Ok, well we already have some BTC in our wallets. It is time to know how to protect them well, because in Bitcoinland there is a very good saying: NOT YOUR KEYS – NOT YOUR BITCOINS. And if you are going to ignore this saying … well, you are going to pay dearly for it. I ask you please DO NOT use “banks for your BTC”. In Bitcoinlandia YOU are your own bank.
If there is a wallet that you access through a website, it is NOT safe and it is not recommended to use it.
If there is a wallet that does not let you control your BTC keys, this is NOT a wallet, it is a fucking bank and it is recommended NOT to use it.
Special Notice: DO NOT USE Coinbase! And I say seriously! Here are all the reasons why you do NOT have to use this “BTC bank”
You have to stop acting as usual with the banks: “oh well I put the money in a bank and they take care of everything …” Bad, very bad this type of thinking. Bitcoin is PROPERTY and must be treated as something yours, personal, not transferable. So learn to use it well and very important: protect it. Stop crying and saying that “I am not capable of doing this” or that “technology is not good for me”, these are just excuses and it does not solve anything. Get the batteries and learn to use this technology. If you manage the fucking Facebook, well you have to do well to manage the BTC. If you do not understand this aspect, then Bitcoin is not for you. If you ignore this aspect, you will lose ALL your BTC. This is not a joke!
Another important aspect: NEVER have only one copy of your backup copy of your seed keys. Always make more than one copy and keep it in different places. You never know what will happen to you.
As a general recommendation: use a “password manager” as a copy. This is an offline application (do not use types of password manager online / in the cloud) that you can have at hand at any time, both on PC and mobile. KeePass is one of the best with versions for PC, Mac, iOS, Android, Linux. There you can store not only data about your BTC, but also other used passwords. It also has a complicated password generator and with the master key, you open everything, you don’t have to remember all the passwords. You can take the same database file (kdbx) to your mobile or simply keep it on an encrypted USB memory and open it from there. It is compatible with all versions.
If you want to be even more “paranoid” about security, you can use an OS that is always “clean” and out of other eyes: TailOS – a simple version of Linux, installed on a bootable USB stick. This OS already contains the Electrum wallet, but you can also use it as your own emergency OS and use any other wallet. If your PC is infected, or you are not sure of its “cleanliness” or you are simply using another PC that is not yours and you do not want to leave “traces” with your BTC there (public PCs or other people), then you simply connect this USB and boot with TailOS as if it were your PC. Sure, you have to know how to boot a PC with a USB and NOT with its hard drive OS. A presentation on TailOS here.
2FA – Another recommended tool is to use a 2FA (2 Factor Authentifier) system. This means that to enter an account (email, exchange, web) it is necessary not only the username and password, but a 6-digit code that is generated every 30 seconds, linked to this account. Normally almost all exchanges have it and it is okay to activate it. You simply download a 2FA app on your mobile (or a security mobile, apart from the one you normally use) and pair the account with the app.
Remember! Save the information of your 2FA account, to be able to recover these codes in case of loss of your mobile. Normally when you are given the option to pair your mobile with the account, you get a QR code or a code of letters and numbers. Save these in your Password manager. If you lose this data, it will be almost impossible to recover your account!
Examples of 2FA apps:
There are many ways to protect your BTC seed keys. And each one can adopt the options that we are going to expose here or change them as it suits him better in his situation. These are proven methods (in many years of Bitcoin history), and everyone can do it in their own way, it is not something “standard”. But as a general rule we recommend separating your BTC into 3 parts: HODL, Cache, Mobile. Each part has its protection methods and you have to think like a new banker, now you are managing your bank and a bank always has different levels of volume and access. Think like a bank and act like a bank. Here is also a guide on how to save your BTC.
1. Wallets HODL = hold = Savings.
- This is your “central bank”, the one that has your savings, your treasure, the “fattest” part of your money, that you are not going to move it for a long time, that stays there waiting for the moment when you really need it.
- These wallets are the ones that are normally almost never connected to the online world. Online wallets are always exposed to phishing attacks, malware, key theft, device hacking. People lose their BTC, because they lose control over their devices, NOT because BTC wallets are not secure. Almost all wallets are safe and offer more advanced security options or not. But the weak point is in the user who does not perform the security steps.
- Here you deposit the BTC that you think you are not going to move, for a long time. But you do not deposit here directly from the sources of income (exchanges, ATMs, sales etc). Here they come (only) after you have done a good coin control and “cleaning” in the wallet cache (we will talk about this cleaning in another dedicated guide, which is called “mixing / coinjoin / wasabi / samourai“). You can skip this step, if you are not so concerned about extreme “privacy” of your BTC.
- HODL wallet types:
- Hardware wallet (HW). It is like a USB memory and inside it has a security chip that saves your seed keys. When using it, at the time of doing some tx, it asks for a password. In the wallet guide we are going to put it in more detail. The best known are: ColdCard, Ledger, Trezor, KeepKey, OpenDime. A more complete list of HW here. These are the easiest wallets to use for people who do not want to worry much about security, but who do not want to leave this aspect in the hands of others.
- Paper / steel Wallets. They are the wallets in which you write the keywords and keep this medium, whether it is paper or steel, in a safe place, with copies if you can better.
- Entropy. Mycelium Entropy USB is an offline device that can generate BTC addresses directly with a printer. Here the user manual.
- Steganography. It is an advanced method of hiding your keys inside an image or document file. It is based on an algorithm of introducing additional bits to a file and protecting it with a password. This can be done with several applications and the simplest and most open source is OpenStego. Here is an example, this photo of some pretty cats, contains 1BTC, inside the file are inserted the keys of a BTC address. I can send this photo to anyone (it is necessary without digital alterations) anywhere in the world, without anyone knowing that this photo contains 1BTC 🙂 Or I can even have it as a desktop background or in a digital box. In PLAIN sight! But always with copies!
- Shamir’s Secret Sharing. It’s a method to split the seed into parts. More details here. Also now we have a nice tool that help us to encrypt that Shamir Secret Sharing: is named Shush.
- USB stick memory. If so, a simple USB memory, but BEWARE, encrypted. If you don’t want to spend money on expensive HW, you can use any USB memory (with copies!) where you can store your data on your BTC wallets. There you can put your kdbx file from the password manager, or simply files with your data. I remind you: DO NOT LEAVE this memory open, always keep it encrypted. Here is an example of how to encrypt a USB memory with Windows, and how to encrypt a USB memory with Ubuntu Linux.
- Madness in plain sight! If so, it’s crazy. What if I tell you that I have in 3 sites on the internet, in plain view of all, in some texts, such as this page for example, where within the text, I have inserted 12 words of a seed? Because that’s. You can simply use the 12 words in English, which are from the linguistic dictionary, to write a beautiful text, a love letter, a story, a literary work, a blog etc. and only YOU know the position and order of these words. Let’s say you already have a HW, but you’ve lost it. Well, if you already have the words of the recovery seed in a text published somewhere online, then you simply access this text and extract them. You do the same if you want to send someone BTC, but you don’t want anyone to know, absolutely no one. You simply send him this text as an email. Nobody is going to realize that it can contain the keys. Even if you think about it, they have many years of trying until they can find the order …
- Phrase within another sentence 🙂 Another little madness, you can use, for example, a phrase from your text “Madness in plain sight” and put it in Passphrase.io This algorithm (which is open source and you can take it offline if you want) makes an encryption of this text resulting in another text. An example: I put in passphrase.io the text “this is a test”, which turns it into “this is my 12 word password”. So again hiding text in plain sight but this time a little more “hidden”. They also have a mobile version.
2. Cache / medium / intermediary wallets
- Here is the site of “management”, the “commercial bank” intermediary. Here you receive most or all of the largest income in BTC, to be able to categorize them. Here you receive from exchanges, when you exchange EUR for BTC, here you receive some sale of products with your website.
- From here you start moving parts of your BTC: in HODL (large parts), in mobile wallets (small parts) or simply leave them here in the middle, for the next necessary movements.
- Normally these are wallets that are used on PC, due to the functionalities of the available applications and the higher level of security than a mobile wallet.
- These wallets are always used onchain, but you can send to your LN wallets (each one has an onchain deposit address)
- Types of Wallets Cache:
- Electrum – one of the best and easy to use for this type of transaction. It has coin control, address labels, master password to enter the app, it has change control, fee control and other very good features. Now also the new version has LN.
- Wasabi – one of the BEST of the best in terms of privacy of your BTC transactions. With this you can manage the BTC that you have bought from KYC exchanges and want to lose tracking. This is for “advanced”.
- Specter – Is a desktop software application, which connects to your Bitcoin Core node. Specter Desktop functions as a watch-only coordinator for multi- signature and single-key Bitcoin wallets.
- Fully Noded – Self sovereign, secure, powerful, easy to use wallet that utilizes your own Bitcoin Core node as a backend. Providing an easy to use interface to interact with your nodes non wallet capabilities
- Sparrow – is also unique in that it contains a fully featured transaction editor that also functions as a blockchain explorer. This feature not only allows easy editing of all of a transaction’s fields, (including for example locktime and sequence), but importantly viewing the hexadecimal representation of the transaction at all times with detailed highlighting.
- Bitcoin Core – it is a Wallet Node, also with coin control, labels, fee control. But it is also for a little more advanced, and it needs a lot of space on your hard drive because it is downloading an entire copy of the blockchain, and it works with this copy always, which is also then synchronized with the entire Bitcoin network, always downloading the last blocks. This wallet also serves to verify transactions and include them in the blockchain. But this is done automatically, you as a user do not have to worry about this.
- Armory – this is also a wallet which works with a copy of the blockchain, so it needs a lot of space on your hard drive. It is a little more advanced than the Bitcoin Core, in functionalities and interface, but it does the same, except for the official verification of the txs.
3. Mobile / daily wallets
- These are your “pockets” from day to day. Where you normally spend and it is recommended with LN (Lightning Network)
- Here it is not necessary to have large amounts of BTC, only what you think you are going to spend in a short period.
- It is not because you think that mobile wallets are not safe. No, these are as safe as others, but mobiles are often lost, broken, stolen, etc. And it is not very comfortable and recommended to walk with all your BTC on a mobile. Also if someone (bad) sees that you have many BTc on your mobile, they can rob you, threaten you, etc. Better to play the role of “poor man” who does not have much 🙂
- Examples of mobile wallets:
- Mycelium – very good and easy to use, supports HW connection, currently does not support LN
- Samourai – very good for more privacy and coin control, does not support LN
- Green Wallet – very good and secure, multisig, does not support LN
- Electrum – if you want the functionalities of the Electrum desktop, here you have its mobile brother, you can also use the same desktop seed
- Blue Wallet – a double wallet too, onchain and LN, supports LNURL, LNtxBot wallet, custodial channel, proprietary channels
- Eclair Wallet – one of the first LN wallets, very good.
- Phoenix Acinq wallet – one of the most simple and easy to use, for newbies, unique interface for onchain and LN
- Zeus – double wallet, onchain and LN, but it works only with your own nodes
- Spark – double wallet, onchain and LN, but it works only with own nodes
- Zap – double wallet, onchain and LN, but works only with own nodes
- Some comparison lists of wallets here: