Find holes in my cold storage

[stuffmusic]

(Reader of this board for a year, this is my first post).

Please find holes in my cold storage strategy.

Here's what I did:

- downloaded Electrum 3.3.8
- verified GPG key of the software sig via GPG Suite
- create a copy of the download and moved it to a dedicated USB stick
- installed Electrum on primary computer profile, and then....
- went offline
- created new user on mac (this new user has never been online)
- copied electrum and installed again on this new profile
- created new wallet, wrote down private keys *edit* wrote down seed
- copied the xpub to a text doc on USB
- copied one of the receiving addresses to a text doc on USB
- logged out and went back to the main user, back online

Ok so now my private keys *edit* seed are forever stored offline.  I secured them.  

Now I take the xpub and load up a "watch only" wallet.  

Now I want to test a transaction in and out.  I sent a small amount to one of the the receiving addresses of the cold storage wallet.  Verified on blockexplorer and in Electrum in the "watch only" wallet.

Now I want to test moving a small amount out of this wallet.  I create the transaction, and save it to the USB.  Go offline, logout.  Now login to the other profile, and "sign" the transaction.  Save this to the USB.  Log out.  Now I login to the main profile, load up the signed transaction in Electrum, and the transaction works.  Verified on blockexplorer, verified in the "watch only" wallet in Electrum.  

Last step - go back into the offline profile and fully delete Electrum.  



Aside from what will be the most common issue is I need another computer (use a separate machine, airgapped, never connected ever), what holes are there in my strategy?

[1715650077]

1715650077

[1715650077]

1715650077

[1715650077]

1715650077

[o_e_l_e_o]

Aside from what will be the most common issue is I need another computer (use a separate machine, airgapped, never connected ever), what holes are there in my strategy?

This is the biggest.

If using a totally separate and permanently airgapped machine is not feasible, then instead of simply creating a new user on your current OS, the next step would be to use a different OS. Most people would recommend using a Linux distro of your choice booted from a live USB stick. Tails is a good privacy focused choice, and comes with Electrum pre-installed.

Why did you decide to write down your private keys, instead of writing down the seed phrase that Electrum generated for you? There are multiple benefits to using the seed phrase instead of private keys - easier to read, easier to type back in, harder to make a mistake, built in checksum, will generate private keys for all your addresses rather than just one, no risk of losing change, etc.

[stuffmusic]

Aside from what will be the most common issue is I need another computer (use a separate machine, airgapped, never connected ever), what holes are there in my strategy?

Why did you decide to write down your private keys, instead of writing down the seed phrase that Electrum generated for you? There are multiple benefits to using the seed phrase instead of private keys - easier to read, easier to type back in, harder to make a mistake, built in checksum, will generate private keys for all your addresses rather than just one, no risk of losing change, etc.

Thank you for your response.

I mis-typed... I *did* write down my 12 word seed phrase.

I will research how to boot Tails from a USB stick. 

[andulolika]

Aside from what will be the most common issue is I need another computer (use a separate machine, airgapped, never connected ever), what holes are there in my strategy?

This is the biggest.

If using a total separate and permanently airgapped machine is not feasible, then instead of simply creating a new user on your current OS, the next step would be to use a different OS. Most people would recommend using a Linux distro of your choice booted from a live USB stick. Tails is a good privacy focused choice, and comes with Electrum pre-installed.

Why did you decide to write down your private keys, instead of writing down the seed phrase that Electrum generated for you? There are multiple benefits to using the seed phrase instead of private keys - easier to read, easier to type back in, harder to make a mistake, built in checksum, will generate private keys for all your addresses rather than just one, no risk of losing change, etc.

Had no idea tails comes with electrum pre-installed, thanks.

[o_e_l_e_o]

I will research how to boot Tails from a USB stick.

I would start here: https://tails.boum.org/index.en.html

Had no idea tails comes with electrum pre-installed, thanks.

You can see a list of all included software here: https://tails.boum.org/doc/about/features/index.en.html

[DireWolfM14]

~
- created new wallet, wrote down private keys
~
Aside from what will be the most common issue is I need another computer (use a separate machine, airgapped, never connected ever), what holes are there in my strategy?

The only thing I would suggest here is that you write down the mnemonic seed phrase instead of all the private keys.  The seed phrase will back up the entire wallet with all the private keys, so all of the wallet addresses in you watch only wallet will be backed up.  Maybe that's what you did, and just mistakenly referred to the seed phrase as "private keys." 

ETA: posted late, I see you acknowledged that it was a mistype.

The other issue I have with your method you've already touched on.  It's definitely better to use a dedicated off-line machine than a different account on the same machine.  A machine infected with malware could transcend to multiple accounts.  

[pooya87]

- verified GPG key of the software sig via GPG Suite

you should add a new step before this one which is going to be the hardest step and it is the way you acquire the PGP public key of the developer. it shouldn't be just copied from the same website you download the file and the signature from. read more: https://en.wikipedia.org/wiki/Web_of_trust

- created new user on mac (this new user has never been online)
- copied electrum and installed again on this new profile

this would be my biggest concern. even though you have created a new profile and kept that one offline you are still on the same online machine and will remain on the same one later one too. so for example if some day an exploit in mac was found that allowed an attacker to gain access to all profiles they can also potentially steal your bitcoin wallet and bitcoins.
the live Linux option mentioned above is also the method i would use.
BTW don't forget to encrypt the wallet file itself and also don't forget to make physical backups (as in writing seed on multiple pieces of paper and store them safely, preferably encrypted).

[hatshepsut93]

I will research how to boot Tails from a USB stick. 

This will greatly improve the security of your setup, because if a malware gets admin privileges, your user switch trick won't be helpful, but by using entirely different OS it would be pretty much impossible to steal your keys, especially if you disconnect the hard drive before launching the live OS. There are kinds of malware that infect BIOS so they could theoretically attack your live OS, but these kinds are very rare on practice.

[OgNasty]

Just don't forget to account for the biggest threat to a cold storage wallet, the $5 wrench attack.

[guigui371]

If your computer, USB, and seed are at the same place you are at risk of fire/flood / theft.
If you die, your heirs can't access the coins, you haven't written down a "dead man" strategy, have you? 


What is wrong with the easier following strategy :

Buy a nano S, plug it to a power bank, or straight to a wall plug, or to a live Cd / usb live linux or windows session.
Write down the seed on a metal plate (you could do a 2 out of  3).
Store the metal plate (or plates) into a secured location (or multiple locations).  It could be given to 3 lawyers holding part of your will. It could be a bank vault ...
Connect the nano S to any computer in the world to enjoy your coins hack free.

Shut the fuck about the quantiy of coins you own so you can avoid de $5 wrench attack.

The above is not proper cold storage, but I feel it is easier and equally safe.

no, so far, no one has been able to hack a nano S without having physical access to it.  If you consider this scenario, then the OP strategy is also at risk  of a $5 wrench attack
Buying a fake nano S is also out of the equation as the OP would buy from the official website, and the Nano S has a feature to check that the product is untampered with.

[bob123]

Please find holes in my cold storage strategy.

The biggest problem is, that this actually is not cold storage.

The device you are using for cold storage has to be offline.
It doesn't matter whether you created a new profile/user. If your device is online, it effectively is an online/hot wallet.

If you truly want to use cold storage, you need a device which always is offline. Whether this is an old notebook, a mobile phone or a raspberry pi with an attached small display doesn't matter.
The point is, that it has to be offline.