How to keep your chia safe

Recently, there have been many reports of stolen chia.
For this reason, I will post a guide in 3 Levels of security so you do not loose your funds:

Level 1: The basics (for very small farms)
So one thing almost all valid reports of stolen funds had in common was that they used some unofficial Pool or Software. This has always been advised as unsafe. So it should be common sense, to use the official software.
→ Do not install unofficial chia software on your farming machines.

Other reports stated that they have shared their Mnemonics (Secret) with some other entity. Friends, or a Webpage, or an unofficial Pol such as HPool.
You secret is your username AND password to your chia funds.
→ NEVER EVER enter your secret on a webpage or give it to anybody.
→ ONLY enter your secret on the official Chia client in order to open your wallet.
→ Same couts for your Private Keys.
→ If you are on an unofficial pool or shared your secret, switch to official asap and generate a new wallet!

Many funds get lost due to data loss. It is not nessesairy for you to loose your funds to a hacker. A mere hardware failure can lead to a catastrophy. Or you upgrade to another machine and forgot your secret. Do you have a BackUp of your secret?
→ Get two external harddrives. It is best to get the classic spinning drives as they are proven over many years. Maybe an ssd and one normal spinning drive as well. They do not need to have large capacity. Store your Secret on both drives. Keep at least one drive at a secure offshore location. Maybe at your parents house (ask them if you can have a small safe there they might throw it away by accident :wink: ) Or even consider storing it at a safe in your trusted bank.
IMPORTANT: NEVER use USB Thunb drives for that matter. They are prone to random failures. Additionally they have some sort of Battery (not the correct technical term) which gets recharged when you plug the drive back in. Once this Battery runs out of power, your data is gone.

Lastly, use Passwords which you do not use on other Machines. Otherwise: If your password gets leaked somewhere, all your accounts are done for.

Level 2: intermediate safety (for small farms)
Level 1 rules apply, so read them first.

Keep your farming on separate machines from your Wallet. Do not install unnessesary Software on those machines. If possible, do not use Windows on these machines (only do this if you are convenient with Ubuntu or whatever).

Create a cold wallet to store your Funds. Creating a cold wallet basically means that you generate a Wallet which you then store the mnemonics offline somewhere safe (not on your computer. I personally have 3 wallets:

  • My farming Wallet, where my funds arrive (online)
  • My “daily use” wallet (online)
  • My savings wallet with my longterm funds (OFFLINE)

→ It is strongly advised to not generate your offline wallet on your daily use machine. But when you are in the step of setting up your farming Machine, you have a clean setup without additional Soft- or Malware. I recommend to generate your offline wallet there. (and remove it afterwards)
→ it is best to access your wallet on a clean machine. You can also get a cheap laptop etc. which is normally not connected to the internet to do this. You may also use a virtual machine (by far not as safe as a dedicated device)
→ a clean machine means to not have additional Software on it. Also no antivirus. As long as you do not install additional software and dont browse the Web, Antivirus is unnessesary. Plenty of Antiviruses are known for sniffing around and sharing your Data. What they share and store about you? Nobody knows.
→ Never enable the ‘root’ (or “Administrator”, “Admin”, …) Account. These are known usernames and as soon as your device is connected to your network, you will find plenty of logon attempts from externally on these usernames. It is only a matter of time until they find your Password.

Lastly, neither share information that you are farming, nor where your Farm is.

Level 3: For large farms
Level 1 and 2 apply, read them first.

Keep your farming and wallet management on separate networks. You can have them at a physically different location or set them into a Demilitarized Zone. Meaning they do not have access to one another.

Secure your network against access from outside. Get a firewall, Block IP access from Countries which are known to run attacks (Asia, russia, …) Disable Wifi (This is important, Wifi is an inherently insecure technology as you can sit anywhere and try to sniff the data which is transmitted over the air).

Set up an account locking policy. Eg: Upon 3 failed login attempts whithin 30 minutes, Lock the Account for 30 Minutes. This greatly improves resilience against Brute force trial and error attacks

Ensure the physical safety for your Farming site. Have secure locks, possibly an entry alarm.
If you have Webcams, do not show your farm on your webcams. Most of those secure webcam companies which stream over the Internet have had terrible data leaks. They record your video. And in case of a data leak, those videos get shared to the outside World. If you want an example, google for Arlo webcam data leak. After all you never know, what the employees are doing with your video Material.

That’s it for now. I am happy for comments and suggestions. May your Funds be secure.


I never heard of that.
Perhaps people are stepping on them, leaving them in their pocket when doing the laundry, etc?

If you want a safe place to store your Chia mnemonics or other secret type data, then I recommend one of the following two storage vessels, both of which use strong encryption:

– keepass, available from here:

VeraCrypt, available from here:

(Do not download the above from anywhere else)

“keepass” is a password manager, and is designed to hold (or generate) logins for web sites and anywhere else. It can be used to store documents, too. Everything it holds will be encrypted.

“VeraCrypt” is designed to create encrypted volumes, that you mount. Once mounted, that encrypted volume shows up as yet another drive letter (in Linux (which I do not run), I suspect it simply shows up as a new mount point).

Any files that you create in the VeraCrypt volume or copy to the VeraCrypt volume will be encrypted on-the-fly. To you, it will all be in the clear, just like any drive letter. Once you tell VeraCrypt to unmount the drive letter, no one can access it, without your passphrase.

For both “keepass” and “VeraCrypt”
– They are only as good as the passphrase you use to access the encrypted files they are holding.
If you use a so-so passphrase, then expect it to be broken if a skilled attacker gets to it. More on this, below.

– They both are open source applications. I cannot read the code, but countless programmers, globally, can. If there were any back-doors or other such security issues, someone would claim credit for discovering it.

– They are both free.

– They both store all of your encrypted data in a single file. This makes it simple to make a backup of your passwords (and anything else you are storing in them).

– You can store a backup of your encrypted file anywhere – even with your arch nemesis. As long as you use an unbreakable passphrase, your encrypted file is useless to everyone other than you.

So e-mail a copy of the encrypted file to a friend, or store it in the cloud, etc. To anyone other than you, it is a file full of gibberish. And you absolutely should store a copy somewhere else, in case your computer’s storage device fails, or you are hit with ransomware, or your computer is stolen or lost in a fire, etc.

– If you forget your passphrase, you are toast.
No one – no 3-letter government agency – will be able to recover your encrypted data (assuming you used a very strong passphrase).

Reminder that if you do not use a strong passphrase, then all bets are off.

Here is a video on how to create an unbreakable passphrase, and yet still be able to remember it:

You can now keep all of your critical data safely within an encrypted file, and you can easily keep a copy of that encrypted file wherever you want. Note that you should close the application before making a copy of the encrypted file. You do not want the encrypted file to be in use while you make a copy of it.

1 Like