How to Secure your Cryptocurrency Wallet

There are many different types of crypto wallets. How would you determine which is right for you? In our view, there are three key areas for consideration.

Amounts invested. If you have a lot invested in crypto then you should definitely get a hardware wallet such as Trezor or Ledger.

What exactly is “a lot”? Only you can decide. If we had more than a week’s worth of salary in crypto, we would get a hardware wallet for the added security it provides. You can also consider if the value of your crypto assets is worth more than that of a hardware wallet. If so, you may wish to get one.

What if you have massive crypto holdings? You should definitely obtain multiple wallets and spread your holdings across them. Why? If you lose your private keys, then any hacker who obtains the keys are going to drain every cent from it. So spreading funds across multiple wallets are advisable.

Some argue for using air-gapped computers (one disconnected from the internet) to hold private keys. But, as Bitcoin Core developer Andrew Chow notes…

Furthermore, air-gapped computers are not entirely secure and can still be breached.

Coin support. Does your wallet provider support coins you want to invest in? Check their website for such information. If your coin is currently not supported, check if their roadmap includes plans to support it. See the following links for roadmaps of Trezor and Ledger.

Usage. If you do intend to use crypto for making daily purchases, then you might want to use a mobile wallet. However, do not store more than you can afford to lose on this wallet. Examples of mobile wallets include Breadwallet, Mycelium, Copay or Airbitz. For the rest of your cryptocurrencies, store them in a hardware wallet.

To read more about wallet selection, do refer to our guide on cryptocurrency wallets.

For deterministic wallets, the mnemonic seed (a.k.a recovery phrase), is the banking-equivalent of your credit card pin. For non-deterministic wallets, the private keys are the banking-equivalent of your pin. Theft of your funds can happen if someone gets hold of them.

So what precautions can users take in managing these?

Generation

Always generate them by yourself. For example, if your hardware wallet comes with a recovery seed, never use the seed. A Reddit user purchased his Ledger wallet off eBay and within it was a Recovery Sheet.

What could go wrong? Let’s lay out what is happening.

Step 1: Scammer places a completed Recovery Sheet in packaging and reseals it.
Step 2: User purchases this hardware wallet off eBay.
Step 3: User then creates a wallet using the Recovery Sheet and transferred crypto to it.
Step 4: Scammers gain access to funds in wallets created by the user and drains it.

This is just one example of a low tech scam. Given the rapidly evolving nature of the space, more such scams will emerge going forward.

Test it before using it. Your seed effectively controls your funds. Thus, always test it before using it. You may write it down on a piece of paper. But what happens if you wrote it down wrong? What happens if you can’t read your handwriting subsequently?

If using hardware wallets like Ledger, there are various ways for testing your seed. We describe two methods for doing so in our Ledger Nano S lifecycle article. In brief, you can reset your hardware wallet and restore them using your seed. Alternatively, Ledger has a Recovery Check app where you can type in your seed to check it. You can perform similar procedures with a Trezor. At no point should you enter your seed into a software wallet or onto any electronic device. Doing so effectively defeats the purpose of having a hardware wallet. Hardware wallets secure your seeds by keeping them separate from other electronic devices.

For other wallets eg. software wallets, you can reset your wallet and restore them with your seed to verify if they work.

While these tests take time, they are absolutely necessary. Also, they provide you with a peace of mind that you can restore them on another device if necessary.

Never disclose these to anyone. And no one should ever be asking you for them. Not even tech support from your wallet provider.

Storage

How to store

• Make backups of your 12-24 word seed. You may do so by writing them down on acid-free paper. If concerned about damage by fire or water, then laminate it and store in a fireproof safe.
• Never take a picture of your seed. Do not enter it into a computer or electronic device in any shape or form. And certainly, don’t store it in the cloud. The only time you would enter it into an electronic device is when you are recovering your wallet. For example, perhaps your hardware wallet is down and you urgently need access to your funds. Thus, you restore them onto a software wallet like Electrum.
• Do not store them on USB. USB storage is susceptible to data rot.
• For us, we have engraved our seeds onto a piece of stainless steel. Doing so makes our seeds stainless, fireproof, waterproof and shockproof. Don’t have someone to do this for you? Fret not, there are products out there to help you such as Cryptosteel, the HODL wallet or Billfodl.
• If using a hardware wallet, implement a strong passphrase. Do not use phrases available on google. Or those which are on the BIP39 mnemonic list.
• For multi-signature wallets, backups should exist for the number of keys required to spend funds. Let’s use a 2-of-3 setup to illustrate. In this instance, 2 of 3 keys are required to spend funds. Thus, backups should exist for at least 2 keys.
• If using a passphrase, you also need to make multiple backups of it.

Where to store

• You should make many backups and store them offsite in multiple locations. Storing them in one location only isn’t helpful if that location gets destroyed by an asteroid.
• We advise not to keep any backup copy within your house. Not having immediate access to your backup increases resilience to physical threats eg. burglary or hostage situations.
• Places you can consider storing them include safe deposit boxes or your parent’s house.
• As an added precaution, keep your backups within opaque serial-numbered tamper-evident bags. An example of this would be bank cash bags. Do remember to physically sign your signature over the seal.
• Never use your computer or cloud storage eg. Dropbox to store your backups.

Other steps

• Write a letter to trusted relatives so that they are aware of the existence of your crypto. Set up procedures to have this letter made available to them in the event of your demise.

Overall

Use a strong password or pin to secure all your wallets.

Weak passwords have the following characteristics:

• Predictable or simple pins eg. 1234
• A series of sequenced or repeated numbers eg. 1111
• Short in length. By using a short pin, you are reducing the number of combinations possible. This makes it easier for scammers to crack your pin. Try to have pins in excess of 4 digits.
• Contain personal information eg. birthdates, social security numbers, mobile phone numbers

Mobile wallets

While apps on Google’s Play Store or Apple’s App Store are pre-screened before listing, malicious apps still do manage to slip through. If you aren’t a tech expert, the best you can do is to read reviews of the apps before downloading them. Apps, where users are complaining about getting scammed, are huge red flags.

Desktop wallets

Always verify the PGP signatures of such wallets. Doing so helps avoid downloading fake wallets.

The necessity of PGP verification was clearly evident in the attack carried out on the Electrum wallet in December 2018. In brief, a Sybil attack was undertaken in which the attackers created legitimate looking nodes controlled by them. The attackers then broadcasted a message directing users to download a fake wallet. When users transacted with this wallet, it sent funds back to the attacker.

Had users verified signatures before usage, they could have avoided losing their funds. Bitzuma has a great guide on how to verify signatures for Electrum.

Hardware wallets

Use wallets that make it easy for you to verify their integrity. For example, the Ledger Nano S has a built-in genuine check to help you verify software integrity.

They also provide instructions for verifying the hardware integrity of your device.

Trezor has similar procedures likewise. For example, tampering with the device’s firmware will cause a warning sign to appear on boot.

Verify the authenticity of the software that communicates with your wallet. This would involve verifying PGP signatures. At the time of writing, Ledger has yet to provide PGP signatures for Ledger Live. Trezor, on the other hand, has provided signatures for Trezor Bridge.

Trust only information on your device, never your computer screen. Always assume that the software (eg. Ledger Live or Trezor Bridge) your hardware wallet interacts with is compromised. This is applicable even if you previously verified its authenticity. It is much easier for the software on your computer to be compromised than for your hardware wallet to be. This is because your computer is routinely exposed to potentially risky data from untrusted sources, unlike your hardware device.

Trusting only information on your device mitigates man in the middle attacks. In such attacks, scammers replace receiving addresses shown on the software with their own addresses. But because they can’t alter information on your hardware device, this attack fails if users rely solely on information on their device.

Never use a device that has been pre-configured. A pre-configured device is one in which the PIN and recovery phrase have been set by someone other than yourself. Doing so is just a recipe for disaster as this means someone else is aware of your seed.

Consider using a passphrase. A passphrase is like a second additional layer of protection to your seed. According to Trezor, doing so makes your wallet “impervious to physical attack”. This is because “even if someone stole your device and examined its chip under an electron microscope to discover your recovery seed, your coins would still be safe.”

The flip side is that if you lose this passphrase, your crypto is forever gone. There is no way to recover it. So make backups of your passphrase too.

In case the distinction isn’t clear between the Pin, Seed, and Passphrase:
Pin: Protects the hardware wallet only. Not required to recover seed.
Seed/recovery phrase: Controls access to your funds.
Passphrase: Protects the seed by acting as a second factor. In other words, to access your wallet you would need both seed and passphrase.

Buy wallets only from the source. So if you are purchasing a Ledger, order them directly from their website.

If they are out of stock or don’t ship to your location, buy it from their authorized retailers. For example, Ledger maintains a list of official retailers here. And so does Trezor here.

Is it safe to purchase wallets from authorized retailers? Here is what Ledger’s CTO had to say.

While Ledger lists Amazon as an official store, buying from Amazon is not recommended. Even if the product description indicates “Ships from and sold by Amazon.com”, you should not buy it. The reason for this is inventory commingling. This means your purchase could come from any one of the sellers on Amazon, not just Amazon. Doing so leaves you open to supply chain attacks where your wallet is manipulated prior to you receiving it.

Here is an example of what can happen if you don’t purchase from a legitimate source.

Also, be aware of fakes floating around the internet. More of these would pop up in the future. If you want to see an example, click here.

Lastly, never buy used wallets no matter the price. Many “used once” or “never used” wallets frequently appear on eBay. While the low prices may tempt you, it is possible that these devices have been tampered with.

Make your device easily identifiable. Make them physically distinguishable by signing on your device with permanent ink. Before using the device, check the signature.

Or if using a Trezor, you can personalize your device’s home screen.

Doing so protects against evil maid attacks. In such attacks, scammers gain physical access to your wallets and replace it with a fake one. This fake device may then transmit details of your PIN to the scammer. The scammer can then gain full access to your funds.

A useful software to take note of is USBDeview. It can show when your hardware wallet was last plugged into or removed from your computer.

The longer the device storing your private keys is connected to the internet, the higher the risk of losing your crypto.

Thus, unlocking your wallet unnecessarily exposes your private keys and increases your risk of loss.

The public nature of blockchain transactions allows users to check their balances easily. You can enter your wallet addresses into the relevant blockchain explorer. Examples:

• Bitcoin: Blockchain explorer
• Etherium: Etherscan, Ethplorer

Fun fact, see the largest holders of bitcoins here.

What if you use a deterministic wallet and have multiple wallet addresses? This method still works. But you need to use your master public key instead. Read more about how to do this for Ledger and Trezor under the section “Get relevant wallet information”.

For example, Trezor and Ledger do not provide call support. Instead, support is available by submitting tickets on their website or Reddit page.  If a representative claiming to be from them drops you a call, you should immediately know it is fake.

In such a solution, funds can only be spent with authorization from more than 1 signing keys. In a 2 of 3 signing arrangement, at least 2 of 3 possible keys are required to authorize a transaction. For which signing arrangement to implement, read here to find out more.

Several precautions to note when implementing them:

• No two signing keys/seeds should ever be present / generated on the same device. Doing so allows scammers to steal them simultaneously, allowing them access to funds. Storing each key/seed on dedicated devices (in geographically separate locations) reduces such risks and increases security.
• Wallets used should come from different manufacturers. That way, the compromisation of a particular wallet provider (eg. Ledger gets backdoored somewhere in production) only gives attackers access to one of your keys.
• Backups should exist for as many keys as required to spend funds. Thus, in our 2 of 3 signing arrangement, there should be backups for at least 2 keys.

This computer should not be used for browsing the internet, playing games or downloading unnecessary executable files. Also, avoid sharing this computer with others. The objective is to create a trusted environment for managing your cold wallets. Find out other ways of securing your computer in our article on general security principles.

Some may go a step further and use an air-gapped computer (one disconnected from the internet). This reduces the risk of malware making unauthorized copies of your seed. Processing transactions would then work in the following manner:

• Generate unsigned transactions online on your computer which has access to the internet.
• Make a copy of this transaction and transfer it to your air-gapped computer on a USB stick.
• Sign the transaction on your air-gapped computer.
• Transfer this signed transaction back to your computer with internet access for broadcasting.

Setting up air-gapped computers is a massive topic and we aim to cover it in a separate post.

• Andreas Antonopoulos
• Bitcoin.org
• Trail of bits
• Trezor
• Ledger
• Bitcoin Wiki
• Crypto Consortium