1/n I’d like to share my list of best practices when it comes down to depositing your 32ETH stake(s) and ETH2 staking. By no means is this list complete and most likely not everyone will agree on all of these points or find them applicable to themselves.
2/n So when in doubt please do your own research or ask someone you trust or reputable sources.
I will start with the general basic best practices, go on with more specific ones and share some advanced ideas on security more towards the end that may not apply for every staker.
3/n #1 Get yourself familiar with the process and tools for depositing and staking at one of the ETH2 testnets like the Medalla testnet or the ones that are about to be set up. This reduces the risk of running into problems when real stake is involved. Don’t rush things.
4/n #2 Make sure that you get all the information needed from reputable sources like the official Ethereum blog ( http://blog.ethereum.org ), the Ethereum deposit launchpad ( http://launchpad.ethereum.org ) or from folks that you highly trust.
5/n Only use official and audited tools like eg. the Ethereum deposit launchpad and the eth-deposit cli tool for generating your public/private keypairs.
6/n #3 Don’t be afraid to ask if you don't understand something. Ethereum has a great supportive community. You certainly will get help on r/ethstaker or on the ethstaker Discord server. But don't forget #2. Don't share secrets and always be vigilant of scammers or imposters.
7/n Now that we have talked about the general points let’s go over the best practices when it comes down to the generation of the keypairs.
8/n #4 I would recommend that you generate your staking keypairs on a machine that’s running a live (linux) distribution / a non-persistent system (eg. Ubuntu or Tails) and that is completely offline and disconnected during the generation process and after.
9/n #5 Use official tools for the key generation like outlined in the launchpad. If you use binaries check whether the checksum matches the checksums in the release notes. On linux use sha256sum to see if they match up.
10/n If you are technically sophisticated, clone the repository and compile / build from source.
11/n #6 Either write down the mnemonic / seed phrase or save it encrypted eg. on a thumb drive. Make sure no third party can get to know it. Make sure cameras are offline / covered and microphones turned off during the key generation process.
12/n #7 If you have a mnemonic that you used for a hardware wallet, you can use the same. This way you only need to keep this one mnemonic safe. Keep storing the mnemonic at a safe place.
13/n #8 Never type the seed phrase or store the mnemonic on a hot device, so a device that has a connection (or will have) to the outside world. Never type the mnemonic in a field that has an autocorrection. Don't print the mnemonic as your printer may have a persistent storage.
14/n #9 Try to regenerate your deposit file and keystore file from the mnemonic you wrote down. Eg. use the command existing-mnemonic if you use the official eth-deposit-cli tool. See whether the resulting files match the original ones.
15/n Timestamps may differ so check in the keystore file if the public key matches. This makes sure that in case you lose the signing key after the deposit, you can regenerate it and generate the corresponding withdrawal key at a later stage.
16/n #10 Save the deposit file and signing key / keystore file on clean thumb drives. The keystore is encrypted with the password you choose during the generation process if you used the official eth2-deposit cli tool. Make sure you remember it.
17/n Advanced: Put deposit file and keystores on separate thumb drives. This way the keystores only need to be connected to the actual staking machine to transfer the signing keys later on.
18/n #11 Safely destroy any additional copies of the mnemonic that you might have created and no longer need. Advanced: Only continue with the deposit process once the mnemonic is at a safe place. You don't need it for the depositing process.
19/n Now that you have securely generated your keys, let’s go over the best practices for the depositing process.
20/n #12 Let’s start with some preparations so that you don’t accidentally doxx yourself. Take into mind that the deposit happens on a public blockchain. So all txs are traceable.
21/n If you don't want everyone to know how many and which validators you are running make sure not to deposit from an address that can be linked (easily) to your identity.
22/n That may include not depositing from addresses linked to ens names or are linked to addresses that you used in the past. You might want to consider using mixers or sending your funds from an exchange to a clean address.
23/n Advanced: For example, you can use @TornadoCash with the relayer option to send funds to ‘clean’ addresses.
24/n #13 Advanced: If you plan to deposit more than 1 validator consider sending your funds to separate addresses each 32ETH + a little for tx fees or variable sized chunks multiples of these. Consider sending funding and deposit txs at different times.
25/n With these steps you make it much harder to link your different validators to you by chain analysis.
26/n Now that we have the keys securely generated and the funds ready, let’s talk about the deposit process itself.
27/n #14 If you have a hardware wallet, send your deposits from that. Think about this during the process of funding the addresses in the preparation steps see above.
28/n #15 Use official tools like the Ethereum deposit launchpad to make your deposit.
29/n #16 Make sure that you understand what the risks are and what the consequences of the depositing process are for you. When in doubt see #3.
30/n #17 Make sure that you are depositing to the correct deposit address. Triple check the address you are about to depositing to against the address you find from official and reputable sources, see #2.
31/n The deposit contract address should start with eight 0s followed by 219 and should end in 5fa. But don’t take my word on that, check it against other sources.
32/n # 18 If you plan on depositing many validators make sure to use appropriate audited tools like ethdo. Esp. if you want to deposit in chunks, e.g. 10 today and 5 later, pay attention that you don't accidently deposit for the same validators twice.
33/n Consider generating separate deposit files for each chunk, eg. during the keypair generation process.
34/n #19 Use tools like @beaconcha_in or @BeaconScan and eth1 block explorers to monitor the deposit status additionally to the depositing tool, eg the launchpad.
35/n Now that you have successfully deposited your stake(s), let’s talk about best practices for the staking itself.
36/n #20 Consider running a non-majority ETH1 node and a non-majority ETH2 beaconnode for contributing to a healthy client diversity.
37/n Particularly, running a non-majority ETH2 client also reduces the risk of having a failure at the same time as the rest of the network which is generally penalized stronger in ETH2.
38/n #21 Have your whole setup that includes besides other stuff your ETH1 node, your beacon node and your validator client all setup ahead of time before the genesis launch in case something doesn't work or you need to re-setup.
39/n #22 When staking from home contemplate whether you need precautions about hiding your ip. Network analysis allows attackers to identify which validators belong to which machine/ beaconnode / ip.
40/n With ip geolocation it is often easy to find even the location you are staking from. Use vpn services or other means to hide your ip when staking from home.
41/n #23 More advanced (for ‘highstakers’): Consider sending out signed msgs, that can link a validator to an ip / machine by network analysis, through a lightweight ETH2 network client on a seperate system.
42/n You might want to use multiple of these lightweight network clients to send out the signed msgs (rotating) and / or have them on different vpns with rotating ips. This reduces the risks of targeted attacks.
43/n #24 When staking from home consider (esp. common or high cost) failure situations like power outage or internet disconnection. If you are running many validators consider setting up a failover internet connection and think about installing a battery UPS.
44/n The latter not only helps you stay online during power outages and often protects your hardware from power spikes but also reduces the risk that your validator db gets corrupted during an outage.
45/n #25 Test a migration from one client implementation to another on a testnet for practice.
46/n #26 Advanced: Think about backup procedures/processes of the validator db. A live sync backup system might spare you a headache in case of a disrupted validator db.
47/n #27 Think of all the failures you can think of that might affect your staking and have protocols in place for at least the most common ones and for the ones that have a high failure cost.
48/n This might include having redundant / spare hardware at hand or having a failover internet connection. If you happen to live in a place where natural disasters are not unlikely, have appropriate plans at hand on how to handle possible disruption.
49/n #28 Think about securing the OS. Setup firewalls and port rules appropriately. Reduce the amount of publicly exposed ports to a minimum. Check for system / software updates regularly.
50/n That particularly means making sure that you keep yourself updated on ETH2 related issues like client updates, forks etc.
51/n #29 When staking from home keep the firmware of your networking hardware up to date. Open only ports needed.
52/n #30 Think about setting up a monitoring system so that you can monitor your validators and system health. Set up a notification system for failure events that fits your needs.
53/n #31 Think not only about Eth2 phase 0 but educate yourself what the roadmap looks like and how you will need to adapt your setup. Think ahead.
54/n #32 Find the best staking solution for your needs. If you think staking by yourself is too complicated, inconvenient or you don't have the funds for 1 stake educate yourself about the staking services that are out there.
55/55 Thats it. These are the best practices I have for you. If you have some that I didnt mention, please feel free to add them 🙃
56/55 Honorable mention: @hudsonjameson Don't break your ledger during the depositing process. 😅
57/55

I have put my tweet storm in a more readable format here:
https://docs.google.com/document/d/1WZuP-K0S4RKlwH4GQVcGpgzVYPdpZF0WiHsawnmOKxM/edit
Feel free to comment on it. Happy 🥩ing!
ETH2 staking - best practices

ETH2 staking - best practices Contact: You can reach me at @phil_eth on twitter or phil.eth on the ethstaker Discord I’d like to share my list of best practices when it comes down to depositing your...

https://docs.google.com/document/d/1WZuP-K0S4RKlwH4GQVcGpgzVYPdpZF0WiHsawnmOKxM/edit
You can follow @phil_eth.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.