Jump to content
Sign in to follow this  
jargoman

I was unaffected by the gatehub hack because I disabled my master key

Recommended Posts

2 hours ago, jargoman said:

.............
I feel like advanced users have an advantage of knowing for to reduce risk. We need a wallet and security center where everything is explained. 

Tnx! This is one of the reasons xrp buyers keep their funds ‘off ledger’ on exchanges like Bitstamp (with a tag). The hot wallet Bitstamp uses is only 2 % of their funds. 98% is in cold wallet. The cold wallet is multi-sign and as save as it gets for an exchange.

If you control your own keys you really have to know what your are doing.

Edited by cryptoxrp

Share this post


Link to post
Share on other sites
27 minutes ago, cryptoxrp said:

Tnx! This is one of the reasons xrp buyers keep their funds ‘off ledger’ on exchanges like Bitstamp (with a tag). The hot wallet Bitstamp uses is only 2 % of their funds. 98% is in cold wallet. The cold wallet is multi-sign and as save as it gets for an exchange.

If you control your own keys you really have to know what your are doing.

The long list of exchanges going under or losing cold storage keys is why I built my own exchange. 

I've seen literally billions get hacked from the crypto community over a span of 10 years

Share this post


Link to post
Share on other sites

I’ve started to buy tiny fortnightly amounts of altcoins.  Just hoping to have win on a dark horse as well as on my long term XRP gain.  But that means I have small amounts of an increasing number of coins I know next to nothing about.

At the moment these few tiny parcels are on an exchange and hardly worth anything.  But as their number grows (and maybe their value?) I’m wondering how to get them secured.

What do you guys do with mixed bags like that?

Share this post


Link to post
Share on other sites
3 hours ago, jargoman said:

We need a wallet and security center where everything is explained. 

THIS! I can speak for the people who know almost nothing about how this process works. If we want mainstream adoption, we need to make this process much easier for the average retail investor. I honestly thought I could trust gatehub and I tied my toastwallet to gatehub, but I moved my funds entirely off of toastwallet and gatehub. I understand that off ledger is the best way to store funds, but I would worry if I ever lost a nano ledger. 

Share this post


Link to post
Share on other sites
1 hour ago, ObeyTheWafflehouse said:

THIS! I can speak for the people who know almost nothing about how this process works. If we want mainstream adoption, we need to make this process much easier for the average retail investor. I honestly thought I could trust gatehub and I tied my toastwallet to gatehub, but I moved my funds entirely off of toastwallet and gatehub. I understand that off ledger is the best way to store funds, but I would worry if I ever lost a nano ledger. 

I tried to do this with https://www.theworldexchange.net - if someone wants to fork the project on Github and do variations of it, it's free.  For example, the more advanced features are exposed under Advanced Settings in the upper right and includes this documentation:
 

Quote

The third major setting is the "RegularKey." Setting this field to the public address of another account allows you to also use the secret key of that other account to login. In other words, you can now login using either of two secret keys (passwords) instead of one. The main secret key you start with is known as the "MasterKey" and is unchangeable, but a "RegularKey" can be changed constantly. Some users feel better protected if their main, unchangeable "MasterKey" is rarely used, and setting a "RegularKey" essentially lets them use what is otherwise a disposable password for the majority of the time. Another use case might be delegating access to your account to another user, who you want to maintain the ability to cut off, such as with a large company. An additional setting "disableMasterKey" is also available should you wish to only use the RegularKey going forward, but be careful as you can permanently lock out your account if you both disable the MasterKey and set the RegularKey to an account you don't have the secret key to.

 

Edited by pftq

Share this post


Link to post
Share on other sites

Curious, when I set up my gatehub they provided me with my secret keys and advised me if I lose it then there's no way for them to recover it so they allowed me to write it down before I continued with setting up the account. Was this feature added recently or was it always there?

Share this post


Link to post
Share on other sites
3 minutes ago, GrayFox said:

Curious, when I set up my gatehub they provided me with my secret keys and advised me if I lose it then there's no way for them to recover it so they allowed me to write it down before I continued with setting up the account. Was this feature added recently or was it always there?

What feature are you referring to? As far as I recall, this was how account setup always was (except now we confirmed the "no way for them to recover" is not true).

Edited by pftq

Share this post


Link to post
Share on other sites
28 minutes ago, pftq said:

What feature are you referring to? As far as I recall, this was how account setup always was (except now we confirmed the "no way for them to recover" is not true).

Ok, thanks for clarifying. Interesting, lying ******** lol. I was right not to trust them

Share this post


Link to post
Share on other sites

I'm a little lost here...so if your XRP is in Gatehub, but they can't do anything with it... what's the advantage of it being there over say a paper wallet or Nano?

I thankfully moved my balance from Gatehub to the Ledger Nano late last year.

Share this post


Link to post
Share on other sites
4 hours ago, Tinyaccount said:

I’ve started to buy tiny fortnightly amounts of altcoins.  Just hoping to have win on a dark horse as well as on my long term XRP gain.  But that means I have small amounts of an increasing number of coins I know next to nothing about.

At the moment these few tiny parcels are on an exchange and hardly worth anything.  But as their number grows (and maybe their value?) I’m wondering how to get them secured.

What do you guys do with mixed bags like that?

I have a mixed bag of cryptos that I leave on an exchange.....I'm willing to lose them if the exchange gets hacked.  The problem is many require their own wallets and I draw a particular line where it's just not worth downloading their specific wallet, paying fees to withdraw and put back on the exchange...not when the holding is not so much a "bag", than a trouser pocket!  Having said that, I have larger holdings in XLM, NANO, VET and IOTA that can only be accessed via my Nano S.  And of course, my XRP requires my Nano S.

For ERC-20 tokens, you can use MEW with your Nano wallet (I did that in the last bull run, had about 20 different tokens on a single MEW account via my Nano Ledger). 

Edited by 2ndtimearound

Share this post


Link to post
Share on other sites
Guest
6 hours ago, Tinyaccount said:

What do you guys do with mixed bags like that?

Hardware wallet. 

Share this post


Link to post
Share on other sites
6 hours ago, Tinyaccount said:

I’ve started to buy tiny fortnightly amounts of altcoins.  Just hoping to have win on a dark horse as well as on my long term XRP gain.  But that means I have small amounts of an increasing number of coins I know next to nothing about.

At the moment these few tiny parcels are on an exchange and hardly worth anything.  But as their number grows (and maybe their value?) I’m wondering how to get them secured.

What do you guys do with mixed bags like that?

Many exchanges will provide an option to whitelist wallet addresses in addition to 2FA. Even if you don’t want to really withdrawal your assets from the exchange you could at least setup the whitelist protection with relevant wallets to limit withdrawal access to foreign addresses. 

Share this post


Link to post
Share on other sites
10 hours ago, jargoman said:

Many gatehub users where hacked recently.  I personally know the feeling akin to being punched in the gut. My gatehub account was hacked in 2013. The 300,000+ XRP were valued around $5000 at the time they were stolen but eventually would have hit an all time high value of 1 million USD. 

I was unaffected by the latest gatehub hack because I alone control my crypto keys. 

I was an early adopter of ripple because I believed in the tech. xrpl is useful for reducing (but not eliminating) 3rd party risk. 

This gatehub attack was preventable by having users manage their own keys.

A person can create a gatehub account and then use a 3rd party wallet to set a regular key and disable their master key. This renders the gatehub account open but restricts gatehub from signing transactions. My gatehub account may have been hacked for all I know and I'm not worried. The only way to sign a valid transaction for my gatehub account is using the regular key I've set and only I control that key. 

Not your keys not your crypto. 

When I get more time I'll post tutorials on how to use the ihilda wallet with gatehub, and how one can set a regular key/disable master and reduce third party risk. 

Also I'll post a tutorial on how to set a regular key for the ledger nano allowing one to use ihilda with a word list such as the one required for the ledger nano. 

I feel like advanced users have an advantage of knowing for to reduce risk. We need a wallet and security center where everything is explained. 

i tot Gatehub started 2014?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...