Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escape special characters +-&|!(){}[]^"~*?:\ - e.g. \+ \* \!
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
What are the various ways of holding and storing TON coin securely - particularly large amounts and in cold storage?

If I want to hold and store a significant amount of toncoin, what options do I have and what would be the pros and cons of the various approaches from a security POV?

Most crypto protocols support some way of holding coins in a cold wallet. What would a cold wallet scheme look like on TON Blockchain?

Votes Newest

Answers 3


Holding crypto is normally a tradeoff between security and convenience. There is no one right way - so here's a quick overview of various strategies in TON. I'll focus on strategies for holding large amounts (normally by an institution like an exchange or a big whale).

Cold storage / hot storage is a method where you keep a small amount that is used frequently in a hot wallet - a wallet that is convenient but less secure - and the large amount that is used infrequently in a cold wallet - a wallet that is more secure but less convenient.

Strategies for cold storage:

Hardware wallet - Ledger

Hardware wallets like Ledger are usually a good combination of security and convenience. They store your secret mnemonic on a secure enclave that prevents the key from being extracted.

Unfortunately, since the TON ecosystem is still early, there's no official support for TON in the leading hardware wallets (as of October 2022). But hopefully official support is coming soon.

Unofficial support for Ledger is available from two places:

The downside of this approach is that support is not official by Ledger yet and some people don't like to install unofficial apps on their hardware devices.

Ton-offline-transaction - offline laptop

https://github.com/ton-defi-org/ton-offline-transaction

With this approach, you use an offline laptop as a cold storage wallet that isn't connected to the Internet and therefore is almost impossible to hack. This approach is more secure than a hardware wallet like Ledger, but more cumbersome to use.

You setup the offline computer once. Every time you need to sign a transaction, you sign it on the offline computer and transfer the signed transaction alone to a computer that is connected to the Internet (this can be done with QR codes).

If you're extra paranoid, you don't even store the secret mnemonic on the offline computer. Instead, you can use a secure USB-based operating system like Tails which has no persistence (runs in RAM) and boots a fresh copy every time.

Professional custody

If you're willing to trust a bank-like entity with your crypto, a custody product may also be a good solution. The security practices employed by these bodies are usually better than what you would do by yourself.

There are some custody solutions with official support for TON:

https://www.matrixport.com/institutions#custody

iPhone with FaceID and TonKeeper

tonkeeper.com

Mobile app wallets like TonKeeper are very convenient to use but less secure than a dedicated hardware wallet. Latest iPhones are actually not that bad since the device locks with FaceID securely after a minute of inactivity, and once locked, almost impossible to unlock without the official owner. iPhones rely on a secure enclave for this mechanism which is very similar to what's used in a hardware wallet.

Since iPhones are connected to the outside world, they can theoretically be hacked remotely. You can probably assume that this capability is reserved for state agents and not "regular" hackers.

The main concern with this approach is actually having the wallet app developer hacked, the attacker publishing a new malicious app to the app store and you auto downloading this app automatically. This risk can be mitigated by disabling auto update for TonKeeper.

4
4
Posted 2 years ago
Edited 2 years ago
Tal Kol
359 × 3 Administrator

IMHO you can apply general guidelines for secure software:

  1. Prefer open source solutions that can be audited and that you can compile, and compile it.
  2. Check the history of vulnerabilites of a software, this can help to show the care of the developers for its security. A good place to check is https://www.cvedetails.com/

I personally use adJ/OpenBSD as operating system, TON tools on it and for wallet I use open source wallets in chromium like OpenMask, MyTonWallet and TON Wallet.


Good read: 'Ton-offline-transaction - offline laptop'
https://github.com/ton-defi-org/ton-offline-transaction

To make it easier for more whales investing in Toncoin, it would be good to have these instructions wrapped into a (bash)script. Easy to audit, easy to modify/update and making it easier for store your coins with peace of mind.

I could help with the script. I come from FreeBSD building secure servers and building linux desktops that have an emphasis on security & privacy. Doing this already for 20 years,

Yesterday I looked at the different Ton wallets and was appalled the lack of security mindset in MyTonWallet. This really shyed me away from investing more.

  
  
Posted one year ago