Recently, there have been many reports of stolen chia.
For this reason, I will post a guide in 3 Levels of security so you do not loose your funds:
Level 1: The basics (for very small farms)
So one thing almost all valid reports of stolen funds had in common was that they used some unofficial Pool or Software. This has always been advised as unsafe. So it should be common sense, to use the official software.
→ Do not install unofficial chia software on your farming machines.
Other reports stated that they have shared their Mnemonics (Secret) with some other entity. Friends, or a Webpage, or an unofficial Pol such as HPool.
You secret is your username AND password to your chia funds.
→ NEVER EVER enter your secret on a webpage or give it to anybody.
→ ONLY enter your secret on the official Chia client in order to open your wallet.
→ Same couts for your Private Keys.
→ If you are on an unofficial pool or shared your secret, switch to official asap and generate a new wallet!
Many funds get lost due to data loss. It is not nessesairy for you to loose your funds to a hacker. A mere hardware failure can lead to a catastrophy. Or you upgrade to another machine and forgot your secret. Do you have a BackUp of your secret?
→ Get two external harddrives. It is best to get the classic spinning drives as they are proven over many years. Maybe an ssd and one normal spinning drive as well. They do not need to have large capacity. Store your Secret on both drives. Keep at least one drive at a secure offshore location. Maybe at your parents house (ask them if you can have a small safe there they might throw it away by accident 
) Or even consider storing it at a safe in your trusted bank.
IMPORTANT: NEVER use USB Thunb drives for that matter. They are prone to random failures. Additionally they have some sort of Battery (not the correct technical term) which gets recharged when you plug the drive back in. Once this Battery runs out of power, your data is gone.
Lastly, use Passwords which you do not use on other Machines. Otherwise: If your password gets leaked somewhere, all your accounts are done for.
Level 2: intermediate safety (for small farms)
Level 1 rules apply, so read them first.
Keep your farming on separate machines from your Wallet. Do not install unnessesary Software on those machines. If possible, do not use Windows on these machines (only do this if you are convenient with Ubuntu or whatever).
Create a cold wallet to store your Funds. Creating a cold wallet basically means that you generate a Wallet which you then store the mnemonics offline somewhere safe (not on your computer. I personally have 3 wallets:
- My farming Wallet, where my funds arrive (online)
- My “daily use” wallet (online)
- My savings wallet with my longterm funds (OFFLINE)
→ It is strongly advised to not generate your offline wallet on your daily use machine. But when you are in the step of setting up your farming Machine, you have a clean setup without additional Soft- or Malware. I recommend to generate your offline wallet there. (and remove it afterwards)
→ it is best to access your wallet on a clean machine. You can also get a cheap laptop etc. which is normally not connected to the internet to do this. You may also use a virtual machine (by far not as safe as a dedicated device)
→ a clean machine means to not have additional Software on it. Also no antivirus. As long as you do not install additional software and dont browse the Web, Antivirus is unnessesary. Plenty of Antiviruses are known for sniffing around and sharing your Data. What they share and store about you? Nobody knows.
→ Never enable the ‘root’ (or “Administrator”, “Admin”, …) Account. These are known usernames and as soon as your device is connected to your network, you will find plenty of logon attempts from externally on these usernames. It is only a matter of time until they find your Password.
Lastly, neither share information that you are farming, nor where your Farm is.
Level 3: For large farms
Level 1 and 2 apply, read them first.
Keep your farming and wallet management on separate networks. You can have them at a physically different location or set them into a Demilitarized Zone. Meaning they do not have access to one another.
Secure your network against access from outside. Get a firewall, Block IP access from Countries which are known to run attacks (Asia, russia, …) Disable Wifi (This is important, Wifi is an inherently insecure technology as you can sit anywhere and try to sniff the data which is transmitted over the air).
Set up an account locking policy. Eg: Upon 3 failed login attempts whithin 30 minutes, Lock the Account for 30 Minutes. This greatly improves resilience against Brute force trial and error attacks
Ensure the physical safety for your Farming site. Have secure locks, possibly an entry alarm.
If you have Webcams, do not show your farm on your webcams. Most of those secure webcam companies which stream over the Internet have had terrible data leaks. They record your video. And in case of a data leak, those videos get shared to the outside World. If you want an example, google for Arlo webcam data leak. After all you never know, what the employees are doing with your video Material.
That’s it for now. I am happy for comments and suggestions. May your Funds be secure.
