Wallet Threat Modelling
Before you can make educated decisions about security, you have to go through a process called “threat modelling“. What this mean, very briefly, is that you have to look at the specific threats to your use case and make security decisions around that instead of very generally. For the purpose of this article we are going to limit our threat models to our wallets, and we will undergo a very basic process. If you would like to learn more about threat modelling in general, here is an excellent resource on the topic,
For Chia wallets we are going to be dealing with 4 main types: Active Farming wallet, Cold Storage Wallet, Transaction Wallet and Exchange Wallet.
Active Farming Wallet
The Active Farming Wallet is the wallet that is configured on your Full Node and Harvesting machines, and contains the private keys for your plots. This wallet is actively connected to the Chia network, and thus the threats facing this wallet are active in nature.
The best way to protect this wallet is to not hold any XCH in it at all, so that in the event of a compromise you will not lose farmed coin. This wallet is your most likely to be compromised, as it will depend on your own network and system security to protect. In the event of any uncovered vulnerabilities in the Chia software package, this wallet will be the primary target. When farming on this wallet you should ensure that all Farming Rewards are placed into a Transaction Wallet or a Cold Storage Wallet as described here.
You will also need to protect the private keys and mnemonic. We will discuss in detail strategies to protect your keys here, as well as a guide on how to safely remove keys from a machine here, and how to farm on a separate machine without exposing your private keys here.
Cold Storage Wallet
The Cold Storage Wallet is going to be the most critical and least accessible wallet. This is a wallet that should only ever be created on a machine not connected to your farming infrastructure and only ever connected to the Chia network for testing and for the rare occasions that you will be moving Chia out of the wallet.
This wallet should be thought of as your savings account, and the primary threat to this wallet will be the private keys and mnemonic. To minimize this threat, it is important you never store the keys or mnemonic on internet-connected computers, including your other Chia machines, your laptop, your phone or your workstation. We will discuss specific strategies for this wallet and keys here.
This is not a wallet that all Chia farmers will need or have at the beginning. This is going to be a wallet used to actually use XCH and purchase or sell items with Chia. A transaction wallet should be configured on a machine that can connect to your Full Node, but not on your Harvester/Active Farming Wallet machine This is to ensure that you can quickly sync and use your wallet, but that you are not exposing a wallet holding XCH directly to the internet. The tipping address on the About page for this blog is connected to a transaction wallet, as an example.
The primary threats to this wallet will be external access based on compromise to the computer with the keys installed, but also a threat to the mnemonic storage since this is a wallet where you will need to use the mnemonic every time you change computers or use the wallet from a new location, so knowing how to properly remove keys from a machine (or use your wallet without ever installing them) will be critically important and some of the many strategies will be discussed here.
This is going to be the hardest to discuss, because the specifics will come down to the exchange itself and its policies and adherence to them. The exchange wallet is used to store your currency in an active exchange for trading XCH with other cryptocurrencies or fiat money. If you ever plan on doing anything with your XCH, you will eventually need to chose an exchange and put funds into your exchange wallet, but it is not necessary until you plan on actively trading or selling XCH. I do not have a Chia exchange wallet at this time, and have not explored or selected a current exchange.
The threat model to this wallet are going to be your Exchange account, and the Exchange itself. The first is going to be an active responsibility and you will be need to constantly monitor your level of threat and exposure. The latter is going to be outside your control to some degree and will come down to choosing a reputable outfit. Do not chose your trading platform based entirely on fee pricing. Sometimes a slightly higher fee will be preferable to losing all your coin.
I had BTC in MTgox, so heed this warning.