Creating a safe environment for your IOTA Wallet and Seed

All credits to: onehitwonder – Original post:


Why you shouldn’t trust exchanges with your IOTA

You might ask yourself why not to keep your Iota-Tokens in the same exchange where you first bought them. Well, there are muliple reasons.

  • Exchanges have been hacked before and probably will be hacked in the future. Youbit, EtherDelta, Bitfinex and Mt.Gox are just a few examples of exchanges that got hacked in the last years where people lost a lot of money.
  • Exchanges are highly unregulated. They don’t have capital requirements like banks do and won’t get backed by anyone if they file for bankruptcy for whatever reason. If an exchange decides to lock your funds, or just runs with it, you won’t be able to do anything about it.
  • If you don’t trust banks, should you really trust some website on the internet with your cryptocurrency potentially worth thousands of dollars? And is the “comfort” really worth risk having your coins stored in an exchange?
  • It only takes a maximum of one hour and a USB stick to create a safe environment to store your Iota.

What is the goal of this tutorial

So, the goal here is to help you create an extremely safe environment for your IOTA light wallet to safely receive, send and store your funds. It is also explained how to create and store your seed without the risk of it getting compromised.

Since there is a lot of malware out there which isn’t even detectable by modern anti-virus software you shouldn’t use your everyday PC (or smartphone) to store highly sensitive information like your Seed.

To achieve this goal you’ll setup a Debian based Linux OS called Tails. It will be installed on an USB stick which will be live bootable – means you can start it from any PC you want and access your wallet in a matter of seconds.

What is Tails

Tails is a ‘live’ operating system, which you can boot from a USB stick. It focuses on preserving privacy and anonymity on the internet and also securing your data with state-of-the-art encryption.

It is designed to be used from a USB stick, so you can carry it around and start it up on any PC you want and won’t leave any traces doing so.

It was used by Edward Snowden during the NSA scandal to safely communicate with the outside and leave no traces.

Installing Tails

Since the developers of Tails have a really nice and user-friendly tutorial about installing Tails, I suggest you head over there for the installation.

One thing that isn’t covered though is, how to configure your BIOS to boot from USB instead of the hard-drive.

  • A typical method to access the BIOS settings is to press ESC, F1, F2, F8, F10 or DEL during the boot sequence. (the correct key should be shown briefly on boot-up)
  • Find the menu where you can set the boot order of the bootable devices. The first device in the order list has the first boot priority.
  • Make sure your USB stick is shown and has the highest priority.

Installing the IOTA wallet

Congratulations, the hardest part is done! Your Tails OS now should be set up and you’ll be able to get your light wallet up and running.

First you have to configure Tails for your needs. To do so you should create a persistent folder on your USB stick which won’t be reset by tails on reboot. There you’ll store your wallet files and other dependencies.

Create the persistent folder:

  • Click “Applications” > “System Tools” >”Configure persistent volume”
configure persistent volume
  • Choose a safe passphrase that will be used to protect your encrypted persistent folder
  • You want your persistent folder to store “Personal Data”, “APT Packages” and “APT Lists”
  • Save your settings and reboot
  • After the reboot unlock your persistent folder in the Tails welcome screen and set a root password as well. (it is only a temporary root password for your next session)
Tails welcome screen

Installing the wallet:

To make the installation and starting of the wallet as easy as possible you can use two simple bash scripts.

  • Navigate to your persistent folder, right click into the folder and select “Open in Terminal”
  • Download the installation scripts:

Type into Terminal: git clone

  • You should see a new folder “safe-iota-wallet” in your persistent folder. Open that folder.
  • Right click into the folder and select “Open in Terminal”. If asked for the password for amnesia, enter your root password.

Type into the Terminal: sudo bash

The script will install all dependencies and make them available on every Tails startup. From time to time you have to accept the installation of a new package by typing “Y” into the terminal.

The latest version of the light wallet will be downloaded from the official GitHub (This guide will be kept up to date if there is a newer version available).

Type into the Terminal: sha256sum iota_2.5.6_amd64.deb

Compare the shown SHA256 value with the one in the official GitHub to verify that the file is legit.

You can change the node your wallet is connecting to in the settings.json file. Just edit the value after “lightWalletHost:”.
Note: It should be an IP address, since proxychains has some problems to resolve DNS.

Starting the wallet:

Since the Tails OS is amnesic (means it resets the OS on reboot), you’ll have to install your wallet every time you boot up tails. Don’t worry, there is a script for that as well and it only takes seconds to have the wallet up and running.

  • Right click into the Iota folder and select “Open in Terminal”

Type into the Terminal: bash

Here is the explanation of what is happening in the script if you are interested in the technical part and maybe have some trust issues 😉

The script installs the wallet from the .deb file you downloaded in the previous step. It will also paste the settings.json file to the right directory, so you don’t have to setup the wallet on every start. Finally it is piping the traffic from the wallet through Tor using proxychains. Tails is configured to only allow inbound and outbound traffic through Tor, which makes you almost anonymous on the internet. I encourage you to have a look at the .sh files.

Congratulation, your wallet is all set now!
If you’d like to test your new wallet, you can send some Iota to this address 😉


You might notice the wallet being slower than on your desktop machine. The reason is the USB stick you are using is probably a lot slower than your internal hard-drive. So don’t worry if a transaction takes you a few minutes.

Safely generate and store your seed

To generate and store your Seed safely you should be using KeepassX, which is already provided by Tails.
Don’t use any only seed generator you might find on the web! Many people already got scammed that way!

  • Click Applications > Favorites > KeepassX
  • Click Database > New Database
  • Choose a safe password to encrypt your password file
creating a new database in KeepassX
  • Click “Add new entry” (Key symbol)
  • Title and Username can be whatever, I’ll call mine “Seed”
  • Right next to the password field click on “Gen.”
  • Set length to 81 and only select character Types “A-Z”
  • Make the password visible (click on the eye) and change a few letters to “9” since a Seed can contain the letters A to Z and the number 9
  • When you’re done click the accept button
  • Save your Database and store it in your Iota folder. It has to be somewhere in the persistent folder because otherwise your Keepass file will be lost on reboot

Congratulation, you’ve created a safe Seed! You can copy your Seed to your Wallet and login.

To access your Seed in a later session you just have to start KeepassX and open your saved Database in your Iota folder. Make sure you remember your password for your Keepass file though!

Make sure to also write your Seed on a piece of paper and store it in a bank vault or hide it somewhere good. USB sticks can have a lifespan of more than 10 years if you treat them right, but this is not guaranteed! If it fails on you someday you want to have a backup of your Seed!

If you should have any questions or problems setting this up you can reach me in the official Iota discord @onehitwonder or on Twitter @onehitwonderos

I’ll keep this guide up to date with new versions of the light wallet.