Outline
This Bitcoin security guide was created to help you achieve a high level of security and control over your Bitcoin.
To get maximum benefit from Bitcoin’s unique properties, personal responsibility is required and risk/reward scenarios need to be evaluated.
You have the option to be in full control over your Bitcoin, and if you choose to to take it, this guide will hold your hand from start to finish… better yet from Zero to Hero.
After completing all the steps in the Bitcoin security guide you will have a resilient solution for interacting with the Bitcoin network and protecting your Bitcoin.
0:27
What is Self Custody ?
One of Bitcoin’s value propositions is that it’s a digital bearer asset. You do not need to trust 3rd parties to keep your Bitcoin safe on your behalf. Only through self custody does Bitcoin guarantee protection against censorship and confiscation.
Think of Bitcoin like a dollar bill, if it’s not in your physical control, you don’t own it.
0:58
Equipment List
In order to follow along with this guide and create a robust self custody setup, you’re going to need some equipment.
- A Coldcard Hardware Wallet
- A SeedPlate
- At minimum 2 MicroSD cards for encrypted backups.
The two MicroSD cards are meant to be used for encrypted backups.
This is the safest way to use the Coldcard because you don’t ever need to directly connect the Coldcard to an internet connected device.
1:42
Step 1 – Acquire Bitcoin
KYC
An important consideration when choosing how you will acquire Bitcoin is KYC.
KYC stands for ‘Know Your Customer’, it is a regulation that any businesses with a banking relationship has to abide by, including Bitcoin exchanges.
These rules are imposed worldwide and are geared towards ensuring that a business acting as a money exchange and/or transmitter has ‘suitable’ information on every customer they serve.
KYC comes with potential risks
- KYC information ties your personal identity to any Bitcoin you purchase. Since the Bitcoin ledger is transparent, this poses privacy concerns for users.
- The potential for your private data held by these centralized entities being compromised carries privacy and security risks for you.
- Censorship
- Confiscation ( only if you don’t self custody ! )
recommended KYC methods to acquire Bitcoin USA ONLY
NO KYC
You can choose to acquire Bitcoin in a more private way by using Peer to Peer services and software. This does not require you to give up your personal information in exchange for the privilege to buy Bitcoin.
Common payment methods include bank transfer, cash deposited in the seller’s bank account, in-person cash (face-to-face) trades as well as payment networks such as Zelle, Alipay, even Cash App and PayPal.
recommended NO KYC methods to acquire Bitcoin
2:05
Step 2 – Setup A Hardware Wallet
Setup coldcard pin
Generate a 24 word seed (wallet)
A passphrase ( sometimes referred as the 25th seed word ) is a user defined addition to the seed. Using a word or group of words adds another layer of security on top of your 24 word seed.
This additional layer of security prevents someone with your 24 word seed to be able to access the wallet.
Always store the passphrase SEPARATE from the 24 word seed.
Set a Passphrase
5:17
Step 3 – Backup Seed Words On Steel
Backing up seed words onto steel provides protection against extreme conditions.
This includes being waterproof, fireproof up to certain thresholds, shockproof, as close to indestructible as possible.
imprint seed words on steel
Always store the passphrase SEPARATE from the 24 word seed. If you store the seed words and passphrase together, it becomes a central point of failure.
By separating the two, you create an additional layer of security for your Bitcoin wallet.
6:33
Step 4 – Create Encrypted Backups
backup coldcard to
encrypted microsd
The MicroSD encrypted backups should never be exposed to an internet connected device unless you need access to your wallet information in the case of an emergency.
The best way to use the MicroSD card in an emergency, would be in a new Coldcard device, isolated from any internet connected devices.
The only other time encrypted MicroSD backups should be interacted with are during your annual checkups. You will attempt to restore the wallet on a Coldcard to verify it’s still viable.
You want to separate backups for security reasons. If all the backups are in 1 location and it gets compromised, your shit out of luck.
Check out this guide on advanced considerations for backups by @mflaxman
8:24
Step 5 – Choose A Software Wallet
In order to use the hardware wallet (Coldcard) to receive and send Bitcoin transactions, a watch only wallet is exported from the Coldcard to the software wallet.
A software wallet acts as a bridge between the Bitcoin network, and the wallet created and secured on the Coldcard.
recommended software wallets
export a watch only wallet
Specter Wallet is the easiest way to setup a private Bitcoin full node and use a software wallet that seamlessly interacts with many hardware wallets.
If you want to have maximum security and privacy – using specter is the way to go.
10:22
Step 6 – Test & Verify
Open your wallet to find an unused Bitcoin address
Address explorer is a feature the Coldcard wallet offers to make sure your are depositing to a Bitcoin address that belongs to your wallet.
This gives you confirmation that the address you are being shown in the wallet software is an address you control, and not generated by malware/virus on your computer.
verify receiving address
on coldcard
wipe seed from coldcard
import wallet
test microsd card backups
send a small transaction
17:52
Congratulations
Make sure you go back and check on your backups at a set interval of time – a few times a year is good practice. You want to be comfortable restoring your backups should the need arise.
