-
In the past few years i have struggled a lot to find "the right" way to store bitcoin. There is a lot of advice on this topic scattered around the web. I have consumed it, i have tested it and i have discussed it. Here is what i found to be the best practices to store your bitcoin as a newbie or intermidiate. I have split this up into two parts: - Part 1: Essentials - The absolute bare minimum requirements you need to implement ASAP (this post) - Part 2: Recommended - How to upgrade security and what mistakes to avoid (coming soon) Let's start with the Essentials ... # Part 1: Essentials I assume you already know a thing or two about bitcoin if you read this post, so i skip the obvious "No your keys not your coins" stuff. These are the absolute minimum safety requiements. If you have not implemented these, stop everything you do and follow these steps immediately: ## 1. Use a hardware wallet Hardware wallets are specificly built for one single purpose. To secure your private keys and thuss the access to your bitcoin. ### Do i really need a hardware wallet? Short answer: Yes. Long Answer: It depends on your funds. If you only have bitcoin worth a few hundred bugs, it might not be necessary. A hardware wallet costs about $50-200. But as soon as you feel uncomfortable, you should get one. It is an individual decision. Like someone doesn’t bother running around with a few thousand dollars in his pocket and another one feels uncomfortable with even a few hundred. BUT it is good practice to treat the security of your funds right now as if they already were 10x. As a 10x can happen pretty quickly, as we have seen in the past two years, and you don’t want to do security upgrades in a rush and from a point where you feel unsafe. This leads to mistakes which can lead to total loss (for example sending to a wrong address). Self custody is the first an most important rule to follow if you want to keep your coins and [become a whole coiner](nostr:naddr1qvzqqqr4gupzqar2y3ddy98xj55723803fp8vmz4ldst088sptgxgzg9qdagmze5qqsnyvfdwf6kcetn946x7ttzv43k7mt994sj6amgdakx2ttrda5kuetjjq7gmc). If you can't afford a hardware wallet now, at least use a hotwallet ... ### Can i use a hotwallet instead? Hotwallets are wallets, that are connected to the internet, like Apps on your PC or smartphone. They are considered not to be as safe as harwarewallets (so called coldwallets), because if something has no connection to the internet, there is a huge part of risk being taken away. But hotwallets are still way better than leaving your funds on an exchange because with a hotwallet you get the keys to your funds. With exchanges you only get an IOU aka a promise from the exchange. And we have seen how that ends with MountGOX, FTX, Celsius, Blockfi and various others ... Use hotwallets rather on smartphone than on desktop device, as smartphones are a little more secure. A few good ones i could recommend are Blue Wallet, Green Wallet and Exodus but there are a lot of good solutions out there. Just make sure to get a 12 or 24 word seed recovery phrase when setting it up so you are really in full control of your funds. But if you can use a hardware wallet, rather choose that. ### Which wallet should i get? I did try a few but not all of them: - The one i would recommend the most at this point in time is the [Blockstream Jade Classic](https://store.blockstream.com/products/blockstream-jade-hardware-wallet) as it comes with almost all possible features you could imagine for a very reasonable price. You can even use it completely airgapped wit QR codes and use it without keystorage like a SeedSigner. I will touch on those features later on in part 2. nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n is also very active on nostr and provides good support for us plebs. - Coldcard is also a hardware wallet i hear a lot of good stuff about. - As well as the BitBox02 Bitcoin only edition. - Trezor has had some security issues regarding to not having a secure element. I am sure they implemented a solution in the meantime, but i am not up to date with this so i can not recommend it without any doubt. - Ledger devices were generally considered safe but they had multiple security related incidents such as leaking customer data or admiting to be able to extract your seed from the wallet. The fact that they allow to store other crypto currencies, also introduces a bigger attack surface. Thuss i don't recommend using a ledger. If you only have a ledger it's still better than leaving your coins on an exchange though. - SeedSigner, as described, is more for advanced users or if you really want to dig into it, in my opinion. You could also use the Blockstream Jade as a SeedSigner. ### Where should i buy? This is important: Order hardware wallets ONLY straight from the store of the manufacturer. Any middleman or additional steps in the delivery process increase the risk of your device being manipulated. If you are really paranoid about this stick with Coldcard or the new Jade Plus as these models have a build in mechanism to check if they have been tempered with. Also consider using a postbox or working address when you order a hardware wallet or any bitcoin related stuff in general. The less people know that you own bitcoin, the better. ## 2. Use single-sig wallets Backup your 12 or 24 words seed phrase and store them in a secure place (safe from theft, fire, water AND CHILDREN etc. i will get to how to achieve this). Most cases in loss of bitcoin happen because of the loss of access to the keys. Not because of theft. So the biggest risk you should care for is that you don't lose access to your keys. And how do most people lose access to their keys? They either ... 1) make the backup too complex so that themselves or their heirs have no clue how to restore it or 2) they are too lazy with their backup so that a flooded basement, thrown away harddrive or deleted photo causes them to loose their bitcoin forever. Yes there are usecases for multi-sig set-ups and yes it introduces a better level of safety but it also introduces a higher risk of loosing your funds because of complexity. As a newbie or intermediate you don't have to dig into this complexity. You can, but unless you understand very well what you are doing, i wouldn't recommend using multi-sig wallets. Remember: 99% of bitcoin losses don't accure because of theft. If you still feel the need to add a little more security for this aspect, i recommend using a passphrase instead, which has also it's own trade-offs, as we will discuss in the recommended techniques in part 2. ## 3. Secure your wallet with a good PIN Don't choose your mother's birthday as your PIN or anything else that can be social engineered. The more random, the better. And the longer the better. If you use multiple hardware wallets, also use different PINs for them. PINs on their own are generally not a very good method to protect anything. A 4 digit PIN for example only gives 10,000 possible combinations (from 0000 to 9999). A modern computer can try these all out pretty fast. BUT fortunately most wallets have a solution for this: If you enter the wrong PIN multiple times in a row they will reset to default and erease the stored keys. Thuss an attacker has only a few tries. Wallets that i know of doing that are the Blockstream Jade or the Coldcard for example. Both also provide the option to set up a specific wallet erease PIN that clears the wallet when entered once. Maybe consider these factors when choosing a wallet. ## 4. Backup your seed WELL Backup your seed phrase offline, with pen and paper. Better yet on steel (more on that in upcoming part 2). But make sure that your seed phrase is NEVER being put into or shown to a device other than your hardware wallet. NEVER EVER! Don't make a picture of it to store in your cloud, don't safe it in your notes, don't think you are safe storing it in an encrypted file. You are not. Do it offline and keep it offline. Always. Now let's talk material ... ### What material should i use? Paper can burn, suffer from contact with water, be blown or thrown away and be destroyed from all other sorts of things. I found the safest way to backup a seed phrase is by hammering it into a stainless steel plate. These steelwallets don't break the bank like some fancy Cryptotag or other known brand backup solutions do and in most cases they are even better. Espacially when it comes to the backup style: ### What way to perform the backup? Plain text, letter by letter, hammered onto a steel plate. See part 2 for more details on why this is the best method. ## 5. Test your backup Every owner of a substantial amount of bitcoin should have restored his wallet at least once! Make sure you know how to get your funds back in case something goes wrong. Especially if you do more complex things like passphrases (which we will cover in part 2) but also if you only use the 12 or 24 word seeds. The way i like to do it is as follows: - Step 1) When you have set up your wallet, send a small amount of sats to it. This is a good practice anyway to make sure everything works as intended before sending larger amounts. - Step 2) After your wallet has recieved the small amount reset your device to default. That means completely whiping it. MAKE SURE YOU HAVE BACKED UP YOUR SEED WELL! - Step 3) Restore your wallet with your backup. - Step 4) [optional but recommended] Send that small amount of sats back to verify that you truly have full control over this wallet. If you can access (and control) the small amount of sats, your backup works and you can now send larger amounts. This is also a good way to test if you have properly backed up your passphrase, in case you are setting up a passphrase wallet. ## Now what? When your funds grow bigger, eventually you will ask yourself: "Is this secure enough?" If you are in that position, the recommended methods in part 2 will help you upgrade your security and avoid common mistakes which could put your coins at risk (part 2 will be linked here as soon as it's available). ## What have i missed? Do you agree with these essentials on how to store bitcoin? Did i miss anything? Please let me know and help to refine this set of rules so we can help more and more people to become souverein bitcoin holders.