Unter der Annahme, dass ich meine privaten Schlüssel/Seed Phrase niemals weitergeben werde, ist meine Krypto sicher, richtig?
- Dieses Thema hat 17 Antworten sowie 2 Teilnehmer und wurde zuletzt vor vor 3 Jahren von
aktualisiert.
-
Beiträge
-
-
Meine größte Sorge als jemand, der neu im Krypto-Bereich ist, dass meine Mittel „gestohlen“ oder „gehackt“ werden.
​
Aber nach meinen Recherchen bin ich zu dem Schluss gekommen, dass es praktisch keine Möglichkeit gibt, dass meine Kryptowährung „gehackt“ werden kann, solange niemand außer mir Zugang zu meinen privaten Schlüsseln/Seed Phrase hat.
​
Selbst wenn ich also meinen Nano S verwenden würde, um Kryptowährungen auf einen infizierten Computer zu übertragen, oder wenn jemand mein Telefon speichern und Zugang zu meinem Ledger Live-Konto hätte oder Malware verwenden würde, um meinen Computer/das Telefon auszuspionieren, gäbe es immer noch keine Möglichkeit, meine Gelder zu stehlen, ohne dass er meine privaten Schlüssel/Seed Phrase kennt. Ist dies korrekt?
Und nebenbei bemerkt, wenn das Einzige, was in Bezug auf die Sicherheit zählt, die sichere Aufbewahrung meiner privaten Schlüssel ist, ist eine Nano S dann genauso sicher wie jede andere Cold Storage Wallet? Ich bin etwas besorgt über die Speicherung großer Mengen an Kryptowährungen auf einem 60-Dollar-Gerät, intuitiv würde ich denken, dass ein viel teureres, komplizierteres Gerät notwendig ist. Aber es scheint mir, dass ein Nano S genauso sicher ist wie jede andere Cold Storage Wallet, solange ich der Einzige bin, der Zugang zu meinen privaten Schlüsseln hat. Bitte korrigieren Sie mich, wenn ich mich in irgendeiner Weise geirrt habe!
​
Dieser Beitrag war so hilfreich für mich als Neuling im Krypto-Bereich. Vielen Dank für die Beantwortung meiner Fragen!
-
There’s realistically only 5 things that could lead to a loss of funds with your ledger.
1. Being careless with your seed. This includes ever typing it on a computer connected to the internet or putting it on the cloud in any way. This is the most common way people lose all their funds.
2. Someone gaining access to your physical device and inputs the correct pin.
3. Approving smart contracts that do something you didn’t want them to do.
4. Malware on your computer that alters the copy and paste function.
5. You don’t keep the firmware updated and a hardware hack is found and a nation state or hardware hacker obtains your device.
The nano S is very secure. The only problem is the small screen which could lead to approving transactions you didn’t fully read.
-
Completely safe. You can conduct transactions on a computer that is infected without fear. Your seed phrase is never exposed. Never type your seed phrase into anything electronic that can connect to the internet. Same goes for photographing your seed phrase.
Edit: I have been using my ledger for almost one year. I have both the nano x and s models. Once I transferred off of exchanges I felt great relief that my coins were finally safe. I also use the pass phrase or 25th word, plausible deniability.
-
The more expensive devices most likely just offer more convenient features. Take the Nano X for example, it allows you to install multiple apps so you’re not juggling with space like on the S. Others may offer touch screen or some type of inheritance service.
In terms of security they should all be at a similar level.
-
-
-
Write it on 3 papers with pen and pencil and store them in very secure locations. As soon as no one has access to these papers you’re good. The chances of someone finding your key on some website like [keys.lol](https://keys.lol) or [privatekey](https://privatekey.pw)s.pw is equal to 2 elevated by 256, so close to null.
-
-
Theoretically, there is the minuscule chance of an individual either guessing or have the same 24 word passphrase autogenerated by a wallet device/software. But again, the chance is very, very slim. You can increase the odds significantly more by adding the 25th word. Have the word be adequately sized (No more than 50 characters. It can support more due to specifications, but Trezor has a 50 character limitation), random, and no use of dictionary words.
There are some other general practices you’ll need to do to keep your wallets safe, regardless of whatever storage solution you use:
* Use a 25th passphrase and generate your wallets through that.
* Never have your passphrase entered into any electronic device other than your Ledger or any similar device (Trezor). Never expose your password to any recording device (camera). Record the phrase through paper & pen or metal. Store it somewhere secure and safe.
* Be careful of smart contracts. Make sure you know what you are signing. There are malicious contracts out there, that if you sign for, can give them the ability to empty your wallets. This has been a problem on DeFi, yield platforms, and dust attacks.
* Don’t make yourself a target. Keep your hold/whale wallets private. Have a separate wallet for short term transactions, signing contracts, and minting versus hold. Do not send or transfer from any accounts that people can connect your identity to the hold/whale wallets. From an exchange may be okay. Using a mixer as an in between is better. Do not transact between your hot wallets to your hold/whale wallet directly. Basically, for your hold/whale wallets, you only want to send and receive from anonymous sources. -
It is true that using a hardware wallet would be one of the securest way to transact on crypto. The problem with security is no one can always say it’s hackproof. The device itself may be algorithmically secure, but there are still many attack vectors that are possible. If you look at the video released by Ledger about „Donjon“. A lot of it is unlikely, but the biggest problem is the human factor.
Here are some sample attack that may still drain your account:
* Smart contract – issues like [forgetting to delist](https://siliconangle.com/2022/01/24/opensea-exploit-allows-hackers-buy-nfts-steep-discounts-steal-1m-users), [approval for token access](https://cointelegraph.com/news/simple-steps-to-safeguard-your-wallet-from-unlimited-erc-20-allowance-risks), etc
* Injection/manipulation of data request on infected computer – When you perform an action on an infected computer, it may intercept that communication in the browser and request a different signature/approval than what you expectKey point is that the device itself is secure and the chances of it being hacked is close to 0. IMO, it is the human factor that makes the device vulnerable.
-
-
Safe from what? People here are always concerned about malware and digital attacks, which is good, but that’s not your only enemy.
YOU are your own worst enemy. You could lose that paper copy or steel copy. So many people record seed phrases incorrectly, and probably most likely is simply misplacing stuff. How often do people misplace phones, keys, wallet (physical?). Now you think that’s not likely for something that you rarely touch (backup seeds)?
The hacking risk is important to bear in mind, but I honestly think most people overplay that way too much. I’m willing to bet a password manager with a strong password is still safer for most people than some „smart key storage solution“ that ends up compromising security more. Unless you know what you’re doing and you calculate entropy of your solutions, don’t think splitting keys, hiding parts in your mom’s basement and part in your brother’s safe is really that effective.
-
-
-
-
> then there is virtually no way my crypto can be „hacked“.
Correct. The risk is greater than zero, but statistically close to zero. As you said „virtually no way“.
Here’s a list of all the security bulletins to date. If forget to update your firmware, then some of these may still apply, but for the most part they are all fixed. But it will give you understanding as to what can be done if you still „follow all the rules“
-
-
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.