Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
What are the various ways of holding and storing Ton coin securely - particularly large amounts and cold storage?

If I am someone who is interested in potentially holding and storing, say, a significant amount of toncoin, what options do I have and what would be the pros and cons of the various approaches from a security POV?

Most crypto protocols support some way of holding coins in a cold wallet. What would a cold wallet scheme look like on TON Blockchain?

Votes Newest

Answers


Holding crypto is normally a tradeoff between security and convenience. There is no one right way - so here's a quick overview of various strategies in TON. I'll focus on strategies for holding large amounts (normally by an institution like an exchange or a big whale).

Cold storage / hot storage is a method where you keep a small amount that is used frequently in a hot wallet - a wallet that is convenient but less secure - and the large amount that is used infrequently in a cold wallet - a wallet that is more secure but less convenient.

Strategies for cold storage:

Hardware wallet - Ledger

Hardware wallets like Ledger are usually a good combination of security and convenience. They store your secret mnemonic on a secure enclave that prevents the key from being extracted.

Unfortunately, since the TON ecosystem is still early, there's no official support for TON in the leading hardware wallets (as of October 2022). But hopefully official support is coming soon.

Unofficial support for Ledger is available from two places:

The downside of this approach is that support is not official by Ledger yet and some people don't like to install unofficial apps on their hardware devices.

Ton-offline-transaction - offline laptop

https://github.com/ton-defi-org/ton-offline-transaction

With this approach, you use an offline laptop as a cold storage wallet that isn't connected to the Internet and therefore is almost impossible to hack. This approach is more secure than a hardware wallet like Ledger, but more cumbersome to use.

You setup the offline computer once. Every time you need to sign a transaction, you sign it on the offline computer and transfer the signed transaction alone to a computer that is connected to the Internet (this can be done with QR codes).

If you're extra paranoid, you don't even store the secret mnemonic on the offline computer. Instead, you can use a secure USB-based operating system like Tails which has no persistence (runs in RAM) and boots a fresh copy every time.

Professional custody

If you're willing to trust a bank-like entity with your crypto, a custody product may also be a good solution. The security practices employed by these bodies are usually better than what you would do by yourself.

There are some custody solutions with official support for TON:

https://www.matrixport.com/institutions#custody

iPhone with FaceID and TonKeeper

tonkeeper.com

Mobile app wallets like TonKeeper are very convenient to use but less secure than a dedicated hardware wallet. Latest iPhones are actually not that bad since the device locks with FaceID securely after a minute of inactivity, and once locked, almost impossible to unlock without the official owner. iPhones rely on a secure enclave for this mechanism which is very similar to what's used in a hardware wallet.

Since iPhones are connected to the outside world, they can theoretically be hacked remotely. You can probably assume that this capability is reserved for state agents and not "regular" hackers.

The main concern with this approach is actually having the wallet app developer hacked, the attacker publishing a new malicious app to the app store and you auto downloading this app automatically. This risk can be mitigated by disabling auto update for TonKeeper.

1
1
Posted 3 months ago
Edited 3 months ago
Tal Kol
183 × 2 Administrator
4K Views
1 Answer
3 months ago
3 months ago
Tags