How to Move Cryptocurrency 💲 from an Exchange to Your Own Wallet on an Encrypted USB
Moving your cryptocurrency from an exchange to your own software wallet makes sense on many levels.
Decentralized currency is a core principle of cryptocurrency. Those that avoid banks should naturally oppose the idea of an exchange holding their coins for an extended period of time.
Reasons to avoid an exchange are vast and beyond the scope of this article but here is the short list: Solvency, liquidity, down-time, embezzlement, government regulation, not FDIC insured, and of course hacking.
This article is for those that have decided to move to a software wallet. I believe most would agree that separating your wallet from the computer that they use daily for work and play is wise and practical. I’m following this concept to its logical conclusion, storing a wallet on a hardware encrypted removable device. Striking a balance between convenient flexibility and realistic security. This is more than just a “How to” article. I also address different use cases and the common misconceptions about this approach.
With all the talk about hardware wallets you might think that there are no hardware encryption alternatives for software wallets. That is not the case. In this article I introduce Arcanus 55, a hardware encrypted USB bootable Ubuntu platform.
The encrypted USB drive in this scenario is uniquely qualified for this task. It is 256b AES encrypted. Data is encrypted on the fly and the data remains encrypted while the drive is at rest. This hardened drive has brute-force defense, unattended auto lock and a self-destruct PIN.
A software wallet on a USB is not as secure as a software wallet installed on a computer.
This myth is based on the misguided notion that a user is “encouraged” to plug the USB into an compromised computer. Somehow that is considered more likely than the user simply installing the software wallet on a compromised computer. While both scenarios are possible I believe that the user who opted for the encrypted USB is far more security conscious than the user who simply downloaded and installed the software wallet. Ultimately it is the behavior of the user at issue not the vulnerability of the medium.
Everyone has different information security needs. There is no one size fits all solution. The platform described here is a flexible solution that can evolve with your needs. For example if you just want to store Ethereum then a simple hardware wallet would be sufficient. But if you need cold-storage, sensitive document storage, a password management vault, a virtual keyboard, a bootable Ubuntu partition and all in a airtight waterproof container then Arcanus 55 would work for you. The two are not mutually exclusive. Most hardware wallets will fit inside the A55 Capsule and the A55 Key Quest Vault secures BIPx passphrases.
I will install the Electrum portable software wallet (electrum-3.1.3-portable.exe) on Windows 10. You should only download it from electrum.org and verify the signature. Because this is a portable version it has no OS dependencies. Meaning that it does not use an installer and makes no registry changes. It is portable in that you can plug it into another PC and simply double-click on the executable.
I find this screen to be very misleading. You are instructed to write the mnemonic passphrase on a piece of paper. The reason given is that it will protect you in case of computer failure. Considering that this is a portable wallet, is computer failure even a concern? We’ve installed this wallet on a hardware encrypted USB drive for exactly that reason. You should absolutely record the passphrase but is paper really the best option for everyone?
Ironically those that choose digital currency over paper choose paper security over digital.
Human nature is the problem. I suspect that most people will write down the passphrase on a post-it note and hide it somewhere anyone can find it except the naive that forgot where he hid it. It is a myth that paper is safer than digital. While it is true paper cannot be hacked, it is easily lost, burnt, or simply photographed. An attacker with no technical skill can easily compromise paper / etched steel.
This screen then warns “Do not store it electronically”. Presumably because all data stored electronically is unsafe. That doesn’t sound right! Personally I think this is an attempt to dodge responsibility. If a user writes the passphrase on paper and it gets compromised then it’s cleary the users fault. Even though the user likely did not have sufficient skill to perform the task. Perhaps a person with a military, intelligence or information security background would have mitigated all the potential risks. A new crypto investor may not be equipped to solve this problem. Paper is risky.
A passphrase hand written on a piece of paper is compromised on sight. One glance and it’s gone. Knowing this people have tried to scramble the words or letters. I would not recommend this “security by obscurity” behavior. It is not likely to stop an attacker but you are very likely to forget your word pattern.
There are risks unique to the paper medium. Consider what would happen in the event of death, incarceration or traumatic memory loss. Paper has no “Dead Man’s Switch”. Consider a duress situation where you or a loved one are held captive. Paper has no duress “rubber hose” redirection. Paper in a safety deposit box will be compromised if the box is forfeit by court order. Paper will not survive a fire or flood.
Paper is Poverty. It is only the ghost of money, and not money itself
I would like to see this message read: Please save these 12 words in an encrypted format (order is important). This seed will allow you to recover your wallet in case of computer failure. If you are typing it into an encrypted key vault do so via a virtual keyboard.
I suggest that you disregard the warning on this screen and enter your passphrase into the A55 Key Quest Vault by way of the virtual keyboard.
The next screen asks you to create a new password. You could use the A55 Key Vault to generate and store a strong password for you. It is my opinion that you stand a greater risk of forgetting your strong password than someone guessing it.
After receiving the transactions close the wallet application and properly eject the USB device, it should light red, indicating that it is locked and secure. Place the device back into the air-tight capsule and store in a safe place. You’ve done it. You are now your own bank!
In this article I presented an critical comparison between a wallet on a laptop and a wallet on an encrypted USB.
So far things seem pretty equal. Let’s compare extended scenarios where both USB and a laptop are lost, stolen, crushed or submerged in liquid. In each of these situations the Arcanus 55 USB survives and thrives while the average laptop does not. If the USB is lost or stolen it is gone but it’s secrets remain safe. It’s contents are encrypted at rest and it’s PIN is brute-force protected. The Arcanus 55 Capsule protects the USB from physical / liquid damage. Furthermore a USB is much easier to put in a fire safe, safety deposit box or jump bag than a laptop.
We’ve compared a software wallet installed on an encrypted USB vs. a software wallet installed on an internal drive. We are not comparing a software wallet installed on an encrypted USB with a bootable Linux Mint Full-Install on USB. That is a subject for future article but here is a spoiler. The USB wins!
Best Practices | USB Safety Tips | Quick Start Guide
Enter The PIN before inserting the USB into its slot. Do not enter the PIN while the device is connected.
Close all applications before ejecting the USB device. This is an important step especially if you are using the A55 Key Quest Vault or a software cryptocurrency wallet.
Put the USB Device back in its capsule when not in use. You should remember to seal the capsule and store it in a safe place.
Make sure your are not being watched or recorded on surveillance camera. Be aware of your surroundings and look behind you.
Do not plug the USB into a suspicious computer. Avoid using a computer that may be infected with malware.