How to Safely Hold Monero in Cold Storage

What is cold storage?

Cold storage is a term used by the cryptocurrency community to refer to a wallet which resides offline, disconnected from the Internet and therefore safe from hackers or other threats.

Why should I use cold storage?

If you hold a large amount of Monero which you have no plans to spend soon, cold storage can help you secure that value against attackers. Offline wallets are also useful if you wish for your loved ones to have access to your Monero in the event of your physical absence.

What equipment and software do I need?

The easiest route is to use the MoneroAddress utility on an Internet-connected computer running TAILS. TAILS stands for “The Amnesic Incognito Live System”. It is an operating system which runs from a USB drive and safely ensures that your computer is not compromised while the MoneroAddress utility is running, and that no trace of your private keys will remain on the computer when you power it off.

If you do not want to trust an Internet-connected machine using TAILS, you may also take additional precautions, such as buying a new laptop which has never touched the Internet just to use it for this purpose or use an old PC or Laptop without internet connection. You could then save the MoneroAddress utility on an Internet-connected computer to an USB drive to use it on the aforementioned computer. Feel free to take whichever precautions fit your threat model, but this article will assume that you plan to use an Internet-connected computer running TAILS. Nevertheless, the instructions are similar for both cases.

First, you’ll need to follow the instructions to create a bootable TAILS USB drive. You will need two empty USB drives, each at least 8GiB in size. You don’t have to install TAILS, but doing so is a good idea for two reasons:

1. It is less likely that someone can serve you a bad version of the MoneroAddress utility and steal your money.
2. It is less likely that a hacker can spy on you and steal your Monero private keys.

Once you have installed and booted up TAILS, you can then prepare to generate your cold storage wallet. Have a pen and paper ready with a hard surface to write on (to make sure you don’t leave behind any marks).

How do I actually create the cold wallet?

This is where it’s time to get paranoid. Make sure you are in a private place and that your computing environment is secure. Ensure that there are no cameras in the vicinity and the line of sight to your computer screen is obscured as much as possible. Close the shades or blinds, throw a blanket over yourself, check for suspicious holes in the wall… sweep the area for vulnerabilities. You can’t be too careful here.

Start up TAILS and get connected, then proceed to the MoneroAddress utility and ensure that the HTTPS certificate is valid (make sure the green padlock is showing in the address bar). A new, random address will be generated automatically. Fold your paper in half horizontally, and on the outside, write down your public address. Then, open up the paper and write down the 25-word mnemonic seed. This is very important! Don’t make any mistakes. Check and re-check your work. This seed can be used to generate both your address and the private keys needed to spend and reveal your transactions. Guard it well. Never tell anyone your seed or allow them to discover it, and never type it into a computer (except to spend it, after making sure you trust the computer and wallet application you are using). If you do, your money (and privacy!) could be lost forever.

Optionally, if you would like to use an online computer to watch for incoming transactions (more on this below), you may record the private view key as well. Note that the view key should also be kept as secret as possible! While knowing this key will not allow anyone to move your coins, they will be able to watch the activity in your wallet, which will lead to a loss of privacy.

Now, after you ensure your mnemonic seed is safely recorded, you may safely send funds to the public address (the long alphanumeric string that you wrote on the outside of the folded paper).

If you have followed these instructions as prescribed, you can be reasonably certain that your Monero is safe.

How can I check my wallet balance?

Firstly, if you are using Monero for its privacy functionality, know that exposing your view key to the public will compromise your privacy. Second, it is not strictly possible to have a “watch-only wallet” like it is with Bitcoin, because there is some calculation required with the spend key (which you keep offline). Check this article for more information.

How can I spend from my cold storage wallet?

You can find a guide to restoring your cold wallet to a connected client in this article. Note that once you do this, your funds are no longer as secure as the private keys have been exposed to an internet-facing machine. It is strongly recommended to send any large leftover amount of Monero to a new cold storage wallet once you have made your desired transactions.

This all seems very involved. Is there an easier way?

Unfortunately not. This kind of security does not come easily today, but it might soon. As this article is written, there is currently no hardware wallet support for Monero. The Ledger hardware wallet has been working on support for Monero, and a community-driven project is underway to create a hardware wallet dedicated to Monero.

For now, however, if you want to store your Monero offline, you’ll need to make a paper wallet.