Bitcoin Security


Welcome to the beginner’s guide on making Bitcoin & cryptocurrency safer.

Phew! You made it through that nasty bear market- but boy, now that prices are up, is it a jungle out there or what?!

With so much profit flowing through the crypto market cap, fraudsters, thieves, & ne’er-do-wells are looking for ways to get your Bitcoin into their pockets for free.

Ever cautious, even some of the most careful old-timers in this scene can potentially get their Bitcoin/crypto hijacked:


How to avoid getting rekt

Follow these simple steps to keep your Bitcoin (& other cryptocurrencies) secured, so you can sleep just a bit better at night.

This page also links to multiple additional resources that will assist in keeping your phone, your laptop, and your Bitcoin (and other cryptocurrencies you hold) a little more secure from would-be attackers.

Step 1: Make a "paper wallet"

A paper wallet is what it sounds like: wallet info that is generated offline, then printed directly to paper.

The private key can be kept separately, or the paper can be folded & sealed with a tamper-proof sticker so that the private key is not viewable.

  1. As a “dust bin” to quickly create a secure address to sweep endangered funds into.
    • Some attackers are slow to drain all crypto funds after hacking an email account or SIM card- perhaps because it takes time for them to then locate the source of funds in their newly hacked data/account.
    • If a paper wallet can be created faster than obtaining a new hardware wallet- then it might help you save your funds.
  2. Some people use paper wallets as “digital cash” or physical crypto notes.
    • If you send 0.0001 BTC to the public address of that paper wallet, then the paper can be physically handed over to any person you wish to give 0.0001 BTC.
    • When the recipient checks the public address on the outside of the wallet & confirms that 0.0001 BTC is contained, they can open the paper wallet, & use the private key inside to move those funds.
  3. As a long term saving/secure account.
    • It’s easy to generate (offlline) a seed phrase which can be stored privately + multiple public payment addresses, which will be used for funding that account using free, open source tools.
    • If you only have digital access to payment addresses, then even the most persistent cyber-thief will only be able to *view* your coins, not steal or spend them.

As mentioned before, paper wallets are (ideally) generated offline.

There is no private data or metadata for a thief to break in & steal.

SIM-swapping does not help an attacker access your spending keys.

Again, since many hardware wallets are designed to be accessed via connected devices such as phones or laptops, there is always some risk in using them- but it’s quite low.

Paper wallets are better than hardware wallets in the category of very long term storage, such as gifting cryptocurrency to children (who legally are not supposed to trade them for years anyway).

Paper wallets are also a great defensive tool if funds need to be swept quickly away from dangerous places like a known compromised exchange, or known compromised software wallets.

When seconds or minutes count, if you don’t already have one- hardware wallets arrive in 2 days from Amazon 🙁

If the private data on a paper wallet is not backed up to a more robust medium, well, paper is not the most secure thing.

It can get wet & become unreadable.

It can literally burn.

(However, it can also serve as a guide for electro-engraving onto metal, & can be photocopied by non-internet-connected devices, so backups are simple, secure, & cheap)

Another huge limitation is in approving & signing transactions.

Paper wallets are essentially “read only”, and the ability to sign with one is lost until the private key is loaded into a software tool like Electrum, Bitcoin Core, Samourai, or other wallets.

This is especially difficult for Ethereum users who want to participate in DeFi, where signing smart contracts may take place multiple times per hour, as users set up liquidity pools, flash loans, and other complex instruments.

We really like the BIP39 tool by Ian Coleman.

It is (nearly) universal, and covers even some of the more rare, small cap cryptocurrencies.

It can be downloaded, then run offline in a standard web browser on any old laptop, phone, or tablet that is not connected to the internet.

For Bitcoin, there is also the online tool bitaddress.org

And for Ethereum,  myetherwallet.com  makes the process of creating & printing paper ETH wallets very easy.

  1. Expose only the payment address side of the wallet.
  2. Receive coins.
  3. Leave it alone for as long as possible.

Step 2: Buy a hardware wallet*

*Or at least determine whether or not you need one for your goals/mission.

A hardware wallet is a device dedicated to two things: encrypted generation & storage of seed phrases, and the key pairs they create.

Some do not require a computer or connected device to run for viewing payment addresses or signing a transaction (in a multi-step process).

But most do require a computer/connected device at some point for initial setup, or for advanced connectivity. 

To make it harder for thieves to steal your coins: a hardware wallet keeps all seed phrases & private keys OFF of your computer/laptop.

Especially useful to Ethereum/DeFi users: it is possible to connect a hardware wallet to DeFi platforms & sign transactions, as quickly as is required for liquidity pools, flash loans, & other smart contract instruments- but much more securely than with browser or app based solutions.

Hardware wallets do not expose your private keys, or seed phrases to SIM-swapping attacks.

Hardware wallets also do not store your private keys or seed phrases in browser memory.

The most typical attacks used by crypto thieves are made much more difficult by using a hardware wallet.

Hardware wallets are much easier & more convenient than paper wallets for signing transactions.

Not every hardware wallet supports every coin.

For example; one very popular coin with limited support is Monero.

  • Only the latest model from Trezor supports it.
  • Ledger Nano S and X support it.
  • But popular hardware devices like KeepKey and CoboVault do not.

For more rare (but promising) coins such as Haven ($XHV) and Flux Network (FLUX)- there is simply no mainstream support on this type of wallet.

Never purchase any hardware wallet from eBay.

  • As a marketplace, eBay deals in used goods, with zero listing standards for sellers- more than one person has been tricked by purchasing a used/altered hardware wallet kit that contained fake set up instructions, and was subsequently robbed.

We suggest ordering Ledger Nano hardware wallets on Amazon.com (no really, for all Ledger products, this is best).

All other hardware wallet devices can safely be ordered from either Amazon or directly on the manufacturer’s website.

You will need to use the most current training videos specific to the model you choose.

Search for:

“How to ____ with [my hardware wallet]

Software changes, and security best practices will always be kept up to date by the big players such as Ledger & Trezor.

Our list of favorites, by category.

Cheap:

Robust:

 

** Supports Monero

Step 3: Look for loose change

  • Have you ever traded Bitcoin (or other alts) on an exchange?
  • Ever used an online referral system that paid in Bitcoin?
  • Still have a few coins on your phone?
  • Check everywhere you might have been likely to keep some.
  • Now double check your exchange accounts & old wallets after syncing the blockchain- it could be that some transactions that have not caught up to the current state of that coin network.
  • Open up old wallet software on your retired phones/laptops.
  • Scan old hard drives.
  • Look into your password manager software- are there any random accounts you may have missed?

Step 4: Move (or sweep) all insecure funds

To “move” funds for zero fees, seamlessly, and without creating a transaction on the blockchain- you will simply create a paper wallet for those accounts, then delete any copies of that coin’s private keys from any mobile/desktop apps that hold your coins (including MetaMask or MyCrypto for Ethereum/DeFi users).

There will, however, always be a risk that some 3rd party has already obtained a copy of those private keys- simply because they were available in digital form on your phone, laptop, web browser plugin, or an exchange.

If you absolutely have to be sure that your funds are safe from previous attackers, then you must sweep them.

To “sweep” funds into a wallet, a transaction is 100% necessary.

Sorry.

No free options here.

Just enhanced security.

We think the trade-off is worth it for most users.

As hardware wallets create their own dedicated private keys from a unique seed, you will be unable to import any outside private keys- so sweeping is the only option.

That’s not a flaw, it’s a feature: these are meant to be very difficult to tamper with.

If you think an exchange or software wallet account has been tampered with, and you do not have a hardware wallet, you may want to sweep funds into a new paper wallet immediately, while you wait for a new hardware wallet to arrive from Amazon (or direct from the seller).

Again, paper wallets are pretty great for this purpose.

  1. Use your current hot wallet/exchange account to send coins to the payment address of your hardware or paper wallet.
  2. Check to see that the transaction shows up as confirmed on the blockchain.
  3. Your funds are now fully locked down!

Remember: with cryptocurrency, knowing is NOT half the battle...

You have to actually execute the best practices like your wealth depends on it.

Good luck.

It really is a jungle out there.