SafeStash Insurance service – beta testing

We are opening up a beta test for our new SafeStash Insurance service for Cryptoassets, up to 20 testers.  If we get more interest from testers we will create a wait list if we need to open up a second round of testers.  Open to US residents.

One of the biggest questions we get from customers who purchase hardware wallets and cold storage solutions is where they should store and how they should protect their storage devices.  Most store these in their home with limited physical security and no protection from weather, fire, water, etc.  Those with a growing collection of Cryptoassets have moved to storing devices in either a bank vault box or a private vaulting service but they are surprised to learn that most of these services do not carry or even offer insurance on what you store.

SDBIC and ProtectingCoin have partnered with the second largest financial services company, globally, for underwriting policies on cryptocurrency devices that are stored in bank vaults and select private vaults.  Note, you are not required to disclose what assets are held or quantities.

Here is the sign up for our beta test and we will even send a free gift for your valuable feedback.  We have an extensive FAQ (provided to testers initially) that should answer all of your questions but we hope to develop it further as we receive feedback.

https://protectingcoin.com/safestash-beta/

ProtectingCoin CryptoVault (Titanium Recovery Seed Storage)

ProtectingCoin CryptoVault is the ultimate in cold recovery seed storage for cryptocurrency.

CryptoVault is fire-proof, water-proof, rust-proof, wind-proof, electric-proof, EMP-proof, drop-proof, spilled coffee-proof, pet-proof, baby-proof, demon-proof and acid resistant.

Package includes:

  • 2 x CryptoVault Titanium plates
  • 2 x security screws
  • 1 x security tool
  • 2 x standard screws
  • 1 x serialized security seal cable (tamper-evident)
  • 4 x 8mm holes to fit most standard padlocks
  • 25 x slots to engrave or stamp your BIP39 recovery seed.

*Compatible with 12, 24 and 25 (Monero) recovery seeds. The 25th slot can also be used to enter a wallet identifier, passphrase hint, or any other information you chose.

*Compatible with Trezor, Ledger, Keepkey and any other wallets that use up to 25 recovery words.

 

The Magic of Mnemonic Seeds

An excellent explanation of how Mnemonic Seeds function by Andreas Antonopoulos.  The mnemonic seed is used to create a universal seed or backup of your wallet and used by many wallet manufactures.  It allows for a single seed (list of 12-24 common words from a defined list of 2048 words) to be used to restore access to your wallet if it is ever lost or defective.  The use of hierarchical deterministic wallets allows for a single mnemonic seed to represent a near unlimited quantity of keys.

Here is a full list of all 2048 potential words that can be used in a Mnemonic Seed.  The use of Mnemonic Seeds is covered in BIP39 (Bitcoin Improvement Proposal 39)

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

 

Announcing ProtectingCoin.com Screwless Hideaway Mounts for Trezor One and Ledger Nano S.

We are happy to be releasing our screwless hideaway mounts for the Trezor One and Ledger Nano S hardware wallets.  The screwless mount uses a 3M adhesive that will not mark or damage wallet, furniture or other surfaces and is easy to remove at any time (one time use adhesive but you can also use another 3M adhesive strip to move to a new location).  This greatly expands the number of options for mounting our hideaway mounts and makes it easy to get your wallet secured in a hidden location or just mounted to always keep it in the same spot.  The install takes less than 10 seconds.

You can mount these to just about any surface!

We will of course continue to carry our Screw Hideaway mounts for mounting to any wood surface.  Get them today right here on ProtectingCoin.com!

 

 

ProtectingCoin.com releases Cryptocurrency consulting services

https://protectingcoin.com/product/consulting/

Do you need one-on-one assistance for you, your team or your business to walk through the proper use of cryptocurrency hardware wallets, cold storage and more?

Consulting services offered:

  • Hardware wallet configuration/use
  • Cold storage solutions and use
  • How to backup/restore wallets
  • Hot wallet configuration/use
  • Setting up an exchange account
  • Sending/receiving cryptocurrency
  • Add cryptocurrency payments to your business website
  • Setting up insurance polices for your hardware wallet
  • Gifting cryptocurrency

*Rates starting at $120/hour for one-on-one consulting at our offices in Douglasville, GA. (1 hour minimum, additional $10 per hour/attendee)

*Rates starting at $150/hour for on-on-one consulting at your location within 60 miles of Atlanta, GA (2 hour minimum, additional $10 per hour/attendee)

*Rates starting at $150/hour + travel expenses for on-on-one consulting at any location (2 hour minimum, additional $10 per hour/attendee)

Full report of Ledger Nano S exploit

UPDATE 03/20/2018 – FULL REPORT HAS BEEN RELEASED.  Some of the initial speculation regarding the exploit was correct and some was less so.  If you have not updated to the latest firmware, go ahead and do so now.

Full report: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

**Ledger has released a firmware update for the Nano S in response to the exploit described in the link.

Ledger releases Firmware update 1.4.1 for the Ledger Nano S (Important update)

UPDATE 03/20/2018 – FULL REPORT HAS BEEN RELEASED.  Some of the initial speculation regarding the exploit was correct and some was less so.  If you have not updated to the latest firmware, go ahead and do so now.

Full report: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

Ledger released a new Firmware version (1.4.1) for the Ledger Nano S.  “Firmware” is the embedded software on a device that works as the operating instruction for the device.  ledger-nano-s-cable-medium

The Firmware update makes some changes to the user interface, adds support for 18 Cryptocurrency interfaces being installed on the device at one time; this was a big complaint on the previous firmware as it only allowed 4 or 5 at any one time to be installed.   The new Firmware also adds some new methods to lock the device with a 3 second push of both buttons, a method to force users to confirm their recovery seed backup during the setup phase (a good thing) and some optimizations to the speed of the device.

Those are all positives updates but the security update included in the firmware, that you are most likely to hear about, is the resolution of an exploit related to exposing the Private Key on the device.  You should take action to install the new Firmware ASAP, the chance of you being impacted by the exploit is unknown with the information currently released.  Here is a quote from the Ledger update,

Important note: there are some claims on Reddit and Twitter about a critical security issue being found on the Nano S. This is incorrect. The issues found are serious (that’s why we highly recommend the update), but NOT critical. Funds have not been at risk, and there was no demonstration of any real life attack on our devices. We will disclose all technical details after March 20th.

From the information we have reviewed (full reports will not be released until late March as this allows people to patch before releasing full details), the hack to expose a devices private key would require physical access to the device before the seed was created, a 3rd party installing a specific firmware or application, and access to the computer you are using for the Ledger to install specific software and perform specific transaction processes (again, this is early information and some may be speculation at this point as Ledger and the security researcher that discovered the bug have not released a full report.  Ledger has confirmed that there are no cases of this bug being reported in the real world and has only been reproduced in a lab.

More detailed information of new features included in this update:

New features to significantly improve user experience…
  • The number of apps which can be loaded onto the Nano S at the same time can be raised to up to 18 (depending on the cryptocurrencies see FAQ), thanks to some refactoring on the BOLOS app management. As a reminder, deleting an app does not impact your cryptocurrency holdings: when the app is reinstalled, the original balance is retrieved.
  • The screen lock management has been slightly modified. A long press (3 seconds) on both buttons of your Nano S when it is in use (whether in the dashboard or while using apps) will enable you to lock the screen.
  • To ensure that the user has backed up correctly the 24 words, all of them must now be confirmed during the onboarding.
  • Several other optimizations have been implemented in order to improve the user experience. For instance, the device is now faster using some cache optimizations.

We do recommend you update as soon as possible to correct this potential bug and also for the new features. While we understand the wide spread concern of such bugs it is important to realize that with each bug  and resulting patch/update, the systems and devices become stronger and more secure.

*Note, heavy load on the Ledger servers to pull down the Firmware update may cause some delays in downloading the update.  If you are not able to update right away, wait a little while and retry.

Link to the Ledger Firmware update information page: https://www.ledger.fr/2018/03/06/new-firmware-update-1-4-1-available-for-the-nano-s/

Link to the Firmware Update instructions: https://support.ledgerwallet.com/hc/en-us/articles/360001340473

 

Andreas Antonopoulos talks Hardware Wallets and security

Andreas Antonopoulos is a well respected speaker in the Cryptocurrency industry and many consider him the public face of the growing Cryptocurrency community.  He has published 3 books (Mastering Bitcoin, The Internet of Money V1, The Internet of Money V2) and is currently working on his fourth book (Mastering Ethereum).

Check out his most recent YouTube post where Andreas talks Hardware Wallets and levels for securing Cryptocurrency.  The one addition we would make to his advice is to replace the paper that is used to write your backup recovery seed with a form of metal engraving or punched metal letters (CryptoSteel) on Steel or Titanium.  This allows permanency of your recovery seed and protects from water, fire, wind, accidental damage and/or the degradation of ink and paper over time.

*Extra bonus tip – You can use many Hardware Wallets as a cold storage option through your smartphone application with an extra cable.  This allows you to use Cryptocurrency from your phone while still utilizing the extra security advantages of a hardware wallet.

 

How my Cryptocurrency Exchange account was hacked

This is a true story from a new ProtectingCoin customer who recently had their Cryptocurrency Exchange account hacked and lost funds. The customer has now moved to using a hardware wallet for storing currency. This story is shared not to scare but as an educational and cautionary tale. *Note – this user is not new to technology and is technically savvy. **This hack that was used is also not unique to Cryptocurrency and impacts email accounts, online banking and any other account you access online. ***Names and small details have been altered to protect privacy

lock_BTC2

It was late 2017 and Cryptocurrency’s monumental rise was all the talk on social media, around the water cooler and had even become a recurring topic on the evening news. Many currencies such as Bitcoin, Litecoin and Ethereum had experienced increases of 1,000% or more within 12 months and more money was flowing in daily pushing the total market capitalization (value of all cryptocurrency coins) to over 600 Billion dollars.

Robert, a savvy user of technology, makes his living from technology and fiance and is very well versed in the use of technology. While working with a colleague one evening they utilized a very popular desktop sharing program (many of you may have this program or a similar program installed right now). Robert uninstalled the program after they had finished the remote desktop sharing program but the program had left a part of the program still installed. A hacker was able to remotely access Robert’s computer and install additional remote viewing and key logger utilities. A key logger records each and every key stroke that you type on your keyboard and logs it in a nice little package that is then sent to the hacker (passwords, usernames, pins, email addresses, email messages and instant messages are all recorded for later use by the hacker).

Robert, did we mention he was much more technically inclined than your average user on the internet, noticed some red flags that the hacker left behind and he took immediate action to update passwords, alert his banking institutions and freeze his credit. The hacker immediately responded by enlisting the assistance of more skilled hackers and launched a second attack on Robert’s digital assets. The hacking team was then able to take control of Robert’s goggle accounts and eventually his phone. For many, our entire lives from banking to family pictures are stored on our phones so this can be especially devastating.

Robert had no choice but to wipe devices and has spent weeks working to clear up issues with exchange accounts, banks, credit, social media accounts and as a result has lost many contacts, family photos and many hours of work into files that can not be recovered. This is on top of the financial impact of lost funds.

With quick actions, Robert was able to slow down some of the damage but the average user may not have been so lucky and recovering from this type of attack can spread over years as you work to repair damaged credit and accounts. Remember, with so much of our lives online now that this can happen to anyone and at any time.

Here are a few Security practices that we all can add to our daily routines:

  • Create complex passwords (do not use birthdays, names of childen/pets, or other easy to find information)
  • Do not use the same password for numerous sites (your forum for daily cat videos may have more security holes than your mega bank ((and those mega banks still get hacked)).
  • Do not write passwords down in text files where anyone can read them.
  • Be cautious of opening links and attachments in emails. If you were not expecting it, call to confirm it was sent and delete if you can not confirm.
  • Be cautious when installing new programs as many apps can be fake. There are numerous reports of fake/malware apps even making it on the mobile App stores.
  • Be cautious when using public computers as you have no idea what may be installed on these computers.
  • If storing Cryptocurrency, use a hardware wallet such as a Trezor, Ledger or Keepkey and don’t store your seed words online.
  • Use 2 Factor Authentication when offered on websites. *Note – text message (SMS) 2 Factor is better than nothing but can be hacked by a novice hacker. 2 Factor applications are the next step up and hardware based 2FA is the most secure option.
  • Never provide credit card or other personal information when receiving unsolicited calls. If you believe the call is valid, hang up and call the company back with the phone number published on the back of the card. **Note – even if the number they called you from, when checking caller ID, appears to match, it still should not be trusted as caller ID can be faked. Only trust it if you call them.

Did we leave off any security tips. Comment and add them to help everyone be more protected.