Getting started with secure storage and distribution of bitcoin

Getting started with secure storage and distribution of bitcoin

By Tristan Borges Solari · 6/20/2024

Self-custody is the key to maintaining control over your Bitcoin funds. However, it comes with the responsibility of securing your sensitive materials. It's straightforward to manage your Bitcoin while you're alive and well, but what if the value skyrockets or you become incapacitated? Are your funds secure, and will they reach the right people?

At Bitcoin Well, a non-custodial bitcoin-only exchange, we understand the importance of self-custody. The information in this article will help you understand how to securely store and distribute your bitcoin, ensuring your funds are always under your control.

Here, we explore how to avoid losing your Bitcoin once you're in control. While organizational needs may vary, the principles discussed are widely applicable. This guide starts with the basics, gradually increasing in complexity. I will also address both hot and cold wallet setups, using BlueWallet and COLDCARD as examples. 

Basic Setup

A single-signature wallet scheme, different from multisignature, is sufficient for most users. I’ll provide brief definitions for newcomers before expanding on the basic setup.

Understanding the terminology

Single Signature Wallet: A single-signature wallet requires only one private key to authorize transactions, making it straightforward but reliant on the security of that single key.

Multisignature Wallet: A multisignature wallet is one that requires multiple private keys to authorize transactions, enhancing security by distributing control among several keys and reducing the risk of a single point of failure.

Hot Wallet: A wallet is considered “hot” when the private key is held (typically encrypted) on an internet-connected device. This allows for easy access and transactions but makes it more vulnerable to cyber threats.

Cold Wallet: A wallet is considered “cold” when the private key is kept offline, providing enhanced security against online attacks by storing private keys in an isolated environment.

Hot and cold wallets can be used to create both single and multisignature wallets.

How to select a wallet type

To answer this question, you must first know how you intend to store and use your bitcoin and what your available resources are.

If your goal is to have an investment made up of bitcoin, which you want to hold onto for years to come, then I’d recommend a cold wallet setup. This will require you to purchase a hardware wallet, like a COLDCARD. You will also need an internet-connected device and a wallet application to view and create transactions from your CODLCARD.

On the other hand, if you want to keep a smaller amount at arm's reach because you wish to use your bitcoin regularly, then having a hot wallet setup will make things easier. You will either need a computer or a smartphone and download wallets like BlueWallet or Electrum (depending on your operating system).

There is no perfect answer since needs vary from one person to the next. You can also have a combination of both and can think of it as having a checking and savings account.

Next, we’ll dive into various wallet setups.

The straightforward setups

The fastest and simplest way to get set up, once you have your hot and/or cold wallets at hand, is to generate your private key. This is represented by a seed phrase, made up of a string of 12 or 24 words.

An important precaution is to write these words down with pen and paper. You will be able to recover your bitcoin in case your device breaks or is lost thanks to these words.

This setup has trade-offs, but they can be mitigated. More on this below.

Addressing Points of Failure

As previously mentioned, you can lose access to the wallet or device you used or any PINs used to unlock them.

As long as you have your paper backup, you can recover these funds. However, anyone else that comes across this backup can also just as easily steal the funds from you. This is a central point of failure.

To mitigate this, you must securely store this backup and any PINs or passwords associated with your device. It is also recommended to store PINs and passwords separately from your backup.

Considerations

Forgetting the Location: If you forget where you stored an item, you risk losing your bitcoin.

Home Compromise: A disaster or theft at home could result in a total loss.

Destruction-Proofing: Using metal backups like the Seedplate protects against environmental threats. Jameson Lopp has tested various metal backups for durability.

Location-Independence: For added security, store backups at a secondary location, such as a relative's house or a safety deposit box, ensuring geographical separation. A simpler solution would be to have multiple locations to store this info in your house. Again, take this with a grain of salt as locations outside of your control have their own set of vulnerabilities and trade-offs.

Mitigating risks with a slightly more advanced setup

To enhance security, add a passphrase to your seed phrase. Simply put, a passphrase is a password of your choosing that, when added to your seed phrase, creates an entirely new wallet.

The passphrase can be a combination of uppercase and lowercase letters, numbers, and symbols.

There is no such thing as an invalid passphrase. Each time that you enter one, it will generate a new, valid wallet. It is important to write this passphrase down and do a test transaction before sending all of your funds to make sure that you didn’t make a mistake along the way.

To recover your bitcoin in case of loss or accident, you will need both the seed phrase and the passphrase. In the case of the COLDCARD, you will need to enter the passphrase each time you wish to access the wallet. You can use the “lock down seed” feature so that you don’t have to re-enter the passphrase each time, but you will no longer be able to create more wallets using the passphrase.

Now, if your seed phrase suddenly gets compromised, your funds will remain safe thanks to the passphrase. However, if you lose both the passphrase and the seed phrase, then you will lose your funds.

With this setup, your funds are secure against most threats. However, targeted attacks, such as a physical assault or a sophisticated hacker who has been spying on you, can still be a risk. These threats are rare, but properly distributing your secrets helps mitigate them.

Advanced Setups

Increasing redundancy in your Bitcoin storage setup can further prevent single points of failure. Note that these solutions and distribution methods are more advanced and require additional resources.

Encrypted Backup 

This method provides an extra copy of your seed phrase that isn’t human-readable. Coldcard allows you to export an encrypted backup onto a microSD card that you can safely store. 

BlueWallet also allows you to create an encrypted backup, but you will need a password of your choosing to decrypt the wallet on your device. 

The trade-off is that you now have extra items to protect: the microSD card and the decryption key. 

Seed XOR 

This method involves splitting your primary 24-word seed phrase into two to four new sets of 24-word seeds. When combined, these sets recreate your original seed phrase. Learn more about it here.

A Note on Multisig

Multisignature setups, while secure, are complex and often unnecessary for individuals. They are best suited for collaborative settings like organizations or families. This solution has also been made easier thanks to collaborative custody solutions, where a third party will hold onto one of three keys for you, and you onto the two others.

Conclusion

This is not a silver bullet to security or distribution. It’s important to take the time to evaluate your risk vectors and the resources that you have to dedicate to this project.

I didn’t go too deep into complex distribution setups because, after a certain point, you risk hindering yourself when you eventually need to recover your funds. People also tend to get carried away with their setups because they want to implement every single cool feature out there but only end up shooting themselves in the foot because they forget a component.

It’s always a good idea to begin with the basics, practice using your setup, and be comfortable using bitcoin before stepping up your security.

By following these guidelines, you'll be able to create a plan and securely store and distribute your bitcoin, protecting your funds for yourself and your heirs.

TB
Tristan Borges Solari

Tristan is a long time Bitcoin entrepreneur, having launched several products in the space. He now dedicates his talents to technical writing and design.