Wallet Security

For some time I have been keeping my adas at coinbase wallet. I had since read that it is safer to keep daedalus or yoroi wallet. On the other hand, I see, in this forum, people being swindled out of their adas through a fault other than wallet software like yoroi. It seems that someone may have, illegally, gained control of their machine. I would like to stake my adas but don’t want to loose them.


  1. Ultimately, what is more secure keeping provider wallet like coinbase or on local machine like daedalus or yoroi.
  2. Is daedalus prefered wallet for local machine?
  3. With daedalus, should I use phrase recovery method or hardware recovery method?
  4. Is there a way I could prevent somebody from illeagaly using the daedalus to transfer money?

I think there are pro and contras for both options.

If you have some crypto knowledge id definitly recommand using a hardware wallet. But the greatest security risk is and remains yourself.

There isnt a solution which is 100% secure but if you know how to handle a hardware wallet, this is probably the most secure solution you will find.

1 Like

Definitely get a hardware wallet. Ledger or Trezor. Buy it from their website. Then you can pair it with Yoroi, Daedalus and you’re safe. As long as you keep your seed phrase safe.

Don’t forget to choose a stake pool when you move your ada off coinbase. Then you are contributing to the decentralised nature of ADA.

Than for your help.

In Daedalus, is there a way to whitelist accounts that you want to transfer from or to?

Today someone claim his daedalus got hacked https://twitter.com/24HOP/status/1465123535383404549?s=20 , not only he is not using HW, but possible the environment also contribute (Windows OS & maybe no VPN)?

In all honesty if you need to ask then it is likely best to keep it on your exchange. Use a strong password, enable 2FA (preferably with Yubikey or equivalent), and for long term consider the CB vault feature as well to put a 48 hour freeze on any attempt to withdraw.

Self custody requires a level of diligence and understanding that the majority of people simply do not possess. You can of course learn this but until you do the security of a multi-billion dollar corporation which hasn’t been compromised in over a decade of cryptocurrency custody is significantly better than your personal device and network security skills.

I’m also interested in this, as I do believe if blockchain currency is gonna have any chance of replacing or seriously competing with central banking/fiat, security is something that have to be addressed…

I have a question: What are the different ways that my ada can be stolen from Yoroi? or daedalus

I understand that my private key can get stolen through different phishing attacks, such as if I write my passphrase or spending password in a fake app. Or simply being tricked into giving it away(however, I like to think that I’m not that dumb) Then ofcourse there are keyloggers, and malicious screencaptures. But, let’s say a hacker/thief gets root access to my computer, can he then extract my key somehow?, how is it stored? I would assume that it’s highly encrypted and such attacks would be theoretically impossible.

What other ways are there? can the yoroi servers get compromised?

If you are using a (normal) software wallet, your master secret is stored on disk. For Yoroi, it can be found somewhere in the browser’s profile: Password Recovery Quickstart - BTCRecover

Of course, it is encrypted by the spending password (that’s the whole purpose of the spending password). I think that this is the encryption/decryption process: EmIPs/emip-003.md at master · Emurgo/EmIPs · GitHub (But Emurgo’s Github is not the most organised one, not sure if this is really, what is implemented in the browser extensions.)

So, if an attacker has (root) access to your computer, she can get the encrypted secret and try to bruteforce the spending password. If you were not that careful in selecting it, that might be possible. So, “highly encrypted” depends on your choice of password.

Or she can use the root access to install some fake Yoroi with a backdoor. Just giving her the password the next time you enter it is the only modification necessary. You don’t have to be that dumb to not notice that.

The Yoroi servers are not involved in transactions. That all happens only on your computer. But, if the right ones of them are compromised, they could, of course, be used to distribute a fake version of the app/extension.

If you use a hardware wallet, most of this is not an issue, as long as the recovery phrase is safe, it is an unmodified original hardware wallet and you do not authorise bogus transactions. (Theoretically, a fake app/extension could let you sign a transaction to the attacker when you really want to do something else and do not control what your hardware wallet tells you, what you are signing.)


Thank you for enlightening me about that!

So if my spending password is compromised I’m screwed, what then about some local 2FA system? like, could it be possible to generate your own onetime use codes, that you write down on a paper?

Or have the devs/community decided that hardware wallets are the only way to go? I also wonder what makes hardware wallets so safe? they are still a digital device that connects to a possibly compromised computer aren’t they?

I guess the question really comes down to how do we guarantee that the owner of a wallet is actually present at a device that’s doing the transaction.

Thanks everyone for your contributions.

Based on what I am hearing, if …

  1. Deployed daedalus on windows machine virtual machine. That would be the only thing on that machine.
  2. Using hardware wallet.
  3. When there is a need to use daedalus, like transfer ada and wait until transfer is complete, spin up vm and shut down afterwards.
  4. Keep several copies of pass phrase written on a piece of paper in safe locations.
  5. I suppose punch a whole in the firewall for outgoing traffic and close off incoming traffic.

That seems to be sufficient. Please, let me know if there is an overkill or underkill and where.

Also, are node addresses static? If yes, is a list being maintained some place? What ports need to be opened for daedalus communication?

Hardware wallets can be seen as some form of 2FA. You need to have it and know the PIN. Two factors.

Other than that, it’s a little different than when securing a website with 2FA or one-time codes. A server can decide with rather complicated logic, whom to let in.

Here, we want to secure the private key of a key pair (or a master secret, from which these keys are derived), which is already on the machine. It needs to be there, so that you can sign your transactions, something that is done locally, not on a server, where you can add more and more security measures.

Such a local secret can only be encrypted (which is done for software wallets) or moved to a safer environment (which is done with hardware wallets or air-gapped machines).

The secrets and private keys never leave the USB device (if it is an original device with an original firmware). Even a compromised computer can just ask the hardware wallet to sign transactions (and it will show details of the transaction to the user in order to verify), but the computer cannot force the USB device to reveal the keys.

(The computer can ask for public keys and does that, so that Yoroi and Daedalus can find and show the state of your wallet on the blockchain. They also save these public keys, so that they can show an updated view without asking the hardware wallet again, without it even being connected.)

Right! this is getting clearer to me, I just saw that a ledger nano S is only 59€ That’s about the same I pay for banking yearly… I first thought HW wallets were all over 120€…

But I’m still interested in improving security without one! So, what about simply storing the encrypted key on a usb drive? at least then it couldn’t get swiped if I stumble upon on a sketchy link in an email… as long as the drive isn’t connected of course.

Also as I understand it, a hacker needs the encrypted key to have any use of the spending password?

Sounds good to me. It’s not so easy, because they are buried somewhere in the local storage of Firefox/Chrome (at least for Yoroi).

Having the complete profile or even a completely separate browser installation or a complete Daedalus installation (attention: 22 GB including the chain) on a USB stick shouldn’t be too hard or too uncomfortable, though.

If there is a sophisticated malware or attacker on your system, it’s still not a 100% guarantee, but I would suppose that they normally only check the usual places and do not include “wait for USB drives and scan them” functionality. 100% guarantees are almost impossible to get.

Yes, the spending password alone does not give them anything.

Totally opposite for the 15 or 24 seed words. They are the key (even for hardware wallets). Nothing else is needed to get full control of a wallet. As long as they don’t do anything, you would not even notice that they already have that control.

How about also not specifying where the keys are in Yoroi, so that when you want to sign a transaction Yoroi prompts for the key’s… Obviously this shouldn’t be a requirement but it would be nice if we could have this as an option at least…

Based on what I am reading, I may be at a risk of losing my adas. So, transferring to a wallet may be a necessity. If I was to use a hardware wallet like Ledger or Trezor, what would be my exposure and could you give pointers on how to protect myself.

@gelfada Long time no see friend,

If what you are reading is related to the FUD going rampant online recently then I would say there isn’t much to worry about. Coinbase makes more money per day then regular folk like you and me will make in a lifetime. Just think of all the fees they collect on millions of users in addition to their publicly traded stock, crypto holdings, etc, etc. Coinbase isn’t going anywhere.

That said if you want to use a hardware wallet and self custody then here is the step by step process I would recommend for you (or anyone else):

  1. First up you got to buy a reputable hardware wallet! Make sure you ONLY get one directly from the manufacturer website. That means go straight to Ledger, Trezor, etc and do NOT get it from Amazon or anywhere else. I recommend buying 2 so you have one to use and one as a backup in case you break the original (more on this later)

  2. Once it arrives you are ready for the next step. That is setting up your new private key (mnemonic seed phrase) on your hardware device. This typically involves plugging it in to power up and then following the prompts on the LCD/LED display. VERY IMPORTANT: write down your new HW seed words on a piece of paper. NEVER store these on a computer, take pictures with your phone, or type them on any keyboard EVER.

  3. Next up the hardware device will likely make you confirm the seed words. This basically means entering them in order from the piece of paper you wrote them on. Your device may also let you setup pins, password, and additional security and similar to seed words I would suggest writing these down old-school with pen and paper. Paper can’t be hacked :smiley:

  4. Sweet, the most important part is done. Now you want to get the latest greatest firmware updates. This will flash the device and wipe anything on it so do the upgrade/update first.

  5. Firmware updates will take awhile so now would be a good time to take your super secret paper backup and put it in a fire-proof safe or equivalent. Some people recommend putting half your seed words in one location and the other half in another but I say if you got got people with guns in your house trying to crack your safe then you have more important concerns than silly things like crypto anyway.

  6. After the firmware update you will need Cardano ADA bridge app on your hardware wallet. With Ledger this is installed through the manager of the Ledger Live app. With Trezor this can be installed with the Trezor Suite app. You will need this to connect your hardware wallet securely to your ADA wallet.

  7. Right on, we’re ready to rock. Now you need to connect your HW wallet to any compatible ADA wallet application. This can be Daedaulus, Yoroi, etc, etc. There are about a dozen to choose from now so pick your favorite but make sure they support your particular hardware wallet. This typically involves plugging in your HW device, entering your pin, starting the ADA bridge app, and then following the prompts in the ADA wallet. Your Ledger or Trezor will ask for confirmation to allow this and you have to physically push the button combinations to say “YES” or “NO”

  8. Last step. Once connected access one of the generated receive addresses based on your new HW. Send some small amount of ADA from your exchange wallet to this address to test it (5 or less should be plenty). If it goes through and shows up in your balance then you did everything correctly and can now send a larger amount to the same address. ALWAYS double check every send address before confirming any transactions.

  9. Once all your ADA is moved over to your HW wallet (or as much as you want) then the last thing I would recommend would be to delegate to a stake pool. This will be slightly more complex with a HW in the mix because literally everything that would spend any ADA (even minor staking fees) must be confirmed by the HW. It won’t let anything go out without your physical approval on the device which means it has to be plugged in, powered on, unlocked, the ADA app running, and you confirm transactions manually by pushing buttons on HW after double checking.

  10. Remember how I said more on this later in step 1? Here it is. Do not open or touch the backup HW if you bought one. Just store it someplace safe. Why? Because one of the options is to restore HW from the previous HW seed phrase. In other words if you break or otherwise have a malfunction on your first device you want to set this one up using the seed words on your paper backup rather than making a new phrase so you have access to the previous funds, by replicating the same private key internally on the special secure EEPROM, which is just fancy talk for restoring the wallet.

Note: you can receive ADA while HW is offline at any valid address so consider keeping your new HW wallet in a safe location until you want to send ADA or delegate to a new pool as some of the security comes from the “cold storage” of it not even being plugged in or turned on!

I tried to simplify the process reasonably. An old but very decent full guide to security is available from Charles Hoskinson himself here: Security Foundations: How to Secure Your Wallet Recovery Phrase for Cryptocurrency Wallets - YouTube but this is significantly more complex.

If all this is wildly confusing and my steps did not help at all then I would be VERY curious for feedback as I am developing a video game that teaches these kinds of things and have been struggling coming up with good lesson material regarding wallet security at an elementary level.

Wow! That is a very complete guide!

One small thing:

That’s not correct. You can reset Ledgers to factory settings and then create a new seed phrase or restore from a seed phrase you have written down.

And one addition: Although the wallet apps won’t usually offer it to you, the hardware is not really needed if someone gets access to your seed phrase. They won’t have to buy a hardware device to derive your private keys and empty your wallet, but can do it in software.

That makes it even more important to never give the seed phrase to any device other than the hardware wallet itself!

I did not know “factory reset” was an option with Ledger. I was also under the impression these vendors use a custom dictionary for “double wrapped” derived keys preventing the seeds words from creating a compatible private key for wallets without the HW?

Will update, thanks.

No, they use exactly the same word list and the same derivation paths. The only difference is the generation of the master key from the seed phrase. The three methods are given in this CIP: https://github.com/cardano-foundation/CIPs/tree/master/CIP-0003#history

The difference between legacy Trezor and software wallets was even just a bug. If you have a newer model, it could/should be possible to restore a Trezor wallet by just giving the seed phrase to a software wallet. But that is, of course, not recommended! It undermines the reason for a hardware wallet completely!

Between Ledger and software, the master key generation is completely different, but it is known and can easily be implemented in software.

1 Like

Right then, double or triple important to NEVER put your seed words in any form other than a piece of paper otherwise might be defeating your hardware wallet before you even use it!

1 Like