What's the best place to store the seed phrase to your crypto so that nobody including hackers nation states or even some artificial intelligence created malware would not be able to access it welcome to whiteboard crypto the number one YouTube channel for crypto education and here we explain topics of theCryptocurrency world using analogies stories and examples so that anyone can easily understand them in this video we're going to be sharing with you the perfect cold wallet but first we need to explain how signing an actual crypto transaction Works in general a crypto transaction has many features but forThis video we're going to say that signing a transaction requires two inputs and one output the first input is the private key now this is the key that is actually used to sign transactions to verify that you are the owner or the spender of your crypto number two is aPartially signed transaction now this is kind of like a blank check but it already has the amount that you want to spend on it the date that you're spending it and who you're spending it to written onto that transaction generally this is computed by software that you use so you never actually seeThis thing to use an example let's say that Bob wants to spend 25 coins today there are only two things needed to create a verified crypto transaction and thus for Bob to spend his 25 coins when you use your private key to sign the partially signed transaction it thenBecomes a fully signed transaction that is now valid now this transaction isn't immediately processed it must first be broadcasted to a pool of other transactions for miners or validators to be able to add to the respective blockchain for example if it's an ethereum transaction it then goes to theEthereum memory pool which will then eventually get added to the ethereum blockchain now the cool thing about these fully signed transactions is that other people can check the signed transaction and see that Bob is actually the one signing the transaction based on the signature they can also check thatHe does have 50 coins to spend and in this particular transaction he's only spending 25 and because of that we know that transaction is valid if the transaction is valid and also if Bob's transaction is next in line it's successfully added to the blockchain and distributed all the way around the worldNow for the rest of this video I have to explain a Nuance you see when Bob signs his transaction he doesn't just sign it Bob because then anyone else could just copy his signature and spend his money instead what he does is cryptographically and mathematically use his private key to look at theTransaction details to make a unique signature that only works on this transaction if Bob had spent 26 coins instead the signature would be totally different also if he wanted to spend the money to another account the signature would also be totally different and not just like a little different the entireSignature would be different it's a little complex but we can use math to make sure that only Bob had the ability to sign this way and he signed it in a way where he used his private key but he never revealed his private key that wayWe're not able to sign like him until recently many of us believed that the device named Ledger Nano X worked like this where it stored your private key in an encrypted Hardware box that was accessible whenever you push the right buttons when you did we assumed that encrypted box would only acceptPartially signed transactions and upon approval and pushing a couple buttons could only sign them it's recently been brought to light that this Hardware can do much more than that it can use your private key to actually create instructions to recreate your private key outside of the box this has made aLot of Ledger customers upset because they didn't believe that the device they originally purchased could even do that and if they did know that they wouldn't have purchased it in reality The Ledger device could have always done this essentially extracting the private key out of the encrypted Hardware even ifIt's in a couple parts this video isn't about that but this video was prompted by the mass Exodus of U users leaving their Ledger device with this glaring vulnerability well it is sad to say that we should have actually never trusted Ledger with their closed Source softwareAs a crypto user anytime we hear closed Source software we may as well think back a door that steals your money because if we can't check what the code actually does it may as well just be the worst case scenario open source software on the other hand means that we can lookAt the code and ensure that the device isn't doing anything malicious and if it is us or other developers reading the code could sound the alarms due to this many Ledger customers are wondering well what should I do with the millions of dollar I mean satoshi's on my ledgerRight now and that's brought us to the thought experiment of the perfect cold wallet I present to you security as a spectrum insecurity there is no black or white there's no yes and no there exists no Perfect Situation there is always a vulnerability and because of that weHave to think of security as a spectrum with the best case and maybe a worst case with many possibilities in between so let's start at one end of this spectrum being the best case scenario so world-class security means never having to trust any hardware or trust anySoftware at all in this perfect world you have a photographic memory and you can do some amazing math in your head using both of these skills you use your seed phrase which you've created in your head to create your private key and then you use that to sign a partially signedTransaction all in your head that's a lot of math usually we have software do this but at least this way no sensitive information ever leaves your brain obviously this is near impossible for even world-class savants and it's definitely impossible to assume that even ten percent of the population canDo this so even though we're saying this is the best outcome we know it's improbable we say that there's no perfect solution because even with enough time and knowledge of how our human brains work we may one day be able to extract these memorized words even ifThe participant is unwilling or if the brain has been frozen for decades so moving further down the Spectrum we have the second best situation this is when you memorize your seed phrase but you use a one-time use device where you basically input your seed phrase in and you input a partially signed transactionIn and then this device will do the computation for you to come up with a signed transaction now of course you would want the device to be open source meaning that you could actually verify there's no malicious code and you would want it to be air gapped meaning that itHad no Wi-Fi or Bluetooth capabilities even on the hardware level not just disabled with software it basically means physically it's not even possible to transmit signals to the outside anyways when you're done performing your single transaction you would then want to take this device and shoot it with aGun or incinerate it with 4000 degree thermite or maybe both now you might be wondering why would I need a one-time use device well what if that device has been compromised to have a hardware component inside of it which stores any data that looks like a private Key WellIf it does if you use that device once and then you save it for later a thief could break into your house steal that device and then use the hardware to extract those saved private keys from the malicious Hardware piece moving on our next best solution is very similarTo the last one but if you're like me and can't fully remember the 24 words in your seed phrase the next best solution is to encrypt them and then inscribe that encrypted version onto a QR code now your transactions are protected with something that you have your QR codeAlong with something that you know a passphrase to decrypt the QR code into a usable seed phrase let's say that you have a device that can take a picture of the encrypted QR code then you enter your passphrase into the device which then decrypts the QR code into a seedPhrase enter your partially signed transaction and boom you now have a fully signed transaction that you can submit and broadcast to the network even still this Hardware may have a malicious piece that captures your unencrypted private key so you may as well shoot and burn it too right next up we have aDevice that's like the previous one except you simply don't burn it you still have to trust that the device doesn't have a back door which is looking at your inserted private keys and hopefully not storing them somewhere that an attacker could steal if they got a hold of your physical device but it'sStill better than storing your private keys on your computer that's connected to the internet in reality you could make one of these devices with an old laptop you simply take the laptop and remove the Wi-Fi module maybe you write some of your own code to sign a transaction and then you physically typeIn your seed phrase to compute the fully signed transaction then you take that fully assigned transaction and put it onto a USB thumb drive or maybe show a QR code to move that data or rather the data of the fully signed transaction from your signing device to your actualComputer so that you can broadcast the transaction to the internet honestly someone could easily code this in Python and if you're interested in doing it without code check out the project named seed signer currently it can only send Bitcoin transactions but how it works is actually really cool you scan a QR codeOf your your encrypted private key and then you scan the QR code of the transaction that you want to sign you push some buttons on the device you enter your private Key password and then boom it presents you with a new QR code that you then scan with your computer'sWebcam to submit to the blockchain this device can be created for less than thirty dollars and when you turn it off all the data is wiped from the device so you could theoretically even share with your friends with no problem at least assuming you trust the Raspberry Pi orThat device to not have any malicious Hardware like we mentioned earlier number five down this spectrum is what we all believed ledger to be a device that stores your encrypted private key in a secure Enclave or Hardware piece this way even if someone stole your actual device like your Ledger theyCouldn't actually get your seed phrase unless they also knew your password because even if they took the device apart and tried to break into the physical parts that hold the private key and extract them themselves they wouldn't be able to they would only be able to extract the encrypted part inTheory a device at this level level would not even be able to give you the private key because it's only Built to sign things unfortunately this is not how a ledger works because with the right tinkering or with a malicious actor at Ledger the secure Enclave canThen be tricked to give you the ingredients of the private key as we've recently seen or in other words The Ledger won't tell you the private key itself but you could trick it to say the first letter is a the second letter is B the third letter is C which is honestlyJust as bad okay but what if we had a device that didn't use a special piece of Hardware that we had to trust but instead just stored your private key already encrypted this way an attacker would have to know the password too like we described earlier well this isActually how many cold wallets work specifically the trezor it doesn't have any special Hardware piece and if you lent it to your technically inclined friend they could break it apart and steal your encrypted seed phrase but again because it's encrypted it wouldn't work they'd also have to have thePassphrase to break the encryption to then have access to your funds the last device I'm going to talk about on this spectrum is a device that simply stores your private key unencrypted this means if someone stole the device they could also just completely look at and stealYour crypto this is pretty hard to find because many companies doing this only sell to uneducated consumers and it's really bad at this point you might be wondering where the Ledger device actually lies well they're like number 48 which is using a device that has the ability to send your seed phrase toThree different companies if you wanted to they're right between entering your private key on a website that does it for you number 47 and using an advice that has the ability to send your seed phrase to three different companies even if you don't want it to number 49 if youThought this was a fun thought experiment don't even get us started on the security of generating a random seed phrase I mean for all we know Ledger already knows what your seed phrase is simply because when they shipped it to you they kept a list that you ownedLedger number 44087 and that one is the one where your first generated seed phrase is this and your second generated seed phrase is this and so on in other words saying that they know already the next seed phrase that your Ledger is going to create because they created theSoftware that randomly generates those seed phrases I'd love to tell you that this is wrong but because we can't actually look at the software I can't and that's why I'm not using a ledger anymore I've recently bought a whole bunch of new wallets to test out and I'mGonna definitely share them with this channel so click the Subscribe button if you're interested in seeing the comparison of those wallets thanks for watching I hope you enjoyed this video I Really hoped you learned something and most of all I hope to see you in our next video

Hey Theodore here in this video I'm going to be showing you how to create a token and I'm also going to be walking you through me actually creating a token while explaining some of the stuff that you might not understand so the first place we're gonna go is this place calledRemix.othereum.org you want to make sure that it's exactly remix.othereum.org because there's a lot of websites that look like this that steal your crypto so I've double checked this one is remix.othereum.org and the first thing we're going to do is create a new smart contract so right here where it saysContracts we're going to go ahead and click on that and that'll open up three smart contracts that are already created for us but we don't want to use these so I'm actually going to right click on this contracts right here and click new file now I'm going to call this oneToken.sol which stands for solidity I'm going to push enter and it will actually open that file up for us so right now we are in something called an IDE IDE stands for integrated development environment so this is actually ran inside your web browser and you can testYour solidity code here so before I go into the specifics of what code we need to type out here I want to teach you a little bit about how a token actually works on the ethereum virtual machine so tokens are actually really simple I've got kind of a table here where we've gotAddresses and then we've also got balances here and literally what a token is is just an XY table of these two pieces of data where you have someone's accounts this is their wallet address maybe and then their balance of how many tokens they actually have so let's say IStart off with 50 tokens this table would look like this now let's say that I transfer two tokens from me to bazel what it looks like on the chain and in the code is that I simply take two tokens from 50 so now my new balance is48 and now bazel's new balance is two this is what is stored on the blockchain it's nothing too complicated it's not a literal token it's just a database of someone's account and their balance of a certain amount of tokens so for example if I wanted to send you 40 tokens theyWould deduct 40 from my balance which would leave me with 8 and then they would add 40 to yours which would give you 40. and this is exactly how tokens work so now that you have a rough idea of how tokens actually work that they're just a list of addresses paired with aBalance let's go ahead and talk about something called open Zeppelin so open Zeppelin is this company out there that basically makes a bunch of money by doing security audits however as a way to advertise for free because it's kind of hard to advertise as a crypto companyWhat they do is they give us free contracts that they've developed and audited to make sure that they're safe we can use them absolutely free and so that's what we're going to be doing to create this token we're going to be using the code that open Zeppelin hasAlready created so that we know there's already been a bunch of eyes on this code and we don't have to worry about vulnerabilities another thing that open Zeppelin does is they abide by standards so we know that when we create this token it's gonna abide by the standardsOf all the other tokens out there so you can go to a play place called GitHub and view all of their different free contracts the specific one we're going to be looking at is a token contract it's called erc20 dot solidity and so this is the actual file that it takes toCreate a token now we're not going to be copying and pasting all of this code and you might not understand all of it but technically you don't need to to launch a token so if we go back up here to the top and we copy this URL this GitHubAddress we copy it and we bring it over to our remix IDE we'll just paste it in there like that we'll leave it for later now the first line of code that we're going to be doing is something called spdx- license identifier and I'm going to be using MIT and thisSingle line of code right here is started with two backslashes and that means this is a comment which means it's not a real piece of code it's not doing anything it's just letting other people know how they can use our code now the MIT license basically says that anyoneElse can use our code and if you take a look at the open Zeppelin contract for a token here you can see they've also used an MIT license which means we're free to use their code so let's go back to the editor and we'll add in our second lineOf code now the second line of code is going to be telling remix which is this IDE this tool this online tool that we're using what version of solidity to use and it kind of is a little weird how you declare this but you say pragma solidity and then you declare theVersion number in this case we're going to be doing 0.8.13 and then we end any line of code with a semicolon that lets solidity know that we're done with this single line so the third line of code that we're going to be using is actually going to beUsing this GitHub link right here so we're going to go ahead and copy it and remove it from there and we can move everything else up to the top now our third line of code is going to be importing this open Zeppelin contract so that we don't have to write all of itOurselves and you do that by doing import and then you use double quotes and you put the link inside of there and remember we've got it in this line with a semicolon so now we've got three lines of code although technically one of them is a comment so it's not really doingAnything the second one is just telling our compiler what version to use and our third one is literally importing someone else's code the next line that we'll be doing is actually declaring our smart contract so let's go ahead and leave some white space there so that it looksA little nicer we'll do contract and then what we'll do is we'll name our contract now I'm going to be calling this Theodore's token now Theodore's token is actually going to be utilizing this GitHub contract up here this solidity file of an erc20 token and theWay that we use that code is we say contract theodors token is erc20 and the reason we say it is erc20 is because if we go back to this code here we actually are saying that our contract is actually this contract too in other words it's saying that we're copying all of theirCode now this specific code here actually takes in two arguments this means things you give it that it does with and in this case the two arguments we're going to be giving it are actually the token name and the token symbol so I'm just going to do token name as Theodore's tokenAnd then the symbol will do a comma and then the symbol will just be TT for Theodore's token and so now we've ended this line of code but we need to tell solidity that this contract has some data so we can open curly brackets and you can see that it actuallyAutomatically ended our curly brackets for us and we can push enter a couple times so now this is eight lines of code and if I were to deploy this this would be a real token in fact that's what I'm going to do next so if I do Ctrl s itWill actually compile this project and what that means is it takes all of these human readable words and puts them into something called bytecode so that the ethereum virtual machine can actually read it and process it you'll see here that I got an error it even tells meWhat the error is it says source file requires different compiler version so if we go over here to where this one is this red circle you can see that our compiler is set to version 0.8.7 and we told it we're going to be using 0.8.13So the simple fix is just to change this to 0.8.13 and now if we do Ctrl s again to recompile you'll see that it compiled successfully there's a green check mark right here now let's actually put this on a blockchain in fact I'm going to beUsing polygon so this tab right here is called your deployment Tab and right now we can deploy it on a virtual machine I'll actually show you how to do that really quick we have a virtual account here that's set up with a hundred ether and this is the contract that we want toDeploy we could deploy any of these other contracts because we've imported them as well but specifically we want to deploy my token theodors token so let's go ahead and click the deploy button and you can see that there's a green check mark here that we have actually deployedThis token so if you go down here and click this little drop down button there's a bunch of functions and other things that you can get data or input data about this specific token so for example we could get balance of our account so if we click this icon rightHere copy account to clipboard it copies our account address and we can put it in here and then we can simply click this button to call balance of and that will give us our balance of how many tokens we have which you can see are zero weDon't have any tokens so we've basically created a token however there's no tokens out there we haven't minted any tokens so now I'm going to write something called a function that allows us the Creator to Mint ourselves some tokens so let's go ahead and do functionAnd I think I'm going to call this one let's call it mint 50. mint 50. we'll do an open parenthesis and then a close parenthesis and then we have to tell solidity who can see this function in this case I'm just going to say public we'll open our curly brackets and we'llEnd our curly brackets and something I like to do is to take both of these highlight them and then push the tab button that way our curly brackets kind of line up and we don't get confused so now we have a function named mint 50 that we can use however right now itDoesn't do anything so let's make it do something we'll do something called underscore mint which is a function that open Zeppelin has written in fact if we scroll down here just a little bit I'll make it a little bit bigger so everyone can see there should be a function inHere called underscore mint that basically mints you some tokens there it is underscore mints and this is the code of what it does you can read it if you understand it and if you want to understand this and you don't you can go to whiteboardcrypto.com and join theWait list for my web 3 portfolio Builder bootcamp which is basically a 12-week program that teaches you how to completely understand all of this code and actually create any dap that you want to create anyways back to our code we're going to be using underscore mint and you can see that this functionWhenever we call it what it's going to do is whatever is inside of these curly brackets which is basically calling this function underscore mint however if we go back to underscore mint you can see that we have to give it two things we have to give it the account that we wantTo Mint tokens to and the amount of tokens that we want to Mint so let's go back to our IDE and give it those two pieces of data the first piece of data is going to be called message.cinder and this is basically a quick way to sayWhoever is calling this function is the one who should get the tokens that's who message.cinder is whoever is calling this function so if you call it you'll get the tokens if I call it I'll get the tokens next we're going to do a comma and let's say we called it mint 50 soWe'll do 50 tokens however in reality solidity does not have decimals instead they use very large numbers and then we let other applications add decimals to that so for it to actually be 50 tokens we need to multiply it by 10 to the power of 18. however in solidity insteadOf this little carrot here for exponents we just do two asterisks so now if we click on this little X here and we basically get rid of that old contract we just wrote and we go ahead and click the deploy button and we control s to recompile you'll see that we get anError and that error is because we do not have a semicolon at the end of this line so let's go ahead and control s again and see if we get any errors we don't we got the green check mark So now let's click this deploy button to actually deploy this new contract I'mGoing to go ahead and copy my address and I'm going to put it in balance of to see how many tokens I have I have zero tokens now I want to use this function mint 50 to see if I can mint myself 50 tokens so I'm going to go ahead andClick mint 50. you can see that a green check mark showed up and it successfully went through now if I click balance of again this should be a very large number starting with five zero and it is so if I take this number and I copy it and IOpen up I think it's eve converter yeah eth-converter.com and I put this value in as way you can see it equals 50 tokens like I said solidity does not like decimals so we have to do this now before I end this video you might be saying can anyone call this function andMint themselves 50 tokens the answer to that is yes yes they can we can go up here we can change our account to account number two and they can also mint themselves 50 tokens it went through successfully so how do we stop this well we apply something called a modifier that onlyCertain people can use this function open Zeppelin has a modifier called only owner which we actually import whenever we import the erc20 token so let's go back to our IDE and add a special line of code called a modifier that is named only owner now only the owner of thisContract only the person who creates it is allowed to call this mint function so let's go ahead and remove our old contract we'll do Ctrl s to save this and compile and you'll see that we get an error that we can't use only owner so now we have to import something thatAllows us to use only owner or write it ourselves and because this isn't the entire boot camp I'm not going to show you how to write it yourself but what we can do is go to open Zeppelin and basically I'm going to paste in their ownable contract here which is the codeThat you would need to write yourself if you wanted something to be ownable so I'm going to go ahead and copy this code and we're going to be importing it as well so import with our semicolon at the end there and because we want this to also be ownableWe just need to add this to what Theodore tokens is using so Theodore's token is using an erc20 contract we can also say that it's using an ownable contract and when we compile this we should get the green check mark just like we just did and so now we canDeploy this contract click the drop down button and mince ourself 50 tokens now if we copy our address and put it into balance of and we paste this here we should see that we do have 50 tokens and now if we change our address fromAccount 2 to account 3 and we try to call Mint 50 we should get an error so let's go ahead and click this button and you can see that we got an error the error is caller is not the owner so now other people cannot mint themselves tokensCool so how do we actually get this onto an actual blockchain well I'm glad you asked let's change this environment right here we'll click on it and we'll go to injected provider dash metamask for some reason it's not working so I'm going to remove our previous contractAnd refresh the page we'll reload we'll go to contracts open up our token.sol that we were working on we'll go to our compile tab control s to compile it and see if it works and it does so now let's try to change from remix VM to injectedProvider and metamask will pop up and we should say yes to this I want to count one which has 10 Matic in it we'll connect it and we should be good to go so I'm going to go ahead and click deploy here metamask will pop up askingMe to deploy this contract I'm going to click edit and I'm going to speed this up basically this works as a bidding system I'm going to go ahead and click edit and try to speed this up and when that goes through we will have success successfully launched our very firstToken it went through I'm going to go ahead and click on it it'll open up in polygon scan and right now it's not showing up and in a couple seconds it should let's refresh the page and see if it shows up and it does you can see whoCreated the contract you can see the actual contract itself right here how much it costs to deploy this so this was around 50 cents to make this token polygon scan doesn't know this is a token yet so let's go back to our IDE and click this drop down button on ourNewly minted polygon contract and let's mint ourselves 50 tokens once that goes through we can then go back here and refresh the page to see if it updates and there we go you can see that we've minted 50 or called the function mint 50 and if we go into this transaction youCan actually see that we went from basically nowhere into this account for 50 of Theodore's tokens usually when you're minting tokens and you're creating new ones it shows from null so we can actually click on this and see Theodore token's information that there is one holder that there's only been oneTransfer and there's 50 total Theodore tokens we can also sort by holders and we can see who holds the most which is the account that I just minted them to and if I wanted to I could send these tokens to anyone else so wrapping thisVideo up we created a token in less than 10 lines of code this is actually a rather safe token as well we also deployed it so that it was on a real blockchain if you thought this was interesting and you'd like to learn more about the ethereum virtual machine andWriting smart contracts and even building entire dapps you can join the waitlist for my boot camp that's going to be launching really soon you just go to whiteboardcrypto.com enter your name your email and you'll join the wait list tomorrow I'm going to be sharing a videoWhere I basically create a bunch of meme coins that have really unique abilities so for example I created a token that you can only move one token per day I also created a token that you can't sell for an entire year there's also a token that if your account is dormant for moreThan 24 hours someone can steal your crypto which also means if you find other accounts that are dormant you can steal their crypto they're definitely meme coins though and to be quite honest I coded them just like I coded this except the lines of code that I addedAre a little bit more Technical and a lot more thought went into them I highly recommend joining the waitlist I really hope you enjoyed this video and most of all I hope to see you in tomorrow's video where I show you some meme coins that I've built thanks for watching andI'll see you guys later