How to do offline transactions?

Hello. I intend to act as an escrow, holding money for third-parties while contract discussions and disputes are being settled. However, losing the money held in custody could harm my reputation beyond repair, to specify the bare minimum of the consequences for it. I do not trust any computer device I own, so I’m trying to come up with a setup for safely handling these funds. This will certainly require signing transactions in a computer that is not connected to the Internet, but this seems more annoying than it should be.

PLAN TO SAFELY TRANSFER LITECOINS USING AN AIR-GAPPED COMPUTER

The core of this plan is to have two computers: one is computer #A connected to the Internet and is used solely for seeing the current situation of the distributed ledger. The other one is an air-gapped computer #B disconnected from all networks, and simply holds the private key for signing transactions. When the need for making a transfer arises, I’ll create on #A an “unsigned cheque” document, save it in some detachable device and then move that device through the air gap from #A to #B. Now, with #B I’ll open the “unsigned cheque” document and carefully look at all of the details and see if all of them are correct. If they are, I’ll use the private key to make a “signed cheque” document, save it on the detachable device and move it from #B to #A. Now, on #A, I’ll simply broadcast the “signed cheque” document in order to make the transaction go through and we’re done.

I explicitly reject using USB memory sticks for transfering data through the air gap, since they need executable code in order to be set up. USB devices need first to present themselves and then the operating system decides which device driver to use. There is a non-negligible chance that a USB memory stick could be compromised to present itself as something else and exploit that for privilege escallation somehow. Instead, the data transfer through the gap will be done with SD cards, which only have the explicit purpose of storing data.

WHY I’M PARANOID TO THIS LEVEL FOR A REASON

Without getting into too much details: I have been hacked once, and the malware that targeted me was finely crafted enough to shock me and change my perception of reality. These hackers allowed me to go on with my false sense of security just for striking at the right moment (but it’s alright, I provoked them in order to see some reaction and they kinda overreacted for some dumb provocation and used their full force on me). I don’t know to which extent my then-computer was compromised. Was the firmware of my motherboard corrupted with some rootkit installed on it? They have demonstrated that they could render my computer useless at will, because they shut it down and, when I tried to turn it on again, it would not boot, not even present any video on the screen. The LED light that indicated that the hard disk was being read was powered on without stop, which is an indicator of a corrupt BIOS trying to find a file for flashing it. Nowadays, I have means to recover from this (I now know how to flash many motherboards using a cheap CH341A flasher), so recovering from this attack would be more simpler now. Back then, I didn’t have the means nor the knowledge for that, so I did what I could: I picked up some spare computer parts and assembled a new computer. I reused the hard disk from the previous computer on purpose, in order to understand the depth of their attack. Will this new computer that is reusing the old hard disk fail, just like the other one? I installed the Linux distribution that I usually use while not connected to the Internet, in order to see if it would trigger something on its own. Nothing happened, I successfully reinstalled the OS. Will it be rendered useless once I connect it to the Internet? There could be some program that sends a message to some server and asks if the present computer should be the target of an attack. With the computer now working, powered on and presenting the desktop screen, I plugged-in the RJ45 cable. Nothing happened and I’m now able to navigate the Internet and even update the packages in the system. Is that it? Is the malware gone? Have they installed the rootkit more close to the surface so that it can be wiped out by erasing the data in the hard disk? I turn off the computer and proceed to do something else, but the biggest surprise came when I turned it back-on later. Before anything showed up on the screen, the computer became unusable, just like the previous one!

They don’t even need the BIOS or the OS to run the exploit! How is that possible? The malware probably uses executable code that is stored in the firmware, in the Option ROM space, which runs with the same privileges as an operating system. I saved the hard disk, in the event I’m able to inspect the firmware in the future.

So, the reason I’m being this careful when it comes to handling cryptocurrencies is because I know the existing hardware infrastructure to be deliberately unreliable and nobody takes seriously the importance of having projects such as Libreboot, which would harden the security by making the firmware more reliable and significantly reduce the attack surface.

So, is there anyone here that has some experience on doing something like this and could kindly share insight with me?

I would use Electrum wallet tied to Trezor or Ledger hardware devices so the seeds are not exposed. I would set up a 2 of 3 multi-sig wallet that the buyer, seller, and you each can sign transactions with your own hardware wallets. You can do this remotely, no need for you all to be in the same location. The address of the wallet is given for deposits, the funds can only move with 2 of 3 signing. Either the buyer and seller can agree and both sign, or you and one other signer can release funds. When building the electrum wallet each person can add a passphrase to their devices seed, and the wallet itself can have a passphrase to have access and even see the wallet. You can combine this with the extra passphrase that is a feature of the newer Ledger and Trezor devices.

Thanks for the suggestion, but this won’t work, since I’m planning to be a escrow for a multitude of people. Every individual in this crowd will contribute an amount to a particular address that I hold, thus it’s somewhat impractical to use multi-sign here.

Also, I’m always on a budget, so I was hoping to simply reuse the spare computers parts that I have to solve my problem, without spending on more devices.

I don’t see a problem with that. Obvously to transfer Crypto online you need to be, once you have established a wallet, you save the keys, the passphrase and you have the coins secured the ones which are on the respective blockchain.

That’s the illusion of security. Hardware is unreliable and the hackers let you think that you are safe, in order to strike at the moment where it’s worth more. I’m looking for protocols that wil allow me to transfer Litecoin while not assuming that the hardware I’m using is safe (an assumption that turned out to be false and has cost me a lot in the past).

Once you go online you are vulnerable to attacks just that is not automatic. Have a Laptop only for your escrow and disconnet ist after the action.