IMHO you can apply general guidelines for secure software:
- Prefer open source solutions that can be audited and that you can compile, and compile it.
- Check the history of vulnerabilites of a software, this can help to show the care of the developers for its security. A good place to check is https://www.cvedetails.com/
I personally use adJ/OpenBSD as operating system, TON tools on it and for wallet I use open source wallets in chromium like OpenMask, MyTonWallet and TON Wallet.
Good read: 'Ton-offline-transaction - offline laptop'
https://github.com/ton-defi-org/ton-offline-transaction
To make it easier for more whales investing in Toncoin, it would be good to have these instructions wrapped into a (bash)script. Easy to audit, easy to modify/update and making it easier for store your coins with peace of mind.
I could help with the script. I come from FreeBSD building secure servers and building linux desktops that have an emphasis on security & privacy. Doing this already for 20 years,
Yesterday I looked at the different Ton wallets and was appalled the lack of security mindset in MyTonWallet. This really shyed me away from investing more.
Holding crypto is normally a tradeoff between security and convenience. There is no one right way - so here's a quick overview of various strategies in TON. I'll focus on strategies for holding large amounts (normally by an institution like an exchange or a big whale).
Cold storage / hot storage is a method where you keep a small amount that is used frequently in a hot wallet - a wallet that is convenient but less secure - and the large amount that is used infrequently in a cold wallet - a wallet that is more secure but less convenient.
Strategies for cold storage:
Hardware wallet - Ledger
Hardware wallets like Ledger are usually a good combination of security and convenience. They store your secret mnemonic on a secure enclave that prevents the key from being extracted.
Unfortunately, since the TON ecosystem is still early, there's no official support for TON in the leading hardware wallets (as of October 2022). But hopefully official support is coming soon.
Unofficial support for Ledger is available from two places:
- https://github.com/ton-blockchain/ledger-app-ton (by core team)
- https://github.com/ton-community/ledger-app-ton (by TonWhales)
The downside of this approach is that support is not official by Ledger yet and some people don't like to install unofficial apps on their hardware devices.
Ton-offline-transaction - offline laptop
https://github.com/ton-defi-org/ton-offline-transaction
With this approach, you use an offline laptop as a cold storage wallet that isn't connected to the Internet and therefore is almost impossible to hack. This approach is more secure than a hardware wallet like Ledger, but more cumbersome to use.
You setup the offline computer once. Every time you need to sign a transaction, you sign it on the offline computer and transfer the signed transaction alone to a computer that is connected to the Internet (this can be done with QR codes).
If you're extra paranoid, you don't even store the secret mnemonic on the offline computer. Instead, you can use a secure USB-based operating system like Tails which has no persistence (runs in RAM) and boots a fresh copy every time.
Professional custody
If you're willing to trust a bank-like entity with your crypto, a custody product may also be a good solution. The security practices employed by these bodies are usually better than what you would do by yourself.
There are some custody solutions with official support for TON:
https://www.matrixport.com/institutions#custody
iPhone with FaceID and TonKeeper
Mobile app wallets like TonKeeper are very convenient to use but less secure than a dedicated hardware wallet. Latest iPhones are actually not that bad since the device locks with FaceID securely after a minute of inactivity, and once locked, almost impossible to unlock without the official owner. iPhones rely on a secure enclave for this mechanism which is very similar to what's used in a hardware wallet.
Since iPhones are connected to the outside world, they can theoretically be hacked remotely. You can probably assume that this capability is reserved for state agents and not "regular" hackers.
The main concern with this approach is actually having the wallet app developer hacked, the attacker publishing a new malicious app to the app store and you auto downloading this app automatically. This risk can be mitigated by disabling auto update for TonKeeper.