DISCLAIMER: This article is written to guide you through the process of storing your crypto securely. However, you should thoroughly research the areas outlined in this post and perform your own due diligence. Technology changes – software (and to some extent, hardware) is frequently compromised. We will not be responsible for any losses that occur either directly or indirectly from the information contained within the article.

1 Introduction

There comes a time in every crypto-holder’s life when he or she has to take a serious look at how secure their current holdings are. Over the years, I’ve witnessed multiple people storing their crypto in ways that are begging for trouble. This includes the following:

  • Leaving their coins in an exchange wallet (with or without 2FA enabled).
  • Using a browser-based wallet with an unsecured computer.
  • Using a mobile wallet with known security flaws.
  • Storing a wallet on a rooted mobile.
  • Using a software wallet on their virus riddled PC.
  • Not using a hardware or paper wallet to store large amounts of crypto assets.

You shouldn’t be leaving your coins on an exchange, and if you can avoid it, you shouldn’t be using a software wallet. If you’re going to take away anything from this article, make it the fact you must obtain and use a hardware wallet or a paper wallet if you hold more crypto than you are willing to lose. If you’re interested in general security practices, it’s worth checking out our post on OPSEC and the best way to stay safe as a cryptocurrency holder online.

To drill this point home let’s outline some previous known events in which users have lost obscene amounts of crypto.

Note: We’ve also published a new for 2020, in-depth Ledger Nano S review as well as a review of Ledger’s latest state-of-the-art hardware wallet, the Ledger Nano X.

2 Known Hacks & Losses

The following are (mostly recent) events in which large amounts of cryptocurrency were compromised resulting in losses for the victims. I’m not going to list every example, these are cases off the top of my head and should be enough to give you an idea of how common this is. There are likely many similar cases every year that are not made public by the victims. I’ll update this list periodically.

Date

Event

Stolen

Status

Feb, 2014 MTGOX Exchange Hacked & Bust $450 Million Liquidated
May 31, 2017 Cody Brown Coinbase Hacked $8000 User OPSEC
June 2, 2017 Fred Wilson (VC) Coinbase Hacked Unknown User OPSEC
June 10, 2017 Jaxx Wallet Vulnerability $400,000+ Ongoing
July 5, 2017 Bithumb Exchange Hacked $1 Million Covered
July 19, 2017 Parity Multi-sig Hack $32 Million Fixed
Aug 28, 2017 Rooted Android User Hacked $330,000 Unknown
Ongoing Slack/E-Mail MEW Phishing (ICOs) $Millions Ongoing
Ongoing Fake Adsense Domains $Millions Ongoing
Ongoing Slack/E-Mail MEW Phishing (ICOs) $Millions Ongoing
Nov 7, 2017 2nd Parity Multi-sig Vulnerability $300+ Million Funds Frozen
Dec 20, 2017 EtherDelta DNS Hack $250,000+ Stolen
Jan 5, 2018 eBay Ledger Scratch-off Seed Scam $34,000+ Stolen
Jan 26, 2018 Coincheck Hack (NEM) $534 Million Stolen/Refunded

As you can see, securing your coins should be taken seriously!Paranoia Intensifies

Let’s discuss one of the two decent options for securing your crypto: hardware wallets. Paper wallets are also a good option in certain circumstances but are not as suited for regular access to your funds on an internet-enabled computer, so we won’t examine them here. Paper wallets are discussed in our blockchain guides.


3 Hardware Wallets – Ledger Nano S vs. Trezor

There are many hardware wallets available, and most manufacturers offer many models. For the sake of simplicity, we are only going to discuss these two options today, as they are usually readily available and are arguably the most popular. The KeepKey deserves mention here too as it’s been getting some positive reviews.

The aim of this article is not to shill you my favorite hardware wallets, however, it’s an important purchase, so let’s briefly go over the pros and cons of these two:

Ledger Nano S

Ledger Nano S Hardware Wallet
Ledger Nano S Hardware Wallet

Pros

Cons

Affordably priced device with screen Currently less adopted than the Trezor
Passphrase support
Support for multiple currencies
Integrates with various software wallets

Trezor

Trezor Hardware Wallet
Trezor Hardware Wallet

Pros

Cons

Has screen Recent security issues (patched)
Passphrase support More expensive
Support for numerous currencies Slightly fewer currencies supported
Integrates with various software wallets

Conclusion

The Ledger Nano S takes the cake mostly due to price and currency support. That’s not to say other hardware wallets aren’t good. Do your own research and buy a wallet that’s right for you. And remember, always purchase your hardware wallet direct from vendors or authorized distributors. Never purchase from Amazon, eBay or third parties if you can’t be sure the device hasn’t been tampered with.

Click here if you’d like to purchase a Nano S directly from Ledger.


4 Ledger Nano S – Safe Setup Guide

Before we get started, let’s briefly touch on the standard that the Nano, and most hardware wallets, currently use. BIP 39.

BIP 39 is a Bitcoin Improvement Proposal for the application layer which uses the implementation of a mnemonic sentence to generate a wallet. For the Ledger Nano S, this means you will be generated a 24-word mnemonic phrase which is used to create and restore your wallet. We also refer to this as your seed.

Unboxed Ledger Nano S
Unboxed Ledger Nano S

Setup

You’ve bought some Bitcoin, unboxed your brand new Ledger Nano S, and you’re ready to rock. Make sure any webcams or mobile phones are not pointed towards your Ledger device and get started by plugging the USB cable provided into your Nano S and then into your PC. Your Nano will load up and show a welcome screen, you then have to press both of the buttons along the top edge of the device simultaneously to begin set up.

Lets begin!
Let’s begin!

You’ll be asked if you want to configure the Nano S as a new device, you do, so choose the tick for “yes” and press both buttons together to select.

You’ll then be asked to choose a PIN code. Don’t choose a PIN that you use for credit cards or other apps/devices, create a new pin. You can always use a word and choose the corresponding letters on your phone’s keypad to create a new pin. Bear in mind that we will be setting up two PIN numbers for your device (explained later). Press both buttons together and then enter your PIN number by using each button to cycle through the digits, and both buttons together to select a digit. You’ll be asked to confirm your PIN code, repeat the process.

You’ll now be asked to write down your recovery phrase.

Write down your recovery phrase
Write down your recovery phrase

This is an important step; you won’t be able to verify your phrase without it written down so make sure you do so carefully. We’ll be confirming your full phrase later too as this is what will be used to recover your wallet if your device is faulty, lost or stolen. Scroll through the words and write them on the card provided. Once you’re complete, press both buttons together to continue.

Now it’s time to confirm your recovery phrase (seed).

Confirm your recovery phrase
Confirm your recovery phrase

You will be asked to select a few words from your phrase that match the number given, to verify that you wrote it down correctly. Scroll through the words until you see the one that matches and click both buttons to confirm.

Congratulations, your device is now ready! But not too fast, we have more work to do.

Your device is now ready
Your device is now ready

Firstly let’s make sure your device is up to date by clicking on the following:

Settings Device Firmware

Make sure your firmware version matches the latest version shown on the Ledger website.

Now we’re going to attach a passphrase, more on this below.

Using a Passphrase

The passphrase addition to a hardware wallet enables (in essence) you to hide multiple wallets on the device. Technically, the passphrase (or 25th seed word) is not used explicitly in the BIP 39 standard. What it does is scrambles your seed according to a predetermined algorithm. However, don’t dwell on this too much, you only need your seed and passphrase to recover your device.

Here’s how it works:

  • You can attach a passphrase to your device, with a unique pin.
  • The passphrase acts like a password on top of your 24-word seed.
  • You can then access either your default wallet derived from the 24-word seed,
  • or your passphrase wallet derived from your 24-word seed plus your passphrase.
  • The wallet you access depends on the pin you use.
  • When it comes to recovering your device, you use the 24-word seed, then you attach the passphrase again (with new pin numbers if you wish).

Let’s go through the motions of setting one up. Click the following on your Nano to get to the passphrase setup page:

Settings Security  Passphrase

You’ll be asked whether you’d like to set a temporary passphrase to access a passphrase wallet quickly or to “Attach to a PIN.” For this article, we will be attaching a passphrase to a PIN.

Attach to a PIN
Attach to a PIN

Before attaching your passphrase you will be told that the feature is for advanced users and to read the FAQ, you should do so. If you feel uncomfortable with this process, then you should think about skipping it. However, it is highly beneficial from a security standpoint, and we will go through the recovery process multiple times to ensure you can recover correctly.

You will be asked to choose a secret PIN code, go ahead and enter a new PIN. This PIN will be used to access your passphrase wallet only. The PIN you set earlier will be used to access your default wallet.

Chose a secret PIN code
Chose a secret PIN code

Once you’ve entered your passphrase PIN, you will be asked to enter a secret passphrase.

Enter a secret passphrase
Enter a secret passphrase

You can cycle through letters and symbols in this section to enter your passphrase. Your passphrase is a password on top of your seed, don’t use anything obvious (treat it like a password). Enter it carefully and be sure to check and confirm it when asked.

You will finally be asked to enter your current PIN. This is the original PIN number you set up earlier.

Enter your original PIN here
Enter your original PIN here

Once you’ve confirmed your current PIN, your passphrase will be attached to your Nano S. Congratulations!

The reasoning behind attaching a passphrase is that you can store a small, believable amount of crypto using your default seed wallet. You then store your main crypto holdings on the passphrase wallet. This way, if you or your seed are compromised, the thieves should only have access to your default wallet.

We’ll now go through the essential steps of testing and verifying your setup. Once you’ve completed the verification, you’ll sleep sound at night knowing your Nano S is setup securely and your wallets can be restored successfully.

Verify Your Setup

To verify your setup we are going to go through a number of steps to ensure your default and passphrase wallets are accessible and recoverable. To test the wallets, we will need to use some software for sending currency so go ahead and install Ledger Live. Now you’re going to perform the following tasks:

  1. Login to your Nano with your default PIN, run the Ledger Live app and note down your wallet address.
  2. Login to your Nano with your passphrase PIN, run the Ledger Live app and note down your wallet address.
  3. Wipe your device by entering an incorrect PIN number 3 times.
  4. Restore your device from your 24-word seed. (Long and tedious, but it needs to be done!)
  5. Reattach your passphrase to a PIN.

So now you know you can restore your wallets, great! But we haven’t made any transactions yet. So let’s go ahead and make some.

  1. Send a minimal amount of crypto to your default wallet address.
  2. Send it back to wherever you sent it from.
  3. Send a minimal amount of crypto to your passphrase wallet address.
  4. Send it back to wherever you sent it from.

You can send and receive crypto, excellent! But here’s where I’m going to seriously annoy you:

  1. Wipe your device by entering an incorrect PIN number 3 times.
  2. Restore your device from your 24-word seed.
  3. Reattach your passphrase to a PIN.

Excessive? Maybe. But now you’ve verified you can send and receive crypto from both your wallets, and you have restored your device twice. You won’t panic if you need to do it again in the future (maybe in a hurry) and you’ll be less likely to make mistakes. Congratulations, you’ve gained peace of mind, and you’ve only had to forfeit a little time and the cost of a Ledger Nano S. Superb bargain in my opinion!

Usage & Final Security Tweaks

Finally, here are some usage and security tweaks to further secure your Ledger Nano S:

  • Settings Security  Auto-lock – Set this to 3 minutes.
  • Settings Security  Shuffle PIN – Set this to Yes.
  • Always verify transactions on the device screen before approving them. That’s what it’s for; it protects against this.
  • If you use a third party to send from the Nano (such as MyEtherWallet) always verify the domain and use a bookmarked link. Again, verify transactions on the Nano screen.

Click here to purchase a Nano S directly from Ledger.


5 Storing Your Recovery Phrase

Now you’ve set up your Nano and double/triple/quadruple checked your recovery phrase (seed), we need to think about how and where you’re going to store it.

Let’s start with how. Typically, users store their seed written in pen on the card that comes with their Nano. I’m not an advocate of this, as paper doesn’t have the properties of something that can withstand nature (water or fire). But there is a solution: steel.

Cryptosteel - Indestructible Recovery Phrase Storage
Cryptosteel – Indestructible Recovery Phrase Storage

Storing your seed on a device such as the cryptosteel will protect it against fire, water, electricity, and stains. These devices come with a selection of letters that can be inserted in the order required to spell your seed words. It’s a bit fiddly to get all the letters in, but worth the piece of mind you’ll get from having your seed phrase safe and sound, forged in steel. You only need to record the first four letters of each word for a secure backup, so the cryptosteel mnemonic is the one for the job. If you don’t feel like splashing out, you can always obtain a sheet of steel and use a hammer, and some letter punches to store your seed.

Safety Deposit BoxNow you’ve got your seed protected from the elements, we can think about where to store it. The best option, in my opinion, is a safety deposit box. You’ll need to check with your local bank as to whether or not they have this facility, but you should be able to find at least one bank offering this service nearby. Depending on your level of paranoia, you could also buy another cryptosteel and hide/bury one somewhere. In your backyard, for example. Although, I would not advise storing a copy of your seed anywhere insecure if you haven’t used a passphrase. In this case, I would recommend you split the seed in two (12 words each) and store in two separate secure locations, for example, two safety deposit boxes in different banks.

The next topic I’m going to touch upon is sharing the location of your seed with your husband/wife/parent/significant other. Many may not be comfortable with this, but if you want your partner or family to have access to your funds should the unthinkable happen, you’ll need to take action. There are probably ways in which they could only get access in the case of your death (in a will, for instance), so this might be a better option. Remember, if you’re using a passphrase on your Nano, they’ll need to know this too. They can know the passphrase and without access to the seed, have no access to your funds.


6 Memorizing Your Recovery Phrase

While memorizing 24 words, in order, may seem like a daunting task, I can assure you it’s a piece of cake. The approach we will use is called: The Method of Loci.

The Method of LociMethod of Loci

The method of loci, also known as memory journey, memory palace, or mind palace technique, is a method adopted by the ancient Romans and Greeks. Since its inception, it’s been used, in some form, by many memory competition champions to recall complex lists, numbers and various other items.

How It Works

Imagine you are walking back into your childhood home. Do you remember the layout? Can you visualize some of the items in each room? Usually, the answer is yes. This is because most people are more efficient at remembering using spatial memory than explicit memory, which means they can remember things which fit into spaces more easily than they can remember lists of words or numbers.

Home Layout
Do you remember the layout of your childhood home?

To memorize our seed, we will take an imaginary walk through our childhood home (or any building that you see fit) and integrate the words from our seed. They can be incorporated in any way really, if words are particularly obscure, try to think of rhymes or related items to include in your story to help you remember. Your house is real, but the story you create can be pure fiction.

The Story

Let’s start with a randomly generated BIP 39 mnemonic seed:

mother pelican drastic minimum twice evoke enter museum firm purity hurry cage nephew piece bulb pilot news frost marble blast afraid flag width service

Caution: Do not use this seed under any circumstances. If you use it, bad actors can and will access your funds. Your hardware wallet will generate you a unique seed during setup.

Now, let’s tie these seed words to a story as we walk through our home:

I enter the front door into the kitchen and my mother is frying lamb chops (my favorite) at the stove. She is wearing an apron with a large pelican design across the front. Drastic rhymes with plastic and she’s using a plastic spatula. She’s only cooking one lamb chop, that’s the minimum lamb chops someone can cook! I walk into the living room and turn the light on and off twice. Being here evokes childhood memories. My father enters the room; he’s been on a trip to the museum with his firm. My father quickly mentions the purity of the new coffee beans he’s purchased but has to hurry into the dining room to let the dog out of its cage.

My nephew plays with the dog in the dining room. He’s just finished eating a piece of cake. He turns the lamp on and off; the dog likes seeing the bulb flash. My father is sat at the dining table watching the small TV. A pilot is on the news talking about a troubled landing due to the frost.

I take my nephew upstairs to the bedroom to find my old marble set. We find it, and he has a blast playing with it. I’m afraid he’ll end up eating one though. I head back downstairs and notice the photograph of my grandfather on the wall. There is a flag in the background, the photo frame is very wide, but I don’t know the specific width. I think about how my grandfather must have felt spending during his years of service with the armed forces.

And there we have it, a weird and wonderful story incorporating our 24 words from our seed phrase. It’s far more words than the original 24, but I can assure that it will be much easier to memorize. Don’t save your story on any electronic device and if you write it down, do so away from any webcams or mobile phones with cameras (paranoid much?). Now here’s how we store it in our long-term memory:

Set Reminders

You’re going to need to review your story regularly to imprint it in your memory for easy access down the line. To do this, simply set a number of reminders in your calendar to practice your story. Start off using your seed phrase written down as a guide and then slowly try to recite your story using less and less help from the guide. After first creating your story, spend a good 30-60 minutes going over it and trying to memorize it. For the following days, you will need much less time to recite your story. Maybe 5 minutes or so at first, to just a few seconds once you’re beginning to remember the whole story without looking at your seed phrase.

  • For the first week, set a daily calendar reminder to recite your story.
  • For the following three weeks, set a reminder for every three days.
  • For the following month, set a reminder for every week.
  • For the following year, set a reminder for every month, or until you know it like the back of your hand.

This process will reinforce the neural pathways used in your brain to locate the information. By the time you are finished your 24 words will be imprinted in your memory forever!

To see more about this technique check out these Youtube videos from Ron White and Joshua Foer. Joshua can remember the first 100 digits of Pi, and pretty much anything else! He is a former U.S.A. Memory Champion.


7 Worst Case Scenarios – Are You Covered?

If you followed the advice in this article, you should be on the way to having secured your crypto holdings for most scenarios (short of the Apocalypse). Let’s see how well your setup holds up to the following would-be disasters:

Scenario

Result

Your Nano is stolen. No big deal, you have your seed backed up and memorized. Buy another Nano or use a BIP 39 recovery tool (if urgent) to restore your wallet.
You’re hit on the head and suffer permanent amnesia. Your significant other knows where your seed is stored and knows your passphrase. Let’s hope you’ve been treating them well or you might end up with a seed and no passphrase!
The bank’s safety deposit boxes are flooded. Your cryptosteel is fine; your seed is also memorized.
The bank’s safety deposit boxes are burnt in a fire. Your cryptosteel is fine; your seed is also memorized.
Your safety deposit box is compromised. Your cryptosteel is in the hands of the thief. They can restore the default wallet which only holds a small amount your crypto. The rest is in the seed + passphrase wallet. Your seed and passphrase are memorized, so buy another Nano or use a BIP 39 recovery tool (if urgent) to restore your wallet.
You’re held hostage and forced to reveal your pin/seed. You give them your pin/seed that’s not attached to your passphrase and hope that they believe it’s your main wallet. Beware the $5 wrench.
Death by lightening While it’s sad you won’t be able to spend your crypto gains on yachts and Lamborghinis, at least your significant other will have access to your funds. They do have access to your seed and know your passphrase right?

I hope you’ve enjoyed learning how to secure your crypto holdings. If you are rocking back and forth in the corner uttering paranoid delusions, then my job here is done. Joking aside, you can never take security too seriously when it comes to cryptocurrencies. We are entering a new era, hacking and theft are only going to get more persistent – secure yourself now! And remember:

Just because you’re paranoid, don’t mean they’re not after you.

If you haven’t already, it’s worth reading our article on OPSEC and general security practices to help you stay safe in your day to day activities online (including using crypto exchanges). Also, please help us spread the word by sharing this article with your friends and family if you feel they would benefit from the advice we’ve outlined. Sharing is caring!

UPDATES


  • Oct 18, 2017Originally posted.
  • Nov 13, 2017Updated Known Hacks & Losses table to include details of the 2nd Parity Multi-sig vulnerability.
  • Jan 3, 2018 – Updated Known Hacks & Losses table to include details of the EtherDelta DNS Hack.
  • Jan 6, 2018 – Updated Known Hacks & Losses table to include details of the eBay Ledger Nano Scratch-off Seed Scam.
  • Jan 29, 2018 – Updated Known Hacks & Losses table to include details of the Coincheck NEM hack.
  • Jan 30, 2019 – Updated to include Ledger Live application.
BitStarz Player Wins Record-Breaking $2,459,124! Could you be next to win big? >>>
Blokt is a leading independent privacy resource that maintains the highest possible professional and ethical journalistic standards.

LEAVE A REPLY

Please enter your comment!
Please enter your name here