Guide: Cryptocurrency Wallet Security

Litecoin walletSo you’ve built your own mining rig, you’ve mastered the art of trading for profit on the cryptocurrency exchanges, but you haven’t given much thought to securing your digital fortune against theft and accidental loss? Don’t worry, you’re not alone. Wallet security isn’t exactly a glamorous topic. In fact, many of you might even assume that you don’t need your own wallet at allafter all, mining pools and currency exchanges are more than happy to hold your money for you, right?

Letting somebody else control your money is a mistake that will likely end up costing you at some point. That mining pool operator that you assume is trustworthy could very well be a teenager halfway around the world that has no problem stealing your coins. The various digital currency exchanges are unregulated, not necessarily secure, and a daily target for hackersgood luck getting your money back when one is breached or goes belly up.

Since it’s still basically the Wild West when it comes to cryptocurrencies, the only way to ensure that your digital wallet can’t be stolen or lost is to secure it yourself. Thankfully, this isn’t all that difficult if you follow a few basic rules. Read on for the guide.

Guide: Cryptocurrency Wallet Security

I’m going to use the Litecoin client in my guide, because I’m assuming that is what most of you are mining. The basic steps of the guide are the same no matter what currency you’re dealing with, thoughyou’ll just need to get a client that is appropriate for whatever altcoin you’re interested in (I give some tips on how to locate the proper client in step 2).

On to the guide:

Step 1: Make sure that your PC is free from viruses/malware!

I cannot stress this enough. If you have a keylogger or other malicious code running on your PC that gives a hacker any kind of access to your computer or the information on it, then it doesn’t matter how careful you are about following the rest of the steps in this guide. Make absolutely certain that your PC hasn’t been compromised before continuing.

I’m a fan of both Avast and Microsoft Security Essentials as top free antivirus choices. Emsisoft and Malwarebytes both put out excellent anti-malware products. I recommend a full scan from one product in each category before proceeding, even if you’re relatively sure that you’re virus & malware free. If your computer has had viruses, keyloggers, or malware on it in the past, and you haven’t done a clean re-install of your OS since, then I’d recommend using another computer entirely.

If you’re truly paranoid or want a 100% secure environment, then the best option is to create an Ubuntu Live-CD (or bootable USB). Simply download Ubuntu, burn it to a disc, and then put it in your computer and reboot. When it reboots, choose the “Try Ubuntu without any change to your computer” option to boot into an environment that you know is 100% free from viruses and other malicious code.

Step 2: Download the client (wallet)

For Litecoin, this means downloading litecoin-qt, the official client. There are other options, but litecoin-qt is open source, so you can be sure that it is free from malicious code. If you’re interested in a Bitcoin wallet, you’d get bitcoin-qt (which litecoin-qt is based on). If you’re interested in another altcoin, just Google “[altcoin's name]-qt“, and chances are that you’ll find a client.

Once you’ve downloaded and installed the client, proceed to the next step.

Step 3: Let the blockchain download

(You can technically skip this step if you’re just using the client to generate wallet addresses and you’re not actually moving coins around, but I prefer to let it finish, especially since you’ll eventually need the entire blockchain anyway.)

The download will happen automatically when you open the client for the first time. Depending on which currency you’re dealing with, this can potentially take quite some time (for Litecoin, expect it to take several hours).

When the blockchain is finished downloading, the “out-of-sync” warning will disappear, and you’re ready to proceed to the next step.

Step 4: Make a note of your wallet addresses

Click on the “Receive coins” tab of your client. You’ll see that 10 addresses have automatically been created for you already. These are the payment addresses that you’ll give to people (and mining pools, etc) so that they can send you coins.

If you want more than 10 addresses, you can go ahead and click the “new address” button to create more. If you want to assign labels to some addresses to make organization easier (eg: perhaps you mine at several different mining pools, and want to use a different address for each), go ahead and do that too. You can always generate more addresses and add/change labels later, too.

When you’re done, you’ll need to make a note of your addresses. The easiest way is to click the “Export” button on the client, which will save all of your address (and labels) in a CSV file for you. You can even email the contents of the file (you can open it with any spreadsheet program, or even a plain-text editor such as notepad) to yourself so you always have it available.

Once you’ve saved your addresses somewhere, proceed to the next step.

Step 5: Encrypt your wallet (optional)

This step isn’t strictly necessary, but there really isn’t a downside to it other than potentially forgetting your password.

Click on “encrypt wallet” under the “settings” menu of the client. Choose a good passphrase that you can remember here. When you’re done, you should see an icon in the lower right corner of the client that says your wallet is encrypyted and locked.

Step 6: Copy your wallet file to multiple secure locations

This is the important step. Your wallet file contains the private keys that authorize you to transfer coins from all of the addresses that you generated in step 4. If anyone else gets this file, they will be able to steal your coins. If you lose this file, your coins are gone forever. I cannot stress the importance of this file enoughif you lose it, there is no way for anyone to ever retrieve any coins you have stored in the associated addresses.

If you’re using Windows, then your wallet file is located here:

   C:\Users\[YOUR USERNAME]\AppData\Roaming\Litecoin\wallet.dat

If you’re using Linux, then your wallet file is located here:

   /home/[YOUR USERNAME]/.litecoin/wallet.dat

Go ahead and close down the client. Navigate to the location of your wallet file. Now comes the question of where to copy it to?

I find that a few USB sticks are ideal (this 3-pack is perfect). You can also burn the wallet.dat file to a few CDs or DVDs. Wherever you copy it, make absolutely certain that:

  • You make multiple copies (I prefer at least three), in case one is lost/destroyed/corrupted.
  • The copies are offlineif you absolutely must copy you wallet.dat file to a computer, make sure it isn’t connected to the internet, at least.
  • You store the copies in more than one physical location. Leave at least one with a trusted friend or family member. If you’re a bitcoin millionaire, consider a safe deposit box or two.

Step 7: Delete your wallet file from your computer

Now that you have multiple offline backups, delete the wallet file from the computer that you used to generate it. This ensures that if your computer is compromised at any point in the future, a hacker can’t get your private keys and steal your coins.

And that’s ityou’re done! You can give any of the addresses that you made a note of in step 4 to people (or mining pools, or exchanges, etc), and they’ll be able to send coins to you. Nobody other than you will be able to do anything with the coins once they hit one of your addresses, as long as you hold onto your wallet backups.

Now that you have a secure place for your funds, I recommend that you take advantage of the auto-cashout feature on your mining pool(s), and setup your mining gains to automatically flow into one of your wallet addresses at a low threshold. Don’t move money into exchanges until you’re prepared to actually trade, and move your funds out afterward. Don’t treat pools or exchanges (or anyone else that offers to hold onto your digital currency) like banksthey’re not; the safest place for your coins is in your own secure wallet.

Checking your balance & spending coins

But what if you want to check on the balance of your coins? You don’t need your private keys to see all of the transactions associated with your addresses. You can simply use an online blockchain explorerthose transactions are public information. For Litecoin, I like to use Abe. Bitcoin has blockchain.info. Simply type any valid wallet address into the search bar and you’ll see all of the transactions associated with it. For example, here is the address that I use to accept litecoin donations on this website (thanks peopleyou’re awesome!).

The only time that you’ll need your private keys is when you want to move coins out of one of your addresses. When you want to do that, you’ll just need to grab one of your USB sticks (or CDs, or whatever), copy your wallet.dat file back to where it belongs (the location in step 6), and then open up the client (you’ll need to wait for the blockchain to sync again before all of your coins show up in the client). Whenever you do spend coins, you should re-do step 6 and overwrite all of your backups with the new wallet.dat file to ensure that everything stays in sync.

If you need to spend coins on a day-to-day basis, the above process might be a bit cumbersome. In that case, you may want to create a second set of wallet addresses, and keep the wallet.dat file associated with this new set on your computer at all times, with only enough coins in it to meet your daily needs. You can think of the second set of addresses as the money in your pocket, while the primary addresses (the ones you secured and backed up in steps 1-7) are your personal bank vault. If the money in your pocket gets low, you can just open up your vault and transfer a few coins. This way, if you do get hacked, at least it’ll be more like a pickpocketing than a bank heist.

32 Responses to Guide: Cryptocurrency Wallet Security

  1. Anonymous says:

    hi there

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>