Securing your Bitcoin (BTC) Litecoin, Dash wallet from malicious software
As cryptos become more popular and so investors as regular people store larger quantities in their wallets up to their entire lifetime savings, the wallets will become targets of malicious software sooner or later. Thus it makes sense to prepare for such an event ahead of time in a relaxed pace.
This article tries to not only make you aware of the dangers, but also to provide solutions. It will overall sound paranoid, but the risks presented here are both potential and subjective. However something to keep in mind is, that even if a probability of a scenario is low, the effect size of such scenario may be very large.
The article is organized in a chronological order. Along the way it provides mind food for the decisions, that you need to make in each of the following steps to secure the wallet. Across the article we will be using Bitcoin Core as the reference wallet software, although the same (or very similar) rules apply to BTC forks, such as Litecoin or Dash. We will be also using Linux as the operating system, as it provides a lot more security and flexibility over Windows. If time permits, Windows, then OS X, may be considered.
Also a special care is taken to stay independent of any specific 3rd party services, software or hardware, in order to avoid vendor lock-in, or even allowing to compromise our entire plan, by letting unknown code to interact with your dear funds.
This site uses neither ads, nor cookies. If you find the article useful, you might want to consider making a small donation, to justify my time spent on writing it and to motivate me to write more. Below are my donation addresses. If you make a donation or have any questions or feedback, do e-mail me via this form.
The risks concerning the various wallet types are nicely outlined on this page. We will want to alleviate the risk associated with the desktop wallets: “Susceptible to bitcoin-stealing malware/spyware/viruses” while retaining the full control of our crypto, which is not the case for any other wallet alternatives. For instance, it has been reported numerous times, that crypto exchanges had been hacked, sometimes even raising a suspicion of the hack being an inside job. Regarding hardware wallets, buying a tainted version of such a wallet from a reseller, designed to steal your crypto is also not unheard of.
The idea of using a hardware wallet to store your lifetime crypto savings I also find very troubling for a couple of reasons:
You insist on using a specialized vendor software and hardware, leaving you at the peril of the vendor, who might change his mind as to pricing or as to the entire business model, all at your cost, once large enough product popularity is achieved and/or the company is sold (see “Vendor lock-in”).
A single cold storage wallet is a single point of failure (in case of a robbery or a hardware failure), which is mixing centralization with decentralization of the blockchain.
A solution to this, you may say, is generating a mnemonic seed for the wallet, so that it’s retrievable from the blockchain from anywhere in the world. But then you don’t need the hardware wallet anymore. Also correct me, if I’m wrong, but if you create a mnemonic seed to allow you to retrieve the wallet’s funds from any place in the world, isn’t it just a matter of time until somebody does it for you? Especially if the mnemonic seeds are usually sets of dictionary words, which totally limits the number of combinations, knowing the scheme of how they are created, thus decreasing the time required for brute force attacks down to reasonable time spans.
You could use a much cheaper and resilient solution like a simple set of encrypted USB sticks, sharing copies of the same wallet file and even create another copy on a virtual server, also accessible from around the world, without even having to drag the USB sticks along. You need the Internet connection to perform transactions via the wallet anyway.
To sum up, the author's preferred solution is to use a desktop wallet with as little specialized dependencies as possible.
The outline of steps, that we need make in order to secure the desktop wallet are the following, where the order must be retained:
Close all non essential programs, especially those, that that can’t be fully trusted, like closed source Instant Messengers
Check the computer for malware
Download and verify the Bitcoin Core desktop wallet
Create an encrypted partition to hold the wallet file
Create a wallet on the encrypted partition, and DON’T MOVE it to the partition
Create an encrypted partition to hold the passphrase
Encrypt the wallet with a passphrase and store it on the above encrypted partition
Backup your wallet by copying it to other encrypted partitions in several places, also checked for malware beforehand
Backup your passphrase to the second encrypted partition of the other places
Before explaining deeper how exactly to perform the above steps, let’s depict a few worst-case scenarios, that could occur:
Scenario A - “Lost at birth”
You start the wallet software, which creates the wallet.dat file within your “Data directory” (where the blockchain is just being downloaded).
You never noticed how the malware or a closed source software has just stolen and transferred the wallet.dat outside your PC.
You perform all the required steps to secure your wallet, including encrypting the wallet with a passphrase and moving it to an encrypted partition afterwards.
You buy BTC and allocate it into your wallet.
After you gathered enough BTC, gaining trust in the technology in the same time, your funds get stolen, because they were always being monitored by the attacker, who stole your unencrypted wallet.dat since day 1 in point 2). All he was waiting for is for enough funds to be accumulated in your wallet.
Scenario B - “Dumpster crypto-diver”
Same as before – wallet initially created in the data directory
Stealing wallet.dat via malware didn’t happen, as you were smart enough to remove all the malware.
Same as before – moved the wallet.dat to an encrypted partition and encrypted the wallet itself with a passphrase.
Same as before – allocated enough funds
You decide to replace your hard disk, because either you need a larger one (“that blockchain gets so damn large!”), or it was starting to malfunction, so you trashed the hard disk, without even trying to wipe out it securely.
The year is 2035. Bitcoin went to the Moon and stayed there. Your whole family lives off it now. Meanwhile, a dumpster diver, who knows what he is looking for, finds and scans your old hard drive. He discovers an encrypted partition, that he can’t decrypt in his lifetime (a bold assumption), but what he also finds, is the wallet.dat, originally created in the initial data directory. Although this initially unencrypted instance was technically removed by moving it to the encrypted partition, it can still be recovered via specialized software (they already exist since decades). He recovers it, opens it in the Bitcoin Core wallet and uncorks champagne.
Scenario C - “Sweet sixteen”
You secured your wallet nicely, following all of the steps described in the article.
Your teenage daughter, who shares the same PC with you, felt kind of hot and decided to look for answers to her problem secretly in the Internet.
On the other day, you were in a hurry to exchange some of your BTC, because you don’t want to be the last one in a pump and dump of that new shitcoin. You noticed your PC was behaving strangely, but had no time to check it for malware.
You unlock your encrypted partition with the wallet.dat, which immediately gets stolen by the malware, without you noticing. All that the attacker still needs is your passphrase, or enough time to find it using brute force.
You enter the passphrase and make the transaction.
After you get rich from the pump, you figured out, that it would be a good time to take a step back and check the PC for malware, which you subsequently remove.
While questioning your daughter, she admitted, that she had visited a web page of an on-line religious group to talk her problem away. At least that’s her version. The fact is, that the PC you both work on, had been infected with malware for some time, and you realized it too late.
Luckily you used a prefix and suffix of the copy-pasted passphrase, while the malware only expected to read the clipboard. This gave you enough time to create a new wallet with a new passphrase, and transferred all your belongings there, before the old wallet got cracked by brute force.
In a relief, you calmly talk to your daughter and help her find a boyfriend, preferably with interest in math and computer science of course.
Scenario D - “The Trojan App”
You were super smart and and performed all of the steps, related to encryption and you regularly check your PC for malware. The only step you left out was creating special users for each wallet type (not even one special user for all wallets).
You know, that you will have to do transactions multiple times in the coming days, so you figure out, that it would be a hassle to adhere to the rule of closing non essential apps, including the closed source ones, like IMs, before you decrypt your wallet partition.
You decrypt the wallet partition. Even though the wallet.dat was readable to only to your user account, it was equally readable to every app, that you started as user, including The Trojan App, which steals your wallet.dat.
Because The App has never been alarmed any malware checks, you haven’t diverted the funds to a new wallet, thus essentially giving enough time for the attacker to even find the passphrase by brute force.
Closing non essential software
It is unlikely, but possible, that a program, that you’re used to for every day work abuses its access rights to read your disk, and could send your data to hack it outside of your computer. This is especially valid, if such program is not Open Source Software, that could have been peer reviewed previously. I don’t think, that such behavior could be even spotted by anti virus software, since it appears legit to send files to your family and friends daily, so why not entire wallets? Therefore please close all your favorite IMs and such for now, as we perform some one-time operations. It costs just a little time to do it.
Check the computer for malware
Closed source software poses just a little risk compared to working on a computer with rootkits. Let’s scan the whole computer to find and eliminate them. Under Linux there are at least 3 programs helpful in the task:
This has more options. Either use clamtk or any of the following console examples. If necessary start with root permissions:
To check all files on the computer, displaying the name of each file:
clamscan -r /
To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i /
To scan all files on the computer but only display infected files when found and have this run in the background: (Note - Display background process's status by running the jobs command)
clamscan -r -i / &
To check files in the all users home directories:
clamscan -r /home
To check files in the USER home directory and move infected files to another folder:
clamscan -r --move=/home/USER/VIRUS /home/USER
To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
clamscan -r --remove /home/USER
To see more options:
Download and verify the Bitcoin Core desktop wallet
Go straight to bitcoincore.org and download the wallet, that fits to your current OS, in this case the Linux (tgz) desktop wallet.
Read carefully and apply the steps under the section “Verify your download”. This step protects you from downloading a tailored version of the wallet software, that could steal your holdings when you least expect it. This is one such step, ignoring which, puts the effort of entire operation of securing your wallet in question.