I think split your funds up in multiple wallets. Maybe 2-3 offline wallets, Poloniex if you like that site, and a website like Omniwallet (or whichever similar ones there are, which I should know by now but don’t!) that offers you control over private keys. Just an idea I had, and somewhat put into practice so far. Is this a sane idea?
I used Poloniex all the way at its beginning a couple years back, to trade Vertcoin. I thought the site design was spectacular even back then. So I really like it.
Will every exchange that currently lists MaidSafe be upgrading?
Bittrex is slow to pass these coins down! Its fair to safe Maidsafe should have a wallet to protect its current holders! OR at least team up with JAXX for storage or something of that nature… Exodus perhaps?
MAID is an Omni token so yes it can be stored in Omniwallet. Safecoin does not exist yet but when it does it will exist as files on the SAFE Network and a wallet will be part of the client software. At that stage MAID will be exchanged 1:1 for Safecoin.
If I would like send MAID from Omniwallet somewhere do I need Bitcoins for transaction fee or Omniwallet accept Omni token or MAID ? I never researched about Omni much.
Even that I send only MAID on that address I have there also very little amount of BTC, what that mean ? If will be enough can I pay fee with this ? (Maybe just for 1-2sat/B transaction). I sent there 50,8 MAID and have there only 50.0. So maybe the rounded MAID to zere where converted to BTC ?
Btw. I tried import BIP38 encrypt privat key to Omniwallet, but First I have to decrypt BIP38 on bitaddress.org to get valid Privat key for Omniwallet and looks all OK.
I’ve been asked several times to provide a guide to storing MaidSafeCoin off the exchange, so here’s something people may or may not find useful.
Huge Disclaimer:
You probably assume you can trust yourself more than the exchange. This is not always true. The process of moving coins to and fro the exchange is a simple but detailed process. If you mess it up it’s usually not recoverable. Poloniex (the major exchange for MAID) is reasonably trustworthy (you should do your own research and I’m not endorsing the security of any company or people in this post). Poloniex is owned by Circle. Poloniex currently stores about 122M MAID (about 27% of all currently available MAID). Point being, consider the risks of your own relatively basic understanding of security vs that of the exchange, and don’t just blindly trust yourself in preference to the exchange because someone said one or the other is better.
Follow the steps EXACTLY.
I will not provide support beyond this one single post. If you have problems they are your problems. I’m not a tech support person and will ignore you if you ask for help. Maybe some other people might help you if they’re feeling kind, but don’t bet on it. Please factor that into your risk assessment.
Brief Outline:
Prepare your wallet securely
Verify your wallet
Transfer coins out of the exchange
Transfer coins back to the exchange
Prepare your wallet
Save the BIP39 tool (bip39-standalone.html) to your computer or USB stick. You might want to verify it using the signature.txt.asc file, but I realise this is beyond the capability of most users. If you use a bad copy of this tool you will lose your funds. Some ways things might go wrong:
Obtaining the tool from an untrusted source.
Leaving the tool on your drive where it could be modified, then the modified version is used again later.
There may be an unknown bug in the tool.
There may be a virus on your computer that modifies clipboard content or modifies content on disk or in memory or leaves the network active even when it appears to be turned off.
If you know how to boot to a live linux, do that now, leaving the network disconnected. If not, simply turn off your network now (wifi, ethernet) and reboot. Leave the network off for this entire process.
Open the local copy of BIP39 tool in your browser.
Click ‘Generate’ or enter your own entropy.
Enter a passphrase that you will remember. It’s more important that you remember it than anything else. It doesn’t have to be super secure, it just has to be easy for you to remember. If you forget this passphrase you will lose your funds.
Write the words on a piece of paper using a pen. Do not write down the passphrase. Do not print the words. Do not save them to a file. Do not email them. These words should live only in the physical world, not the digital world. Make another copy on a second piece of paper and keep them both somewhere safe, preferably physically distant from each other. Maybe make a third copy if you have three secret locations. This paper is your funds and if you lose it you lose your funds. However if someone finds it they cannot access your funds using just the words, they also need your passphrase which they would have to guess.
There will be a list of derived addresses - keep a note of the first address, the first 10 characters should be enough to ensure you can regenerate the address list correctly. This address should start with a 1. Do not use BIP49 or BIP84 or any derivation scheme that does not have addresses starting with a 1. This is because the omni protocol (which MaidSafeCoin uses) works best with ‘old-style’ bitcoin addresses starting with a 1.
Now you have a secure wallet which consists of a mnemonic and a passphrase. The mnemonic is written down on paper which must be stored securely, the passphrase is in your head and should not be written down or stored.
Leave the network disconnected. Close the browser. Move to the next step which is to verify your wallet.
Verify Your Wallet
Your computer should still be offline. Keep it offline.
Open a browser and load the BIP39 tool.
Type in your mnemonic as written on the piece of paper. If there are errors shown by the tool, redo the previous steps and create a new wallet. If you have errors at this point seriously consider leaving coins on the exchange, since there are doubts about your attention to detail and ability to operate in a secure way. Don’t be discouraged though, you learned something about yourself and that’s fine! Better to learn the easy way than to lose your funds.
Type in your passphrase.
Check the address matches the one that was previously generated (you probably wrote down the starting characters somewhere in the previous steps).
If it doesn’t match, double check your mnemonic and passphrase and again ask yourself if you’re confident enough to store coins yourself. The steps are simple but they demand a frustrating amount of precision and commitment.
If the address matches, you have successfully verified that your wallet can be accessed. Congratulations! You’re ready to send funds to the wallet.
Copy the first address to a file somewhere. This is the address you’ll send coins to. If the file containing your address is modified between now and when the coins are sent you will lose your funds because they will be sent somewhere other than your wallet. This is unlikely, especially with the network disconnected, but some caution is advised.
Reboot your computer. You can turn network back on after the reboot has happened. I suggest also deleting bip39-standalone.html now. Next time you need it you can download it again and be confident it hasn’t been modified between uses.
Transfer coins out of the exchange
Log in to the exchange.
Navigate to their withdrawal form.
Enter your address and the amount to withdraw.
Click withdraw.
After a while (maybe half an hour) you can see your address should have funds using a block explorer like omniexplorer.info, although bear in mind browsing this site may pose a privacy risk by linking your IP to that address. I consider this risk relatively minor but it’s worth being aware of.
Congratulations, you now control those coins and they are off the exchange. If the exchange is hacked your coins will still be safe.
Transfer coins back to the exchange.
This is complex.
This step is the main reason not to remove coins from the exchange (the prior steps are very low risk compared to this one).
Your private key (which allows the coins to be transferred) will be exposed to the internet for some short period, which poses a risk of loss of funds. If someone else gets the private key they can transfer your funds. The degree of risk is a bit like saving your credit card details to a file on your computer for a short while, except if something goes wrong there’s no way to reverse it.
There are ways to do it without exposing your private key but that’s too complex for most people, and I think the risk of screwing that technique up are higher than the risk of your private key being stolen during the short time it’s exposed to the internet.
If you don’t have a copy of bip39-standalone.html, get a copy now (and if you know how, verify it’s legitimate).
Boot into live linux, or turn off the network on your computer and reboot leaving the network disconnected.
Open the bip39 tool in a browser.
Enter your mnemonic by typing in the words from the piece of paper, and enter your passphrase.
The address list will be generated and should match where you sent your funds.
Copy the private key of the address with your funds (it should start with the letter K or L). Save it to a file on your computer.
Close the browser and reboot. The network should still be off.
Once your computer has rebooted, turn the network back on.
Load omniwallet.org - check it has https. You will be trusting this service not to steal your funds. Some people will not be satisfied with that risk. I suggest reading about omniwallet to judge that risk for your own needs. In the case omniwallet cannot be trusted, you should either trust the exchange or learn how to transfer omni funds using offline signing (very complex).
Click create wallet.
Make an account. This account is disposable and I suggest using a fake email such as fake@example.com
Click My Addresses > Add Address > Import Address With Private Key
Copy and paste your private key.
Copy some other bit of text to remove the private key from the clipboard.
Follow the steps to import the private key.
Log in to your exchange and get a deposit address for MaidSafeCoin.
In omniwallet, navigate to the Send form.
Paste the deposit address from the exchange. Double check the address matches the one in the exchange, since some viruses may hijack your clipboard and change the address.
Enter the maximum amount possible, ie send all your coins to the exchange. The reason for this is because if you don’t send it all, the leftover amount will be sent to an address in your omniwallet, which is not going to be in your secure offline wallet! So send all the maidsafecoin to the exchange, even if you don’t intend to trade it all. Then send any remaining maidsafecoin from the exchange to your address once you’re finished trading.
Send the coins from your wallet to the exchange.
Wait for them to arrive at the exchange (may take a few hours).
You may get an error when sending because some bitcoin must exist at the address to pay for the transaction. If this is the case you need to acquire some bitcoin and send them to your MaidSafeCoin address. This is not ideal but hopefully there’s enough bitcoin there anyhow to cover the cost. Because of this need for bitcoin to exist in that address there may be a lot of extra cost and delay when sending MaidSafeCoin to the exchange. The amount of bitcoin required cannot be known in advance and depends on the network conditions at the time the coins are being sent, as well as other factors such as the size of the transaction.
Once the transfer is complete, delete the private key file off your computer.
These steps are for information only and I don’t provide any support to people using these steps. Do your own research before deciding. Be aware you may lose funds in extremely unexpected ways. Try to understand the risks, both the known and the unknown. Do not blindly listen to anyone on the internet, myself included.
Nice tutorial @mav! No offense to you at all but this is def crypto’s usability problem. That list would scare all of my friends off. I’m glad I stuck around from so early on. SAFE ought to take the complexity out and that will be good for everyone.
Agreed. Although I would say most of the problem being addressed in the list falls under the category of ‘secure key management’ which is very difficult to do correctly. So SAFE should ideally have as a default built-in feature the ability to easily and securely manage keys. Key management will probably will end up residing within the authenticator software, although maybe it could be designed in a way that allows other management options too.
@mav I just want to express my gratitude for you, and also to others who publish these kind of instructions. Without that kind of people my kind of people would be in serious trouble. So thank you once more!
thanks mav for providing such a concise guide here. I’m considering trying a run or two through this i.e transferring out and then back into exchange. Firstly can i say I completely agree with @Nigel that this is the kind of process that surely stops so many people getting their feet wet.
A couple of questions to anybody kind enough to answer (which will no doubt highlight my general ignorance crypto related!).
Am i right in thinking once i have completed steps 1-3 in preparing/ verifying / and transferring to created wallet, and as long as I have my mnemonic and passphrase I can recover said wallet from different machine in the future?
I.e. there is nothing to backup etc. on second or 3rd storage medium for redundancy.
Is the above termed as cold storage or offline storage?
RE A paper wallet, is this simply a generated qr code for your coin that can be printed and kept? Is this possible for the maid token (I’m not considering this just interested)
1 - that’s right, you’re fine as long as you have your mnemonic and passphrase. Some physical redundancy can help protect against loss (natural disasters etc)
2 - yes, if you generate offline and then send your coins there, that’s cold storage
3 - yes, MAID can be stored on a paper wallet. A paper wallet is a private key (ie a random number), and the corresponding public address. There is usually the option to encrypt the private key before printing the wallet, because otherwise anyone who found your piece of paper could take the coins (as could anyone finding your mnemonic words if you don’t add a passphrase)
regarding point 1, does this mean my pc can be destroyed/ memory wiped and i can use a different machine with only my passphrase and mnemonic (which for sake of argument i handwrote on a piece of paper) in order to get access to the vault or wallet?
The above poster with the detailed instructions did not post the more complex but more secure process of sending coins withou exposing the private key to whoever is running omniwallet.com, where can i find these instructions?
Then you send with the OMNI-wallet, preferably with all the amount and don’t use the same address for maximum security. If you have a large amount then you can choose to split the amount between several addresses if you want. You need to use OMNI if you want to send any amount.