Bitcoin Q&A: Multi-signature and Distributed Storage

Рет қаралды 17,708

Күн бұрын

What happens when wallets (personal or at an exchange) are hacked? What is "sweeping" with regards to private keys? After a hack, is it possible to track the stolen bitcoin and identify the hacker? How do you keep bitcoin safe in a group / corporate environment? Is it possible to create a multi-signature setup with Trezor and Electrum? Could passphrases be brute-forced? What is happening with browser extension deprecation?
You will have to evaluate which tools are the best based on the amount of cryptocurrency you own, your circumstances, and your threat model.
"'I Forgot My PIN': An Epic Tale of Losing $30,000 in Bitcoin" - www.wired.com/story/i-forgot-...
Chapters
0:00 When a wallet is hacked, is all that they're taking the private keys, which they can store somewhere else and use the value associated with it? Is there no way to follow the money at all? Is there a way those stolen bitcoin could be laundered?
3:53 If an exchange or wallet is hacked, is it possible to track and identify the hacker?
5:34 What are some suggestions for keeping your bitcoin private keys safe from developers/ coders you hire?
7:12 Multi-sig Trezor wallets with Electrum
13:11 Is setting up multi-sig wallets in Electrum secure? Is it something worthwhile to do, or is it better to stick with a single Trezor and use a passphrase along with storing one copy of your recovery seed at a secure location?
These questions are from the MOOC 9.3 and 9.4 sessions, as well as the (rescheduled) April Patreon Q&A session, which took place on March 2nd, March 9th, and May 5th 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: / aantonop
RELATED:
Software distribution security - • Bitcoin Q&A: Software ...
Protocol development security - • Bitcoin Q&A: Protocol ...
Geopolitics and state-sponsored attacks - • Bitcoin Q&A: Geopoliti...
How to get people to care about security - • Bitcoin Q&A: How to Ge...
Exchanges, identity, and surveillance - • Bitcoin Q&A: Exchanges...
What is the roadmap? - • Bitcoin Q&A: What is t...
Why developers are leaving banks - • Bitcoin Q&A: Why Devel...
Honest nodes and consensus - • Bitcoin Q&A: Honest No...
Why running a node is important - • Bitcoin Q&A: Why Runni...
Lessons from the hard fork - • Ethereum Q&A: Lessons ...
Cryptographic primitives - • Bitcoin Q&A: Cryptogra...
Nonces, mining, and quantum computing - • Bitcoin Q&A: Nonces, M...
Public keys vs. addresses - • Bitcoin Q&A: Public Ke...
Re-using addresses - • Bitcoin Q&A: Re-using ...
Using paper wallets - • Bitcoin Q&A: Using Pap...
Wallet design and mass adoption - • Bitcoin Q&A: Wallet De...
Secure, tiered storage system - • Bitcoin Q&A: Secure, T...
The Courage to Innovate Without Permission - • The Courage to Innovat...
What is Consensus: Rules Without Rulers - • What is Consensus: Rul...
Decentralized Truth - • Decentralized Truth
Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin.
Follow on Twitter: @aantonop / aantonop
Website: antonopoulos.com/
He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters.
THE INTERNET OF MONEY, v1: www.amazon.co.uk/Internet-Mon...
[NEW] THE INTERNET OF MONEY, v2: www.amazon.com/Internet-Money...
MASTERING BITCOIN: www.amazon.co.uk/Mastering-Bi...
[NEW] MASTERING BITCOIN, 2nd Edition: www.amazon.com/Mastering-Bitc...
Translations of MASTERING BITCOIN: bitcoinbook.info/translations...
Subscribe to the channel to learn more about Bitcoin & open blockchains!
Music: "Unbounded" by Orfan ( / orfan )
Outro Graphics: Phneep (www.phneep.com/)
Outro Art: Rock Barcellos (www.rockincomics.com.br/)
Join the aantonop Channel: aantonop.io/joinaantonopyt

Пікірлер: 41

@petrskupa6292 5 жыл бұрын

Dear Andreas these wallet oriented lectures are one of the most valuable ones in my opinion. Thank You!

@rodrigoserafim8834 6 жыл бұрын

"Be careful with your seed" - Andreas 2018 :P

@mimi27513 6 жыл бұрын

By far the best friend to the bitcoin community. Thanks Andreas.

@apostolapostolov5247 6 жыл бұрын

Thanks for doing your part Andreas.

@protectingcoin4200 6 жыл бұрын

Trezor uses a doubling delay and Ledger uses a wipe after X failed attempts for protecting the pin from brute force attacks. Both are effective methods for pin protection.

@adrianmoore2750 6 жыл бұрын

Andreas, Thank you for your service work.

@cryptodoggie710 6 жыл бұрын

Next level!!!!

@elleobi 6 жыл бұрын

something about the music at the end gives me a bittersweet aching feeling, somewhat like nostalgia. Except it's a premonitory sort, as if I can already feel how someday I'll look back at now and long for the relative youth or innocence or simple life that I'm current experiencing

@SeanWhite03 4 жыл бұрын

Itll be one of the feelings we remember when we're looking at everyone from the moon (: best of luck to you

@alexanderworkchannel 6 жыл бұрын

Great info - Thanks

@JIeTpyxa 6 жыл бұрын

Thank you

@DLTAustria 6 жыл бұрын

great Andreas thank you

@aurelioanez1931 6 жыл бұрын

Smashed the like first.....

@1733397574 6 жыл бұрын

Omg andreas replyed to me😲 #1 fan here😬

@matteopecar499 6 жыл бұрын

Many thanks for yoir contents au usual. About tracking stolen crypto.: once the cryptos are moved to an exchange wallet why can't the person be identified? There is an identity behind it (kyc is required) and i guess in case of theft some agency can enforce the disclosure of the identity... what do i miss here? thanks

@DonnateloComedia 3 жыл бұрын

Please make review about Safe Pal hardware wallet

3 жыл бұрын

Question: Im interested in setting up multisig. But my concern is that it will increase the amount of physical seed security needed. Now i got one hardware wallet with rudandacy of 2 (gonna be 3) locations. Already at "2 of 3" multisig i would need to physically protect 3x3=9 seed phrases in different locations!? This is why im hesitant about multisig.

@wogi9412 Жыл бұрын

I have the same doubts. I think multisig is really appropriate for organizations, maybe not individuals.

@1733397574 6 жыл бұрын

No one is on andreas level

@stephen-he4iw 5 жыл бұрын

Can you talk about threshold cryptography? Much better than multi sig and will be more prevalent over the next year.

@ouriel 6 жыл бұрын

for high profile thefts there are companies like chainalysis or elliptic and more than are specialized in reconciliation Wallet adresses to IP adresses. This is how the IRS know who owns what for eg

@wisunhi77 3 жыл бұрын

5:59 for Multisig

@skynavca 6 жыл бұрын

Always use a strong password and backup wallet.dat, DeepOnion and other QT wallets are the same.

@mpmaliag 4 ай бұрын

Copay and MT Dox on chain multi signature technology electrum

@vishalgaurav489 5 жыл бұрын

Sir is copay multisig very safe?

@spektred 6 жыл бұрын

Whats a multisig system?

@vishalgaurav489 5 жыл бұрын

sir I will appreciate if u please tell me how to recover bitpay multisig wallet if u have all three phrases

@BitcoinJake09 6 жыл бұрын

I make my own paper wallets :p

@jediforbear 5 жыл бұрын

6:20 multisig

@1733397574 6 жыл бұрын

How are they asking him?

@1733397574 6 жыл бұрын

I H i wish i could ask him something

@1733397574 6 жыл бұрын

I H thanks for the info and i wont be able to keep up with these guys im more a philosipher😂

@aantonop 6 жыл бұрын

Yes, I take questions through the MOOC (which occurs twice a year), but also in monthly sessions via Patreon: www.patreon.com/aantonop

@1733397574 6 жыл бұрын

Juber_meme the realist crypto propa ganda

@androiduser6642 5 жыл бұрын

"As soon as an attacker gains control of your private keys, the first thing they will do is do a sweep." I disagree. An attacker that has access to your private keys may also have access to the private keys of many other people, accessed by the same unknown exploit or vulnerability that affects the victim(s). If the attacker sweeps one wallet from one victim, or even several victims, the likelihood of the security vulnerability that led to the compromised keys becoming known increases. Once the vulnerability becomes known, people will react and destroy the attacker's chance of stealing the funds. If I'm malwaring many different victims via a specific attack vector, it is in my interest as an attacker to wait before sweeping. If I sweep 1-2-3-4 victims, other potential victims will get wise and adjust. As an attacker, I would rather wait until the attack has allowed me access to a larger number of victim's wallets, THEN sweep. We will see this one day. A major exploit that some attacker sat on for months, or years, quietly accumulating private keys...and then one day...BAM...time to sweep. The future fucking scares me.

@thermalCat 5 жыл бұрын

Android User fair point, but the attacker would have to gamble that the security hole remains a secret that only they know about. As soon as it becomes public knowledge, they are in a race to scoop up all the assets before their victims, or other crooks. Or the hole is patched.