Electron Cash as an offline wallet. An alternative to Ledger hot wallets.
Read at the bottom the best option.
Ever since Ledger Nano hardware wallet gave us the bad news their wallets can now be compromised by their firmware updates if it is not that they have already planted compromised firmware in our devices, I have been looking for a solution that could give peace of mind when using my cryptocurrencies.
For everything DeFi that is compatible with EVM and Ethereum, I found a very simple solution AirGap Vault, and either Metamask or Rabby. I must add that if you are going to use QR code-based wallets you disable force dark mode in Chrome otherwise you won't be able to read the QR codes just a tip for reading this far.
For Bitcoin either Legacy or SegWit, I can use the AirGap Wallet and I will have full support out of the box, but for Bitcoin Cash BCH is where I have been having problems trying to find a solution that meets my needs.
My temporary solution until I find the best solution just for Bitcoin Cash will be to continue using Ledger as a hot wallet meaning it will only be a transition wallet and funds should not sit there for more than a day. And use AirGap Vault as a long-term saving wallet. For Bitcoin Cash, I must use AirGap this way because if I want to spend my funds I must go and input the private keys into Electron Cash or any other BCH wallet and spend my funds that way, but that means I must discard my private key every time I used my funds.
Enter my old computer which can run Windows 7 at least or Linux Ubuntu 22.04, it is old but still works and as a second device to store my private keys it could be a good option.
I deleted everything on my old computer, and I didn't connect it to the internet since the moment I install a fresh copy of Ubuntu 22.04. I installed Electron Cash with my AirGap Vault private key, I can't see the transaction in that wallet but on my online computer, I have a watch-only wallet. So on my watch only I can see old the transactions, and I can start the process if I were going to send a transaction out and hit preview, an option will appear where it says "save". I have that as a file and I move that to a USB stick.
I go into my offline wallet instance and I load that transaction and I sign it, and once again, I copy that file once it is signed by my private keys, and come back again to my watch-only wallet and I load the signed transaction and I hit broadcast and just like that, I sent Bitcoin Cash from an offline computer using one that is connected online.
The risk here is that to transfer the files so that you can sign them with your private keys is that your USB drive could be compromised at some point. I am using Linux on both computers and also I formatted the USB stick to be a Linux-only partition with a password, and that USB will only be used to transfer those files from one computer to the other one. I would not trust Windows computers at all to do what I just did because infecting USB sticks with FAT or NFTS is easy.
The Best Option.
Use two mobile phones. Yes, one will be always offline and the other will be online with a watch-only Bitcoin Cash address. And just like that, I have solved the issue that Ledger gave me, now I can go in peace because I know that for DeFi I have AirGap Vault and also for Bitcoin. And for Bitcoin Cash, I can use Electron Cash mobile as a 100% air gap wallet.
I think that you should try it. Just remember for the air gap option to work you must not connect to the internet, it is better if your device that will hold the private keys is new and has never been online make sure you suitable USB in your phone by going to developers' options and putting to always use charging only, enforce OEM on your phone, use a strong password, letter, numbers, and symbols and also use strong passwords in the wallet itself.
And even better in your Vault or private keys use passphrases that have never been used before online, don't reuse passwords, and save a copy of your seed phrases in a secure place not online.