/ CISSP

Cryptocurrency security - how to store your coins safely

Investing in cryptocurrency is hot right now. I also believe the blockchain technology will have a major impact on numerous industries thus I'm investing in some cryptocurrency projects I believe in. In this article, I'll explain how to store your cryptocurrency coins safely, protected from hackers and/or disasters.

My method

I'm using Dropbox + VeraCrypt to store my coins safely and secured.

Dropbox

Dropbox is software that syncs your files to the cloud so you can remotely access your files from anyhere in the world, even if your original device is lost or destroyed. Dropbox has file history enabled, so you can recover overwritten files as well (e.g. in case of a ransomware attack).

Veracrypt

Although uploaded files Dropbox is secured with 256-bit AES encryption, it won't protect you if someone gains remote or physical access to your computer with your coins private keys in your dropbox folder. This is where Veracrypt steps in. VeraCrypt is an opensource encryption utility to create a virtual encrypted container, e.g. within Dropbox.

Step 1: Install dropbox and configure 2FA
Download and install dropbox (guide) and enable 2 factor authentication (guide) - I recommend using an authenticator app such as Authy which includes multiple devices and backukup.

Step 2: Install VeraCrypt
Download the VeraCrypt installation file for your operating system here.

Step 3: Configure Veracrypt
To begin, start VeraCrypt and selection Create New Volume from the menu and create a new encrypted file container in your dropbox folder.

VeraCrypt1

Veracrypt2

veracrypt3-2

For the encryption algorithmn, I recommend using the AES-Twofish-Serpent cascading encryption with the XTS method as the most secured.

The cascaded ciphers (AES-Twofish-Serpent, etc.) should be the most secure. Your data is encrypted with one algorithm, then the output from that is encrypted with the second algorithm, whose output is encrypted with the third algorithm. According to the TrueCrypt documentation, each algorithm uses a different key, each derived from your passphrase. If a vulnerability is found in one (or two) of these ciphers, your data should still be secure, as an attacker would still not be able to break the remaining ciphers.

For the Hash Algoritmn, you can choose either SHA-512 or Whirlpool. I'm leaning towards Whirlpool because SHA-512 is already having a successor developed because of fears that it is based on an older SHA-1 that has been compromised.

veracrypt4-1

If you're only storing private keys and recovery phrases, you don't need a large container. 200 MB filled my needs.

One nice feature about Dropbox is that you don't need to upload the total filesize of your container if you make changes or add files to your container. Before uploading the file, Dropbox compares the new file to the previous version and only send the piece of the file that changed (Binary Diff). (more info)

veracrypt5-1

Please create a strong password. The best passwords are not the Di4d@?!S type of passwords, but sentences merged together such as zerodaydotioisagoodblog. Check your password strength here.

veracrypt6-1

Move your mouse to create entropy by generating random data to create your encryption keys.

veracrypt7-2

Now your VeraCrypt container is created. To mount the container select the file in the VeraCrypt program, choose a Drive (e.g. A:/) and click Mount. To open the container doubleclick the volume (e.g. A:/). You can now make changes or add/remove files such as the private keys/ backup phrases of your cryptocurrency wallets.

veracrypt8-1

Some of the wallets I trust and use:

To close your container click Dismount. Now your container will be encrypted again and synced again to the Dropbox cloud.

veracrypt_2

Some key takeaways:

Wat about hardware wallets ?
The most secure way to store your cryptocurrency coins are in a hardware wallet, such as a Ledger Nano S. However, this was not an option for me as most of the coins I hold are not (yet) supported by any hadware wallet. And you still need to find a way to store your backup phrase safely, which can be archieved by the described method in this blog post.

NEVER share your private key
Under NO circumstances you should ever share you private key. Not for airdrops, exchange support, .. NEVER.

Don't store your coins on an exchange
Do not store your coins on a cryptocurrency exchange (such as Binance). If these exchanges are compromised your coins are lost forever - see example.