Have you used Bitcoin for a while now and want to beef up your security game? Are you planning on investing significant sums and want to ensure you get your setup right the first time? Well it’s time to enter the world of Advanced Bitcoin Security where we start taking things much more seriously.
Up until this point you were likely just playing around and learning about what Bitcoin actually is, but now that you’re securing significant funds there’s more steps you need to take to ensure your funds stay safe for decades. While many are aware of Hardware Crypto Wallets, this isn’t the silver bullet many think it is. There’s a number of other critical things you should also know about and be doing to keep your funds safe.
In this Advanced level piece we’re going to help you make the right choices when it comes to your digital asset security, how you design and build your wallet, how to back it up and more.
Note: This Security guide is for “Advanced Levels” which are people with “Savings Account” level funds. If you’re securing larger amounts, please see our Expert Bitcoin Security guide.
Key Advanced Bitcoin Security Points
- Beginner Security: Ensure you do everything in our Beginners Guide To Bitcoin Security
- Use A Hardware Crypto Wallet: Use a Hardware Wallet and ensure it’s bought anonymously
- Advanced Wallet Security: Ensure 2+ backups at 2+ locations with proper location security
- Balancing Security And Complexity: Consider extra security measures carefully
- Use Your Own Full Bitcoin Node: Buy or build a full node and connect your wallet to it
- Advanced Computer Security: Ensure your network, mobile and PC are properly secured
- Test Your Backups Regularly: Routinely test your backup ensuring you can spend funds
- Security Through Anonymity: Don’t tell friends, family or social networks you own bitcoin
Advanced Bitcoin Security
Firstly, you can get a full run down on what each of our levels entail and where you might fit into them by looking at our Understanding Bitcoin piece or this overview table below. For this Advanced Bitcoin security guide we are only targeting people that have funds similar to what you might keep in your every day savings account. For most people, this is an amount they’d be pretty angry about losing, so security precautions get increased to match.
|Funds Amount||Pocket Money||Savings Account||Serious Investments|
|Wallet Type||Software (Hot) /|
|Hardware (Cold)||Hardware (Cold)|
|Signature Type||Single Signature||Single Signature||Multisig|
|Key Custody||Self Custody||Self Custody||Self Custody|
|Key Backup||Laminated Paper||Laminated Paper||Metal Seed Plate|
|Key Security||None||Fire Proof Safe||Multiple Methods|
|Own Full Node||No||Yes||Yes|
|Electrum Server||Public Electrum|
Our top priorities for this site is to help everyone learn how to safely and privately buy, use, invest and grow wealthy with Bitcoin, so know that this piece is just the start of our security information. We’ll be adding and expanding on each of the below points in much more detail as time goes on.
If you haven’t already, please make sure you’ve already read and done the security steps outlined in our Beginners Bitcoin Security guide which broadly include:
- Avoid Shitcoins: Focus on Bitcoin only and don’t buy other cryptocurrencies
- Don’t Use KYC/AML Exchanges: Use our Crypto Exchanges list for top non-KYC exchanges
- Use A Self-Custody Wallet: Download and use your own, private wallet
- Crypto Wallet Security & Backup: Use a strong password and write down your seed phrase
- Practice Good Cybersecurity: Use a password manager, 2FA, keep software updated etc
- Learn As Much As Possible: Get subscribed as knowledge is your best defence
Use A Hardware Crypto Wallet
Congratulations, you’re funds are at the Advanced stage now! If you don’t want to lose them, you should absolutely be buying a dedicated Hardware Wallet (also called Signing Devices or Key Managers). These are physical devices in meatspace that do one thing: generate and securely store you Public And Private Keys. OK we lied, they also sign transactions with your private keys too.
You never want your private keys touching that revolting, malware infested computer/phone of yours trust us. Hardware wallets are cheap ($50+ USD) and easy to setup and use. Some top recommendations include:
While you’re welcome to buy any hardware crypto wallet you think is appropriate, we’d only advise it after considerable scrutiny. Here are a few major considerations you should weigh up before just purchasing any random device you find on the internet:
- True Randomness Generation: It should uses two independent sources of randomness (or more) for your private key generation. One of the main purposes of hardware crypto wallets is to generate your private keys, this needs to be next level grade bullet proof! A poorly generated private key is a huge security hole
- Open Source: Its code should be 100% viewable for you or any other security researcher to review and interrogate. Open source code, vetted over many years is one of the top ways to ensure a secure environment
- Verifiable Software Binaries: It should have verifiable software binaries and PGP key signature checking with easy to follow instructions on their website. This allows you to verify that the software you’re downloading from their website hasn’t been maliciously altered or tampered with
- Uses Interoperable Standards: It should use common, industry standards such as BIP39 for its seed phrase words to allow for interoperable use in case there’s any reason to migrate away from that hardware vendor (eg they go bankrupt / get taken over / start acting stupid). To help with this, check out the major software wallets out there and see which devices they integrate with
- Reasonable Company History: The company itself should have been around for at least 5 years or more and the more revisions of the hardware they have, the better (eg. COLDCARD is up to “Mk4” while BitBox is up to “02” now). This hopefully ensures (but doesn’t guarantee) that hardware level issues have been resolved at the source and that the hardware and software have had most of their main kinks sorted out. You should also review their general practices like storage of customer data, history of how they handle security breaches and how they work with the security community in general
- Works With Standard Wallets: It should work with any industry standard third party Bitcoin wallet such as Sparrow Wallet. You should not be locked into using only their bundled software wallet program as this can be both a privacy risk and a problem if the company ever runs into troubles
- Full Bitcoin Node via Tor Support: It should fully support you connecting it to your own Full Bitcoin Node via Tor. This is vital for Advanced and Expert levels both for privacy and security and many hardware wallets “experts” recommend such as the Ledger don’t do this!
- Easy Import / Export: It should fully support importing and exporting of all required info (Including Coin / UTXO Labels) for easy backup and restore, especially across various third party wallets (eg exporting from their wallet app and importing into a third party wallet) and for Multisig wallets that require more detailed backup information than single signature ones
- Multisig Support: It should fully support Multisig Wallets as well as xPub / Watch Only wallets and this support should extend to the standardized third party wallets as well
- Labeling And Control Of Coins: It should fully support labeling of coins (UTXOs) and being able to control which coins you spend either through their own app or through a standardized third party wallet
- Purchase Only From The Supplier: It should come in a tamper evident bag directly from the supplier and no one else. Do NOT buy from other random online sellers, eBay, forums or any other source
- Consider Physical Size: When choosing a device many people prefer large screens to enable easier reading / interaction, but be aware that the larger the device is, the harder it is to store / hide. It will also likely be more expensive too
Pro Tip: Don’t buy a hardware wallet with your real world identity
If the hardware wallet company gets hacked, your identity is forever linked to “this customer has so much crypto they needed to buy a hardware wallet” = huge target. A recent example of this is how Ledger had all their customer data stolen. Now all those people are forever at physical risk with criminals knowing the names, addresses, emails and more. Not cool!
That company may also link your identity and funds to that hardware crypto wallet and monitor your device / addresses / balance / transactions via their software (eg. Ledger Live)… which they then pass on to governments, third parties etc.
Buying the device without revealing your own real world identity is a one time, highly beneficial security enhancement that ensures knowledge of your stash is never revealed no matter how many times they get rekt.
Most hardware wallet manufacturers will accept Bitcoin too making this a relatively easy way to protect yourself. Make up a name, create a one time Proton.me email account via Tor Browser, pay via Bitcoin you obtained via a non-KYC source and you’re set!