In a previous post, I explained why you should only perform Monero transactions using a Monero GUI wallet inside a Whonix Workstation. Read that to get a basic understanding of Whonix. I want to expand on this and explain how to protect that wallet from thieves and law enforcement.

Your Whonix Workstation's hard drive is stored in a Virtual Disk Image (.vdi) file. This file contains your XMR wallet and everything else on your Whonix Workstation. You should create a VeraCrypt container, which is an encrypted container, and store that file inside it. I also recommend storing anything related to Whonix, such as the .vbox and .vdi files for the Gateway and Workstation, logs, and shared folders, inside the container.

To make this easier, create a VeraCrypt container of the appropriate size before installing Whonix. Then mount the container and set the mounted directory as the location where Whonix will be saved. You can then back up the container with a single copy and paste action to a USB drive, external hard drive, or cloud storage.

This approach is better than hardware wallets because it can be just as secure, if not more secure, while giving no indication that you hold cryptocurrency. Consider a scenario where you are crossing a border and must declare if you are carrying more than USD 10,000, including cryptocurrency. Which would draw more suspicion from a customs official: a regular USB drive or a Ledger Nano?

It is also better than full disk encryption. There have been repeated reports of full disk encryption being compromised due to zero day vulnerabilities or developer cooperation. VeraCrypt has a narrower scope, its code is open source and audited, and it has been tested in legal cases where law enforcement was unable to access the contents of a VeraCrypt encrypted container or drive.