Wallet Security

For some time I have been keeping my adas at coinbase wallet. I had since read that it is safer to keep daedalus or yoroi wallet. On the other hand, I see, in this forum, people being swindled out of their adas through a fault other than wallet software like yoroi. It seems that someone may have, illegally, gained control of their machine. I would like to stake my adas but don’t want to loose them.

Questions…

  1. Ultimately, what is more secure keeping provider wallet like coinbase or on local machine like daedalus or yoroi.
  2. Is daedalus prefered wallet for local machine?
  3. With daedalus, should I use phrase recovery method or hardware recovery method?
  4. Is there a way I could prevent somebody from illeagaly using the daedalus to transfer money?

I think there are pro and contras for both options.

If you have some crypto knowledge id definitly recommand using a hardware wallet. But the greatest security risk is and remains yourself.

There isnt a solution which is 100% secure but if you know how to handle a hardware wallet, this is probably the most secure solution you will find.

Definitely get a hardware wallet. Ledger or Trezor. Buy it from their website. Then you can pair it with Yoroi, Daedalus and you’re safe. As long as you keep your seed phrase safe.

Don’t forget to choose a stake pool when you move your ada off coinbase. Then you are contributing to the decentralised nature of ADA.

Than for your help.

In Daedalus, is there a way to whitelist accounts that you want to transfer from or to?

Today someone claim his daedalus got hacked https://twitter.com/24HOP/status/1465123535383404549?s=20 , not only he is not using HW, but possible the environment also contribute (Windows OS & maybe no VPN)?

In all honesty if you need to ask then it is likely best to keep it on your exchange. Use a strong password, enable 2FA (preferably with Yubikey or equivalent), and for long term consider the CB vault feature as well to put a 48 hour freeze on any attempt to withdraw.

Self custody requires a level of diligence and understanding that the majority of people simply do not possess. You can of course learn this but until you do the security of a multi-billion dollar corporation which hasn’t been compromised in over a decade of cryptocurrency custody is significantly better than your personal device and network security skills.

I’m also interested in this, as I do believe if blockchain currency is gonna have any chance of replacing or seriously competing with central banking/fiat, security is something that have to be addressed…

I have a question: What are the different ways that my ada can be stolen from Yoroi? or daedalus

I understand that my private key can get stolen through different phishing attacks, such as if I write my passphrase or spending password in a fake app. Or simply being tricked into giving it away(however, I like to think that I’m not that dumb) Then ofcourse there are keyloggers, and malicious screencaptures. But, let’s say a hacker/thief gets root access to my computer, can he then extract my key somehow?, how is it stored? I would assume that it’s highly encrypted and such attacks would be theoretically impossible.

What other ways are there? can the yoroi servers get compromised?

If you are using a (normal) software wallet, your master secret is stored on disk. For Yoroi, it can be found somewhere in the browser’s profile: Password Recovery Quickstart - BTCRecover

Of course, it is encrypted by the spending password (that’s the whole purpose of the spending password). I think that this is the encryption/decryption process: EmIPs/emip-003.md at master · Emurgo/EmIPs · GitHub (But Emurgo’s Github is not the most organised one, not sure if this is really, what is implemented in the browser extensions.)

So, if an attacker has (root) access to your computer, she can get the encrypted secret and try to bruteforce the spending password. If you were not that careful in selecting it, that might be possible. So, “highly encrypted” depends on your choice of password.

Or she can use the root access to install some fake Yoroi with a backdoor. Just giving her the password the next time you enter it is the only modification necessary. You don’t have to be that dumb to not notice that.

The Yoroi servers are not involved in transactions. That all happens only on your computer. But, if the right ones of them are compromised, they could, of course, be used to distribute a fake version of the app/extension.

If you use a hardware wallet, most of this is not an issue, as long as the recovery phrase is safe, it is an unmodified original hardware wallet and you do not authorise bogus transactions. (Theoretically, a fake app/extension could let you sign a transaction to the attacker when you really want to do something else and do not control what your hardware wallet tells you, what you are signing.)

1 Like

Thank you for enlightening me about that!

So if my spending password is compromised I’m screwed, what then about some local 2FA system? like, could it be possible to generate your own onetime use codes, that you write down on a paper?

Or have the devs/community decided that hardware wallets are the only way to go? I also wonder what makes hardware wallets so safe? they are still a digital device that connects to a possibly compromised computer aren’t they?

I guess the question really comes down to how do we guarantee that the owner of a wallet is actually present at a device that’s doing the transaction.

Thanks everyone for your contributions.

Based on what I am hearing, if …

  1. Deployed daedalus on windows machine virtual machine. That would be the only thing on that machine.
  2. Using hardware wallet.
  3. When there is a need to use daedalus, like transfer ada and wait until transfer is complete, spin up vm and shut down afterwards.
  4. Keep several copies of pass phrase written on a piece of paper in safe locations.
  5. I suppose punch a whole in the firewall for outgoing traffic and close off incoming traffic.

That seems to be sufficient. Please, let me know if there is an overkill or underkill and where.

Also, are node addresses static? If yes, is a list being maintained some place? What ports need to be opened for daedalus communication?

Hardware wallets can be seen as some form of 2FA. You need to have it and know the PIN. Two factors.

Other than that, it’s a little different than when securing a website with 2FA or one-time codes. A server can decide with rather complicated logic, whom to let in.

Here, we want to secure the private key of a key pair (or a master secret, from which these keys are derived), which is already on the machine. It needs to be there, so that you can sign your transactions, something that is done locally, not on a server, where you can add more and more security measures.

Such a local secret can only be encrypted (which is done for software wallets) or moved to a safer environment (which is done with hardware wallets or air-gapped machines).

The secrets and private keys never leave the USB device (if it is an original device with an original firmware). Even a compromised computer can just ask the hardware wallet to sign transactions (and it will show details of the transaction to the user in order to verify), but the computer cannot force the USB device to reveal the keys.

(The computer can ask for public keys and does that, so that Yoroi and Daedalus can find and show the state of your wallet on the blockchain. They also save these public keys, so that they can show an updated view without asking the hardware wallet again, without it even being connected.)

Right! this is getting clearer to me, I just saw that a ledger nano S is only 59€ That’s about the same I pay for banking yearly… I first thought HW wallets were all over 120€…

But I’m still interested in improving security without one! So, what about simply storing the encrypted key on a usb drive? at least then it couldn’t get swiped if I stumble upon on a sketchy link in an email… as long as the drive isn’t connected of course.

Also as I understand it, a hacker needs the encrypted key to have any use of the spending password?

Sounds good to me. It’s not so easy, because they are buried somewhere in the local storage of Firefox/Chrome (at least for Yoroi).

Having the complete profile or even a completely separate browser installation or a complete Daedalus installation (attention: 22 GB including the chain) on a USB stick shouldn’t be too hard or too uncomfortable, though.

If there is a sophisticated malware or attacker on your system, it’s still not a 100% guarantee, but I would suppose that they normally only check the usual places and do not include “wait for USB drives and scan them” functionality. 100% guarantees are almost impossible to get.

Yes, the spending password alone does not give them anything.

Totally opposite for the 15 or 24 seed words. They are the key (even for hardware wallets). Nothing else is needed to get full control of a wallet. As long as they don’t do anything, you would not even notice that they already have that control.

How about also not specifying where the keys are in Yoroi, so that when you want to sign a transaction Yoroi prompts for the key’s… Obviously this shouldn’t be a requirement but it would be nice if we could have this as an option at least…