Hardware Wallets for Cryptocurrencies

And does anybody have good experience with any hardware wallets? Is it actually a good idea to buy your private key from a company? I know the key should be generated on first use, but how much can you trust these companies? Maybe they keep a list of all the private keys they assigned?

Trezor is fully open source, you can read the code yourself and build the hardware yourself if you wanted. You always have to have some trust in the wallet so that issue is not even unique to hardware wallets but all wallets.

Ledger is sadly not open source but supports more currencies.

Then there is also the option of a offline smartphone (i have some reservations about this as it is really hard to get a phone truly offline with things like broadpwn)

But if you just want to hold, a good old paper wallet might do the trick but with the high transaction costs of bitcoin they can get more expensive than a hardware wallet really quickly (using a paper-wallet makes it a hot wallet so you have to transfr the whole contents to a new one)

1 Like

Hi @Bojack, I recommend bitstamp. They only have the top five coins by market cap, but the important ones (bitcoin, litecoin and ethereum) are there. The website works flawlessly, their fees are reasonable and they don’t charge you for withdrawals, which many others do.

I have a Ledger and I’m very happy with it. The apps and the specifications are open source, but the firmware is not because they use a secure element for actually storing the keys. The Trezor stores the keys in a standard microcontroller, and it’s been hacked in the past. (It’s since been patched, but some people could see it as a useful feature.)

In either device, the keys aren’t generated by the company, you do it yourself the first time you set up the device. If you don’t trust the random number generators of the device, you can always generate your 24 words through a separate mechanism, but you should be REALLY REALLY careful with how you do this to guarantee that they’re truly random.

1 Like

@Alex I heard that some exchanges only proceed with the transaction when they receive the money, so you can’t be sure of the price. So you say: I want to buy bitcoins for $1’000. And the exchanges says: send me $1’000, when we have your money, we will make the trade. Is that also the case with bitstamp?

What I would be interested in, is to send to money first and then make the transaction instantly. And to be able to send the coins to my private wallet.

How does a hardware wallet work with many currencies? Does it hold a separate private key for each of them? Is it like multiple wallets in one? Do the developers make software updates to support new currencies, that will become popular in 1 year? How safe are such software updates? How can you make a backup of your wallet? (having two physical wallets that hold the same private keys).

It usually works just like with stocks, you found your account and then you can place an order with the fiat on your account and when the trade come through you will have whatever you bought in your account which you can then send to your own wallet.

I have not seen an exchange that lets you buy bitcoin before you give them money but if you know it I would really like to buy a couple 1000 bitcoins, I promise I will send the money after XD.

When you first turn on the trezor (i think ledger does it similarly) you will be prompted to write down a recovery “phrase” which will allow you to recover the wallet to another trezor or to an online wallet (I would only recommend this for recovery). You can always recover another trezor with your key to have to “copies” of the same keys, you can even have different pins.

The trezor itself does actually not store the private key, it only has the “seed” and a repeatable way to generate a private key using this seed. If you look at it that way all you need for another currency is code to generate a private key from the seed in a repeatable fashion (and the whole singing stuff usw).

The tech is actually quite cool, I did not get very far into it but one cool feature about it is that you can have a password in addition to the pin which will be used alongside the seed, this allows you to have “infinite” wallets for the same coin on the same device as behind every possible password there is a wallet. This also gives you plausible deniability as there is no way to know how many wallets are on a device, you are however also screwed if you forget the password.

1 Like

As @derpinator explained, what the hardware wallets really store is the seed, your 24 words. This is the most important thing to back up.

  • If you lose the hardware wallet but you have the words, you’re ok: just buy a new one and put the old words in.
  • If you lose the pin code of your hardware wallet you can just reinitialize it with the 24 words and set a new pin.
  • If you lose the 24 words but you still have the hardware wallet and the pin, you can create a new wallet (on a different device!) and then transfer all your coins from one to the other. On the ledger you can’t see your 24 words after initialization for security reasons (someone else could see them without your knowledge), so you can’t extract them after the fact.

However, if you lose the 24 words AND the wallet, you are screwed. Forever. But be VERY careful where you back up your 24 words, if somebody gets access to them they have everything they need to take your money. They may not even take it immediately, they might just wait until it’s worth enough. But also make sure that somebody (you choose) has access to the words should something happen to you, otherwise that money is lost forever.

Are you paranoid yet?

P.S. If anybody knows of a good deal on safety deposit boxes, let me know. :smiley:

1 Like

Perhaps I was unclear. I heard that some exchanges wait to receive your money and then they make a trade for whatever the price may be. So you can’t fix the price. It seems weird so I wanted to double check.

Yeah, but I’m also paranoid with IB. Makes you understand why people chose the comfort of having a house. Really hard to steal a house :slight_smile:. Btw you mean “lose”, not “loose” :wink:

1 Like

I think you mean something like shapeshift but those only work for crypto --> crypto transactions, I do not think they work with fiat. Also they are just generally more expensive than going through an actual broker but you do not have to have an account and everything and it is easy to automate.

Hi again @Alex. I just got my Ledger Nano S. What I now intend to do is to buy all cryptos supported by Ledger, weighted by their total market cap. Since bitstamp only supports a few, I will need to use a different service for it. Which one would you recommend? Binance or some other one?

I would also like to refer to your comment from a different thread (dated 16 Nov 2017):

At the time you wrote this post, Ripple was traded for $0.20. Then we know what happened. It spiked to $3.00, and currently dropped to $2.00. Still an impressive 10x jump. That’s why I believe it’s just better to buy as many currencies as possible, especially if (like me), one doesn’t know better.

Would this plan work more or less painlessly?

  1. Send CHF to bitstamp
  2. Buy ETH on bitstamp (is the trade settled quicker than BTC? which crypto is best to exchange to other cryptos?)
  3. Send ETH from bitstamp to binance
  4. Convert ETH to all cryptos supported by Ledger
  5. Send cryptos from Binance to my Ledger wallet

I don’t think the “buy all supported cryptos by marketcap” plan is a good one at this stage of the crypto asset market. This works well for equities because all the scams, shady companies, etc. are already filtered out for you, but that’s not the case right now in the crypto market. You have to be a lot more careful here and do more research.

If you have no interest in doing this research now, buy Bitcoin only and be done with it. If you want to spread your exposure a bit more and still stick to the mainstream stuff, buy Litecoin and Ethereum as well. Here’s why:

  • Bitcoin has the first-mover advantage, name recognition, highest volume, etc. It’s the most important crypto asset now and will probably maintain that title.
  • Litecoin is one of the earliest Bitcoin Core forks and is the testing ground for many of Bitcoin’s improvements.
  • Ethereum is the first and largest of the second-generation blockchains, enabling a platform for distributed applications.

Here’s a quick run-down of what I know of some of the others supported by Ledger:

  • Dogecoin: joke crypto, famously friendly community but not really an investment
  • Zcash: privacy-focused crypto, but with some issues. For example, it’s security depends on it’s trusted initial setup, the way the first block is generated. Monero is (IMHO) a better privacy-focused crypto, but it’s not yet officially supported by ledger.
  • Ripple: completely centralized crypto (ie. nonsense), most of the currency is owned by Ripple itself. Not actually used by any banks.
  • Bitcoin Cash: fork by people looking to take control of Bitcoin.
  • Ethereum Classic: original Ethereum, pre-DAO fork. Less momentum than Ethereum.
  • NEO: similar to Ethereum, platform play.
  • Bitcoin Gold: bitcoin fork. Probably worthless, but at least it has replay protection.
  • QTUM: similar to Ethereum, platform play. Supposedly, “run Ethereum DApps on the bitcoin blockchain”. PoS, so beware.

I don’t know much about the others, so I won’t comment.

Basically. I send EUR to Bitstamp so I don’t get hit by whatever conversion fees they apply. You can withdraw BTC from Bitstamp for free, so I usually do that because most exchanges list more BTC pairs than ETH. Settlement time is basically the same for both, it really depends more on the number of confirmations the destination exchange waits for.

As for other exchanges, I basically use Kraken and Bittrex. Bittrex has more coins but they really screw you over with withdrawal fees. Compare fees for the ones they have the coins you’re interested in.

But, like I said, if you just want some exposure to these assets, get the big three in Bitstamp, withdraw them to your ledger and just forget about it for a while. If you want to play around with a small amount of money, then send some BTC to Bittrex and go nuts. But do some homework first.

1 Like

I agree with most of them though I kind of have to defend bitcoin cash a little.

At the time of the fork the main developers of bitcoin pulled some shady shit (censoring opinions on reddit was a big one) and were generally planing to do stuff which is generally weakening the independence of bitcoin. While I do not like that the fork happened, bitcoin cash solved the short term problems it wanted to (the high transaction fees, at least for now) and is generally less “establishment”. But that is just my opinion, I am on both sides of the fork here.

Bitcoin gold on the other hand is a premined cash-grab

Also I keep my dogecoin for nostalgic value XD

1 Like

Thanks for the very valuable reply!

I’m not sure, however, if I agree with this argument. Think about it: I would say an average Crypto trader has much better knowledge of the risk and the potential of each crypto currency, than me. Sure, there are many small fish in Crypto Market, who influence the prices a bit, but still.

The fact that Bitcoin price is so high is exactly because of it’s acknowledgement in the community. If some #20 currency by total market cap still manages to get a few billion market cap, then it means people trade it at the price which sets that market cap.

Sure there is a risk, that I would buy a no-name low liquidity crypto, which price would be artificially inflated (and maybe its liquidity could be also faked). But if the total market cap is 700 billion and I buy a crypto worth 7 billion, it will only constitute 1% of my crypto porfolio.

I want to buy as many cryptos as I can, because the growth potential is enormous, and I have no idea which of them will catch on.

There’s a lot of that going around, and the bitcoin cash camp is certainly not innocent. I think the way they’re trying to steal the Bitcoin name is way shadier.

Can you elaborate on this? I think it’s actually the opposite.

I disagree. Bitcoin Cash hasn’t solved the problem with fees, it’s just that very few people are transacting on the network so the blocks are basically empty.

@Bojack, I’m going to create BenderCoin, with an initial pre-mine of 500 billion coins. All of them will be owned by me, but I will sell one to @derpinator for 1 CHF and I’ll even throw in a free beer. The BenderCoin cryptocurrency now has a much bigger market cap than Bitcoin, so you should certainly buy some more coins from me. :slight_smile:

My point is that market cap is currently a really bad metric and there are a lot of scams and shitcoins. Why waste money and time on them? Are you going to be keeping an eye on them all the time so you can sell while someone is pumping one of the coins? Just stick to the main, well-vetted ones which have a chance of sticking around for a while.

I’m in XD

I have mixed feelings about segwit as it decreases the resources needed for some attacks (still extremely high but closer to something china or the nsa might pull off) but in exchange increasing transaction throughput so there is that.

@Bojack I definitely would not advise to base any decision on the “marketcaps”,

3 Likes

What attacks are those?

The usual theoretical “outrun the chain” attacks as less work and a smaller part of the network is involved it would be easier to control a majority of that (still freaking hard though). But i am pretty sure those would be recognized and mitigated (also it would probably cause a huge shitstorm if someone tried).

I’m not sure what you mean. How is there less work? Is there a write-up of this attack somewhere?

https://medium.com/@adam_selene/the-segwit-15-attack-b0ecbb926777 this is one.

All in all Segwit just seems kind of pointless as the transaction throughput is currently mostly limited by the block-size/time. The real solution is probably some form of the lightning-network but that is a whole other can of worms.

That article is extremely confused. Or at the very least, confusing, I can’t really tell what the attack is. It’s talking a lot about signaling for SegWit, which is only relevant before SegWit was actually activated. Yes, somebody could signal for segwit and activate it before people were actually ready for it. AFAIK, this could only happen if you had control of enough hashrate for the 95% lock-in threshold before more than 51% of the nodes were updated to at least Bitcoin Core 0.13.1 (the first version that understands SegWit blocks). I’m not sure how long that lasted, but by the time SegWit actually activated at least 53.5% (I’m not sure about the Other category) of the nodes were already running up-to-date software. Right now, nearly 70% of the nodes are running SegWit-compatible versions, so the if this attack was possible at some point, it certainly isn’t now.

Unless I missed the point of this article, of course. If so, please explain.

It isn’t pointless, it’s just not being fully taken advantage of yet. Lightning Network needs SegWit, so one step at a time. :slight_smile:

By reading and partipating to this forum, you confirm you have read and agree with the disclaimer presented on http://www.mustachianpost.com/
En lisant et participant à ce forum, vous confirmez avoir lu et être d'accord avec l'avis de dégagement de responsabilité présenté sur http://www.mustachianpost.com/fr/