Category: Support

20 Security Rules for Cryptoland, IOTA, and Trading you should know

20 Security Rules for Cryptoland, IOTA, and Trading you should know

Cryptoland is growing on all ends and new people from all over the world start to look for new opportunities.

This digital era enables many ways to make money, to find new jobs, or to create new business models for your company.

As the majority of newcomers are targeted by organized groups, in order to scam their money, I decided to make a short list of important rules you should keep in mind, when entering this shark-pond.

 

1. Most important rule: stay up to date.

The majority of software you will find in this cutting-edge area of the Internet is not in the release-candidate stage.

Most of the projects are in alpha or beta stage, so in order to get all the important information, you should check the software and currencies you are using for updates. The more often, the better.

Vital updates, bugs, and security vulnerabilities are part of the daily madness in cryptoland.

Therefore, you should check the official channels of all currencies and projects you’re invested because you have no guarantee at all that everything is working like it did yesterday.

Twitter is one of the best sources for that!

 

2. Don’t rush into important decisions

Some decisions are expensive. If you have important news, and it happens to be the case that you think you can read the markets, think about it twice before you set a buy- or sell order.

That also applies to software you are using. Before deleting wallet-software, or backups, ensure that there are no important files like “wallet.dat”, or password lists.

Too many people lost their money because they acted too fast. Don’t be that person.

 

3. Invest after due diligence, not after recommendation

An investment in cryptoland can be many things.

In most cases, you lose your money, especially if you blindly follow recommendations of tweets, strangers of the Internet, or persons you barely know.

In almost every social channel, you will find a flashy advertisement for every currency out there, for every upcoming ICO or IPO.

The flashier these advertisements are, the more due diligence you should do.

Take your time, read into it and decide where to invest if you have a solid overall understanding.

Look for the developers, for criticism, for the technical perks, unique features, for warnings, PSA’s and for the long-term vision of a project.

 

4. Don’t do margin trading without experience

If you’re new to cryptocurrencies, never do margin trading. People underestimate these markets and its unique behavior.

Most Exchanges are not regulated. Influential parties can manipulate the course with a trading bot to their advantage. That happens all the time.

If you think you can read the markets and you leverage your funds with factor 10 or factor 100, the chance of losing everything is extremely high.

The volatility in cryptoland is as high as it gets, even stock markets are nothing compared to the flash-pumps and crashes, that happens many times a day.

If you decide to invest, start with exchanging your money to cryptocurrency and watch the charts for a while before training margin trading with very little amounts.

 

5. Don’t trade OTC without an escrow

Lots and lots of people are looking for an easy way to purchase cryptocurrency without signing in at an exchange, which can be time consuming and annoying.

These Over-the-counter (OTC) trades are extremely dangerous as the majority of these offers are a scam.

So, in order to trade securely, you have to look for an Escrow service, a trusted person that acts as a middleman.

There are some trusted escrows in every cryptocurrency community, so ask around and find a person that has been vouched for multiple times.

The biggest Cryptocurrency forum Bitcointalk has a reputation system, that should never be trusted, though.

Many accounts with high reputation are bought, hacked, or backed up with false votes.

Instead, go into a high frequented thread and ask many different trusted members, you eventually find a trusted escrow.

 

6. Trust no one

Everyone should be treated as a total stranger that wants your money.

That’s not a very nice way to deal with humans, in cryptoland, however, it’s an important rule to keep your funds in your hands.

Big parts of cryptoland are unregulated, fabricated, set up, just to scam people.

 

7. Niceness isn’t for free – be suspicious

As a general rule: be suspicious if someone is too nice. Nothing is for free, especially where people can send and receive thousands of Dollars with just a click.

 

8. Read the real link, not the alias link in the browser

To ensure that you are lead to a legit page, hover over the link and read the real link on the status bar of your browser.
Additionally, compare the given link with the help of google with the place that it’s supposed to link you to.

There are many successful phishing attempts with copies of exchanges, online wallets, etc.

 

9. If you get an unexpected Email, ensure that the sender is legit

Never trust the sender of an email.

If you use one email for everything, there is a high probability that someday, you get phishing emails with a wrong name. Read the header and real email closely, to ensure that the sender is legit.

 

10. Don’t log in over links or login-windows in emails, only on the page you know

One of the most important security advice in cryptoland: never log into an account over a link or a log-in-page in an email.

Instead, go the usual way, or over Google, login and look for announcements, if you are invited to check your account.

A big piece of the scam-pie is working over email, so be careful with dealing with “official PSA’s” via email.

 

11.  Don’t click a link if you don’t need to

You have no business with a new, unknown service, some guy sent you via direct message somewhere? Don’t click it and gather information about it on Google instead.

 

12. Check sources of programs and wallets

If you are looking for a wallet-link or software connected to a cryptocurrency, compare given links and ensure that you use the original source, mostly via Github. Google can help you to find the right source.

 

13. If you generate a seed, don’t trust online-generators

Online password or seed-generators are a comfortable way –for scammers.

You should never use such a service if you are unsure whether it’s legit and secure or not.

For generating a secure password or seed, I recommend you use KeePass instead. An open source solution that has a long history of happy users.

 

14. Protect your accounts, not only with 2Fa

Just recently, a new way to hack almost every account or service has been revealed: Malicious groups and hackers get control over your smartphone and use the authentication service and the 2-factor authentification to circumvent every security-measure that is protected via 2FA.

To prevent anyone from login into your account and stealing your funds and information: activate all available options, such as email, additional question etc.

Additionally, you can buy a second sim and a second, cheap smartphone, that you use solely for 2FA such as Google Authenticator.

 

15. Chose the right passwords

The longer the passwords, the better.

There are many recommendations to generate a secure password with a high entropy. KeePass enables an incredibly high entropy.

A good source of information regarding passwords is on the CERN-page

Please keep in mind, that the IOTA seed comes with its own recommendations, that can be read here.

 

16. Use different Computers for surfing and handling your funds

Although this sounds like an overkill, it’s a splendid way to prevent you from getting scammed: Use two different system for browsing and managing your funds.

You never know if your system is infected. Good security software is just one side of the story, a different system is way better.

 

17. Never tell people how much you own

Would you go onto the street and tell anyone your bank account value? Of course not.

As in point 6 explained, don’t trust anyone. For scammers, this is a valuable information. Never share your net-worth.

 

18. Don’t leave the majority of your investment on an exchange

In the past, nearly every exchange had security issues, or they were hacked.

In order to prevent that from happening to you and your funds, you should never leave the majority of your investments on an exchange.

Exchanges are never safe.

In the real world, except a few exceptions, almost every Bank has been robbed too. Cryptoland is no difference, in fact, it’s almost inevitable.

19. Secure your funds offline, multiple times

If you have the option to store your private keys/seeds/funds offline or in a hardware wallet -do it.

Hardware wallets like Trezor or Ledger Nano S have been reliable in the past.

 

20. Use a different bank account for cryptoland and your real-life

For the security enthusiasts, it’s a good way to monitor all your doings, expenses, and tax related questions.

Use an additional bank account for cryptoland.

That way, you have always a good overview over your costs, wins and losses and it’s incredibly easy to deal with the IRS or your tax-institute.

 


 

I hope this list provided you with some interesting information regarding the security in cryptoland.

Feel free to leave me a comment if you have questions, additional points or concerns.

Thank you,

Limo

 

 

 

AMA – Answers for newcomers!

AMA – Answers for newcomers!

Hello, newcomers!

As dozens of people are flying into our great big family every hour, I think it makes sense to provide you with a little bit of help.

This guide won’t be fancy with pictures, this guide will be “first aid”.

 


You want to understand IOTA?

Read this Reddit post and follow the links! That should be a good basis.

Also a good source: https://learn.iota.org/faqs

For any other things I started an AMA:

Just press F3 or press search in your browser if you’re looking for a specific keyword because I won’t sort the answers. 

 

Questions:

1)Why do I have to generate addresses to see my balance in my wallet?

IOTA does not save a local wallet file (like wallet.dat for BTC) so your seed is basically your “password”. If you generate addresses the system iterates through the database and checks if there is balance connected to your used addresses.

That way, you can access your funds all over the world, as long as you have your seed and a connected and synched wallet.

2)Why is my node not syncing?

Different reasons. First, it’s a difference if you use a light or a full node.

  • Do you have a synched server node for your light wallet? (www.iotasupport.com)
  • Do you have opened all your ports in your router?
    • Important are the ports you see behind the server node address (mostly 14265, 15600, etc)
  • Same applies for the full node
  • Are you fully synched?
    • GUI: click on View -Status
      • compare milestones with the milestones in #botbox of the main slack (not YDX)
    • Do you have enough synched neighbors? (Get neighbors in #nodesharing)
    • Are the ports, that your neighbors are using, opened in your environment (port forwarding is what you’re looking for)?
  • Do you have the latest version?
  • Do you have a good connection?

3)Should I spam with my light wallet, and if not why?

The light node is connected to a full node. Don’t do spamming with a light node, because it doesn’t make sense resource-wise as you reduce the connectivity of the light node server.

4)My transaction has been pending for over an hour, what should I do?

Try to replay(should work for 99% of all transactions). If it doesn’t work, try a new transaction from scratch. Spamming the network is always good for everyone, including you.

5)How do I keep my IOTA safe?

Your iotas are bound to your seed only.
First, make sure you have a secure + unique seed, so either you generate a seed over the seed generator in the GUI or you come up with 81 letters long, Latin, CAPITAL phrase, with a few 9’s included.

Don’t use a phrase like HERE9DO9I9STORE9MY9IOTA9DONT9HACK9ME.
Good example:  (no, there is no money on that seed and you should never use THAT seed for you.)

QXAWCPVROVGJKWGMAVTQCGWXVHHQGJIROSLGVGWKNXXPJAYJNEBPWYANPUOWJWVSCMXSLMJP9RPQLSNIW

Since the seed is valuable, you can just print and secure it, offline, printed on paper, on diverse USB sticks, encrypted with KeePass.
With your seed, you are able to access your tokens everywhere on the planet with an internet connection and a fresh wallet.

Don’t lose it, it’s basically your money.
If you lose the seed, you will never restore the iotas, so make sure that is never going to happen!

6)Can I reuse addresses?

The help section of the GUI tells us:

“You can use an address for receiving as long as you have not used it for any outgoing transaction. What this means is that once you have sent a transaction with a specific address as input, you should never use it again. This is because IOTA uses Winternitz one-time signatures which degrade security exponentially after each reuse.”

7)Why do I have to replay transactions and how to do this?

Because sometimes, your transaction didn’t get referenced by the network. There is a good chance to get it confirmed but not all transaction get confirmed. Like about 2/3, so in all other cases you should try replay once.
If it never confirms, you can try a new transaction from scratch.

8)How comes when I enter my (old) seed into an updated wallet, my balance is zero? What can I do?

You need to generate addresses. See question 1

9)Since there’s a huge incentive at gaining control of more than 34% of the nodes, to steal money from the network, where’s the incentive for people to run full nodes thus creating a long-term, stable and wide community? 

Getting control over 34% of the nodes is hard to accomplish with mutual tethering. You had to look manually for all these nodes. A logistical nightmare.

  • The incentive to run a full node is: you believe in the tangle and you want to support it
  • You have a project on top of IOTA, so you need a secure connection
  • You don’t want to rely on the availability of a Lightnodeserver, so you run a full node.

10)Why must I attach an address to the tangle before using it, and what happens if I don’t?

edit: You can use the address already. Nothing happens, but you won’t see it in the history.

11)How can I check my transaction on the network? Are there any explorers?

There are some explorers.

Explorer with some features: iota.cool

  • Current transactions
  • Address details
  • Tangle graph
  • Network load

Unofficial IOTA Explorer #1: tangler.iotabr.com

Unofficial IOTA Explorer #2: iota.tips

 

12)Can we see recent distribution charts somewhere?

If you analyze the addresses in the tangle, or if you look at this assessment: https://medium.com/@IngoFiedler_96862/the-distribution-of-iota-tokens-dc70ea49b148 you can get an idea of how

the iota are distributed.

Keep in mind that we have thousands of new users since March, so the distribution has HUGELY increased

13)Why did YDX stop trading?

IOTA will be listed starting with 13th June on known exchanges.
YDX stopped because they are preparing for a possible IPO and they need to upgrade their systems.
YDX is not connected to the IOTA foundation so their actions are independent

 

14)Do I need to set up a new address, every time I receive iotas?

Nope, not every time, see question 6

15)What would happen if I send out a new transaction before my previous transaction confirms(with a GUI)?

Before sending a new transaction, wait for the previous transaction to be confirmed.

16)How many % of iotas total supply are already distributed?

See question 12

17)When should I re-broadcast and when should I replay?

From www.iota.learn.org/FAQ:

“Rebroadcasting is basically sending the exact same transaction to all of your neighbors again. Most of the time, apart from a situation where you’re sure that your neighbors didn’t get your transactions, Replay is more useful to get your transaction accepted by the network.

Replay is the process by which you “re-attach” your transactions to a different part of the Tangle, in the hopes of getting your transaction accepted. As such, you are completely redoing the transaction process (tip selection and Proof of Work).”

 

18)Why does my transaction, my address not confirm?

Maybe a connection problem, maybe the coordinator is offline, under maintenance right now (today, June 5th. In coming times, it won’t be shut off without announcement)

Check question 2

19)All my transactions are pending and don’t confirm, what can I do?

Check question 2 or replay.

20)Do we get another snapshot? What does that mean?

Yes, we get another snapshot before the 13th June.
A snapshot is a method to reduce the size of the tangle database.

You possibly need to claim your tokens, once the snapshot is successfully performed.

21)What is claiming?

Claiming means, that you transfer your tokens from the old databases (before the snapshot) into the new database (after the snapshot)

If you forget that, you will never be able to get access to your tokens again, so always stay in touch and claim if necessary.

This is your duty, so don’t blame the IOTA foundation if you didn’t keep track of the recent developments.

Not every snapshot has a claiming period, the ones that have it will be announced accordingly.

22)Is it right that I should use an adresse to receive only once? What if I did use it twice or more?

You can use an address as long as you want. If you use that address for an outgoing transaction once, you should generate and use a new one from then on. Look at question 6.

23)What does the network spammer do exactly?

It conducts zero-value transactions.
Since IOTA has the condition that you have to confirm two other transactions before you can send one yourself, you give more than you take and help other transactions to confirm.

Your node does Proof of work, similar to hashcash, to confirm the two other transactions.

Spamming is therefore good for confirmation timings.

24)Is there a new IOTA wallet for android too?

Yes. see: https://play.google.com/store/apps/details?id=org.iota.wallet


http://iotawallet.info/ is responsible for that. Keep an eye on that or contact the developers in the main slack.

 

25)Is it wise to share the node addresses you’re connected to? Or is it wise to keep that private?

You shouldn’t share your neighbors with everyone. Mutual tethering should happen in private messages.

26)If a transaction never confirms, is it possible to “cancel” it?

No, just ignore it.

27)When will IOTA be on other exchanges like Bittrex?

Starting from 13th June, many exchanges gonna list IOTA.
We can expect a lot more announcements in the following days and weeks as IOTA is a highly appreciated asset for them.

28)Should I keep my iota on YDX or on other exchanges or transfer them to my wallet. 

Always keep them in your own hands!

29)What is the max amount of transaction per second?

Almost infinite.

IOTA theoretically is only hindered by physical and infrastructural bottlenecks.  IOTA scales as much as the internet and future storage systems allow it to.

So we can expect a lightning fast transaction settlement system that overcomes almost every problem of existing systems.

30)If IOTA is for IoT how will the bots deal with volatility? 

There is a solution on the way, but I don’t have the pay-grade to know details.

31)What features does it have? What about smart contracts or is just made to be fast?

From www.reddit.com/r/IOTA

“IOTA is a new distributed ledger. Both its technological underpinnings and unique features open up new use cases which were never before possible with old blockchain technologies. IOTA was created as an open source distributed ledger software project. While it was inspired by the immutability of blockchain technology, it solves nearly every problem inherent in blockchain protocols. Instead of a blockchain, a directed acyclic graph (DAG), the Tangle, is used. IOTA is mostly made for the IoT as the interoperability technology for data integrity and industrial appliances. Furthermore pay on demand, micro-payments, and machine to machine communication like sensor technology, smart cities, adaptive systems. To make it short: as the backbone for the Internet of Things.

Features:

Infinite scalability, lightweight design, quantum secure, no transaction fees, no blocks, no mining, POW for transaction approval, JINN-processor-supported in the future, ternary (not binary).
Smart contracts will be enables soon. On top of that, Oracles will be implemented. We get more info about that in the following months.

32)When will IOTA be on Azure (Windows) and also on IBM cloud?

IOTA is part of the testing lab for Azure and I’m pretty sure that IBM also is looking into it, but I guess most of that is behind NDA’s and I have not more information about that.

 

33)Will IOTA be traded in iota, Miota or Giota?

IOTA will be traded in Miota

 



I will possibly add other questions but these are all for now.

A small introduction into the world of cryptocurrencies

A small introduction into the world of cryptocurrencies

Given the fact that lots of people struggle to understand the concepts of Blockchains, I try to give a small overview over what has happen till today and where IOTA can be the additional benefit to the world.

Satoshi Nakamoto, an anonymous person, published a legendary whitepaper in 2008 in what he described the possibility of a decentralized peer-to-peer payment system of the future without financial institutions. The beginning of a disruptive technology movement was born.

Bitcoin’s last years were determined by ups and downs, the technology however worked as designed. As a consequence thousands of startups, entrepreneurs, investors and visionaries came together and built the blockchain ecosystem.

A blockchain is a sophisticated network of peers which is able to store and sent data for different fields of applications based on cryptographic proof.

Bitcoin as a currency aims to replace the world’s financial systems. The blockchain itself is safe and impossible to crack. Third-party applications connected with the Bitcoin-blockchain were often used to scam people and in addition, a never-ending discourse about the safe use of Bitcoin was always part of the business.

Since then, hundreds of cryptocurrencies were created with a vast spectrum of services.

Cryptocurrencies differ in subject to their field of action. Some are made for security- and anonymity-reasons, some are made as data carrier.

While Bitcoin, as the most prominent one, aims to replace currencies, IOTA is made for the Internet-of-Things (IoT).
IOTA’s focus lies in the interconnectedness of devices to enable micro-payment in short time-frames or: “To be the backbone of the IoT”.

Sensors in all fields around the globe can be attached to the Tangle, to provide functionality and improvements.

Why the name IOTA? It refers to the smallest letter in the Hebrew alphabet which is often used as “a slightest amount”.

Furthermore the obvious similarity to IoT, hence the nomenclature.

It operates on the Tangle, an evoluted blockchain which has countless strong distinctions from a blockchain to fit perfectly for the IoT.

The biggest difference lies in the taxation of transactions, which is at 0.0001 BTC for Bitcoin transactions, but completely free for an IOTA- transaction.

This disparity is of big importance in the world of Internet of Things as fees would handicap the transaction-environment of billions of devices.

-Further reading including a technical comparison between the Bitcoin-blockchain and the Tangle can be found here:

https://medium.com/iotatangle

-The technical description can be read in the Whitepaper of Serguei Popov:

https://www.iotatoken.com/IOTA_Whitepaper.pdf

-An interesting and helpful article about the Internet of Things by Forbes:

http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#8b809f68284

 


To draw a conclusion:

For the first time ever, through IOTA people can transfer money without any fees.
A revolutionary, innovative solution for a Billion Dollar market.

“This means that even infinitesimally small nano-payments can be made through IOTA. IOTA is the missing puzzle piece for the Machine Economy to fully emerge and reach its desired potential. We envision IOTA to be the public, permission-less backbone for the Internet of Things that enables true interoperability between all devices.”
(Dominik Schiener, 2016)

-For further info follow the given links:

IOTA’s Main Website for general information http://www.iotatoken.com/
IOTA’s Forum with further reading and community-guidance https://forum.iotatoken.com/
Community driven Tangle-explorer to check transactions and stakes within the tangle http://tangle.guru/
Community driven map of all nodes and devices within the Tangle http://iotamap.com/
IOTA’s Slack for communication/developer/
community point of contact
https://iotatangle.slack.com
IOTA’s Blog for information around its vision https://medium.com/iotatangle
Ios and Android wallet http://iotawallet.info/
Community-based support page https://iotasupport.com/
Bitcointalk Announcement-Thread https://bitcointalk.org/index.php?topic=1216479.0
Advertisment ad adsense adlogger