The avax wallet is making me nervous from a security point of view.
First of all, when I access it in my browser via https://wallet.avax.network/ i worry that the copy I’m being served might have been tampered with. Perhaps the servers got hacked a few minutes earlier. Perhaps someone hijacked the DNS and quickly created new certificates for a fake site using Let’s Encrypt.
So instead i use a local copy i checked out manually from https://github.com/ava-labs/avalanche-wallet
During the compilation of the wallet, i receive warnings about stuff being outdated. This is not very reassuring. If i use a more recent version of Node for example, will it cause problems that make me lose my AVAX? Why aren’t the wallet’s dependencies being kept up-to-date? This is important, especially because there is no alternative wallet right now.
Ideally I’d like to work on an offline computer and only transfer signed transactions from the airgapped computer via an SD card. I did this with Ethereum and it worked fine. At the moment, I don’t think I can do it with Avalanche.
I could use a hardware ledger but I’m not a big fan of them. I just want to have a very secure solution without extra hardware if possible.
I’m looking forward to hear from you about your best practices, dos and don’ts.
tags (that I can’t add yet): wallet, offline, security