There is no universal solution for all occasions, but we will try to give advice that is practically always applicable. The concrete implementation of the architecture should be planned based on your needs and risks. You can use this material as a checklist for verification.
Recommendations for organizing the storage of cryptocurrencies and tokens
Do not store all eggs in one basket! Break funds, and those that you do not plan to use in the near future, store in a cold wallet. If necessary, there may be several cold wallets. For example, part of the funds will be on a hardware wallet, part on a multi-signature wallet, part in the form of a private key in a cryptocontainer with a strong password. In case of real danger, you can even pass 1 or 2.
Separate computers for crypto. If you work with crypto assets that are several times more expensive than the cost of their storage, select individual computers that will no longer be used for anything. Surf the web, play with toys and edit the submitted documents better on another computer.
Nothing extra.
There shouldn’t be any extraneous software on wallet computers, not to mention a cracked Windows crack from C001_][aker. Only proven distributions from the manufacturer.
fault tolerance. The biggest fault in terms of fault tolerance is a hard disk failure. Other parts in the computer are usually replaced quickly and without any special consequences. In the case of hard disks, system fault tolerance is easiest to achieve using mirrored RAID arrays. Roughly speaking, this is when two hard drives are installed, and write and read operations go on them in parallel, and the system sees them as one disk. In this case, the cost goes to one hard drive, the raid controller can even be used built into the motherboard. The likelihood that both hard drives will fail immediately is extremely small, and if any one fails, you insert a new one in its place and work on. Some RAID controllers can do this even on the fly without shutting down the system.
Backup. You must be prepared for the fact that the most fault-tolerant system may not be available. Fire, thieves, special services, or just a cat writes to the power supply and burns all the boards and hard drives, it does not matter. This could happen. You must have current backups of all wallets. Moreover, they must be encrypted and sent to several places at once. To the cloud, to mail, a flash drive in a safe, an archive in a smartphone, etc. Choose a few options, better come up with your own, and use them. Keep a backup schedule and stick to it. Periodically download one of the backups and check the availability of information in it, that nothing is beaten, you remember all the passwords and are able to extract information from the backup.
Encryption and Passwords. Take it as a fact that your computer, phone, flash drive or access to your mailbox and other services may be in the hands of attackers. In this case, it is necessary to prevent an attacker from gaining access to wallets. If all your devices are securely encrypted, and passwords are not like Qwerty123, then at least you will gain time to transfer assets to other wallets, and at the maximum, obtaining devices and accesses will be useless for an attacker. Therefore, use the maximum encryption, including on system partitions, smartphones, archives, backups. Set passwords to download and unlock your smartphone. Computers should not have accounts without strong passwords. On web services, use two-factor authentication where possible. Set strong and different passwords on all services and devices. It is advisable to change them to new ones with some periodicity.
Updates. Pay particular attention to software updates. Often, attackers use errors in the update algorithm or disguise the download of malicious software as updates. This was already the case with some cryptocurrency wallets, for example, with Electrum, when a message about the need for updates was displayed, and the trojan was loaded. An easier way is to display in the browser on the web page a supposedly window that asks to update the browser. Sometimes this opens in a new pop-up window and tries as much as possible to copy the interface details of a real update window. It is clear that upon obtaining the consent of the user, a trojan will be downloaded to him. So only updates from official sites, and it is advisable to additionally check them.
Do not leave things unattended. Everything is clear about flash drives or a smartphone without a password. But in some cases, even a laptop can be hacked simply by inserting a device that looks like a flash drive into a USB port. But in reality it will be a hardware HID keyboard emulator and a set of exploits. So in the Windows environment, after configuring all of your devices, it is recommended to prohibit the automatic installation of drivers and devices by activating the “Prevent the installation of devices not described by other policy settings” policy.
What to do if a hack has already been detected?
– Disconnect the attacked computer from the network, check what is stolen, what is not.
– Transfer the remaining cryptocurrency and tokens to other wallets, if necessary, create them on a clean computer. To speed up the process, you can create temporary addresses in the most famous web wallets.
– Track where the coins went, maybe these are services like exchanges or online wallets. In this case, urgently write to them in support about the incident with the addresses, transaction hashes and other details. If possible, call, after sending the letter call and voice call attention to the urgency of the situation.
– Change all passwords from a clean computer, even those that are not directly related to wallets. On the infected computer with a high degree of probability there was a keylogger that collected all the input information. Passwords must pass at least 2 cleanups – temporary and new permanent. Passwords must pass at least 2 cleanups – temporary and new permanent. Passwords must be strong: long enough and not dictionary.
– Save to backup all the necessary information from computers, smartphones and tablets, which is undesirable to lose. Executable files, and other files that may have been infected, should not be in the backup. Encrypt backup. Make several copies of the backup in geographically dispersed places.
– Clear all flash drives, hard drives, reset the smartphone to the factory state and re-configure everything. If you plan to work in the future with very important information, or amounts that are many times higher than the cost of the equipment, then ideally it is worth changing the entire hardware, as some types of Trojan programs can register in service areas on hard drives and are not deleted even when formatting, and also modify the BIOS on the motherboard.
General safety advice
Phishing. Most often they attack sites of exchanges, online wallets, popular exchangers.
The leaders are myetherwallet.com, blockchain.com and localbitcoins.com. Most often, scammers register a domain similar to the attacked one. A harmless website or forum is poured there. Buy advertising in search engines on it. As soon as advertisements are moderated, the site is replaced by a clone of the attacked site. At the same time, it’s not uncommon for DDoS’s to begin. The user cannot get to the site, enters the name in the search engine, clicks on the first line in the SERP, not seeing that it is an advertisement, and appears on the scam site, which looks like a real one. Then he enters his usernames and passwords, and money from his account is leaked to attackers. Often, even two-factor authentication, pin codes, etc. does not help. The user himself will enter all this. Say, when entering the login code, the system will say that the code is not correct, enter it again. He will enter the second code. But in fact, the first code was used to enter, and the second to confirm the withdrawal of funds.
Another example is deferred attacks. When you open the site sent to you, which looks like safe, and leave the tab open. After some time, if there is no action on the page, its content is replaced with a phishing site that asks to be authorized. Users who have previously opened tabs are usually more trustworthy than those that they open, and they can verify their details without checking.
Also in some cases there may be phishing attacks on specially prepared public networks. You are connected to a public Wi-Fi network, and her DNS returns the wrong addresses for domain requests, or all unencrypted traffic is collected and analyzed for important data.
In order not to fall for this, do not turn off your vigilance, use additional checks and a more secure channel, about them below.
Additional checks. For the most visited and important sites on a secure computer, spot a few indirect parameters. For example, the publisher of the certificate and its expiration date. Alexa counter value or approximate traffic by Similarweb. You can add your own parameters. And when you visit the sites, track them. For example, if a certificate suddenly changes long before the end of the old one, this is an occasion to beware and additionally check the site. Or, for example, if earlier bitfinex.com showed about 7 thousand points on Alexa, and now it suddenly shows 8 million, then this is a clear sign that you are on a fraudulent site. Same thing with Similarweb metrics used by CDN, domain name registrar, hoster, etc.
Passwords. The most important passwords are best remembered without being recorded anywhere. However, given that it is better to set different passwords for all services and wallets, some of them will have to be stored. Never store them open. Using specialized programs such as KeePass is much preferable to a text file. There, they are stored at least exactly in encrypted form, plus data from the clipboard is automatically deleted after use. Set up some security rules for yourself, for example, add three random characters to the recorded passwords at the beginning. After copying and pasting where the password is needed, delete these characters. Do not share ways to store passwords, think of your own. In this case, even if the key keeper is compromised, there is a chance that the attacker will not be able to use them.
Secure channel. To work more safely from public networks, it makes sense to make your own VPN server. To do this, you can buy a virtual machine in one of the hosters abroad, you can choose the location at your discretion. The average cost of a virtual machine is $ 3 – $ 7 per month, this is quite lifting money for a slightly more secure access to the network. Install your own VPN server on the server and start all traffic from mobile devices and computers through it. All traffic to the VPN server is additionally encrypted, so you will not be able to poison DNS, or get additional data from your traffic by setting a sniffer on its way.
Windows /Linux /Mac OS? The best operating system is the one that you can configure most professionally and work safely in it. Better well-tuned Windows than badly tuned Linux. Security problems are found in all operating systems, and they need to be patched in time. However, the largest amount of malicious software is written under Windows, most often users are sitting with administrator rights and when probing the system, scammers primarily try to use exploits for Windows. Therefore, all other things being equal, it is worth choosing a less common and more security-oriented operating system, for example, one of the Linux distributions.
Antivirus. To put or not an antivirus? If the computer is connected to the network, it is used for any other tasks, besides storing cryptocurrency, it has the ability to connect flash drives or otherwise load malicious programs – we recommend using an antivirus. If the computer is specially configured only as a wallet, security is maximized everywhere, there is no extraneous software on the computer and the ability to download it there is better to do without an antivirus. There is a small chance that the antivirus will send a wallet to the company of the manufacturer as a suspicious file, for example, or they will find a vulnerability in the antivirus itself. Although this is very unlikely, such cases have already happened, they should not be ruled out at all.
If you installed an antivirus, keep the databases up-to-date, do not delete or “smack” malware checks, pay attention to all notifications and periodically perform a full system scan.
Think about the advisability of installing anti-virus on your smartphones and tablets.
Sandboxes.
Get a separate virtualka to view the sent files. There is always a risk of getting a document with a 0-day exploit that is not yet detected by the antivirus. Virtual machines have such a plus as a fairly quick work with snapshots. That is, you take a nugget of the system, run the dubious files on it, and after completing the work, return the state of the virtual machine to the moment when you did not open the suspicious files. This is necessary at least for subsequent safe work with other data.
Verify Addresses. When transferring payment data to a secure computer, immediately before sending, additionally check visually the address and amount. Some Trojan programs replace the addresses of cryptocurrency wallets with their own in the clipboard. Copy one, and the other will be inserted.
Environment. Keep in mind that the initial attack may not be carried out on you, but on your employees or your loved ones. Once in a trusted zone, it will be easier for malware to get to your assets.
Communication. Treat any messages during telephone conversations or correspondence as if they were accurately read / listened to and written by outsiders. So no sensitive data in clear text.
Better to stay. If there is a suspicion that some wallets could be compromised, then create new ones and transfer all funds from those that cause suspicion.
Give less sensitive information for yourself. If at the conference the facilitator asks you to raise the hands of those who have cryptocurrency, you should not do this, you don’t know everyone in the hall, and putting potential victims on a pencil is the first step in which you can help an attacker. Or, for example, there was such a case: one cryptocurrency owner took storage security quite seriously. But the attackers found out that he was selling a land plot. Found some, contacted under the guise of a buyer. In the course of dialogues and exchange of documents, the attackers were able to put the trojan on the victim’s computer and monitor his work for some time. This was enough to understand how the funds are stored and steal them. When selling the site, the victim’s alertness was clearly lower than when working with crypto assets, this played into the hands of attackers.
Examples of building an architecture for storing crypto assets
1. Requires storage of small amounts and quick access.
We create an account in an online wallet.
We make backups of private keys, encrypt, send in a couple of places.
We make sure that there is access from the smartphone too.
As a result, we have instant access to crypto assets almost always. We keep in mind that such a wallet should not have amounts whose loss would be tangible.
2. Requires storage of various amounts and constant access.
For permanent access, we use an online wallet, as in the first case for a small amount.
Given the requirement of constant access, a cold wallet will have to be kept online. It is recommended to assemble a separate server for this with a RAID 1 array, encrypt the array, install a wallet. Put the computer on collocation in the data center, it is better to draw up a contract not for yourself, but for one of your friends. Make backups of keys from both wallets, separately make backups of access to the server, encrypt everything and send it to a dozen different places.
Start a separate laptop or monoblock (to save) to access this server via an encrypted channel. Notebook disk encrypt. This laptop should not be used for anything else.
As a result, we have constant access from a web wallet and the ability to replenish it from a cold store. The cost of one-time expenses is approximately $ 500 for a laptop or a candy bar, $ 700 for a server (you can buy one), and $ 50 for colocation. If you are going to store crypto assets for tens or hundreds of thousands of dollars, then it is economically feasible. For full-time operation from a monoblock over the network, the address and amount for payment are taken from the shared document, using remote access via an encrypted channel, a connection is made to the server, from where payment is already made. If a monoblock or server is physically stolen, attackers will not gain access to wallets due to encrypted partitions. If you need urgent access to a cold wallet from an unusual location, you can buy a new laptop there, download an access backup and deploy access to a cold wallet on it on the server.
3. In addition to online access, you need to store significant amounts.
In addition to the web wallet and server from the first and second cases, we start several more wallets. Можно аппаратные кошельки, отдельные ноутбуки для определенных типов активов и т.п. Самый большой холодный кошелек будет оффлайн. В банковском хранилище, или депозитарии, или в собственной пещере, или еще каком-то надежном месте. Для него подготавливаем компьютер без жестких дисков, загрузка будет с CD диска. Не с флэшки, потому что она доступна для записи. На диск предварительно записываем загрузочный линуксовый life cd, утилиту для подписи транзакций и зашифрованный приватный ключ. Сделать бэкапы всех кошельков и ключей, сделать многоуровневое шифрование бэкапов, их копии разослать в различные географически разнесенные места и различные типы устройств хранения.
В итоге имеем постоянный доступ с нескольких кошельков. Если запахло жареным, 1 или 2 из них можно сдать, не выдавая информацию об основном хранилище. В случае необходимости перевода с холодного кошелька перемещаемся в безопасную локацию, грузимся с life cd, расшифровываем ключ, подписываем транзакцию оффлайн. Подписанную транзакцию переносим уже до компьютера, который имеет доступ в глобальную сеть и отправляем ее.
Conclusion
Помните, что все приведенные советы по безопасности помогут от среднестатистических злоумышленников. Если вас физически похитят и применят терморектальный криптоанализ, то вы сами выдадите все адреса и пароли. Также, если за вами охотятся спецслужбы с соответствующей подготовкой, может быть изъятие серверов с криозаморозкой ОЗУ для изъятия ключей, а также физический захват в момент работы с открытым каналом к кошельку. А если вы соблюдаете правила безопасности, не нарушаете законы, или о вас никто не знает, то вероятность столкнуться с подобными проблемами стремится к нулю. Поэтому правильно выбирайте методы защиты в зависимости от уровня ваших рисков.
Не откладывайте на потом то, что связано с безопасностью, если это можно сделать сейчас. Потом может быть поздно. Помните, что пожар легче предотвратить, чем его потушить.
The hacking story from Sergei Simanovsky
How to prevent hacking and theft of cryptocurrency?
What to do if a hack has already been detected?
General safety advice
Examples of building an architecture for storing crypto assets
Related posts:
GitHub Libra Code draws criticism from users 
Tipping on Reddit and Vimeo in BAT introduced by Brave 
Newcomers to the crypto market have to pay attention to scams and pump and dumps 
Hardly any growth in downloaded crypto apps, despite tripling price bitcoin 
Bloomberg accepts Bitcoin – says cryptomonads are here to stay 
The Central Bank can release their cryptocurrencies earlier than expected
