Secure Your Ether And ERC20 Tokens With A DIY Hackproof Ethereum Wallet

Secure Your Ether And ERC20 Tokens With A DIY Hackproof Ethereum Wallet

Since Ether has exploded thousands of percent upward in 2017 and the Initial Coin Offerings or ICOs have basically reshaped the cryptocurrency world, many hackers have turned their attention to this new asset and made quite a splash on the market stealing millions of dollars’ worth of Ether and ERC20-based tokens (a standard used to create new cryptocurrencies that live on the Ethereum blockchain).

In the summer of 2017, also widely-known and used online Ethereum Classic wallet was compromised via social engineering. The hacker managed successfully to take control of the site and change the code so that whenever a user logged into his account, the hacker could see the user’s private key, therefore steal his funds.

Unfortunately, as the cryptocurrency market overall and the Ethereum ecosystem continue to grow in particular, so will these malicious attacks. Hackers will keep finding more and more creative ways to get control of hot cryptocurrency assets. That’s why we all need to be extra careful when managing our cryptocurrency portfolio.

Buying a hardware wallet is a viable solution to secure your Ether and ERC20-based tokens. But what if the shipping takes forever due to ordering overload? Should we wait for the hardware wallet to arrive and in the meantime, hope for the best? Or should we take matter into our own hands?

I consider it’s better to secure the Ether and ERC20 tokens sooner rather than later. Don’t worry though, you don’t need to be a computer geek or a tech freak to get a good night sleep with your cryptocurrency safely stored. You don’t even need to install software or complicated wallets that take forever to synchronize. All you need is a little bit of patience and an open mind eager to learn new interesting stuff.

Don’t believe me? Then stop browsing and start reading the next paragraphs and by the end of it, I’ll surely turn you into a believer.

Before Getting Started

Before getting started though, I have to point you to another good resource here on my blog that is closely related to this one: Secure Your Bitcoins! How To Build A Hackproof Bitcoin Wallet.

In that particular article, you will find what exactly is a cold storage or an air-gapped machine, terms commonly used among the members of the cryptocurrency community, and why you should use a Linux-based OS instead of Windows. You will also read about the very first step to build any hackproof cryptocurrency wallet which is to prepare your air-gapped device whether it’s an old notebook or a portable Raspberry Pi.

One final note before moving on: as in Bitcoin’s case, the method we are about to show you is hackproof because you will NEVER reveal your private key. You will never type your private key or use a UTC/JSON file – or Keystore file – on your online PC. What you will use is an encrypted signed transaction ready to be broadcasted on the Ethereum network.

And yes, you will need an air-gapped device (see Secure Your Bitcoins article) besides your everyday online PC. It could very well be the same air-gapped device where you store all your Bitcoins and Litecoins securely.

STEP 2: Download MyEtherWallet

MyEtherWallet Offline version on Github

In case you’re wondering, STEP 1 is explained thoroughly in my Secure Your Bitcoins! How To Build A Hackproof Bitcoin Wallet article.

Now that you built your ultimate hackproof cold storage and very possibly secure your Bitcoins there, it’s time to use the same approach and store your Ether and ERC20-based tokens.

First thing first: download the website. No not just by going into your browser and click on File and Save As. You can download their website and enjoy their offline functionality by accessing their Github page which you can find below (the resource you need to download is called etherwallet-[current.version].zip):

You can also find this link if you scroll down to the main website’s footer (you will also find many other useful resources there).

Next, move the MyEtherWallet archive to your USB stick used ONLY for file transfers between the air-gapped device and your online PC (remember?) and transfer it to your cold storage where you also have your Bitcoins and probably Litecoins. Unzip the file, access the newly created folder and double click on index.html file.

Just like it would if you typed down the address on any online machine, the website will open in your default browser.

STEP 3: Create A New Ethereum Wallet

MyEtherWallet Create A New Wallet

Obviously, this is the offline version of the site so you won’t be able to send ethers and ERC20 tokens that you got during ICOs the traditional way.

Immediately after opening index.html, you will receive a notification that the site couldn’t connect to the Ethereum network. Fortunately, it doesn’t need to as there are other ways to make transactions securely using encrypted signatures and using an online PC just like in Bitcoin’s case.

And just like in Bitcoin’s case, you can also create a new Ethereum wallet securely without worrying about the possibility of a malicious attack. Indeed, it’s possible, just click on the New Wallet tab in the offline version of MyEtherWallet, choose a strong password for extra security and follow the steps provided by MEW. Be sure to save your private key in your air-gapped device or at least save the UTC/JSON Keystore file.

If you want your Ethereum wallet to be hackproof, DO NOT EVER USE the private key or UTC/JSON Keystore file on any device with an Internet connection. You will only use them with your air-gapped device.

STEP 4: Receive And Send Ether And ERC20 Tokens

MyEtherWallet Send Ether Offline

Now that you created a hackproof Ethereum wallet, it’s time to move your funds and secure them once and for all.

The process is fairly straight-forward if you want to move your Ether and ERC20 tokens from an unsecure source like an exchange or a wallet created in the online mode to your hackproof offline wallet. Just copy the public address of your newly-created offline wallet into a text doc for example and move the file to your everyday online PC using the now notorious use-it-only-for-file-transfers-between-the-air-gapped-machine-and-your-online-PC USB stick.

That’s all you need for receiving funds. Make sure you test the process first by transferring a small amount to your offline wallet to see if everything checks out. The public address can also be used to view your Ether balance and your overall info of the funds stored in the offline Ethereum wallet – just go to MyEtherWallet website using your online PC, click on the View Wallet Info tab and choose the View with Address Only option. Don’t worry, the hackers can’t do anything with your public address other then send you some funds 😊

But what about sending Ether and ERC20 tokens from your offline wallet to another source like an exchange for example? Well, the process is a little bit tricky but not difficult by any means.

Generate Information

The first thing you need to do is access MyEtherWallet website on your online PC, click on the Send Offline tab, paste your address from where you want to send the digital tokens and click the Generate Information button. You will be given a Gas Price value and a Nonce. Copy them into a text file and also don’t forget to copy the destination address and how much Ethers or/and ERC20 tokens you want to send as well.

Generate Transaction

Next, move the text file to your air-gapped device and open MyEtherWallet in the offline mode (click on index.html). Click on the Send Offline tab and type the information required in the Step 2: Generate Transaction (Offline Computer) section including the exact destination address, the Gas Price value, the Nonce, and the amount of Ether/ERC20 tokens you want to transfer.

After you typed the necessary information, access your wallet using your previously saved UTC/JSON Keystore file or private key. Click on the Sign Transaction button and copy the Signed Transaction value to your text file.

Publish Transaction

Now move to your online PC and paste the Signed Transaction value in the text box of the Step 3: Send/Publish Transaction (Online Computer) section (remember you are on the MyEtherWallet website -> Send Offline tab).

The final step is to click the Send Transaction button, double check to see if the information you are about to send to the Ethereum network is correct and click the Generate Transaction button.

Congrats! If everything was done the right way, your transaction is being processed by the Ethereum network and will shortly be confirmed.

Easy, right?

Things To Take Into Consideration
  • Like in the Bitcoin’s case, the USB stick can ultimately compromise your air-gapped device and your offline Ethereum wallet. If you’re using a Raspberry Pi, you can order a Pi camera and use it to read QR codes. That will make your DIY Ethereum wallet 100% hackproof. But a USB stick used ONLY for file transfer (text docs with the information needed to send/receive Bitcoins and cryptocurrency) between your air-gapped device and online PC is also a good security measure although not quite 100% hackproof.
  • To avoid losing your funds if your air-gapped device becomes unresponsive for one reason or another, try to make copies of UTC/JSON Keystore file or private key. For example, buy another USB stick where you will store such sensitive information and NEVER use it unless you lose all the information on your air-gapped device. Always be proactive and ask yourself ‘What If?’ to avoid uncomfortable situations such as losing your private keys and your access to your funds.

Florian Gheorghe

Freedom Evangelist, self-employed for over 8 years, consciously trying to break the status quo one step at a time. Writing is my ultimate escape, action is my only option.

Leave a Reply

Close Panel
  • Links