It’s time to move your factoids off an exchange
Recently, Bitfinex had a security breach resulting in ~120,000 BTC being stolen from the exchange. Let’s talk about how we can move your coins off the next exchange to be compromised. At this time, I am not sure how Bitfinex will handle the loss of funds, but its users will be affected.
If you currently hold a significant amount of money on an exchange, it is important to note that no exchange is 100% safe. Almost all of the older exchanges have had a loss in bitcoins at some point in time; Mt Gox, Poloniex, Bitcoinica, Bitfloor, Bitstamp, and more have all lost bitcoins. If they lose bitcoins, you lose bitcoins. Transactions cannot be reversed, so any stolen money remains stolen. Because of this reason, exchanges are not ideal for storing bitcoin; they should be used for trading, not as a bank. Unless you are actively trading coins, you should move them off of an exchange.
Anyone following bitcoin news has seen a dozen headlines lecturing readers to move their money off of every exchange, but I’m not here to do that. Instead, let’s talk about the “how”. I understand how daunting it can be to store thousands of dollars worth of crypto on a flashdrive, and until recently it was not even possible. These days, most people keep their wealth trusted with other companies, whether it be a bank, stock market, trusts, etc. This is because holding wealth isn’t easy, and hiding it all in cash under your mattress or burying bars of gold isn’t exactly appealing either. So, everyone resorts to trusting their money to someone else. It eases the burden of storing your own wealth, yet it’s still not ideal — it’s not liquid, they are making more money off of it than you, and you are bound by their institution and rules. However, bitcoin has given us an interesting alternative: hold your own money, do with it as you want, and no one can take your money without your keys… but, it’s vital not to lose said keys.
If you are interested in moving your bitcoin off an exchange, there are many guides to creating an offline wallet to hold your funds. I will not be talking about bitcoin any further, but instead I’ll be talking about factoids. If you wish to know how to store any other type of coin offline, send me a message on the BEN slack channel and I might be able to help you out. For this guide, I will focus only on factoids.
I will also focus on more long term storage that isn’t meant for day to day transactions. For those types of transactions, it’s better to have a more accessible wallet — however, for the purpose of this guide I’ll show you how to safely store large amounts of factoids.
The Paper Wallet
This is how I personally store any significant amount of crypto currency I own. It’s ideal as it is immune to any computer virus, hard drive malfunction, and bad memory. If you don’t have a safe place to store paper, you can also use something like KeyPassX to store a local encrypted backup.
You don’t need to download the Factom blockchain to create a paper wallet and withdraw your funds, but I will to show the funds have been moved and how to restore your paper wallet. To get the programs to run Factom, download them from their github here.
Additionally, we will need the program called “factoidpapermill” found here. I recommend putting this executable with the others in ‘FactomApps/’ for easier usage.
Here’s what my FactomApps folder contains. You should have the same, except that if you have a linux or windows, your paper mill will not have ‘-mac’
To launch these programs, open a terminal window and find the FactomApps directory.
Syncing up the blockchain takes some time, so lets start that now so we don’t have to wait as long later in the guide.
Open a new terminal and find the FactomApps directory again. It’s time to create our paper wallet private key. This key will allow you to restore your wallet and sign transactions. This cannot be lost, as losing it will lose all of your factoids as well. To generate the random private/public key pair use this command except replace ‘mac’ with your OS:
And you’re done. The private key starts with “Fs” and the public with “FA”. The private key is what you must save, and not lose. So write this down on paper as well as any other means of saving that you wish to do. The “FA” public key can be stored anywhere you want, it can even be on a text file on your computer. If someone finds your public key, all they can do is send you money and see how many factoids are in there.
So now you have your key backed up, I’ll show you how to send funds to the wallet, and restore it. To send funds to the wallet is easy. After logging onto the exchange you use, and going to withdraws/deposits, select FCT and use the FA address to withdraw to. Poloniex looks like this:
Now, just wait for the exchange to move the factoids and send it to your address. If you want to confirm the funds made it to your wallet, we can use the factom wallet executable. But first, backup the wallets you currently have, as we don’t plan on keeping our paper wallet on our computer. Using your file explorer or terminal, find the ‘.factom’ folder (Note: it is hidden by default, lookup how to show hidden files on your OS to see it). It is usually located in ~/.factom or USERNAME/.factom
Backup the file outlined in red, this will backup any wallets you currently have. I’d recommend keeping a folder on your PC for wallet backups as you may get more. At any time, to roll back to a backup, simply replace the file outlined in red with the backup and rename the backup to ‘factoid_wallet_bolt.db’. Ok, if you moved your backup file out of the directory a new one will be created, so lets start up the wallet app:
To import our paper wallet, open a new terminal, go to your FactomApps folder and type:
./factom-cli importaddress MyPaperWallet Fs2XQ8QWxBtVfTBwmHWcRJjY7pXGEvz5TPwW4DW9FugS6K7EjANU
That will import the address with the name ‘MyPaperWallet’. Then to check the balances:
This will take some time as it runs through the blockchain. Just be patient, if you did all this quickly the transaction may have not been completed yet anyway. If it still takes awhile, be patient, you may not be synced up to the latest block. You can always check the transaction by the Factom explorer. Navigate to your withdraws in the exchange, and see if they give you the transaction id, often abbreviated txid. Search that txid on http://explorer.factom.org/.
When you confirmed the funds arrived, delete the wallet file shown above, to be extra careful lookup ‘how to shred files on YOUR_OS’, in my case I’ll use the mac’s terminal command ‘srm’ (secure remove).
man -P cat srm # Manual Page for srm
To use it:
Another option is to encrypt the file with a password, if you are on a mac you can do this:
zip -e newfilename.zip factoid_wallet_bolt.db
Enter in a password twice, and backup the encrypted zip file. Here’s what it will look like:
Now I have an encrypted wallet that I can reload at any time by unzipping it and providing the password.
Your paper wallet should now be backed up or encrypted. If you have any questions feel free to drop me a message on the BEN slack channel.