Bitcoin Whiteboard Tuesday – Become a Bitcoin Safety Expert

32

Today’s topic is Bitcoin Safety. Throughout the years, there have been numerous cases of people who have had Bitcoins lost, stolen or scammed out of their hands. In today’s episode, we’re going to talk about how to become a “Bitcoin Safety” expert so these things don’t happen to you.

Before we get started though, I want to bust one myth some people who are new to Bitcoin often have. A lot of people think that because Bitcoin is digital it can be hacked and manipulated. Also, due to many cases of theft people sometimes think Bitcoin isn’t safe. That couldn’t be further away from the truth.

Bitcoin, the currency and the technology behind it, has proved to withstand numerous attacks throughout the years. The weak link in Bitcoin’s security is usually the people who handle it. Whenever you hear that Bitcoins were stolen, it wasn’t because there was a problem with Bitcoin’s technology, but because whoever was holding those Bitcoins wasn’t careful enough.

Saying Bitcoin isn’t safe because you hear a lot about stolen Bitcoins is like saying the dollar isn’t safe because you hear that there are a lot of robberies going on.  With great power comes great responsibility, and as long as you follow the steps we’ll go over in today’s lesson you’re Bitcoins will be safe and sound.

Let’s get started!

If there was only one thing I could teach you about Bitcoin safety it would be this: “You, and you alone, should know the private key to your Bitcoin wallet.”  As we discussed in the last lesson, the private key, or seed phrase, is like the combination to a safe. Whoever knows your wallet’s private key can take control of your Bitcoins.

If you’re using a Bitcoin wallet that is supplied by a third party, it means both you and the third party know the private key. If that company wants to shut down your account or even just run away with your Bitcoins they can.

Storing your Bitcoins on a third party wallet is similar to putting your money in a bank – you don’t control the money, the bank does. At times you’ll need to use third party wallets, either from a convenience perspective or if you want to buy or trade Bitcoins. That’s totally fine. Just make sure you’re aware of the risk, put as little money as possible in these wallets and verify that the company or website supplying the wallet is trustworthy before doing so.

For larger amounts of Bitcoins, always use hardware wallets. They are the most secure form available for storing Bitcoins today. They come at a price because it’s a physical item you need to buy, but it’s worth the peace of mind.

Now let’s talk about how to avoid losing your Bitcoins.

Losing your Bitcoins is a term used for describing someone who lost the access to his private key. For example, there’s a known story about a British guy who threw away an old hard drive that also contained his private key. He later discover that the private key belonged to a wallet containing 7,500 Bitcoins which are now lost forever, since there’s no way to recover the private key once it’s lost. That’s over $10 million!

Because the private key is so important, you should store a backup of it somewhere. This means writing it down on a piece of paper or making a copy of it on a flash drive or any other form of storage that can’t be reached remotely. For maximum security, make sure to encrypt it as well. Many wallets today allow you to add an encryption when you export the private key to a file through the use of a password.

Some wallets will supply you with a seed phrase of 12 or more words instead of the private key. If that’s the case, make sure to write them down in a safe place.

There are several reasons why it’s so important to backup your private key:

For starters, if your computer gets hacked, you may still be able to send your Bitcoins to a new wallet if the hacker hasn’t gotten to them yet.

Also, in case your wallet gets damaged or destroyed, you will be able to import the private key to another wallet and reclaim the coins.

To conclude, treat the private key as you would treat a precious item like gold or jewelry. Keep it hidden and safe.

Moving on, let’s talk about how to avoid Bitcoin theft

Online wallets and exchanges are the weakest links in terms of Bitcoin theft. The easiest way to avoid theft from these sites is not to keep any Bitcoins on them. However, sometimes it’s inevitable to keep funds in an exchange or an online wallet. For example, if you want to trade frequently or if you’re using a certain wallet for online games.

If that’s the case, it’s important to secure your online Bitcoin accounts with a strong enough password. Here are some general rules for creating a strong password:

  •   The more characters the password has the better. Aim for at least 8 characters.
  •   Try to create a mix of lower and upper case letter and non traditional characters like exclamation marks, hyphens and so on.
  •   Don’t reuse passwords from other accounts.

Of course, the best passwords are the ones that are just a random string of text, numbers and symbols, but they are also extremely hard to remember. That’s why I strongly recommend you get some sort of password manager to help you generate and keep track of your passwords. There are several free options available on the market.

Another way of remembering strong passwords is using numbers instead of certain letter as shown here:

Th!5 i5 a 5tR0ng Pa5sw0rd

These rules should be exercised each time you open a Bitcoin related account, choose a PIN code for your wallet or choose a passphrase for encrypting a file. For example, if you have the option, choose a PIN code for your mobile wallet with 8 digits instead of the standard 4 digit PIN.

Last, but not least, whenever possible try to enable Two-actor authentication for your accounts. Two-factor authentication, also known as 2FA, is a method of confirming a user’s identity through two separate components. In most cases, it would be something a user has and something a user knows. Let me explain..

A good example from everyday life is the withdrawing of money from an atm; only the correct combination of a bank card (something you have) and a PIN (something you know) allows the transaction to be carried out.

In the case of online accounts, the something you know will be the password to the site and the something you have will be a mobile phone that will receive a text message containing a PIN code when you try to log in.

This way, even if a hacker manages to uncover your password he still can’t log in until he physically puts his hand on your mobile device.

HOWEVER, if you use a normal text message  a hacker can still manage to intercept the message as it’s being sent to your phone. That’s why it’s important to use dedicated 2FA apps that are much more suited for this task. Some of the more popular 2FA apps today are Google Authenticator and Authy.

One thing we tend to forget is what network we are using to access online Bitcoin services like exchanges and wallet. Make sure to access sensitive information only on trusted networks that are properly secured.

For example, use your password-protected home or mobile network only and never use a public wi-fi network to access a Bitcoin service. Of course the password for your router should also follow the rules we just talked about. Public wi-fi networks are extremely vulnerable and hackers can eavesdrop on your session.

If you have to use a public network, make sure to connect through a Virtual Private Network, also known as a VPN. VPNs are programs that hide your online footprint and encrypt your data making life extremely hard for hackers. We’ve recently listed some of the best VPNs available and many of them also have a free service option.

Another very important security measure  is to make sure the site you’re connecting to uses a secure SSL connection – this means you should see https:// and not http:// showing up in the address bar.

Now let’s talk about how to avoid Bitcoins scams.

It seems like every other day another Bitcoin scam is exposed. The most popular scams around today are phishing scams and Ponzi Schemes.

Phishing emails and websites pretend to be legitimate sites, but they actually steal your information. People arrive to these sites through malicious emails or ads and will think they are on the official site. Once they enter their username and password on the fake site, the hacker who created the site will use intercept them, access the real site and steal their coins.

So how do you identify a phishing site?

First of all, take a look at the address bar and make sure the domain is spelled out exactly as it should.

Second, make sure the site uses a secure SSL connection as we’ve discussed before – this means you should see https and not http showing up in the address bar. Most phishing sites don’t have an SSL certificate, although there may be exceptions.

Phishing emails work in a similar way. The email seems to be sent from an official Bitcoin wallet or exchange, however when you click on the link inside the email, you’ll be forwarded to a phishing site or have malicious software installed on your computer.

Whenever you get an email from any Bitcoin service make sure that:

  1. The sender’s email is from the domain of that service and not some closely-ooking alteration.
  2. Most services that you sign-up with know your name and use it in their emails. So if you are addressed as “sir” or “dear customer” see that as a warning.
  3. If the there’s a link inside the email, check that it leads to the official domain BEFORE clicking it. This can be done by right clicking the link, choosing “copy link address” and pasting the link on a text document.
  4. Don’t ever open any email attachments from unknown senders.

Other forms of scams include Ponzi Schemes.

A Ponzi Scheme is an investing scam promising high-rates of return with little risk. The Ponzi Scheme pays out the older investors by taking money from new investors. At some point the Ponzi Scheme operator usually disappears with the investors money.

Most Bitcoin Ponzi Schemes today appear in the form of cloud-mining sites or coin doublers. These are sites that will promise you high-rates of return on your coins on a daily basis and, after a while, will disappear with your money. So, how can you verify that a site is legit?

Well, we’ve created something called the Bitcoin Scam Test on 99Bitcoins that helps you analyze different websites and get a pretty good idea of which are legit and which are not. It takes about five minutes to analyze a site and it will save you a lot of money.

Before we conclude, here are some additional tips for Bitcoin safety:

Whenever you’re sending money to an address, remember that Bitcoin transactions are irreversible. Once the money is sent, there’s no “insurance” and you can’t get it back. For this reason, make sure to always double check that the address you’re sending the money to is correct.

Never type the address in manually since Bitcoin addresses have a lot of characters and you may make a mistake. Either copy and paste the address or use the QR code of the address to scan it.

Also, make sure you trust the person you’re sending money to. If you don’t trust them, you can always use a third party escrow service that you both agree on. One very popular escrow service is Bitrated where you can choose known figures from the Bitcoin community as arbitrators in case of a dispute.

Finally, if you’re conducting small amount transactions, one confirmation may be enough to send over the goods to a counterparty. But if you’re dealing with large amounts, wait for at least six confirmations in order to be sure that the transaction is irreversible.

Well, that’s it for today. If you’ve made it this far, you’re now an expert on Bitcoin safety. But knowing is only half of the battle. It’s now time to put all of what you’ve learned into practice, so here’s a short recap:

  •   Keep your private key safe and back it up.
  •   Large amounts of Bitcoin should only be kept on hardware wallets and not in exchanges or online wallets.
  •   Have strong, unique passwords and 2FA enabled for all of your online Bitcoin services.
  •   Never connect to Bitcoin services through public internet connections. If you have to, use a VPN.
  •   Be cautious of emails and websites pretending to be sent from Bitcoin service providers.
  •   Use the Bitcoin Scam Test to uncover Ponzi Schemes.
  •   Remember that Bitcoin transactions are irreversible, so make sure to trust your counterparty, double check the address before hitting send, and wait for at least six confirmations before shipping out any goods.

32 Comments

  1. For newbie I found this a very informtive series, excellent.

    One thing I would like to see is to have all this information in PDF form
    so I can read it over whenever I get some time. Including all the information
    from the various links you have included.

    Otherwise from me really awesome

    Thanks heaps

    TeAroha

  2. Margaret Stripes on

    With Bitcoin you have to be aware that safety is something that you have to pay a lot of attention to. To be honest, I prefer to be secure using the new CloudCoin. My peace is something that no one can buy. Thank you for the info, though.

  3. Eric Linde on

    Great tutorial
    On additional thing that users need to know thout, in relation to you talking about verifying the sender address (9:45 into the video) in an incoming email:
    It is quite possible for anyone to send an email specifying any from address of their choosing, so a phishing email may have a from address with a domain that you trust.

    Cheers!
    /Eric

    • Zsofia - 99Bitcoins support on

      Hi Eric, thanks for the feedback and giving this additional point to the security measures.

  4. Wow! No offense, but this video is imho the best within your sessions. As i am into awareness of security I think (hope) that the vid might help in general newbies understand some of the needful basics.
    Great work and thank you for sharing!
    cheers
    Stefan

  5. Hi Ofir,

    I really like your website. Your articles are very informative and i have got to know a lot about cryptocurrencies from 99bitcoins. If you don’t mind me asking, can you tell me which advertising service you use to monetize your website? I am thinking about launching a technology blog and would love to hear from you.

    Regards

  6. This is a nice write up, I really appreciate me. For a beginner like me who just open a bitcoin wallet, how can I fund my wallet and also make investment with it?
    Do you know any bitcoin merchant in India accepting bitcoin for the payment of goods like laptops, iPads, smartphones and other electronic accessories? If yes, how can I meet with them?
    Thanks for your anticipated response .

  7. Your tutorial is very comprehensive am sure you have safe many people from loosing their coins. Good work!

  8. I thank you for this insight into crytocurrency called Bitcoin because i am planing to go into it, your lesson has taught me safety of it to avoid being scammed.

  9. Hello Offir
    Hope you are good
    I once used my btc address in a video tutorial on youtube, what would u advise?However,i use 2FA,and stronger passpord

    • Ofir Beigel on

      Hey Paul, as long as you’ve just exposed your public Bitcoin address there’s nothing to worry about. The only issue is that this address and all addresses related to it are no longer anonymous.
      As long as you didn’t expose the private key / seed you’re good to go.

  10. peter sipos on

    Hi Ofir,

    Can you please tell me how can I store Altcoints?
    Cold storage wallets like trezor only store a few types of coins.
    Thanks,
    Pete

  11. Thanks for your astonishingly Bitcoin Scam Test !

    For a (humble) cryptocurrency beginner (noob) like me is pure gold !

    Keep the good work !

    Thank YOU !

    • Zsofia - 99Bitcoins support on

      Hey Randolphe, thanks a lot for the feedback, it is great you have found it useful. Keep on reading us!

  12. Would you recommend giving bitcoins or ether to a kid (when they are born, when they turn 13 or 12, on high school graduation) for long term investment (here’s some bitcoin OR Ether, do not touch this until you are 21 or older).

    If so, what is the most reliable, secure, and long term method to use? That is, what’s the best way to give someone bitcoin or ether that will still be usable 20 years from now?

    12 – 24 word wallet recovery seeds seem a bit scary on that front since I believe that though these seeds are generated through common algorithms, they are not all interchangeable, and so if your wallet and the other wallets that support that seed stop operating in the next decade or so, you may not be able to recover the bitcoins or ether.

    I frame this in terms of giving the coins to a kid, as there is an event coming up. But it also seems equally valid in terms of storing coins offline in a safe deposit vault.

    • Zsofia - 99Bitcoins support on

      Hi Jay, this is a very interesting question. As the technology behind Bitcoin is fairly new, probably no one can give you a perfect solution at this point. A hardware wallet is a good start and I suggest you to have multiple back ups. Here are some security tips to keep your Bitcoins safe: https://99bitcoins.com/4-steps-keeping-bitcoins-safe/ and you can read about the different Bitcoin wallets here: https://99bitcoins.com/what-is-bitcoin-wallet-bwbt-3/, you will definitely need a cold one.

    • Ofir Beigel on

      Zsofia is correct, also I’d add the fact that at the moment the seed phrase is not only compatible with the hardware wallet but with different software wallets as well. For example, TREZOR’s seed can be used with Electrum.
      No on is to say that these companies will be around in 50 years, but I guess that this is one of Bitcoin’s features – you need to take care of your own money and be aware of the changes that happen.
      Having said that, I believe we have a decent amount of time until the seed phrase becomes obsolete or will be replaced.

    • Zsofia - 99Bitcoins support on

      Hi Kevin, thanks for the feedback. Why have you come to the conclusion to avoid Bitcoins? The puspose of the video was rather to broaden the knowledge around the safety of your coins.

    • Good read as I’ve forgotten my seed on my Electrum wallet.
      But I was told to sweep the coins never did it before so I will afto as there is 2.88 NYC fingertips crossed and hope it works does doing a sweep on Electrum wallet work offie as I’m just about to try.
      And I bought thedse coins for £37 so huge profit if i get them.
      One good thing it didnt cost me much.
      Besides the point I need a good weekend all pray for me be bck with outcome asap

Leave A Reply