I’m considering QubesOS to securely use cryptocurrency wallets.There are a lot of reports of hacks and people loosing their funds even on MacOS and Linux. Qubes seems to be far more secure.
Is there a well known set up how to set up and work with cryptocurrencies in Qubes? Anyone using Qubes for connecting crypto wallets to networks?
Is there any risk that Qubes distribution might be hacked, and we lose our funds?
The bitcoin guide
can be adapted for various coins.
Is there any risk that Qubes distribution might be hacked.
Yes. By who and how is a different question.
@Eli you may be interested in a Trezor Wallet which is also a compartmentalization strategy but in the form of another physical computer (albeit a much smaller one) instead of a virtual computer (like a qube). The idea is that the hardware wallet holds the private cryptographic key and performs cryptographic operations but does not give the private cryptographic key to the computer the wallet talks to over USB.
Sure, I’m aware of hardware wallets. But there are more items to secure than the private key: seed phrases, wallet and account info, encryption keys , some hot wallets etc.
The offline vault cube or GPG split is like a hardware wallet, but used more broadly.
Right now, I worry that ransomware groups might compromise QubesOS distribution channels.
Indeed, it’s good to be cautious. IMO, Qubes OS is a natural fit for general cryptocurrency use cases, as cryptocurrency concerns natively-digital objects of value, and Qubes OS is designed to protect digital activities and data. In principle, there isn’t really anything different between protecting cryptocurrency activity/data and protecting any other kind of digital activity/data. As with everything, Qubes OS can only protect you if you learn how to use it properly (I recommend reading the documentation to help with that), though it does try very hard to help you avoid shooting yourself in the foot.
See here for a brief high-level sketch of a hypothetical cryptocurrency setup. Reading through the other examples might also help give you an idea of what Qubes can do for you.
That risk is always present (i.e., non-zero) with any kind of technology. All security-oriented technology can do is reduce the risk, never eliminate it entirely. For example, even a cold storage hardware wallet that has never touched an online computer is not 100% risk-free, since it’s possible that, e.g., a subtle supply-chain attack introduced an almost imperceptible bias in the random-number generator that makes brute-force attacks feasible for the attacker.
Or, as another example, there could be a quantum-computing breakthrough related to Shor’s algorithm that allows the public-key cryptography on which cryptocurrencies are built to be broken sooner than expected; or new quantum-resistant algorithms might emerge more slowly than expected, delaying migration; or you personally might not be able to migrate to new wallets using quantum-resistant cryptography in time (in a coma from an accident?); and so on.
These are just a couple of random examples out of (probably) an infinite number of possible scenarios. The point is that nothing in the real world can ever be guaranteed to be 100% secure. Even if a technical design were provably secure in theory, it still has to be implemented in the real world out of physical matter at some point (or else you can’t actually use it to do things in the physical world), which is an inherently messy process vulnerable to interference and attack at most steps along the way.
But just because there’s no such thing as absolutely perfect security in the real world doesn’t mean that there isn’t such a thing as more security or less security. Security isn’t binary. It’s also relative. What counts as secure for others will not necessarily be the same thing that counts as secure for you, because it depends on your threat model. (At the most basic level: What are you trying to protect and from whom?)
What do you mean by “distribution channels”?
If you mean the process by which you download and install Qubes OS, and if you’re concerned that attackers might try to get you to install a compromised version of Qubes OS, then you should read about verifying signatures, which directly addresses this.
Regarding the risk of ransomware in general, I think Qubes OS is quite well-suited to handling it, since the ransomware (like any malware) should only be able to infect the qubes to which it has access, which (if you organized your qubes wisely) should only be untrusted qubes without any valuable data. Of course, keeping good backups is also key to protecting against and recovering from ransomware, and Qubes makes it easy to do that securely too.
By ransomware I mean, an attack like solar winds. A ransomware group spends a lot of time targeting a Qubes developer. From there, they ship a bad update to every user.
The risk is there for any OS, but it pays off better for some more than others. People who use Qubes are more likely to have something to protect.
Indeed. By the same token, though, the Qubes devs are much more security-conscious than most other devs (even very good ones who don’t focus exclusively on security). They’re also working on other ways to protect against this sort attack, such as reproducible builds.
@Eli see https://reproducible-builds.org/ Some organizations compile everything from source code internally. Some users do this too.