This Bitcoin security guide was created to help you achieve a high level of security and control over your Bitcoin.
To get maximum benefit from Bitcoin’s unique properties, personal responsibility is required and risk/reward scenarios need to be evaluated.
You have the option to be in full control over your Bitcoin, and if you choose to to take it, this guide will hold your hand from start to finish… better yet from Zero to Hero.
After completing all the steps in the Bitcoin security guide you will have a resilient solution for interacting with the Bitcoin network and protecting your Bitcoin.
What is Self Custody ?
One of Bitcoin’s value propositions is that it’s a digital bearer asset. You do not need to trust 3rd parties to keep your Bitcoin safe on your behalf. Only through self custody does Bitcoin guarantee protection against censorship and confiscation.
Think of Bitcoin like a dollar bill, if it’s not in your physical control, you don’t own it.
In order to follow along with this guide and create a robust self custody setup, you’re going to need some equipment.
- A Coldcard Hardware Wallet
- A SeedPlate
- At minimum 2 MicroSD cards for encrypted backups.
The two MicroSD cards are meant to be used for encrypted backups.
This is the safest way to use the Coldcard because you don’t ever need to directly connect the Coldcard to an internet connected device.
Step 1 – Acquire Bitcoin
An important consideration when choosing how you will acquire Bitcoin is KYC.
KYC stands for ‘Know Your Customer’, it is a regulation that any businesses with a banking relationship has to abide by, including Bitcoin exchanges.
These rules are imposed worldwide and are geared towards ensuring that a business acting as a money exchange and/or transmitter has ‘suitable’ information on every customer they serve.
KYC comes with potential risks
- KYC information ties your personal identity to any Bitcoin you purchase. Since the Bitcoin ledger is transparent, this poses privacy concerns for users.
- The potential for your private data held by these centralized entities being compromised carries privacy and security risks for you.
- Confiscation ( only if you don’t self custody ! )
recommended KYC methods to acquire Bitcoin USA ONLY
You can choose to acquire Bitcoin in a more private way by using Peer to Peer services and software. This does not require you to give up your personal information in exchange for the privilege to buy Bitcoin.
Common payment methods include bank transfer, cash deposited in the seller’s bank account, in-person cash (face-to-face) trades as well as payment networks such as Zelle, Alipay, even Cash App and PayPal.
recommended NO KYC methods to acquire Bitcoin
Step 2 – Setup A Hardware Wallet
Setup coldcard pin
Generate a 24 word seed (wallet)
A passphrase ( sometimes referred as the 25th seed word ) is a user defined addition to the seed. Using a word or group of words adds another layer of security on top of your 24 word seed.
This additional layer of security prevents someone with your 24 word seed to be able to access the wallet.
Always store the passphrase SEPARATE from the 24 word seed.
Set a Passphrase
Step 3 – Backup Seed Words On Steel
imprint seed words on steel
Step 4 – Create Encrypted Backups
backup coldcard to
The MicroSD encrypted backups should never be exposed to an internet connected device unless you need access to your wallet information in the case of an emergency.
The best way to use the MicroSD card in an emergency, would be in a new Coldcard device, isolated from any internet connected devices.
The only other time encrypted MicroSD backups should be interacted with are during your annual checkups. You will attempt to restore the wallet on a Coldcard to verify it’s still viable.
You want to separate backups for security reasons. If all the backups are in 1 location and it gets compromised, your shit out of luck.
Step 5 – Choose A Software Wallet
recommended software wallets
export a watch only wallet
Step 6 – Test & Verify
Open your wallet to find an unused Bitcoin address
Address explorer is a feature the Coldcard wallet offers to make sure your are depositing to a Bitcoin address that belongs to your wallet.
This gives you confirmation that the address you are being shown in the wallet software is an address you control, and not generated by malware/virus on your computer.
verify receiving address
wipe seed from coldcard
test microsd card backups
send a small transaction
Make sure you go back and check on your backups at a set interval of time – a few times a year is good practice. You want to be comfortable restoring your backups should the need arise.