Whats the safest way to use the Avalanche wallet?

The avax wallet is making me nervous from a security point of view.

First of all, when I access it in my browser via https://wallet.avax.network/ i worry that the copy I’m being served might have been tampered with. Perhaps the servers got hacked a few minutes earlier. Perhaps someone hijacked the DNS and quickly created new certificates for a fake site using Let’s Encrypt.
So instead i use a local copy i checked out manually from https://github.com/ava-labs/avalanche-wallet
During the compilation of the wallet, i receive warnings about stuff being outdated. This is not very reassuring. If i use a more recent version of Node for example, will it cause problems that make me lose my AVAX? Why aren’t the wallet’s dependencies being kept up-to-date? This is important, especially because there is no alternative wallet right now.

Ideally I’d like to work on an offline computer and only transfer signed transactions from the airgapped computer via an SD card. I did this with Ethereum and it worked fine. At the moment, I don’t think I can do it with Avalanche.

I could use a hardware ledger but I’m not a big fan of them. I just want to have a very secure solution without extra hardware if possible.

I’m looking forward to hear from you about your best practices, dos and don’ts.

tags (that I can’t add yet): wallet, offline, security

2 Likes

I’m also worried about the online hosted version of the wallet so I also compiled and run it locally.

Outdated dependencies are relatively low severity warning, especially considering that the wallet had a security audit so we may reassure ourselves they looked at this. Just make sure you have firewall enabled on your machine, that you don’t allow external network connections to the wallet and it’d be also best to not run sketchy software on the machine.

The bigger problem is the security of the machine you’re running it on. No matter your opinion on HW wallets they really are the only way to securely work with cryptocurrencies.

I’m a little bummed that Trezor doesn’t support AVAX as that’s the one I own. And even Ledger support is beta so I dunno if it’s reliable to store coins.

1 Like

Hello. Sorry for bringing this topic from the dead, but this also worries me. Did you find a safe way to used AVAX offline? I know there’s Ledger, but AFAICT you can’t have multiple AVAX accounts yet, and that’s a big deal for me. I was thinking about generating multiple secret phrases offline, storing them safely and only interacting with them in an offline system the way you describe.

Thing is, I don’t work with programming for years now. I’ve never even tried to use nodejs or any of these “new stuff”. I would need a pretty easy tutorial to do it on my own, or, preferably, signed linux executables to run. Is there such thing?

Thanks.