• The European Commission has today officially proposed a regulatory framework for crypto-assets and stablecoins after a leaked draft proposal went viral last week.
  • The official proposal recommends a “bespoke” regime for crypto-assets and stablecoins.
The European Commission has today officially proposed a regulatory framework for crypto-assets and stablecoins after a leaked draft proposal went viral last week.

The 168-page official draft proposal (provisional), published Thursday, highlights the need for a „sound“ legal framework, clearly defining the regulatory treatment of all crypto-assets that are not covered by existing EU financial services legislation.

Crypto assets, especially stablecoins, have the potential to become widely accepted, said the commission. Hence, they would be subject to „more stringent requirements“ regarding capital, investor rights, and supervision. The proposal is in line with the leaked version from last week.

The commission has today proposed a „bespoke“ regime for crypto-assets and stablecoins. „The bespoke regime for crypto-assets will ensure a high level of consumer and investor protection and market integrity, by regulating the main activities related to crypto-assets,“ said the commission. The main activities include such as crypto exchange and wallet services.

„By imposing requirements (such as governance, operational requirements) on the main crypto-asset service providers and issuers operating in the EU, the proposal is likely to reduce the amounts of fraud and theft of crypto-assets,“ said the commission, adding:

„The bespoke regime will introduce specific requirements on e-money tokens, significant e-money tokens, asset-referenced tokens and significant asset-referenced tokens in order to address the potential risks to financial stability and monetary policy transmission these can present. Finally, it will address market fragmentation issues arising from the different national approaches across the EU.“

The commission has today also proposed a regulatory sandbox to allow companies to test blockchain technology in trade and settlement processes.

The proposals are part of the commission’s newly adopted Digital Finance Package. The package will „boost Europe’s competitiveness and innovation in the financial sector, paving the way for Europe to become a global standard-setter,“ said the commission. „It will give consumers more choice and opportunities in financial services and modern payments, while at the same time ensuring consumer protection and financial stability.“

Source: theblockcrypto.com

PDF-Document – REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

What Are Cryptocurrencies?

A potential new form of money offers benefits while posing risks

Antoine Bouveret and Vikram Haksar

Back to Basics

Hundreds of them have sprouted, with fanciful names like Primecoin, Dash, and Verge. They have developed cult-like followings among the tech-savvy. Their values fluctuate wildly. Some people say these mysterious bits of computer code will someday replace money as we know it. What exactly are these cryptocurrencies, and what makes people think they are worth anything at all? To answer these questions, let’s first look at how money evolved.

Uses of money

Money serves as a store of value, a means of exchange for goods and services, and a unit of account that measures value. Before money, human societies exchanged goods and services directly—a bushel of grain for a pig, say. This was not very efficient. As societies grew more complex, commodity monies were developed—from seashells to copper, silver, and gold. Some states introduced fiat money—which has no intrinsic value other than the promise to pay—such as paper money in eighth century China under the Tang dynasty.

Most early forms of fiat money were neither very stable nor widely accepted, as people did not believe the issuer would honor its commitment to redeem the money. Governments were tempted to print more money to buy goods or raise wages, which fueled inflation (think of people moving cash around in wheelbarrows in post–World War I Germany). Modern central banks seek to maintain price stability by regulating the supply of money on behalf of governments.

Bookkeeping and ledgers

An increasingly extensive and complex financial system gave rise to the need for trusted intermediaries and credible accounting systems. The development of double-entry bookkeeping in Renaissance Italy was a major innovation that strengthened the role of large private banks. In modern times, central banks emerged at the apex of payment systems. With computerized bank ledgers, the coordinating role of central banks increased.

How do such ledgers work? Financial institutions adjust the positions of their account holders in their internal ledgers, while the central bank validates transactions among financial institutions in a central ledger. For example, Mehrnaz uses money from her account in bank A to buy goods from Mary, who has an account in bank B. Bank A debits the money from Mehrnaz’s account. The central bank moves money from bank A to bank B and records the transaction in its central ledger. Bank B then adds the money to Mary’s account. As you can see, the system is based on trust in the central bank and in its ability to safeguard the integrity of the central ledger and ensure that the same money is not spent twice.

With many cryptocurrencies, on the other hand, there is no need for a trusted central agent. Instead, they rely on distributed ledger technology, such as blockchain, to construct a ledger (effectively a database) that is maintained across a network. To ensure that the same cryptocurrency is not spent twice, each member of the network verifies and validates transactions using technologies derived from computing and cryptography. Once a decentralized consensus is achieved among members of the network, the transaction is added to the ledger, which is validated. The ledger provides a complete history of the transactions associated with a particular cryptocurrency that is permanent and cannot be manipulated by a single entity. This ability to achieve consensus on the validity of transactions between accounts in a distributed network is a foundational technological shift.

Network members who verify and validate transactions are usually rewarded with newly minted cryptocurrency. Many cryptocurrencies are also pseudo-anonymous: holders of the currency have two keys. One is public, such as an account number; another, private key is required to complete a transaction. So, to continue the previous example, Mehrnaz wants to buy goods from Mary using a cryptocurrency. To do so, she initiates a transaction with her private key. Mehrnaz is identified in the network by her public key, ABC, and Mary is identified by hers, XYZ. Network members verify that ABC has the money she wants to transfer to XYZ by solving a cryptography puzzle. Once the puzzle is solved, the transaction is validated, a new block representing the transaction is added to the blockchain, and the money is transferred from ABC’s wallet to XYZ’s.

Benefits, risks

Now that we understand the technology, let’s return to the genesis of cryptocurrencies. The first one, Bitcoin, was introduced in 2009 by a programmer (or group of programmers) using the pseudonym Satoshi Nakamoto. As of April 2018, there were more than 1,500 cryptocurrencies, according to coinmarketcap.com; along with Bitcoin, Ether and Ripple are the most widely used.

Despite the hype, cryptocurrencies still don’t fulfill the basic functions of money as a store of value, means of exchange, and unit of account. Because their value is highly volatile, they have little use so far as a unit of account or a store of value. Limited acceptance for payment restricts their use as a medium of exchange. Unlike with fiat money, the cost of producing many cryptocurrencies is high, reflecting the large amount of energy needed to power the computers that solve the cryptographic puzzles. Finally, decentralized issuance implies that there is no entity backing the asset, so acceptance is based entirely on users’ trust.

Cryptocurrencies and their underlying technologies offer benefits but also carry risks. Distributed ledger technology could reduce the cost of international transfers, including remittances, and foster financial inclusion. Some payment services now make overseas transfers in a matter of hours, not days. The technology can provide benefits beyond the financial system. For example, it can be used to securely store important records, such as medical histories and land deeds. On the other hand, the pseudo-
anonymity of many cryptocurrencies makes them vulnerable to use in money laundering and terrorism financing, if no intermediary checks the integrity of transactions or the identity of the people making them. Cryptocurrencies could also eventually present challenges for central banks were they to affect control over the money supply and therefore the conduct of monetary policy.

Source: imf.org

BaFin nimmt Interessenbekundungen entgegen

Durch das Gesetz zur Umsetzung der Änderungsrichtlinie zur vierten EU-Geldwäscherichtlinie wird das Kryptoverwahrgeschäft als neue Finanzdienstleistung in das KWG aufgenommen. Das vom Gesetzgeber bereits beschlossene Gesetz tritt am 01.01.2020 in Kraft. Unternehmen, die dieses Geschäft dann erbringen wollen, benötigen eine Erlaubnis der BaFin. Die BaFin bittet interessierte Unternehmen bereits jetzt um eine formlose und unverbindliche Interessenbekundung.

Anträge für die Erlaubnis zur Erbringung des Kryptoverwahrgeschäftes kann die BaFin erst entgegennehmen, wenn das Gesetz in Kraft ist. Gleichwohl bittet die BaFin bereits jetzt um Interessenbekundungen von Unternehmen, die bereits das Kryptoverwahrgeschäft erbringen oder die Erbringung beabsichtigen.

Diese Interessenbekundungen sollten neben dem Namen des Unternehmens und der Ansprechpartner auch ein kurze Beschreibung des Geschäftsmodells von maximal einer Seite enthalten. Weitere Informationen sind vorläufig nicht einzureichen.

Die Interessenbekundungen sind vorzugsweise per E-Mail oder postalisch an folgende Adresse zu senden:

Bundesanstalt für Finanzdienstleistungsaufsicht
Gruppe IT-Aufsicht – Kryptoverwahrgeschäft
Graurheindorferstraße 108
53117 Bonn

Bitte beachten Sie die Hinweise zur gesicherten Kommunikation per E-Mail mit der BaFin.

Die BaFin möchte mit diesem Verfahren einen reibungslosen Übergang auf die neue Rechtslage ermöglichen und frühzeitig einen Überblick über den Markt erhalten. Die Unternehmen werden auf ihre Interessenbekundung keine unmittelbare Eingangsbestätigung oder Einschätzung zu den eingereichten Angaben erhalten.

Es ist beabsichtigt den Unternehmen, die ihr Interesse bekundet haben, nähere Informationen und Hinweise mitzugeben, sobald die BaFin ihre Verwaltungspraxis zu der Zulassung und der laufenden Aufsicht für die neue Finanzdienstleistung konkretisiert hat. Grundsätzlich richtet sich das Erlaubnisverfahren für das Kryptoverwahrgeschäft nach § 32 Abs. 1 KWG, weshalb das bereits bestehendeMerkblatt der Deutschen Bundesbank über die Erteilung einer Erlaubnis zum Erbringen von Finanzdienstleistungen vom 06.07.2018 berücksichtigt werden kann. Die Unternehmen sind daher eingeladen ihre Interessenbekundung mit aus ihrer Sicht noch offenen Grundsatzfragen zu verbinden. Die Interessenbekundung ist formlos und unverbindlich. Sie ist zudem freiwillig und hat keine Auswirkungen auf ein zukünftiges Erlaubnisverfahren.

Die Interessenbekundung ersetzt nicht die förmliche Anzeige nach § 64y KWG n.F. Das Gesetz sieht in § 64y KWG n.F. verschiedene Übergangsbestimmungen für bereits tätige Unternehmen vor. Für ein Unternehmen, das auf Grund des neuen Erlaubnistatbestands Kryptoverwahrgeschäft ab dem 01.01.2020 zum Finanzdienstleistungsinstitut wird, gilt die Erlaubnis für den Betrieb dieses Geschäfts als zu diesem Zeitpunkt vorläufig erteilt, wenn es bis zum 30. November 2020 einen vollständigen Erlaubnisantrag stellt und wenn es die Absicht, einen Erlaubnisantrag zu stellen, bis zum 31. März 2020 der Bundesanstalt schriftlich anzeigt. Die gesetzliche Vorgabe in § 64y KWG n.F. setzt nach ihrem Wortlaut eine schriftliche Absichtsanzeige voraus.

Source: https://www.bafin.de/DE/Aufsicht/BankenFinanzdienstleister/Zulassung/Kryptoverwahrgeschaeft/kryptoverwahrgeschaeft_artikel.html

Hier ein etwas ausführlicher Artikel zu diesem Thema: New law makes Germany “crypto heaven”

The legislation enables banks to sell and store cryptocurrencies from January 1, 2020. Other providers will now require a German license.

The German parliament today passed a bill allowing banks to sell and store cryptocurrencies from next year.

The new legislation will come into force on 1 January 2020, and will require current custody providers and crypto exchanges operating in the country to take steps, before the end of the year, to apply for a German license.

The law will not only put Germany, the world’s fourth biggest economy, at the forefront of regulation in cryptocurrencies, but heralds a milestone in the adoption of cryptocurrencies.

“Germany leads the way in crypto regulation, for sure. This leads to institutional investors coming to Germany, as they want security and regulation,” Sven Hildebrandt, partner at German crypto consultancy DLC, told Decrypt. „Germany is well on its way to becoming a crypto-heaven.”

The bill was passed by the Bundestag, the lower house of the German Parliament, earlier this month,  and approved by the upper house, the Bundesrat, today.

It amends a clause in the European Union’s Fourth Anti-Money Laundering Directive that currently prohibits banks from dealing directly in cryptocurrency. It  allows them to legally sell and store cryptocurrencies, just as they do stocks and bonds, to retail as well as institutional investors.

At the same time, exchanges such as Binance and Kraken, and other digital asset custodians, will need to obtain a license from the German regulator, Bafin, if they wish to continue operating in Germany, said Hildebrandt.

In order to apply for this, companies will need a German legal entity with two directors operating in the country by the end of 2019. They also need to signal their intention to apply to Bafin for a license before 31 March 2020, and submit the application prior to 31 November 2020.

Digital asset custodians who have not established a legal identity in Germany before the end of the year will be deemed illegal by 2 January 2020, said Hildebrandt.

He said this leaves companies wishing to continue provide services in Germany with three options: to set up a German company before the end of this year, and then apply for a licence; to work with a cryptocurrency custodian who is licensed in Germany, or to work with a licence provider, which can offer a “complex but clever“ solution.

Companies have already begun to act on the new German law. Crypto Storage, a subsidiary of Swiss financial services provider, Crypto Finance announced plans to open an office in Frankfurt today.

Hildebrandt said that the new law will be a major breakthrough. “If you can hold [cryptocurrencies] in your bank account, that is massive for adoption,” he said. “I believe that this will act as a role model for all the other laws that will be coming into force Europe wide. Germany is driving crypto adoption forward and wants to play a leading role in Europe as well. One of the key challenges is keeping private keys safe.”

“I believe the biggest impact will be on exchanges such as BitStamp, Kraken and Binance, who are looking deeply into this,” he added.

The proposals were also greeted with enthusiasm by Germany’s banking community.

But consumer protection watchdogs have warned that it could mean banks could aggressively pitching cryptocurrencies to uneducated customers, putting them at risk.

Source: https://decrypt.co/12603/new-law-makes-germany-crypto-heaven

“The stock-to-flow approach originating in commodity-market analysis serves to quantify the ‘hardness’ of an asset. Applied to Bitcoin, an unusually strong correlation emerges between the market value of this cryptocurrency and the ratio between existing stockpiles of Bitcoin (‘stock’) and new supply (‘flow’),” they say.

Source: https://www.bayernlb.com/

Das Bundeskabinett hat heute (Anm. 18.09.2019) die Blockchain-Strategie verabschiedet. Das Bundesministerium für Wirtschaft und Energie (BMWi) und das Bundesministerium der Finanzen (BMF) haben sie unter Einbeziehung der übrigen Ressorts erarbeitet.

Bundeswirtschaftsminister Peter Altmaier: „Die Potenziale der noch jungen Blockchain-Technologie sind hoch. Deutschland ist dabei weltweit unter den führenden Standorten. Mit der Blockchain-Strategie wollen wir dazu beitragen, diesen Vorsprung zu halten und auszubauen. Ein Fokus liegt dabei im Energiebereich. Hier können wir doppelt punkten, indem wir in Pilotprojekten die Chancen der Blockchain-Technologie nutzen und gleichzeitig die Digitalisierung der Energiewende vorantreiben.“ Weiterlesen

Cryptocurrencies were supposed to destroy the traditional monetary system. Ten years on, where are we?
Bitcoin has been wildly successful, but as a financial game–not as a medium of exchange.

Source: https://medium.com/@alejandrodiaz

hand-holding guide to the Simple MultiSig Wallet, with plenty of screenshots

In this article I’m going to introduce a typical use-case for a MultiSig wallet, and then walk you through how to execute multisig transactions using Christian Lundkvist’s Simple MultiSig Wallet. I’ll be using the user interface for the Simple MultiSig Wallet that I wrote — it’s completely free to use and available on IPFS:

https://ipfs.io/ipns/simplemultisig.io/wallet

The walk through will have lots of screenshots. I know that format can be tedious for some people — but if you’re setting up a MutiSig Wallet with large sums of ETH it can be re-assuring to actually see how the screens will look.

Weiterlesen

Es hat ein wenig gedauert, bis das Bundesfinanzministerium das Urteil des Europäischen Gerichtshofs zur bundesdeutschen Tatsache gemacht hat. Aber nun ist es soweit. Sorgen, dass es irgendwie doch noch zu einer Verumsatzsteuerung von Bitcoin-Verkäufen kommt, haben sich damit endgültig erledigt.

Nachdem wir vor etwa zwei Wochen die Meldung hatten, dass das Finanzamt Bonn-Innenstadt versucht, von einem Bitcoin-Unternehmer die Umsatzsteuer für den Verkauf von Bitcoin zu verlangen, hat dies für ein gewisses Entsetzen in der Szene gesorgt. Unbestätigten Berichten zufolge hat dies zu Schlaflosigkeit unter Bitcoin-Tradern geführt und in einem extremen Fall sogar eine Psychose ausgelös. Manch ein Trader begann, sich wegen der potenziell hohen Umsatzsteuernachforderung um seine wirtschaftsliche Existenz zu fürchten. Mit ausgelöst wurde die Unruhe etwa durch Berichte des Steuerberaters Rüdiger Quermann sowie des Rechtsanwalts István Cocron.

Experten wie der Steuerberater Diplom-Kaufmann Christian Densch aus Essen, der als „Kryptotaxpert“ Gastgeber einer beliebten Facebook-Gruppe ist, haben von Anfang an energisch darauf hingewiesen, dass hier unnötig Panik verbreitet wird. Die Forderungen des Finanzamtes Bonn-Innenstadt seien in keinster Weise zu halten. Sie seien auch kein Ausfluss einer wie auch immer gearteten Verschwörung der Finanzämter, die nun versuchten, Bitcoin kaputt zu machen und die Bitcoin-Trader zu ruinieren, sondern lediglich das Ergebnis einer gewissen Trägheit der Behörden. Es sei weder notwendig, sich Sorgen zu machen, noch angebracht, Ängste zu schüren oder gar das persönliche Armageddon zu verkünden.

Wie sich bald darauf zeigte, hat der Steuerberater Christian Densch recht. Ihm gelang es im persönlichen Gespräch und einem darauf folgenden E-Mail-Verkehr, eine zur Veröffentlichung freigegebene Einschätzung von Dr. Christian Hufen zu bekommen. Dr. Hufen ist Persönlicher Referent des Parlamentarischen Staatssekretärs des Bundesministeriums für Finanzen, Dr. Michael Meister. Er schreibt, dass sich Kryptotaxperts „Vermutung, dass der Umtausch von Bitcoins in andere Währungen unter eine Umsatzsteuerbefreiung fällt, bestätigt“ hat. Es gilt die Entscheidung des Europäischen Gerichtshofes im Fall Hedqvist. „Danach handelt es sich bei dem Umtausch konventioneller (gesetzlicher) Währungen in Einheiten der virtuellen Währung ‚Bitcoin‘ und umgekehrt um eine Dienstleistung gegen Entgelt, die unter die Steuerbefreiung nach Art. 135 Abs. 1 Buchst. e der Richtlinie 2006/112/EG des Rates vom 28. November 2006 (sog. EU-Mehrwertsteuer-Systemrichtlinie, MwStSystRL) fällt.“

Der Steuerberater Densch hat noch einige weitere Fragen gestellt – etwa zum Mining oder zur steuerlichen Handhabung von Zahlungen mit Bitcoin – auf die der Persönliche Referent interessante, und im großen und ganzen auch erfreuliche Antworten gibt. Aber dazu ein andermal mehr. Hier sollte man feststellen, dass das Thema der Umsatzsteuer für den Verkauf von Bitcoins vom Tisch war.

Ein Schreiben des Bundesfinanzministeriums an die obersten Finanzbehörden der Länder vom 27. Februar, das auf der Webseite des Ministeriums veröffentlicht ist, bestätigt nun auch gegenüber den Behörden die Anwendung des Urteils des EuGH und bestätigt den Inhalt der E-Mail, die “Kryptotaxpert” bereits am 21.02.2018 auf seiner Seite veröffentlicht hat. Beim Umtausch von Bitcoin in Euro handelt es sich um eine „steuerbare sonstige Leistung, die im Rahmen einer richtlinienkonformen Gesetzesauslegung nach § 4 Nr. 8 Buchst. b UStG umsatzsteuerfrei ist.“ Die Grundsätze dieser Anordnung seien in allen offenen Fällen anzuwenden. Wer also sich noch irgendwie von der Umsatzsteuer bedroht fühlt, kann nun offiziell aufatmen.

Warum aber hat das Bonner Finanzamt nun trotz all dem einen Umsatzsteuerbescheid erlassen? Die Antwort darauf dürfte einen interessanten Einblick darin geben, wie deutsche Behörden zu arbeiten verpflichtet sind. Die Hauptsachgebietsleiterin Betriebsprüfung und Gewerbesteuer beim Finanzamt Bonn-Innenstadt verwies im Rahmen eines Telefonats mit Herrn Densch darauf, dass ohne Anwendungsschreiben der vorgesetzten Behörde ein EuGH Urteil nicht unmittelbar durch das Finanzamt umgesetzt werden darf. Unglücklicherweise orientierte sich die Verwaltungsmeinung noch an der Auffassung des BMF die Umsätze mit Bitcoin unterliegen der Umsatzsteuer. Das Finanzamt Bonn-Innenstadt hatte somit keine andere Wahl, als den mißliebigen Bescheid zu erlassen, auch wenn es sich selbst im klaren war, dass dieser nicht rechtens sein kann.

Es wäre interessant, wenn sich der Betroffene auch einmal zu Wort melden würde, bei der Aufregung, die um dieses Thema erzeugt wurde, dürfte ihm das ja nicht entgangen sein.

Source: https://bitcoinblog.de

How to protect your digital assets from fire, flood, phishing, forgetfulness, and other forces of nature.

“Be vigilant and you will thrive.” –Nick Dodson

There’s a “cold room” in Attinghausen, Switzerland — it’s lined with slabs of steel, and it sits some 300 meters down inside a granite mountain in an old, repurposed military bunker. What’s inside? Air gapped hardware with the private keys of high value crypto holders who are looking for a little peace of mind.

These security measures might sound extreme, but the attack vectors are many in the cryptosphere: shams, scams, extortion, friends turning on friends, spoof friends. Users can’t flag fake accounts fast enough:

Fake Vitaliks. Fake Joe Lubins. How hard does anyone really look at social media handles? Someone flying through twitter is prone to miss the “l” in @etlhereumJoseph.

For many users, the bulk of their crypto is still sitting “hot” — in online wallets on centralized exchanges, which have had their share of reckonings over the years: the infamous Mt. Gox hack in 2014, in which hackers made out with approximately 740,000 BTC, and the Bitfinex breach more recently, which drained almost 120,000 BTC from the exchange.

And then of course the age-old threats, fire and forgetfulness (one man accidentally threw out $9 million worth of bitcoin). Attack vectors can be unassuming, furry even:

The problem is, misplaced crypto has a way of altogether disappearing — sometimes across jurisdictions and beyond the reach of the law, sometimes into cryptographic black holes (in 2011, 2,609 BTC vanished on Mt. Gox because of a scripting error). What’s liberating about blockchain is that you can become your own bank. But that can also be a daunting thing for many of us who have grown comfortable letting central institutions manage our lives for us. It’s time we educate ourselves.

Snowden-grade.

Thankfully, Nick Dodson, founder of BoardRoom (now GovernX), just published his GitBook, “Pro Tips for Ethereum Wallet Management,” a security manual for naifs and tin foil hat types alike. Dodson’s personal security measures are admittedly Snowden-grade — we’re talking blanket over the screen and everything — but his mission is to empower users, not scare them off. He acknowledges the tradeoff between convenience and security. Too many security layers and you end up stumping even yourself when trying to access your crypto. Dodson gives you the resources to decide for yourself how sophisticated you want to get.

A word of caution: Compiling these pro tips brings with it the meta-anxiety that any tools or security measures we recommend here will now become the focus of bad actors. So stay sharp. But stay with it. Blockchain isn’t just about surviving. It’s about creating choices for yourself. As Dodson writes, “Be vigilant and you will thrive.”

1. Know the attack vectors.

AKA Know your enemy. Watch out for the proverbial “man in the middle” — someone trying to get in between you and your destination. Spoof sites, malicious websites that mimic other sites, can be picture-perfect nowadays. Make sure you double check URLs. Better yet, bookmark your crypto sites, and stick to your bookmarks (MetaMask also blacklists MyEtherWallet clones for you). Verify software downloads. A copy of Tails OS is no good if it’s infested with spyware. A man-in-the-middle attack can even be literal: one guy lost his life savings to a reseller on Ebay who pulled the recovery seed from a hardware wallet and repackaged the wallet. Always buy your hardware wallet directly from the manufacturer. Now think two steps ahead. Maybe your URLs look good. But how do you know someone hasn’t hacked your Wi-Fi, spoofed the DNS, and redirected you to different IPs? Safe computing is like chess: always assume your opponent is smarter than you.

2. Generate strong passwords.

You should know the drill by now — no birthdays, street addresses, song lyrics, etc. (don’t even get me started on my mom’s passwords). But even if you mash the keys on your keyboard, that’s still not random enough (you are not a good source of entropy). Password-crackers can rifle through 350 billion guesses per second. Use a random mnemonic generator to create a passphrase, or buy a hardware wallet to generate powerful keys and signatures for you. Multiple passwords are better than one. Multi-signature wallets, like Gnosis’, require multiple keys to validate transactions. And use two-factor authentication for everything: email, exchanges, Steam, etc. Heads up: the countdown might be annoying, but app-based two-factor is much more secure than SMS. Let this be your warning.

3. Use cold storage.

You don’t have to go 300 meters underground, but you should keep the majority of your crypto “cold” — that is, air gapped and offline. Only keep an amount in exchanges and online wallets that you are willing to lose. You can either build an air gapped computer by removing the network card from your PC or laptop (Tails is an operating system that you can run offline), or buy a hardware wallet. When generating the seed phrase, plug your hardware wallet into a wall outlet to keep it as cold as possible. Paranoia tips: cover the mic/camera of your laptop and remove any electronic devices from the room.

4. Test everything.

Make small test transactions or practice with a tiny bit of funds on a test network before going full monty. Never manually type out addresses (over 9000 ETH have been lost forever due to typos). Copy and paste, use Ethereum Name Service, or scan QR codes. Make sure your scan app is secure (Pro Tip #1: Know the attack vectors). Double-check the identicon of your target address. Before transferring any crypto onto your hardware wallet, test your seed phrase. If you’re building an air gapped computer, record and re-check the MD5 checksum before and after you load data onto the SD card. For the love of Ethereum, test everything.

A little paranoia is a good thing. Maybe not this much. When’s the last time you got out of the house?

5. Store your seed phrase(s) across different devices and locations.

A standard Bip39 seed phrase is that curious string of 24 words from which you can derive a private key. Manage your seed with utmost care. If you write it down on paper, consider making two copies and storing them in separate locations. SD cards are another storage option, but they rarely last more than five years, and they could be wiped by a pinch (EMP bomb). Use both analog and digital just in case (some people hammer their seed phrases into steel). If you want to level up: store pieces of your seed phrase in separate, safe locations. And remember: meticulously record your steps, so you (or your heirs) can recreate the seed.

6. Maintain plausible deniability.

Plausible deniability in the cryptoverse means the ability to keep certain data hidden. Here’s a helpful public emission guideline: don’t broadcast your holdings, and especially don’t tell the world (over social media) the exchanges where you keep all your crypto (again, this guy). All your crypto shouldn’t be hot anyway (Pro Tip #3: Use cold storage). You can hide accounts under different HD paths on your hardware wallet in case someone comes knocking. Also, minimize your risk exposure by distributing your holdings across multiple wallets.

7. Level up. Help the ecosystem.

Dodson finishes his GitBook by recommending four different levels of wallet setup, Level 4 being for the most rigorous users. It’s your call how sophisticated you want to get. But remember: your security choices affect not only you but the ecosystem. If you don’t use two-factor authentication, and someone seizes your email (that, say, you left open on a library computer), when that bad actor starts phishing your personal network, that’s on you. So challenge yourself to level up. Experiment with hardware wallets, Tails, and multi-sig. Channel your inner Snowden. Learn by teaching. Tell your friends about cold storage, and your mom about strong passwords. Help the community flag spoof sites and fake accounts. Dodson’s “Pro Tips” are a gift to the ecosystem, and something we can pay forward.

Source: https://media.consensys.net