reply on: Something about Bitcoin that scares me \ stacker news ~security

147 sats \ 8 replies \ @Arceris 26 Apr \ on: Something about Bitcoin that scares me security

The short answer is you cannot prevent all attacks, and a concerted or targeted attack (vs. an opportunistic one) is harder/impossible to fully defend against.

Hot funds are always a risk - so plan to reduce the amount of hot funds you have at any one time.

One potential mitigation is to ensure that the bulk of your assets, the cold storage, is remote from this kind of attack. For instance, perhaps a multi-sig which requires several keys that you do not, and cannot, access quickly (geographically and potentially jurisdictionally separate). Opportunistic attacks may fail to get your bitcoin if it'll take hours/days/weeks to finally pay.

Using collaborative custody, where one keyholder has to be convinced to release your funds (and is specifically looking for signs of coercion) is another possibility.

0 sats \ 2 replies \ @watchmancbiz 29 Apr

How do you feel bout Exodus for a warm / budget friendly wallet? the only one I can afford and also works with me right now? Is this a safe alternative to keeping HOT?

0 sats \ 1 reply \ @watchmancbiz 29 Apr

Or is this actually considered 'cold'?

15 sats \ 0 replies \ @Arceris 29 Apr

I've not used Exodus, but if it's on your phone, it's not cold. If you want a budget friendly solution, you can't beat free - sparrow and paper.

There are downsides to every setup, and the basic idea is to match the level of protection with the risk. Spending 300,000 sats on a nice Coldcard Q1 is perhaps excessive to protect 15,000 sats, but is cheap to protect 150M sats.

I keep an amount of sats in a phone wallet (kinda - I use zeus which connects to my self-custody node, but it's fully accessible on my phone), for ease of spending. But I also know that if my phone were to be stolen, those sats might be at some risk of loss.

0 sats \ 4 replies \ @gatto OP 26 Apr

collaborative custody? like a third party (for example a company) that has to be involved for payments?

15 sats \ 1 reply \ @netstatic 26 Apr

Yes, for big payments at least. It makes sense for there to be a larger wallet for savings and a smaller wallet for payments. The larger wallet can be secured with a 2-of-2 that turns it into a 1-of-1 after some agreed to amount of time. This would allow the company to protect against key theft while still allowing the owner of the funds to move their stack if the company goes MIA.

2 sats \ 0 replies \ @gatto OP 27 Apr

great solution... and it doesn't seem too complicated!

5 sats \ 1 reply \ @Arceris 26 Apr

Potentially, think Unchained. There are many ways to make it work.

Also, I’m including a situation where collaborative custody includes maybe a family or business.

0 sats \ 0 replies \ @gatto OP 27 Apr

ok, this is a good solution that calms my doubts!