In crypto-space, much ado is made about hacking and keyloggers and dodgy centralized exchanges, and while its valid, simply not having any understanding how Bitcoin based money works under the hood, is one of the biggest risks. Think about it this way, its peer to peer money, there is no bank to sort out your problems, no insurance, no authority, 'Be your own bank' is more than just a tagline, you are the bank!
Possibly the easiest way to lose money in crypto-currency if you store it on your own computer (which is geneally regarded as very safe, much safer than exchanges for example), is to not backup your wallet.dat file regularly to at least one other device, and ideally some offsite devices too. This isnt relevant to coins like STEEM, but any coins you may have on your computer which are forks of Bitcoin, will probably have some risks.
Disclaimer: There are limits to my knowledge too, but if you are new to crypto, there are some things you should at least question.
So lets start with the concept of a wallet, the first thing to understand is, the coins in your wallet arent actually 'in' your wallet. What? The graphical wallet you use is just an application, used to present a copy of the block-chain in a manner that you can understand, and gives you some tools to interact with the block-chain. It also presents you a visual of 'your' coins and lets you send 'your' coins, and receive coins from others.
The block-chain itself, has thousands of copies sitting on computers all over the world, everyone has to have the same copy so they can all be sure that all the records are the same, 'your' coins are represented in every copy of the block-chain that there is in the world.
So how is it only you can spend 'your' coins?
There is a file on your computer 'wallet.dat', this file contains a list of 'keys' which are very long alpha numeric strings of numbers and letters, you can think of keys as for all practical purposes as being the same as your addresses that you can use to receive coins into, each address having its own unique key (you can research that more if you want to understand key pairs and addresses; too complicated for this post). So everyone has a record of your addresses, and the number of coins in each address, but only you have the keys to unlock the addresses, and so only you have the authority to unlock and spend the coins. The keys are randomly generated when the wallet is first created, so if your wallet.dat file is lost, perhaps because your hard drive crashes, you are never going to be able to generate the same set of random keys again. The addresses still exist in the block-chain, and the coin balances are still recorded on all the copies of the block-chain all over the world, but you, nor anyone else has the keys to unlock the coins, they are unspendable, and as such are useless and lost to you.
But I made a backup of my wallet.dat when I first created it, so Im ok right?
Wrong. Your wallet.dat file when it was originally created contained enough keys for 101 addresses. You may be aware you can create a new address to receive coins, so your wallet can have many addresses; maybe you made one for coins from the faucet, one for coins from exchange A, one for coins from exchange B, and another 3 addresses for friends. You used up a total of 6 addresses from your 'key pool' of 101 addresses, so you have 95 left. The application doesnt let you run out of new (keys) addresses, it always keeps the wallet.dat topped up with 101 spare keys on top of the 6 you used, so 6 additional random keys were made for you, just ready and waiting to be used.
I still dont see any problem.
Sending coins to other people, uses up keys (addresses) as well. Bitcoin currencies are described sometimes as digital cash, and like cash when you spend money, you get change back. Lets say your address A has 100 coins, and you want to send me 60, when you send them to me, all 100 are removed from address A, 60 are sent to me, and 40 are sent back to your address B. Its similar to cash, if you walk into a store with a $10 bill, and you want to pay for $5 of purchases, you dont pull out a pair of scissors and cut the $10 bill in half, you give the cashier, $10, and they give you $5 back. The reason Bitcoin type currencies dont send the 40 coins back to address A, is to help with privacy. In this scenario, if you sent your coins back to your original address, its easy to determine which address you were paying, but if the change is also returned to a different address, well then its not clear which address you really paid, and which address was for change; everything on the block-chain is public, everyone has a copy of all addresses, they just cant easily determine which ones belong to who (though there are techniques, so be wary, its not truly anonymous).
So now it starts to become clear, if you generate new addresses to receive coins, and spending coins also uses up new addresses for change, at some point you will have cycled through all of the 101 addresses your original wallet.dat file held. Your backup though, that was made on day 1, it only has the first 101 addresses, all the new addresses are missing from that backup... oh dear. So if you have a failure and restore your backup and maybe you used 150 addresses for receiving and change, then any amounts of coins on those last 49 addresses, will no longer be accessible by you, the backup you have, is out of date. New address creation is random, so there is practically zero chance you will make the same keys again. The coins still exist on the block-chain, against those 49 addresses, but you no longer have the keys to unlock them, 'your' coins are effectively gone, forever.
Considering the limited usage potential of most currencies for actual purchases right now, most people wont make 100+ transactions a month, so for most people keeping a month backup is enough, but if you do make a lot of transactions you are going to want to either keep much more frequent backups, or optionally increase the size of the 'key pool' (it doesnt have to be 101, you can make more keys on day 1), but that isnt a topic for coverage here, the point here is to make you aware, so you can carry on researching yourself and figure out your own strategies.
If you arent sure if this affects you.
Check with the community for your coin, if they tell you its a Bitcoin fork, or a Qt wallet, be aware you may need to think about regular backups. Ask the community for their guidance, its impossible to write this when there are literally thousands of coins, all slightly different and under constant development, but at least if you ask, you can then sleep a little easier.
Good luck!
This really helped answer some of my questions. I'm bookmarking it for later, in case my blockchain knowledge gets foggy again. Thanks scalextrix!
Well it is really complicated, when I first learned about 'change addresses' I was shocked, because in the wallet you dont see this level of detail.
Yes, exactly. On the block explorer I had new addresses appearing out of nowhere and I had no idea why.
Bingo! Im still unclear myself how the wallet shows you your original address, even though it really sent the change back to a new new one. I suspect it may be to do with the difference between an address, a private key and a public key, but I confess I couldnt be certain enough to give you an explanation I was happy with.
i'd like to add that i use a password manager, the one i've found the best to use so far is dashlane, yes, they had an issue (like a lot of password managers out there) with a database hack a year or so back but no data in my encrypted wallet was ever used. also i'd suggest saving it under a different name only you know so it's not linked to that account as a secondary measure. hardware wallets like the trezor are good too.
Cloud based password managers are convenient but dont fully trust them. The main reason is because they could get hold of the database and you are trusting closed source applications. Look at Lastpass they got hacke.d
Keepass is great Offline alternative open source.🔒
yeah i know :) cheers!
is a paper wallet secure or should i use something else ?
I think paper wallets are pretty safe, I never used one myself, I have heard of some ways they can go wrong though, so perhaps do some research to settle your mind.
thank you! This was so helpful. Lot of good info.
Thx!
Really helpful!
Resteemed!