Greetings, dear readers! I am frequently asked what is the best dependable way to keep cryptocurrency, whether it is Bitcoin, Monero, ERC20 tokens, or DOGE. In this essay, I'd like to offer the solution to that question; regrettably, there are no clear and simple answers.
I'd also like to thank the authors of all of the services that were used as examples in this essay, as well as the authors of all of the resources that I utilized as references; keep up the fantastic job!
You must remember the main rule:
Your level of OpSec usually depends on your threat model and which adversary you're up against. So it's hard to define how good your OpSec is.
The thing is that if you need a certain crypto-wallet for work, for staking, for paying your employees and so on - it is considered "operational" or "hot", so we will consciously build its protection based on objective threats, you can learn about this from my articles: officercia.mirror.xyz!
But today, I'd like to focus our conversation on the fact that we require a truly secure solution. To help us visualize it, let me phrase the topic of today's essay as follows:
"You suddenly received $1 billion in any cryptocurrency, and you don't want to invest it yet, but you want to securely save the majority of it using cryptocurrencies."
So, what are our options?
Cold hardware wallets, brain wallets, and paper wallets are the most common. I feel that "designed" techniques have earned the right to exist as well, but let's concentrate on the first one, which is a cold hardware wallet.
Firstly, for an ideal OpSec I recommend either developing an own programming language (done by different remote & in-house teams) with your own semantics or becoming a developer yourself, or avoiding using ANY third-party software, implying that it can be compromised, and developing tools and apps in dependance on your needs completely on your own.
This is all correct, but nothing stops you from doing a fork or ordering an independent audit of the tools you are going to use , does it? With all said, it all depends on what you are going to get in result and against whom you are acting.
Let’s say we deal with a Duress tool. As such, it can be used wrong (e.g. weak password), or used to do bad things (e.g., exfiltrate intellectual property).
Check out: Portable Secret
On the opposite, we can just use Steganography and a small paper, without even touching the computer. Both attitudes has the right to exist, in my honest opinion!
All of the above refers to the criticism of tools as such and their role in OpSec.
Secondly, regarding big lists. Japan was the first country to invent the work that we do now in the form of SoKs or Awesome GitHub lists! If anyone is still around, browsers used to be sort of a table or database of websites, many of which were quite…uninspiring.
I also really enjoy applying anthropology, particularly when it involves online phenomena.
«Antenna-websites» were created at that time. There, their authors gathered a variety of resources that were related by a common subject to make someone’s life easier! In some ways, the creators of Awesome Lists and start.me continue this idea now. And it's fantastically amazing!
Last but not least, everything you do is based on the outcomes you need to achieve! You should be able to select reliable and vetted sources instead of using all the tools and links. Through given routes, you ought to be able to construct your own journey!
Following that, I will tell you about the ways that I deem safe and recommend to my clients!
I am often asked why in my recent articles: about secure cryptocurrency storage, about an attack on old-and-forgotten hard-drives and on how hackers are caught I do not recommend using Trezor or Ledger devices for a main cold storage.
So I chose the two most popular devices and had no previous assumptions about them.
I believe that no technology is inherently harmful; rather, diverse conditions for safe use and reasons for using it exist. So, let's get back on track and examine these two examples through two separate technical lenses. I can get info from your Trezor or Ledger if you have one.
If you're using a PC as storage (Windows, Linux, etc.) it should 100% be offline/air-gapped and dedicated (not used for anything else). Paper and hardware wallets still exist for a reason though (most secure options for the majority of users)!
But there will only be a couple of attempts. That's why I've never recommended Trezor or Ledger... If the device falls into someone's hands, you're screwed. They have different approaches, you can read more about them here and there, but the gist is basically the same. There's a great fresh video on cold wallet hacking.
Check out wallet rating: walletscrutiny.com
If you own something like this device, it is unlikely that it will be possible to restore anything without his participation. Because there are all sorts of cool, bulletproof features.
And you can make a cold wallet out of a regular phone, for example via airgap.it - there will be almost no difference from Trezor or Ledger!
A new attack is going on right now - it looks like a dusting attack, while this is a phshing scam! Seen at BTC, ETH, BSC, TRX blockchains already.
Trezor is and serves as the basis for many hardware wallet clones out there, but it also has no physical security which is why there are numerous "key recovery" services you can reach out to for extraction if you own one.
It is important to add that not a single hardware cold wallet at the moment is fully Open-Sourced - not even Trezor, Ledger and the ones I cited above. Also, if you go to their websites you can see that they are one of these companies does not consider the bug-bounty report "in scope" if you have physical access to the device…
I highly recommend to purchase a hardware wallet directly from the manufacturer's website rather than online retailers like Amazon or eBay. It is also advised to use an alternative email address or a virtual office to protect your personal information in case of a data leak. I also don’t like trusting hardware. Therefore, we all should have physical ciphers! Once again, study Steganography! Check out physical cryptography as well!
Needless to say, with the increase in physical attacks, it is very important to take this into account?
It is often chosen because it is easier to remember than the seed or the private key, it is easier to put there some poem that you made up. Or make up your own seed out of the nicknames of all the pets you've had in your life.
BrainWallets are basically instantly crackable since the range is tiny github.com/ryancdotorg/brainflayer
But the problem was that people didn't want to be creative and just took some lyrics from songs or simple words like "Bitcoin"... But there are dozens of bots with huge tables, where all these options are already turned into private keys and public keys and mempool is constantly monitored in case one of these wallets is refilled.
At the same time, in my opinion, we should not bury this technology - we just need to collect such a wallet, using natural Entropy, for example, weather data or atmospheric noise to determine words from the dictionary, but that is another issue. With all said, this technology looks old in 2022.
The most important thing is to realize what you are doing and why. And try to use the basic functions that are built in. Any blockchain client has them and has made them available. That’s why - secure blockchain address generation must be preformed via a full node only! Or at least - light client / node.
You can try using a calculator even!
Finally, atmospheric noise has a natural Entropy so you can use its data as a N in function - if you decided to do it manually!
The most secure option would be to use a cold card or a "paper wallet."
It's also preferable to store a private key rather than a seed phrase on the paper wallet. In case you're wondering what the distinction is between a Private Key and a Seed Phrase. A private key grants access to a single address (account), whereas a seed phrase grants access to the entire wallet, which can contain multiple addresses and private keys.
Would also suggest key segregation and key cycling as well. Meaning, don't use the same keys as your hot wallets for multi-sig management, and don't use the same keys forever.
Get in the habit of maybe quarterly or yearly audits of these keys (and their backups) because it's surprisingly easy to lose track of them!
I also want to remind you about one scam service, which nevertheless occupies the first position in the Google search for "paper wallet generator" and even "paper wallet generator".
Check out: Portable Secret!
The name is not printed intentionally, just look at the screenshot!
In any case, any such service has only one goal - to steal your cryptocurrencies by giving you pre-generated key pairs from the service owner:
As a result, never utilize an online service to generate private keys.
Only Bitcoin Core and Electrum can be trusted if they were downloaded from an approved source. And that condition might alter at any time: someone could hack the core engineers' GitHub accounts or simply pay them for a "damaging" commit. For Ethereum, you can check out something like this script.
The seed phrases designed in BIP39 by @Trezor are pretty awesome. Passphrase is like a password for your seed, meaning that even if your seed gets shot on camera, the wallet that will be created from it wont contain your bitcoin (it can some decoy amount tho). You will then have to enter also passphrase and recover from this!
Also, bitcoincore.org is the official website of the Bitcoin Core project while bitcoin.org is a separate website and project which aims to provide general information about Bitcoin! Keep that in mind!
Last but not least, there is such a thing as hierarchical determination (HD) in the settings of some wallets.
It sounds scary, but it means that every time you get money to an address, a new clean address will be generated from the same private key. And you can accidentally send money to an already inactive wallet.
It is better to turn this function off (if it will be enabled), because it is easy to get confused with it.
Lastly, here is my special compilation of four crypto services aimed to help you when you are already a dead man:
Check out this article for more info on this sensitive topic.
For Ethereum, you can check out something like this script or a full node (preferred)! In any case, the variations will be insignificant if we are talking about the level of protection that we have specified in the article. Keep in mind BGP-level attacks as well!
The main difference is that hot or "operational" Ethereum wallets must adhere to stricter security guidelines, as I detailed in my blog!
However, if we have the amount of money we need to store on hand and it is in tokens, NFTs or ETH, or for example in BSC, Avalanche, or Polygon - the differences with the ones outlined before in the paper wallet section will be minor.
It is important to say that cryptography and natural entropy is a reliable protection. By no means try to make yourself some "vanity" address - no matter what network. You can use Profanity2, but don't forget about the history with Profanity1, let me remind you about it.
You can even use your cat’s Entropy! 🐈
If you go for a larger form factor, you could use QR code swapping for the ultimate air-gap solution, but keep in mind:
Remember that an average smart wallet is an Ethereum wallet that is governed by a smart contract rather than a private key. At the same time, many multi-cig solutions are inherently such wallets. Account abstraction is one of their key features, so make sure to double-check everything on their website!
To summarize, I do not recommend adopting smart-wallet or smart contract wallet techniques for cold storage.
If you use a wallet for cold storage, never import the seed phrase into hot wallets!
Metamask (alternatives: myetherwallet.com, frame.sh, alphawallet and this list), which is a non-custodial wallet, combined with Airgap.it would be a way better solution! Here is a nice manual on this topic. Check out this guide as well!
Don’t forget to set up a secure RPC provider!
It is important to mention that the issue with using any third-party RPC provider with MM is that there was no option to remove the default Infura provider for Ethereum main-net so your set of addresses would still get sent to the default Infura RPC. Thread by 0xngmi that explains the leak! Check it out!
I am also not asking you to comply with all of this, but you must remember the main rule in this particular case:
If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money.
Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!
I don't have as much money as the fictional character in our essay, but your support helps me to exist 🙂
If you want to support my work, you can send me a donation to the address: