Wallet Security Best Practices

Different wallet types offer different security properties and trade-offs.

Hardware Wallet Characteristics:

- Dedicated physical device
- Private key never leaves device
- Signs transactions internally
- Displays transaction for verification

Security Properties:
✓ Keys isolated from internet-connected devices
✓ Resistant to malware on computer/phone
✓ Physical verification of transaction details
✓ Tamper-resistant hardware design
✓ Pin protection against theft

Limitations:
✗ Supply chain risk (compromised device)
✗ Physical theft still possible
✗ Firmware is typically proprietary
✗ Device loss requires backup recovery
✗ Cost ($50-200)

- Significant holdings (>$5,000)
- Long-term storage
- Frequent transaction signing
- Users who can manage physical security

- Ledger Nano S/X: Full support (secp256k1)
- Trezor: Limited XRPL support
- Others: Check current compatibility

Software Wallet Characteristics:

- Application on computer or phone
- Private key stored in software
- Signing done in software
- Connects to network directly

Security Properties:
✓ Convenient for frequent use
✓ Can be open source (auditable)
✓ No hardware to lose
✓ Often free
✓ Feature-rich interfaces

Limitations:
✗ Keys exposed to OS and other apps
✗ Vulnerable to malware
✗ Depends on device security
✗ Phishing/fake app risk
✗ Memory exposure possible

- Smaller amounts
- Frequent transactions
- Development/testing
- Users who maintain device security

- XUMM (mobile): Popular, user-friendly
- Various desktop wallets
- Browser-based options
- Command-line tools for developers

Paper Wallet Characteristics:

- Private key printed on paper
- No electronic storage
- Requires import to use
- One-time generation typically

Security Properties:
✓ Immune to electronic attacks
✓ No device to compromise
✓ Simple backup concept
✓ Can be very secure if created properly

Limitations:
✗ Paper is fragile (fire, water, degradation)
✗ Secure generation is complex
✗ Import exposes key to electronic device
✗ No partial spending (all or nothing typically)
✗ No transaction preview

- Long-term cold storage
- Backup of backup
- Gift/inheritance scenarios
- Users who understand generation security

- Air-gapped computer
- Verified generation software
- Secure printing (not network printer)
- Proper storage after creation

Wallet Type Comparison:

Hardware   Software   Paper
-------------------------------------------------
Security Level    High       Medium     Varies*
Convenience       Medium     High       Low
Cost              $50-200    Free       Free
Malware Resist    High       Low        N/A
Physical Risk     Medium     Low        High
Recovery          Medium     High       Complex
Best Amount       >$5K       <$5K       Backup

- Paper security depends entirely on generation and storage

---

The seed phrase is the master key to everything. Its security is paramount.

Seed Phrase Generation Security:

DO:
✓ Use wallet's built-in generator
✓ Verify device is genuine (hardware wallet)
✓ Generate in private location
✓ Write down immediately
✓ Verify by reading back letter-by-letter

DON'T:
✗ Generate on potentially compromised device
✗ Use online generators
✗ Choose words yourself ("brain wallet")
✗ Type into any electronic device
✗ Take photos or screenshots
✗ Generate in public or on camera

- Some wallets allow test recovery
- Generate, backup, wipe, restore, verify
- Do this BEFORE funding account

Tiered Backup Recommendations:

- Handwritten paper backup
- Stored in secure location (home safe, locked drawer)
- Single backup acceptable
- Review annually

- Paper backup in fireproof/waterproof container
- Consider metal backup (fire resistant)
- Two locations (home + safe deposit)
- Review semi-annually

- Metal backup (Cryptosteel, etc.)
- Multiple geographic locations
- Consider Shamir's Secret Sharing
- Documented recovery procedure
- Regular verification of backup integrity

- All Tier 3 measures
- Professional custody evaluation
- Multi-signature setup
- Legal/estate planning integration
- Regular security audits
- Consider geographic jurisdiction

Metal Backup Products:

- Resist fire (paper burns ~450°F, metals melt 1,000°F+)
- Resist water damage
- Resist physical degradation over time

Options:

• Stamp words into metal plate

• Products: Cryptosteel, Billfodl, etc.

• Cost: $50-200

• Durability: Excellent

• Engrave with hand tool

• DIY possible with blank plates

• Cost: $20-50

• Durability: Excellent

• Chemical or electrical etching

• More technical to create

• Cost: Varies

• Durability: Good

• Make sure words are readable

• Store in secure location

• Metal can still be stolen

• Fire-resistant ≠ theft-resistant

Shamir's Secret Sharing (SSS):

- Split secret into N shares
- Any K shares can reconstruct secret
- Fewer than K shares reveal nothing
- Example: 3-of-5 split

Benefits:
✓ No single point of failure
✓ Can lose some shares without total loss
✓ Theft of one share useless alone
✓ Geographic distribution easier

- Standard for cryptocurrency seeds
- Generates word-based shares
- Compatible with some hardware wallets

- Share 1: Home safe
- Share 2: Bank safe deposit box
- Share 3: Trusted family member
- Share 4: Lawyer/estate
- Share 5: Geographically distant location

Any 3 can recover; theft of 2 reveals nothing.

- Complexity increases error risk
- Must track share locations
- Recovery requires coordination
- Not all wallets support SLIP-39

---

Day-to-day practices that maintain security over time.

Secure Transaction Workflow:

Before Signing:

1. Verify destination address

2. Verify amount and fees

3. Verify transaction type

During Signing:

1. Use hardware wallet

2. Physical confirmation

After Signing:

1. Verify transaction submitted

2. Verify confirmation

Device Security for Cryptocurrency:

- Separate computer for crypto only
- Clean OS installation
- Minimal software installed
- Not used for general browsing/email

- Keep OS updated
- Reputable antivirus/antimalware
- Full disk encryption
- Strong login password
- Browser security extensions

- Use reputable wallet extensions only
- Verify extension publisher
- Bookmark legitimate sites
- Never enter seed in browser
- Clear sensitive data after use

- Avoid public WiFi for transactions
- VPN for additional privacy
- Ensure HTTPS for all crypto sites
- Check for certificate warnings

Ongoing Account Security:

Regular Reviews:
□ Check transaction history monthly
□ Verify authorized signers
□ Review trust lines
□ Check for unexpected settings

Key Rotation (if applicable):
□ Regular key for signing changes
□ Master key remains unchanged
□ Document rotation events

Monitoring:
□ Set up balance alerts if available
□ Watch for unexpected outflows
□ Monitor for suspicious activity
□ Have notification for any transaction

Contingency Planning:
□ Know recovery procedure
□ Test recovery periodically
□ Document for estate/emergency
□ Update as circumstances change

Traveling with Cryptocurrency Access:

- Theft of devices
- Coercion at borders
- Loss of devices
- Network insecurity

Preparation:
□ Only bring necessary accounts
□ Consider travel-specific wallet
□ Minimal balance for trip needs
□ Backup seed NOT carried (stored securely at home)

Device Security:
□ Full disk encryption
□ Strong passwords/biometrics
□ Wipe sensitive data before travel
□ Restore after return if needed

Border Considerations:
□ Understand local laws
□ Plausible deniability options
□ Duress wallet possibility
□ Legal counsel awareness

- Don't panic if seed is secure at home
- Report theft to authorities
- Monitor accounts for unusual activity
- Recover on new device when safe

---

Complete security architecture recommendations by value tier.

Entry-Level Security:

- Software wallet (XUMM or similar)
- Hardware wallet recommended if >$5,000
- Single account sufficient

- Handwritten paper backup
- Stored in home safe or secure location
- Consider metal backup for fire protection

- Phone/computer security basics
- Transaction verification before signing
- Regular transaction review

- Know how to restore from seed
- Test recovery before major deposits
- Document wallet software used

Estimated Setup Time: 1-2 hours
Ongoing Time: 30 min/month review

Enhanced Security:

- Hardware wallet required
- Consider multiple accounts (hot/cold)
- Regular key for hot account

- Metal backup primary
- Paper backup secondary
- Two geographic locations
- Consider Shamir's (2-of-3 minimum)

- Dedicated device preferred
- Hardware wallet for all significant transactions
- Address verification before every transaction

- Multi-signature consideration
- Monitoring and alerts
- Regular security reviews
- Document recovery procedures

Estimated Setup Time: 4-8 hours
Ongoing Time: 2-4 hours/month

Institutional-Grade Security:

- Multiple hardware wallets
- Multi-signature required (2-of-3 minimum)
- Geographic key distribution
- Professional custody consideration

- Shamir's Secret Sharing (3-of-5 recommended)
- Multiple metal backups
- Geographic and jurisdictional distribution
- Professional vault storage

- Dedicated, air-gapped signing device
- Multiple verification channels
- Transaction approval workflow
- Full audit logging

- Regular security audits
- Legal/estate integration
- Insurance consideration
- Incident response plan

- Consider custody solutions
- Security consulting
- Legal advice on structure
- Regular penetration testing

Estimated Setup Time: 20-40+ hours
Ongoing Time: 8-16 hours/month

Addressing common special situations in cryptocurrency security.

Organizational Security Requirements:

- Clear authorization policies
- Separation of duties
- Documented procedures
- Regular audits

- Required for any significant amount
- At least 2-of-3, preferably 3-of-5
- Keys held by different people
- Geographic distribution

- Role-based permissions
- Regular access reviews
- Immediate revocation on departure
- Succession planning

- Regulatory requirements
- Accounting integration
- Audit trail maintenance
- Insurance requirements

Estate/Succession Planning:

- Heirs need access after death
- Security during life
- Legal framework compatibility
- Technical ability of heirs

Solutions:

1. Letter of Instruction:

2. Shamir's with Attorney:

3. Multi-Sig with Inheritance:

4. Trust Structure:

• Heirs must know crypto exists
• Technical support may be needed
• Test process while alive
• Update as circumstances change

Duress Scenarios:

- Attacker coerces key/seed
- Cannot resist physical threats
- Need plausible compliance

- Same seed + different passphrase = different wallet
- Can have "duress wallet" with small balance
- Give up duress passphrase under threat
- Main funds in hidden passphrase wallet

- Single key alone cannot access funds
- Can surrender one key
- Other keys not accessible
- "I can't access it alone"

- Maintain small-balance visible account
- Larger holdings less visible
- Attacker may accept decoy

- Sophisticated attackers may not be fooled
- Legal compulsion may differ
- Plan but hope never needed
- Not guaranteed protection

---

✅ Hardware wallets dramatically reduce attack surface for typical users. By isolating keys from internet-connected devices, hardware wallets prevent the vast majority of remote theft attempts. The track record of major hardware wallet brands is excellent.

✅ Multi-geographic backup distribution prevents single-point-of-failure losses. Fires, floods, theft, and other disasters can destroy single-location backups. Multiple locations provide resilience.

✅ Multi-signature adds meaningful security for significant holdings. Requiring multiple keys prevents single-key compromise from causing total loss. This is standard practice for institutional holdings.

⚠️ Long-term hardware wallet reliability is untested. Will hardware wallets from 2024 work in 2040? Technology obsolescence could create recovery challenges.

⚠️ Recovery procedures may fail when actually needed. Many people have documented procedures but never tested them. Actual recovery attempts reveal gaps.

⚠️ Heir technical capability varies. Even good inheritance planning fails if heirs cannot execute the technical steps.

🔴 Overcomplicating security creates its own risks. Complex Shamir's splits, multiple hardware wallets, and elaborate procedures can result in permanent loss through error or forgotten details.

🔴 Security without corresponding record-keeping leads to losses. The most secure storage is useless if you can't remember how to access it. Documentation matters as much as protection.

🔴 Assuming recovery procedures work without testing. Test recovery before funding accounts. Test periodically. Update when procedures change.

Good cryptocurrency security follows the same principles as any security: understand your risk, implement proportionate controls, and test your procedures. The specific tools (hardware wallets, metal backups, multi-sig) are less important than the systematic approach.

For most individual users, a hardware wallet with properly stored seed phrase backup provides excellent security. For larger amounts, multi-signature and geographic distribution add meaningful protection. For institutional amounts, professional custody solutions deserve serious consideration.

The biggest risks aren't cryptographic—they're operational. User error, procedure failure, and documentation gaps cause more losses than technical attacks.

Assignment: Create a comprehensive security setup and procedures document for a hypothetical user with $100,000 in XRP holdings.

Requirements:

Part 1: Wallet Architecture

• Account structure (hot/cold/multi-sig)
• Hardware choices
• Key distribution
• Backup strategy

Part 2: Backup Implementation

• Physical backup format
• Location(s) and access
• Shamir's parameters if applicable
• Verification procedures

Part 3: Operational Procedures

• Transaction workflow
• Review schedule
• Update procedures
• Incident response

Part 4: Contingency Planning

• Device loss/theft

• Natural disaster

• Incapacity/death

• Key compromise

• Comprehensiveness (30%)

• Practical applicability (30%)

• Appropriate security level (20%)

• Documentation quality (20%)

Time Investment: 3-4 hours

Value: This plan serves as a template for personal security and demonstrates the systematic approach required for significant holdings.

For Next Lesson:
We'll examine institutional custody and key management—the additional requirements when organizational accountability, regulatory compliance, and scale multiply the complexity beyond individual security.

End of Lesson 15

Total words: ~5,500
Estimated completion time: 55 minutes reading + 3-4 hours for deliverable