 When a wallet is hacked, is all that they're taking, the private keys, which they can then store somewhere else... and use the value associated with that key? There's no way to follow the money at all. Is there a way those stolen Bitcoin could be laundered? That's a good question, Carol. Let's see how that works. First of all, as soon as someone is able to access your private keys, they have the private keys, you have the private keys, now it's a race. Who's going to take the money first? An attacker who has gained access to your private keys... will not leave the money on the addresses controlled by those private keys. Because those private keys are also controlled by you, and either you or the attacker can now spend that money. If you find out that your keys have been stolen, the best thing you can do is move that money as quickly as possible... to addresses controlled by keys that haven't been stolen, and then you are still the only owner of that money. The attacker is trying to do the same thing. They're going to try to move that money as quickly as possible... to addresses they control alone. So there's this very short period of time when two parties control the keys... to a set of addresses, and whichever party can move those funds to addresses that only they control effectively takes those funds. So the first thing an attacker will do as soon as they gain control of your private keys is called a sweep. They're going to do a transaction, and that transaction is going to move everything from those private keys... and those addresses to new addresses that they control. Is there no way to follow the money at all? Sure, you can follow the money, but how far can you really follow the money? You can follow the money from that first sweep transaction. You see it going to another address. You don't know who owns that address. You have no way of tracking that address. Then a few minutes later, you see it leaving that address and going to ten other addresses. Then a few minutes later, from each of those ten other addresses, the money leaves and goes to twenty other addresses each. Now you're tracking 200 addresses total. A second later, all of the money moves again, and now you're tracking 2,000 addresses. Then some of those addresses end up in an exchange, or shape-shift, or some other place where the money can be exchanged... for another cryptocurrency, or they're involved in an atomic swap, or they're sent to a local Bitcoin transaction... to be sold for cash, and you are no longer able to track or follow that money. So to answer your question, is there a way the stolen Bitcoin would be laundered? Oh yes. Keep in mind, the Bitcoin that was stolen from MT Gox didn't disappear. It simply got transferred again, and again, and again, and again, and again, until it could no longer be tracked with any degree of certainty. And it's still out there. You may have used it this morning to buy a cup of coffee, and you wouldn't know... that that money originally had been held in an MT Gox wallet. It just gets cycled back. Think of it like cash. If a bank robber steals cash from a bank, they will then go to 100 gas stations where they're going to spend that cash. That cash is going to be taken by the cashier, and it's going to be given in change for the pack of gums that you bought. Once you have that, you're going to take it to the next shop and spend it. And before long, it's still in the economy. It's just that it's no longer owned by the same person, and it's impossible to track. If an exchange or wallet is hacked, is it possible to track and identify the hacker? Possible? Yes. Likely? No. See, even though you can track the transactions on the blockchain and see that they've moved from address A to address B, you don't know who that address belongs to. Addresses in Bitcoin are not tied to identities, they're not tied to IP addresses, they're not tied to anything that can show you the identity of the user. So even if you track them, you track them to an address, and usually, a few minutes later, they move to another address, and then your coins move to another address, and then 10 more addresses, and then they split up, and then they join back together, and then they move to other addresses, and very soon, you completely lose track. Some companies have done rather extensive analytics, and they've tried to track various stolen coins, including, for example, the coins that left empty gocks, and various other hacks and thefts from exchanges. And even though those coins are in circulation, it's hard to tell if they've been laundered and sold to exchanges and distributed to users, or if they're still being held by the hacker in multiple different addresses. So you can track to a certain extent, but you can't really identify any of the addresses behind it. What are some suggestions for keeping your Bitcoin and private keys safe from developers and coders you hire? That's an interesting question. Well, ideally, you would have them on hardware wallets. Additionally, one good trick to use in a corporate environment, almost essential system in a corporate environment, is the use of multi-signature technology. You should be using multi-signature with hardware wallets, where different people in the organization have hardware wallets that contain one key as part of a multi-signature scheme. For example, a two-of-three or a three-of-five signing scheme. And the purpose for that is not just to protect from developers and coders you hire, but also to prevent the CEO running away with all of the money the company has made. You should never have one person able to take all the money and run away. The best way to do that is through separation of duties, through the use of on-chain multi-signature transactions, stored and signed on hardware wallets. There are a number of things that can do that. Probably the two easiest wallets to use are either Co-Pay wallets, which supports ledger and trezor hardware wallets, and I think a few others, or Electrum Bitcoin wallets, which also supports multi-signature and trezor hardware wallets. Mark asks, multi-signature trezor wallets with Electrum. Is setting up multi-signature wallets in Electrum secure? Is it something that's worthwhile to do? Or is it better to just stick with a single trezor and use passphrases along with storing one copy of your recovery seat at a secure off-site location? The single trezor is much more convenient, but I have been wondering how safe it is if someone manages to steal it, even if I have added a passphrase. Isn't it possible or likely that a thief with technological know-how would be able to figure out my passphrase and brute-force it? All right, great. A couple of different questions there. Let's untangle them. I'll start from the end. Is it possible that a thief would be able to brute-force your passphrase because they stole your hardware wallet? There are two different aspects here. One is whether they can steal your hardware wallet, the other one is whether they can steal your seed, and then the question is whether they can brute-force the passphrase or not. The hardware wallet is actually more secure than the seed. The reason for that is because most hardware wallets store the seed in a chip that is either a secure element, or a security chip, or a chip that is isolated from the user interface with some mechanism that enforces pin control. So you have a pin number. That pin number is designed to be difficult, if not impossible, to brute-force. As anyone who's forgotten their pin on their hardware wallet has soon discovered, when the delay doubles every time you enter the pin incorrectly, you get into very, very serious delays within just a dozen attempts. It reminds me of the old anecdote or story about the peasant and the king who place a bet. The peasant asks only for a single grain of rice on the first part of the chessboard, and then just double the amount of rice in every subsequent square of the chessboard until the chessboard is full. The king agrees and loses his kingdom because by the final square on the chessboard, the debt is 18 billion trillion grains of rice. Doubling delay on a pin accumulates much faster than you expect, and very quickly becomes a terrifying experience. One of the people I know in this space wrote an article about that and about their experience trying to brute-force the pin on a treasure, and discovering their great consternation that they couldn't do it. Anyhow, that's a longer story. If someone steals your actual physical device, and you have both a pin and a passphrase, it is very difficult to brute-force that unless there is some vulnerability in the hardware, as was the case with the friend I was telling you about. But in many of those vulnerabilities have been addressed with subsequent firmware, and if you've upgraded your devices now more secure than it was before, it's very difficult to brute-force that. You should always make sure that you have a mechanism to recover your funds if your device is stolen, and you always know where your devices are, so that if one of your hardware wallets is stolen, you immediately move the funds away from that seed. You should always be more careful with the seed than you are with the hardware wallet, because the seed has no pin to protect it. If you can't actually get to the seed that's in the hardware wallet, brute-forcing the passphrase is a lot harder to do, because you basically have to keep asking the hardware wallet to try different passphrases. The passphrase itself is protected by a key stretching algorithm. Unfortunately, because these hardware wallet devices are fairly low-power, low-processing capability devices, the BIP39 specification requires only 2,000 rounds of repetition on the password-stretching algorithm. That's not perfect, it's not ideal, which means that if you have a very short passphrase and your seed itself is compromised, it is possible for someone with sufficient resources by, for example, putting together a GPU farm of machines to brute-force, say, an 8 or 10-character passphrase in a reasonable amount of time and steal your funds. So you have to keep your seed secure. You have to use a passphrase that has sufficient entropy to make it difficult, even with just 2,000 rounds of hashing, to brute-force. I would, for example, use 8 to 10 words that are not from the seed dictionary, that are not from the limited dictionary of the seed, but perhaps a much broader dictionary, like the English language, or your own language. 8 to 10 words gives you sufficient entropy that even with 2,000 rounds of repetition and GPU brute-forcing mechanism, it is very, very hard to brute-force that. Presumably, you have the means to notice that either the seed has been compromised or the hardware wallet has been stolen, to give you time to move your funds in the meantime. So that's my advice. Now, to the second part of this question, and I'll repeat it so that it's easier to understand. Mark asks, it's setting up a multi-sig trezor wallet with Electrum Secure. Is it something that is worthwhile to do, or is it just better to stick with a single trezor and use passphrases, along with storing one copy of your recovery seed at a secure off-site location? It really depends, Mark, on your threat model and what you're trying to protect against. One of the reasons why you would want to use a multi-sig system instead of a single signature system, is to protect yourself against coercion. If somebody else has one of the signing keys and is a required participant, it's a lot harder for someone to force you to sign away your funds through violence, through physical intimidation, or whatever else. So one of the advantages of separation of controls is to remove control from yourself, in order to protect you against coercion attacks like that. There is that consideration. If that's part of your threat model, then a multi-sig solution might be something you should consider if you're going to separate. Another reason why you might do that is if you are concerned about the security of any single hardware wallet, in which case you might want to diversify. For example, let's say you have a ledger, a trezor, and a keep-key or digital-bit box. You use these three devices to create a three-way multi-sig, or you use a trezor and a ledger, and you keep a backup seed with a passphrase, and you make a multi-sig from these three sets of keys. Well, now you have hardware wallets with passphrases and pins for two of the signing components, and a backup with a passphrase stored securely in a two-of-three multi-sig. That's a very secure setup. Even if there is a compromise of vulnerability in one of the hardware wallets, you could argue that by layering your defenses in that way, you have a superior solution. Now, the question then is, is that worth the complexity, the effort, the additional risk that comes with attempting to do something of that complexity, and is that worth it in your particular threat model? You have to evaluate that based on your own circumstances. For some people, it is. For other people, it's not. So, I have used Electrum as a multi-sig wallet, backed with some or all of the keys being hardware wallets. It works, and it's a very convenient solution. Some of the other multi-sig wallets are not very well supported anymore. There were some other brands that I used in the past that I don't use anymore because of a variety of reasons. Electrum has been quite reliable and getting better, in fact, over time. In the next few months, you will see some changes to this infrastructure. One of the big changes that's happening in this space is the fact that the Google Chrome browser is deprecating part of its infrastructure that supports extensions and plugins. As a result, hardware wallets that are being distributed now are building various forms of USB bridges, either using the Web USB protocol for browsers or a native operating system plugin. What that means is that the infrastructure and implementation of hardware wallets in Electrum and any other wallet that's interfaced with a hardware wallet will change in the near future. Perhaps it's going to be better and more streamlined. Perhaps it's going to be a bit buggy because it's going to be a first implementation of this new interface standard. We'll see how it plays out. But please do expect that there will be some changes in how that's implemented for hardware wallets soon because of this change in the Google Chrome policy.