Browsing Tag

Trezor

cryptocurrencies,

Trezor Just Added Two Outstanding Features

There is a reason why everyone loves Trezor. Apart from being one of the most secure hardware wallets along with Ledger and KeepKey, Trezor never fails with creativity. The guys working for Satoshi Labs do not care about security only. They know that a great wallet is more than just a cold storage. It has to be convenient, user-friendly, and super easy to use. This is why they develop web applications as well.

Trezor Wallet Exchange

Since Monday (October 22) there is built-in Exchange feature inside the Trezor Wallet site. Put simply, users can seamlessly hop between different digital assets, without even having to leave the Wallet website. What’s even better is that the interface allows you to initiate, stop, or monitor the whole exchange process in real time.

However, Trezor notes:

The exchange feature is provided by various third parties; SatoshiLabs bears no responsibility for the process, exchange rates, fees, or functionality. In this initial release, we have decided to cooperate with ShapeShift and Changelly. Trezor Wallet will always operate without KYC, as the Wallet or your Trezor device are not custodial. If the exchange providers decide to enact KYC, registration, and verification will be done by them. Your personal information will not be processed by Trezor Wallet / SatoshiLabs, nor will it ever be requested by the company. Customer support for exchanges will be serviced by the partners.

Obviously, Trezor has partnered with Changelly and ShapeShift, which are one of the most prominent names in the business. Both companies have proven that they are trustworthy.

Trezor Password Manager

Isn’t it fascinating how Satoshi Labs always build their Trezors with something in mind? With the new Trezor Password Manager browser extension you can turn your cold storage into a password manager as well. We know that having a strong password for each and every account may be a challenging task and boy, we are happy that Satoshi Labs have finally approached this problem.

So how does it work? You install the Password Manager app and plug in your hardware device (your Trezor model doesn’t matter). Then you manually type your passwords and their relevant URLs. You Trezor encrypts this data, generates and unique private seed and puts your data in a cloud such as Google Drive or Dropbox. I know that you are already raising your eyebrows but hey, Trezor got your back. Only your device can decrypt it using your private seed. Simply said, even if someone sneaks into your Google Account your passwords are as safe as your tokens.

The next time you want to login in Facebook (or anywhere else) you just have to open the website, plug in your Trezor and press alt+shift+F. Voila! You are ready to go.

Exchanges,

Mintpal Hack Took Place Exactly 4 Years Ago

Those of you who have been around in the crypto thing probably remember that exactly four years ago, we witnessed one of the most notorious hacks in the history of digital assets.

Back in 2014, there was an exchange called Mintpal and to say that it had a rough year would be a major understatement. First, it came to life in February and according to statements from its developing team it had two major goals in mind – ultra fast support and the best UX possible. Every month Mintpal added new assets, the most popular among them. These tactics proved to be working pretty well since at one point it was one of the most well-known exchanges offering altcoins.

However, on July 13 someone conducted an attack at a Vericoin wallet and successfully ran away with 8,000,000 Vericoin tokens. Back then that was worth $2 million and the number of tokens stolen was roughly 30% of the circulating supply. What’s the moral of the story? If you keep your tokens in a hot wallet (like Mintpal did) you are an easy target.

The culprits tried to drain Bitcoin and Litecoin wallets as well but this time Mintpal was clever enough to store its Litecoin and Bitcoin supplies in cold wallets. If you are new to cryptocurrency and you are not familiar with the types of cryptocurrency wallets, refer to our Ultimate Guide to Cryptocurrency Wallets.

At around the same time, Alex Green’s Moolah (officially known as Moopay LTD.) acquired Mintpal. The idea was Mintpal to act the main altcoin exchange for Green’s then operating platform. Unfortunately, Mintpal just was born with a bad luck. In late October, the exchange suffered another attack and as a result, 3,700 Bitcoins vanished out of thin air.

Surprisingly, the community later revealed that it was actually Alex Green, the CEO of Moolah, who staged the whole thing. At that time, the stolen Bitcoins were worth $1,500,000. Thankfully, three years later, in 2017 the authorities launched a criminal investigation, which is still going.

What’s the moral of the story? You cannot trust an exchange but you can trust a cold wallet. In fact, this is more relevant than ever since in 2018 the cybercriminals have stolen $833 million worth of crypto. Get your Trezor, KeepKey, or Ledger now and show them the finger!

 

security,

What Makes A Strong Password?

In an age where an invasion of our online security might virtually erode our offline well-being, it is extremely important to protect the passwords we use. The last time we talked about PINs and how the majority of them could be cracked within seconds. Unfortunately, when speaking of passwords the statistics ain’t much better.

 How weak are weak passwords?

In short, they are as weak as the weakest PIN you can think of. Digging deeper, Keeper Security has discovered that the majority of internet users go for “123456”, “qwerty” and other combinations that are literally “unbreakable”. In fact, 17% of all 10,000,000 passwords scanned were “123456”. More interesting and disturbing facts – the top 25 most common passwords make up for 50% of all passwords examined by Keeper Security.

I know this might come as a surprise to you but even more complex patterns like “1q2w3e4r5t6y” fail miserably. Hackers know too damn well that they can easily feed an algorithm with strings of numbers and letters that are commonly used as passwords and brute force accounts. It will take the algorithm just minutes to compromise your account. Remember, hackers can read too, meaning research findings such as those by Keeper Security practically help them develop even better hacking tools.

Why should this not disturb you?

Because you are a human. Unlike machines, you think slower but you have something bots don’t have (at least for now) – imagination. Leveling up your security is just a matter of some creativity. Usually, there is one simple rule – the longer the password, the better. Rule #2 – use a variety of symbols AKA combine letters and numbers.

No, your street number and your dog’s name don’t make a strong pass. A quick check on social media will give the bad actors all the necessary information. However, your options are countless – combine a favorite quote (better choose a less popular one) with the last three digits of your best friend’s phone number.

Draw on your keyboard! Well, not literally. Here’s what I’m talking about – make up a password that will form a triangle, X, octagon, square (you get the idea) on the keyboard. Are you a musician? Great, you can easily use the opening chords (or notes) of the first song you’ve ever learned.

Your possibilities are endless. Your password should make sense to you. It should be hard to guess but easy to remember. You are human after all, not a machine.

security,

Do’s And Don’ts When Choosing A PIN

The cryptocurrency space is lucrative for both traders and hackers. And while the first are more likely your friends, the latter literally freak the whole community out. Many inexperienced traders underestimate the threat that cybercriminals pose. It’s just that they hack exchanges, they try to compromise everything connecting to the internet – servers, private computers, wallets of all kinds, and even whole blockchain networks.

How secure is your PIN?

Speaking of hackers and attacks, what about your PIN? Is it secure enough? I bet you think it is but the chances are it isn’t. Here’s what I’m talking about. When humans are up to the task of coming up with a PIN for their device, they tend to settle for hard to guess 4-digit strings such as “1234” or “0000”. I have to admit I have done it too. However, these combinations are not hard to guess at all. Even a fourth-grader can unlock your hardware wallet if you rely on the above-mentioned top-level security PINs.

The harsh reality is that roughly 11% of all 4-digit PINs are “1234”. No, I’m not making up the facts. DataGenetics did a research regarding the most secure and least secure PIN codes used by people. The mainly relied on data from stolen PINs and their findings are intriguing and disappointing at the same time. Disappointing because people seem to lack imagination when choosing their PIN.

The top 20 most used combinations make up for 26% of all PINs from the 3.4 million database. To put this straight, one out of ten PIN codes is “1234”. Yeah, it is that easy for someone to guess it.

How to improve your PIN?

The easiest thing to do is to add more characters to your PIN since 4-digit combinations are the easiest to guess. Your other options include the avoidance of sequential and repetitive patterns like “6789” or “2255”. Furthermore, you can simply combine random numbers that matter to you. However, avoid birth years. Period. This is self-explanatory I think.

Another proper strategy is to add a random character to a number you can easily remember. For instance, “201604” becomes “534937” by adding three to each character. If you find it too difficult, you can always let your hardware wallet do the trick and provide you with a random PIN.

Why don’t brute force attacks work on cold storages?

Every time you (or a bad actor) input incorrect PIN, the device starts a timer, which prevents you from typing another combination. The more you screw up, the longer you have to wait. This simple tactics effectively combat brute force attacks.

security,

MetaMask Adds Trezor Integration

MetaMask is perhaps the most popular Ethereum browser extension. It has long been bridging the gap between regular websites and the Ethereum network. In short, it allows ordinary people to interact with the Ethereum blockchain through their Chrome or Firefox browser.

The reason why we are talking about MetaMask here is that the team behind has added yet another fascinating feature – Trezor integration.

What does it mean for Trezor users?

Simply said, users are now able to check account balances for Ether and Ethereum-based tokens and confirm transactions through MetaMask. As usual, users can still manage their favorite decentralized apps and utilize smart contracts. The thing is, you instantly trade Ethereum and tokens built on the top of Ethereum without having to send them to MetaMask first.

This further secures your digital assets as you do not have to rely on MetaMask to keep your private keys safe. Trezor protects them because they never leave its cold storage.

It is extremely easy to utilize this new feature as you only have to connect your Trezor device with MetaMask. Your balances, transaction history, etc. will automatically appear. It really feels like using an ordinary account with the exception that every time you are about to conduct a transaction you will need to manually confirm it on your hardware device.

“All operations involving your keys, including signing, happens inside your Trezor device. Your keys are never exposed.

You can disconnect your Trezor after importing your account, and your transaction history will be remembered in MetaMask, as the app stores the public key to your connected account. To delete your history from the app, disconnect your account in MetaMask settings. Your account balance will remain intact,” Trezor notes.

MetaMask further adds:

“Another cool thing is that you don’t need to keep your TREZOR device connected all the time in order to see your different accounts and balances, but of course you can also opt to disconnect your device from MetaMask and link it again the next time you need to use it.”

security,

The Ultimate Guide To Cryptocurrency Wallets

For many newcomers, cryptocurrency trade is easier than the handling of their digital assets. There are various ways to store your tokens and each of them has its pros and cons. In this article we will try to outline each of them, leaving it up to you to decide what’s best for you.

It may be quite confusing for newbies to go straight for a single wallet, as the internet is flooded with controversial opinions. This only adds to the otherwise stressful world of crypto finance. Just think about it for a second, one really has to have balls to survive here – the market is extremely volatile, there is uncertainty regarding the regulation of the sector, every single day there are hacker’s attacks, and somehow we have to navigate our way through the ocean waves.

When it comes to storing cryptocurrencies, there are several methods to consider – what type of wallet should you choose, how secure it is, how can you level up its security. Some of the options are far easier to use, while others require more caution and dedication. The same goes for their protection – it may vary from very weak to super strong. So, without further ado, let’s kick off this guide.

Storing your tokens in an exchange

Perhaps, keeping your cryptocurrency coins in an exchange is the most convenient way to store them. We believe so because the only thing you have to do is open an account in an exchange, purchase the digital assets you like and keep them in your account. It is that simple. Of course, you can always relocate your coins to another wallet or add new tokens in a nick of time.

This method is great especially if you are a quick trader. Let’s say that you monitor certain tokens and you want to sell them or purchase more of them when their value reaches a certain price. You are virtually able to sell off hundreds of them right on the spot because they are already on your wallet within the exchange. This is a major advantage. In contrast, if you use different wallets you have to first relocate your coins to your account in the exchange and then sell them. This consumes time and you might miss the moment.

Unfortunately, exchanges have their drawbacks as well. Since not all of them have the resources to protect their databases, exchanges are prone to hackers’ attacks. This year, Coinrail, BitGrail, Coinsecure, Bithumb, and Coincheck collectively lost over $640 million worth of cryptocurrencies due to hacks.

That being said, leaving your wallets in a centralized exchange is a bit of a gamble. We know it sounds lucrative to use in-house wallets but please for the sake of your financial balance do not leave large sums in them.

Usually, when you buy tokens via an exchange, the system automatically creates a wallet for you. Regardless of the cryptocurrency you’ve just purchased, in-house wallets can store it. This is not the case with crypto-specific wallets. We are not discussing the security of different exchanges here because we have seen even the industry giants taking a blow. However, we have to note that decentralized exchanges are much more secure compared to their centralized counterparts.

Desktop wallets

I don’t know why but every time someone mentions the phrase “desktop wallet” I come to think of Ripple (Rippex) Desktop Wallet. Perhaps because it takes less than 10 minutes to set it up and perhaps because it looks like an official wallet. Unfortunately, the service was disabled at the beginning of April. So, in other words, don’t go for Rippex as it has no support.

You understand it is impossible to cover all desktop wallets in this article just because some wallets store only one cryptocurrency. Still, if you are new to the crypto world and need some help regarding Bitcoin wallets, here are some top-notch examples:

Exodus

Exodus has been around for almost two years now. It is gaining traction for two particular reasons – it is user-friendly and it is easy to navigate. These two features are crucial to newcomers. What we also like about it is that you can store over 85 altcoins in it. This is super convenient as you don’t have to install multiple wallets on your PC or laptop.

The downside is that it is not open-source. When it comes to cryptocurrencies you have to be careful about that. The space is not regulated and if the company behind Exodus decides to screw you up, nothing will stop it. The developers can just insert a malicious code and then stage a hacker’s attack. Boom! All tokens gone. For your own safety, refrain from storing large sums in it.

Available for Mac, Windows, and Linux.

Electrum

Well, if you like fancy looks, you are definitely going to hate Electrum. It is ugly as…Windows 95, I guess. Anyways, it is a little bit complex and you got to have some experience in the crypto world to navigate your way through it. Despite that, it is one of the most trusted open-source desktop wallets out there. Since many independent developers regularly review its code, it is virtually impossible for the bad actors to sneak a malicious script in it. However, as any other wallet that stores information on your computer, it is not to be trusted for more than a couple of bucks. Plus, it was targeted by hackers earlier this year.

Available for Mac, Windows, and Linux.

Green Address

Green Address insists that its watch-only mode is safe yet, something you would enjoy. Via username and passwords, it allows you to check your balance and review transaction even in public networks. The idea is that you don’t need to input your private keys to do that. Green Address supports multisig and 2FA (two-factor authentication), which is never a bad idea.

The problem with desktop wallets, in general, is their access to the internet. Unless you don’t have a desktop wallet installed on a separate computer you only connect to the internet when you trade, then hackers can compromise your device. It is a piece of cake for the experienced cybercriminals to sneak into ordinary people’s laptops. Once they do that, they can easily drain your wallet.

Mobile wallets

In many cases, renowned desktop wallets have trustworthy (to a certain extent) mobile versions as well. If you are to go for a wallet strictly designed for mobile devices then you might want to try Freewallet, Airbitz, Jaxx, and Infinito Wallet. Most of them run both on iOS and Android.

Now before you head for a mobile wallet consider this. Mobile devices offer even less security compared to PCs and laptops. There are several reasons for that. First of all, your wallet might not be compromised itself but other apps could be. If you download an app infected with a malware then you can say goodbye to your cryptocurrencies. Besides, what happens when you drop your smartphone in the underground? We all know the answer.

the ultimate guide to crypto wallets

Hardware wallets

A hardware wallet could be any device that is not connected to the internet. Virtually a hard drive could be used as a cold storage, too. The problem is, not every cold storage makes for an ultra-secure cryptocurrency wallet. On the other hand, there are hardware wallets that are specifically built to keep your tokens safe.

Cold wallets do not just store your funds offline. They offer way more than just being a convenient hard drive. They have additional security layers such as PIN, passwords, and recovery seeds. Cold wallets take crypto security to a whole new level because you have to approve manually each and every transaction by pushing a physical button. You don’t press the button on the device and the transaction is never settled. Plus, even if you lose your device, there is a way to recover your funds. Check how here.

Trezor

Trezor was one of the first hardware wallets on the market. And we have to say it is still one of the community favorites. And you know the crypto community has high standards. In short, it works in temperatures from way below zero to tropical heats. Learn more about Trezor.

Ledger

The company behind these extraordinary wallets emerged in 2014 and during its short lifespan, it proved over and over again that it takes crypto and blockchain security very seriously. Both Ledger Nano S and Ledger Blue are out of this world. More detailed info, here.

KeepKey

KeepKey may not be as popular as Ledger and Trezor but it is just as badass. In fact, what we really like about it is its metal body. And be metal we mean real solid metal. It integrates just perfect with other crypto applications such as Electrum and MultiBit HD as well as with its own KeepKey Chrome app. See more.

Bonus

If you really really really want to add even more to your cryptocurrency security, then you might like Crypto Key Stack. It is a stainless steel cold storage that is virtually indestructible. A full guide on how to use it properly is available right here.

security,

MyCrypto Adds Hardware Wallets Support

There are numerous reasons why people refrain from cryptocurrencies and obviously one of them is security. Hackers’ attacks happen on a daily basis and many novice traders are afraid of losing their money. What’s more, people refuse to accept that it is up to them to protect their tokens. Needless to say, leaving them in an exchange is the easiest thing. Unfortunately, it is the riskiest decision as well.

This is why experienced traders prefer to invest in a hardware wallet. However, cold wallets not always provide the smoothest user experience on planet Earth. They can often be accessed only through official browser extensions, which is sometimes a pain. The other option is to visit MyEtherWallet but hey, MyCrypto has come up with a better idea.

Hardware wallets support

MyCrypto has just added support for both Ledger and Trezor. Why am I telling you this? Because now you can connect your cold storage with the native MyCrypto app and manage your cryptocurrency portfolio. Instead of using two different browser extensions for each of your hardware wallets, you can just stick to MyCrypto. This key feature takes crypto management to a whole new level.

The cybersecurity firm Cure53 has reviewed the app update, which makes us think that it is trustworthy. The MyCrypto app will definitely change the game but pay attention that the website does not support private keys, mnemonics, and keystores anymore. This is always a wise decision, especially when it’s made by a platform pretending to make cryptocurrency protection easier and smarter.

Nevertheless, I have to say that after everything that is happening in the crypto world perhaps not everyone is going for the new MyCrypto app. With all these scams and hacks plaguing the space, one might expect the new MyCrypto features are not going viral overnight.

security,

Understanding The Importance Of Cold Wallet Recovery Seeds

As we have discussed many times, hardware wallets offer by far the best protection for your cryptocurrency funds. However, saying they are completely tamperproof would be a major overstatement as they have their vulnerabilities, too. Perhaps the worst thing that can happen to you would not be to have your cold wallet stolen but to lose your recovery seed.

Simply said, your recovery seed is your master key. With it, you have full and complete control over your cold storage. That’s why you have to do your best to protect it. It’s not only that someone might steal it from you if you’re not careful but you can just lose it. As simple as that – write it down on a piece of paper and leave it on the table. I bet my ass that “mom” is gonna throw it away the next morning. If you are not sure how to protect and store your recovery seed, this article might be of help.

Why recovery seed is that important?

I will quickly explain how your recovery seed works and you’ll make two and two. Most hardware wallets like Trezor, Ledger, and KeepKey will generate a unique recovery seed just for you. Usually, it will be a string of 12 to 24 simple words in English. Cold wallets’ manufacturers are taking it so seriously that they advise you to trust only seeds showed on the device’s display. In fact, they go as far as saying that even official apps should not be trusted when it comes to recovery seeds.

Once you set up your hardware wallet it would automatically generate your recovery seed. Now the only thing you have to do is to write down the words in the exact same order and keep them safe. Again, if you are having trouble, refer to “How To Store Recovery Seeds The Right Way In 2018”. Now take notes, one word may appear more than once in your recovery seed and this is completely normal. No, your device is not compromised.

Why does the recovery seed do?

Let’s imagine Joe loses his Trezor on the bus while going to work. Joe doesn’t freak out because he knows that his seed is safe and the device is useless without it. Joe just has to get a new device and enter his “old” recovery seed. Then the magic happens, everything is restored – passwords and all kind of data associated with his lost or stolen wallet. Now you know why it’s called “recovery seed”.

On the other hand, handling such a powerful tool as your recovery seed is a serious task because if someone obtains your seed they will have access to all your tokens, cryptocurrencies, digital assets, and passwords. I bet you don’t want that.

To find out how to check your recovery seed, click here.

security,

Trezor Lets You Check Your Recovery Seed, Here’s How To Do It

You have purchased your Trezor wallet, you have set it up, you have copied the recovery seed (Here’s how to store it) and now you are finally protected. Oh wait, did you double check your backup phrase? Are you sure it is correct? What if you got it wrong? Should you reset your Trezor or you are ready to take the risk and transfer your tokens to it?

There is no need to worry about that because the lads at Satoshi Labs know no rest. Since Monday, Trezor users are able to check their recovery seeds without having to start the setup process from scratch. Your cold wallet interface allows you to check your backup phrase and it’s a piece of cake to do so.

How to check your recovery seed?

Go to device settings and select Advanced>Check recovery seed. Now be patient and read the instructions carefully before moving on. Once you are ready, the device will reveal your backup phrase. You have all the time in the world to check it word by word and nail it correctly in case you failed the first time. You also get the opportunity to generate a new recovery seed if you prefer to.

For those of you who use Trezor One here are some additional tips. The Advanced Recovery option lets you run a recovery trial. Simply said, you can “reset” your device just to see how the process goes.

The developing team integrated the option “Check recovery seed” into Trezor’s interface because the community demanded it for quite a while. By running the dry-run you practically start a recovery process but you note the device that you don’t want it to remember the recovery seed. As a result, you go through the whole process step-by-step. Your wallet compares the original backup phrase to the one you enter and tells you if there is something wrong. Do not freak out if you see warnings during the dry-run. It is aimed to look just like an actual recovery process.

In case your device shows an error, transfer your funds to another wallet, run a recovery and then store your coins again in your newly setup Trezor.

cryptocurrencies,

Trezor Wallet Adds Important Bitcoin Cash Update

Two of the world’s largest exchanges, Coinbase and Bitpay have already integrated cashaddr in their platforms. That undoubtedly boosted the adoption of Bitcoin Cash as the community seems to enjoy cashaddr. What is even more exciting is that Trezor announced it has added cashaddr support to it hardware wallets.

If you don’t know what cashaddr is, here is a simple explanation. It is a Bitcoin Cash address format, specifically designed to differ from Bitcoin wallet addresses. The addition of cashaddr is a major step for both Bitcoin Cash and Trezor. Surely, the process took a lot of time and investment but we are sure it is for good. The announcement was brought by Bach N and Jochen Hoenicke via Twitter and GitHub respectively. They are both cashaddr developers in Trezor.

Developers discuss

Earlier, Pavol Rusnack (Satoshi Labs) expressed his opinion by stating:

“I suggest to change the address version to something different, so it is obvious the address is a Bitcoin Cash address. (It can start with C for example). Don’t forget to change also address version for P2SH!”

The cashaddr topic remained viral in the community as Amaury Séchet quickly continued the discussion, commenting, “Agreed. I have a plan to change the address format. Changing the address format is expensive, so I would like to investigate various other option than just changing the prefix before settling on something. I would also have to convince other in the space that this is a good address format.”

Hoenicke took the discussion on Github where he explained:

“This needs to be done outside the firmware for cashaddr support. Webwallet: compute cashaddr addresses from xpub. Note that only the last step from hashed public key to address needs to be changed. The webwallet checks that the address the Trezor returns is as expected. This check should also allow 1.. addresses so that it works with older firmware (so we don’t have to deploy both at the same time); allow cashaddr as send to address. The firmware supports both and both use SPENDADDRESS. The only difference is the confirmation message given to the user; the transaction format did not change at all.”

It is fascinating to see how different projects support each other, thus increasing the trust in the community. Stay tuned!