From Kicksecure
Jump to navigation Jump to search
Ethereum Logo

Ethereum Wallet Security Considerations and How to use ETH



Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Full vs Light Node Privacy and Security Considerations[edit]

Full Node Advantages[edit]

Similar to Bitcoin Core / ElectrumX, the whole blockchain gets downloaded and analyzed for the user's addresses/transactions locally on their own local computer.

Light Node Advantages[edit]

Much easier to use.

Light Node Disadvantages[edit]

Similar to electrum Bitcoin wallet when using third-party servers. A bit less severe since a Bitcoin wallet contains multiple addresses but a Ethereum wallet contains only one address. Could use a Qubes Disposables for watch-only.

Disk Space[edit]

Full Blockchain Validating Node disk space requirement more than 1 TB.

Full Node Appliances[edit]

There are ETH full node ready-made box one can buy. Maybe easier for clearnet users.

But these aren't optimized for anonymity / use with Tor.

ETH Full Node on Self-Hosted Remote Server[edit]

High disk space requirements.

Personal experience by Kicksecure developer Patrick. Maintenance intensive, things keep breaking, broken blockchain synchronization, development team was highly unresponsive in fixing critical issues such as blockchain synchronization, sync bugs. See bug report Unable to sync ethereum which was opened in 2017. No Ethereum developer attempted to debug the issue by asking other users or otherwise acknowledged the issue which was then automatically closed by the stale bot.

Full Node Conclusion[edit]

Looks very difficult and very messy.

Pruning Mode[edit]


Wallet Security Considerations[edit]

General Security Considerations[edit]

Avoid mixing wallets for ETH long term storage with wallets used for DeFi or NFT.

Be aware of the security issue with unlimited and infinite token

How does the industry, institutional ETH custodians secure their funds?[edit]

Gnosis Safe allegedly storing more than 1 billion $ Would require more research if that is so indeed. No mainstream sources have been found yet.

smart contract based on chain multisig[edit]

Discouraged. Millions worth of ETH was and still is frozen in the parity multisig More references under Smart Contract On Chain Multisig vs Threshold Signature Wallets.

Is there a way to use multisig without smart contracts on Ethereum?

Ethereum does not support native threshold You need to use multisignature wallets like Gnosis

Gnosis Safe requires only one transaction per execution from the multisig wallet. Other communication happens off-chain. Thus your assumption "very expensive and slow, because it requires a lot of transactions." is incorrect.

Threshold Signature Wallets[edit]

Great in theory. In practice, there are no known Freedom Software based implementations available.

Proprietary products are discouraged due to privacy issues. Presumably as for any corporation, they would want to setup a call with their customer, identify, onboard, want to know details about the operation, possibly upsale and vendor lock-in.

Wallet Security Setups Comparison[edit]


MyCrypto could be replaced by MyEtherWallet (MEW) because it is very similar or any other suitable wallet, if there are other alternatives.

Local Wallet Recommendation[edit]

In all cases, it is far better if the wallet software is running locally on the user's own computer. This is possible with both, MyCrypto and MEW.

Using web services such as or is discouraged.


Users not using a full node should consider using multiple wallets to watch their addresses. For example:

  • MyCrypto
  • MyEtherWallet
  • use web services such as

Option 1: MyCrypto-online + Hardware Wallet[edit]

Both, MyCrypto-online VM + MyCrypto-offline VM on the same computer.


  • malware resistance: Can survive Qubes online computer dom0 compromise.


Option 2: on same computer - MyCrypto-online + MyCrypto-offline[edit]

Both, MyCrypto-online VM + MyCrypto-offline VM on the same computer.


  • encryption: Adversaries with physical access stealing a luks full disk encrypted offline computer while powered off according to current knowledge won't be able to extract private key.
  • Usability. Easy to use in Qubes with copy/paste. Would be similar to the electrum split wallet video that I recorded for you in the beginning.


  • No multisig.
  • malware resistance: Cannot survive Qubes online computer dom0 compromise.

Option 3: with two computers, physical isolation (airgap) - MyCrypto-online + MyCrypto-offline[edit]

MyCrypto-online and MyCrypto-offline running on different, physically isolated computers.


  • encryption: Adversaries with physical access stealing a luks full disk encrypted offline computer while powered off according to current knowledge won't be able to extract private key.
  • malware resistance: Survive Qubes online computer dom0 compromise.


  • No multisig.
  • Usability: No built-in QRcode feature. The user would need to, either:
    • A) Create QRcode on the command line using for example qrencode and it on a physically isolated offline computer, photograph it with a camera, decode it using qrencode, or
    • B) transfer the signed transaction using USB (which comes with the usual USB risks).





Metamask by ConsenSys.


  • Reputation.



  • Stateful. Reset wallet feature often needed.



  • desktop app

Quote MyCrypto: unclear if MyCrypto desktop application is maintained or currently does not work offline, so for those situations we recommend using the desktop application. It is not actively maintained however, and we don't add any new features to the desktop application. It's still perfectly usable though if you have a plain private key or want to send offline. We are working on a replacement for the desktop application, which you can check out here: It's still a work in progress however, and we don't recommend using it with "real" private keys just yet.

We will still update it in case of security vulnerabilities, at least until the release of the new application.

Offline use notice: The VM or computer needs to be really offline. It cannot be tested online, not even for testing purposes. This is because MyCrypto auto detects if VM is offline or online and the application changes accordingly. [1]

Usability for Offline Use[edit]

According to MyCrypto: How to Make an Offline one needs to find out:

  • nonce
  • gas limit (easy, 21000 for ETH, rarely changes, harder for token, hardest for DeFi)
  • gas price (gwei)
  • data: keep this empty for simple ETH transfers

This is likely specific to Ethereum and unspecific to MyCrypto.


Also called MEW. Very similar to MyCrypto.

Can run locally, in browser: yes


  • No desktop app.


Ethereum accepted here Donate Ethereum (ETH) or Token to Kicksecure.


See Also[edit]


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!