One of the downsides of the Chia protocol, from a security perspective, is the need to have a Full Node online while harvesting with open connections from the internet on port 8444. In the default installation the wallet you choose, your harvester, your full node and your plotter are all on the same machine exposed to the internet. The most significant risk to this setup is your Chia Wallet once you have farmed blocks and are holding funds.
Before you start making changes to your setup, please read our guide on threat modelling here, as what you do with each wallet will determine how you secure it.
Active Farming Wallet
The wallet you have connected to the Chia Network is your Active Farming Wallet, and this wallet is at the most risk to loss of funds, from either direct attack because this wallet is connected to the internet or via malware on your farming machine that steals your keys
The best way to mitigate this risk is what is referred to as a “cold wallet”, or a “transaction wallet” depending on how often you will need to access your XCH. A cold wallet is a wallet setup on another computer, not directly internet facing, where you are not farming or harvesting. A transation wallet will be similar, but likely installed to a computer with access to your full node so you can send XCH from it in short order. You then use the Farming Rewards settings panel to add the Receive Address from your cold wallet into both the Farmer Reward Address AND the Pool Reward Address of your Harvester, like so.
This will mitigate the primary threat to your Active Farming Wallet, as if properly setup you should never have Chia held in this wallet to steal.
The next set of threats are going to be general threats from running new software, directly connected to the internet with inbound access. This is inherently dangerous, as all software eventually will have bugs so you will want to do everything you can to reduce the impact of such a compromise. We are going to explore network and system security separately and in great detail in the days and weeks to come, but the following quick suggestions should help a lot.
The first is a separate network, if possible. If you have business class networking, or a managed switch and advanced router, you should strongly consider running your full node and harvester on separate VLANs, both without direct network connectivity back to your main network. This will ensure that a compromise only takes out your full node or worst case your farming setup, and doesn’t impact the rest of your network. With any new software using inbound connectivity there is an inherent risk to everything else on that network. You should follow our guide here on how to configure a properly segmented farming network.
The second is firewall. Do not put your harvester into a DMZ or expose any ports other than 8444 to the Full node. If possible don’t even expose 8444 to your full node, but use a TCP reverse proxy, like HAProxy or an F5 load balancer, to proxy traffic back on 8444 to your full node from your network device. Do not expose any additional ports to the internet to any other nodes or services. Do not allow for full network connectivity from your wallet, harvesters or plotters to your Full Node, or vice versa. This will ensure that any one part does not bring down the rest.
If you are using Windows, do not under any circumstances disable the Windows Defender Firewall. It is important for a number of networking purposes, but it is also your last line of defense in the face of compromise. You should ensure that only 8444 is accessible outside your network and that any open rules are limited to your local subnets. Do not allow SMB traffic from Anywhere under any circumstances, even if you do not have 445 forwarded to your machine.
The next critical part will be antivirus. This is a more difficult proposition on Linux, but arguably less important especially if you never use your nodes for anything but their primary purpose in your Chia Farm. But for Windows using the full Chia application with ports opened back to your machine it is vitally important that you do not disable any Windows Defender settings, and that you do not blanket exclude your Chia folders from Windows Defender scanning. You are safe to exclude .tmp and .plot files from Windows Defender to maximize plotting performance and keep latencies low on plot filter proof checks, but you should always ensure that Windows Defender is up to date and running reliably.
The mnemonic to this wallet should be kept safely, but accessible. Preferably in an encrypted cloud storage container like OneDrive Personal Vault or a DropBox/Box encryption tool like BoxCryptor. The key drivers for this wallet will be Integrity and Availability, as without the mnemonic or private keys all your plots will be useless and you will not be able to farm them. The risk to compromise to this wallet will be relatively low, as no funds should ever be deposited here but you obviously want to be careful and not expose it somewhere else. Do not store any reference to this mnemonic on your Full Node machine, and do not install the keys to this wallet onto computers that you use daily.
Cold Storage Wallet
As discussed in the threat model section, the cold wallet is a wallet that should never be accessed and is used for long term storage. This wallet should not be used other than to generate a receive address. If you are only farming to hold XCH and not planning on moving any into an exchange wallet for trading or planning on spending any then you should have your farming rewards set to directly deposit into your cold wallet.
The mnemonic for this wallet should be extremely difficult to access, as it is similar to a retirement fund or long term savings account. The keys should not be installed on any machines, the mnemonic should not be kept as text or as a screenshot on any computers or in a cloud storage provider. You should remove the keys from the machine used to create the wallet immediately after testing and confirming the wallet is functional and store the keys somewhere for long term safety like an insurance policy.
The recommendation from The Chia Plot and the community, and following best practice security standards, would be to store one physical copy in a fireproof safe with important on-site papers and one copy in your bank’s safety deposit box for long term disaster storage. Ensure you have two copies at least. Ensure they are not accessible by anyone but you and those you designate.
The transaction wallet is going to be the trickiest to recommend, and to secure. You will need to provide your own threat model based on your specific use cases and how often you will need to utilize your transaction wallet. A good security practice is to ensure that this wallet is never installed on your farming machines and has connection to either your Active Farming Wallet or your Cold Storage Wallet. In order to use this wallet for transactions it will need to sync to your Full Node, so it does need network connectivity to the farming infrastructure, but only when you are initiating a transaction.
If you are regularly making XCH transactions in and out of your wallet, you should have your Farming setup configured to deposit farming rewards into this wallet, and transfer your savings into your Cold Storage Wallet as quickly as you can manage to minimize your exposure. This wallet will always be at greatest risk to loss, and if you are using it you should try to keep as few XCH held here as possible.
Do not install this wallet to multiple machines for ease of access, and ensure that any computers that it is installed to are not regularly used in a risky fashion and do not have inbound connectivity from the internet. To ensure privacy, regularly change your Receive Address so that the block explorer does not show your address with high levels of inbound activity. The recommendation here is to generate a new receive address for every reward you earn and constantly change that, as well as between major transactions. One of the advantages to Chia is the Hierarchical Deterministic Wallets (HD Wallets) which allow for nearly infinite public keys for each private key and you should use this to your advantage by rotating regularly.
To protect the keys for this wallet you will need to ensure that mnemonic is highly secure, but you will need reliable access to it if you are using it regularly. The recommendation here is going to be to keep the mnemonic in a cloud storage provider’s most secure storage, again OneDrive Personal Vault or encrypted folders on another major cloud provider but also to use a file-level encryption program (as simple as an encrypted zip file) with a high entropy passphrase you have memorized or contained in a password manager as an additional layer of protection. This will allow for relatively quick access to your funds should you lose your wallet computer, but will minimize the risk of loss of your funds if your cloud storage account becomes compromised. As with all things, always configured Multi Factor Authentication and avoid SMS notifications when dealing with accounts that have any intersection with your finances.
Right now not enough is known about how Cryptocurrency trading exchanges will operate Chia wallets, and how to best secure them. The general advice will be to ensure that MFA is configured on all accounts and to minimize the funds stored in these exchange to the minimum of what you need to trade. Do not use these accounts as long term storage, as the last decade is littered with cautionary tales of exchange problems leading to massive losses for those invested at that exchange. These should be treated as Transaction Wallets where you have even less control over the security and that can largely be access anonymously from anywhere. Do not trust them, even if they are trustworthy.
In the coming weeks more information will become known about how Exchanges are operating, and if any additional security requirements will be uncovered for pooled farming and we will address those here.