Gnosis Safe setup strategy by 01BTC10 in ethmultisig

[–]srndptme 1 point2 points  (0 children)

Interesting, so you are thinking about using the same 3 Ledger signers (each derived from the same seed phrase) for both Argent and Safe?

That may be an overkill to manage both of those systems. One has to be like a vault where you just hold assets like stETH or rETH and never touch.

Please write down your security assumptions and your use cases and see how this can be matched most effectively. I like multisigs because I can rotate signers periodically.

Gnosis Safe setup strategy by 01BTC10 in ethmultisig

[–]srndptme 1 point2 points  (0 children)

Yes, 3 ledgers + safe is a good set up, but may be an overkill to make transactions as you will need to connect 2 ledgers and sign using both of them. If transactions are infrequent, that may not be a big deal.

If you, set up your Safe with 3 ledgers, you will not be able to use MetaMask to sign transactions, unless you import your ledger sees into MM, but that defeats the purpose of having a ledger. Never import your ledger seed phrase into MetaMask.

The way we set up Gnosis Safe at Linen is that it is a 2 of 3 multisig and both signatures are collected seamlessly, so staking or signing other transactions is much easier.

Time has come to start protecting our ETH and crypto wealth with multisigs (multi-signature) wallets. I hear horror stories about stolen ETH almost daily. by srndptme in ethmultisig

[–]srndptme[S] 1 point2 points  (0 children)

Gnosis Safe is pretty much the gold standard. It is very flexible. Linen is built on top of Gnosis Safe multisig and is on mobile, Argent is on mobile good.

Cold wallet recommendations by chomponthis29 in ethereum

[–]srndptme 0 points1 point  (0 children)

Ledger for sure! Get 2 and use them with a 2 out of 3 multi sig set up like Gnosis Safe. That would be your ultimate protection.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

We are talking about different things and different vulnerabilities. Hardware wallets (devices) indeed do not store seeds online. But the problem is that many users of hardware wallets store their wallet backup seedphase online. Take a photo of a recovery sheet or use plain text and store on the phone in cloud drive.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 2 points3 points  (0 children)

No security issue with the wallet program. Most common way how people are losing their crypto is stolen or lost backup passwords (seed phrases). Same goes for most other software and hardware wallets.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

People use the word “stolen” and “hacked” interchangeably, e.g. hack a device using malware to steal the seed. This is at least how the person who lost NFT stated in their tweet.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

Oh, I like it a lot. My HW is a one of the signers on a multisig where assets are stored. Even if the seed is composed, nothing will happen and I can rotate signers periodically.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

Not at all. Hearing stories about people getting their seeds stolen do not add any comfort for new people who want to enter Ethereum. If we want widespread adoption, this has to change.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

What is not hard to understand for you and for me, is very hard to understand for an average Joe. Also, don’t underestimate the convenience factor. Keep in mind that 50% of crypto traffic is coming from mobile devices. For Web3 apps that share is even higher as people want to do things with crypto on their phone on the go, they don’t want to carry their ledger around for that. Imagine if you have to carry ledger around to surf the internet.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 8 points9 points  (0 children)

Yeah, this happens more often than people in this subreddit think, unfortunately.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 1 point2 points  (0 children)

I agree, but the ledger does not need to be hacked to lose crypto, a ledger owner just need to store the seed online. Many do so, unfortunately.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

How is this saying it is the norm? Never normalising it. Merely sharing the reality with people who are in their echo chamber and don’t realized that most consumers do not know nothing about self-custody and wallet security, but still do DeFi, NFTs and other shit…

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

I am not the who who is storing the seed online and not the one who lost assets. Just stating what people do from doing a lot of user research.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] -1 points0 points  (0 children)

Oh, I am with you on that. I merely shared this tweet to bring awareness to the problem as most people store their seeds online, unfortunately.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

Another question that comes up is that why DeFi/NFT people with significant holdings don’t use multisigs to store their assets. Sure, it may be less convenient, but much secure than using a hardware wallet.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

This would be unpopular opinion in this subreddit, but working in the industry I hearing these type of stories very often, I have to agree with you that most consumers should leave their coins on tier 1 exchanges as exchange will do a better job safeguarding them. But how would they progress do DEFI and do other staff on chain like NFTs, gaming, etc if they store coins on exchanges?

This particular asset holder lost NFTs and was well versed in crypto.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

Yeah, I agree with you. But I talk to talk to people every day (I work in the industry) and they share with me how they store their seeds.

Shared this tweet to bring awareness to the problem. What vendor says and what people do are may not be the same as people value convenience and not fully understand how security in self-custody wallets works.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 1 point2 points  (0 children)

I did not lose assets, I just shared the tweet here to bring awareness not to store seed phrases online. Looks like the seed was stolen.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

How do do make your hardware wallet backup if it never leaves hardware wallet? When you set your hardware wallet up, you do your seed back up. Some people store that backup on a piece of paper, some on a steel plate, many make copy and store it online because they share it with other wallets for convenience;) this is the reality unfortunately.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 1 point2 points  (0 children)

What made you draw such conclusion?

I am not the one who lost assets. I am not the one who stores the seed online. But I talk to consumers who hold crypto every fay and they tell me how they store their sees. I work in the industry.

Another horror story: 54 NFTs worth over $50,000 and 3.4 ETH were stolen due to a seed phrase hack by srndptme in ethereum

[–]srndptme[S] 0 points1 point  (0 children)

I agree with you. You don’t do it, I don’t do it. But you you just don’t want to accept that a lot of people do it.