I’ve got friends who tell me they have Bitcoin. But when I ask the next question, they tell me they’re leaving it on Coinbase or some exchange. If this is you, those are not your bitcoin. Here is some guidance on the next steps you should take.
Rule 1 of Bitcoin: Not Your Keys, Not Your Coins
Bitcoin is not like holding stocks where you can trust someone else to hold it for you. Bitcoin is special, the person who holds the private keys, is the one who may control and spend those coins. It is a bearer asset.
Think of your private keys as a secret you hold from the rest of the world. Typically this will be a series of 12 or 24 words (aka seed) that you must protect, and not put online – if a hacker gets these words, they will steal your bitcoin.
Exchanges Go Under All The Time
You might think, “Keeping it on the exchange is OK, they have a security team and I don’t”. Wrong. Many have learned this lesson the hard way.
- The complete story of the QuadrigaCX $190 million scandal
- Fcoin Insolvent after revealing up to $130M Bitcoin Shortfall
Another scenario is the KYC exit scam aka Shotgun KYC, where exchanges permit you to deposit money, but not withdraw until you have given up KYC information. So the general rule is, if you are going to use any custodial service, minimise the amount you leave on their platform. You never know when they will start denying your withdrawal request.
Lots of people think it won’t happen to them, until it happens to them.
What to do
Edit December 2020: Note we have since written an updated guidance post, see here: Cost Effective Bitcoin Use
Now for small amounts you can use a phone wallet app, such as Samourai Wallet for Android or HODL Wallet for iPhone. Blockstream Green is another choice for iPhone. Download, and follow the prompts, being careful to write down the 12 word seed and the passphrase on paper backup.
Once you get above a certain threshold, you will want to look at using a hardware wallet. People generally don’t walk down the street with thousands of dollars in their physical wallet, so why do this with your Bitcoin?
So once you’re comfortable with smaller amounts on your phone, the next step is to get a hardware wallet. This is a special device that we use to separate our bitcoin private keys from a ‘hot’ internet connected computer/phone for security purposes. The theory being that our laptops and desktop computers typically have malware and could be attacked remotely by a hacker.
There’s a lot more nuance to this, as some don’t believe in using hardware wallets – instead preferring other schemes using either an offline computer, an offline phone, or paper and steel backups. However we believe for a new bitcoiner, hardware wallets represent a good balance of usability and security.
Selecting a Bitcoin Hardware Wallet for Beginners
The typical hardware wallet choices for a beginner are Ledger and Trezor, as these are well known, longstanding brands in the space. Note you are making a privacy trade off if you do not learn to use them with your own bitcoin node. If you are more privacy concerned, then I’d suggest you see the advanced section below.
Best practice with buying hardware wallets is to order directly from the manufacturer website. If possible, use a mailing address, PO Box, or even your work address to take the delivery to protect your home address privacy.
Once you receive the wallet, the set up process is typically pretty straightforward. With Ledger you go to the Ledger website and install Ledger Live and with Trezor you go to Trezor.io and use the web interface for your wallet while it is plugged in to your computer.
You will write down the 12 or 24 word seed on paper, and as mentioned above, do not take pictures of this or put it online. These 12/24 words must be protected and kept secret. This will be your backup, not just for bitcoins you receive now, but it is your one-time backup for all future bitcoin transactions with this wallet.
Once you’ve gone through the set up process, you will have a wallet interface, which you can use to generate a bitcoin receiving address. (It may start with a 3xxx or start with bc1xxx). Copy this address to your clipboard. Then, go to your exchange website while having your bitcoin wallet open, and go through the withdrawal process, pasting in your address to receive to. At this point, you should double check the address that you pasted is the same as the address instructed to you by the Ledger or Trezor wallet interface.
For your first withdrawal, it is a good idea to start with a small test amount e.g. $5 worth – just to see the bitcoin come in to your wallet. At this point, you might also want to try practicing with “deleting your wallet” and recovering from backup. Doing it this way will help ‘prove it to yourself’ that you can recover with the 12/24 word seed backup.
Then as you become more comfortable, transfer the rest of your bitcoins over from the exchange, into your hardware wallet.
Now if you’re a beginner, skip this more technical section and we’ll talk through next steps.
Selecting a Bitcoin Hardware Wallet (more technical)
My favourite Bitcoin Hardware Wallet is the Coldcard, because it has a lot of really useful security features. One is the ability to set up the wallet in an air gapped way, meaning the wallet never has to directly connect with your computer to operate. You can listen to the relevant interview with NVK, CEO of Coinkite here (SLP101). The potential downside for some is that it takes a little more technical competence to use. Recommended practice is to order on the official CoinKite site, you can order it with a discount at the CoinKite store using code: LIVERA.
Note using the Coldcard (or your Ledger/Trezor wallet) privately with your own node will take a bit more work and technical competence. If you believe this is suitable for you, then I’d suggest running a myNode to easily run your own backing Electrum server (electrs). Remember if you need guidance here, we are available for consulting and there are video tutorials available on the Ministry of Nodes YouTube channel, see the myNode series by Ketan here.
High level steps:
- Purchase the Raspberry Pi 4 (4GB RAM) and parts (1TB SSD, 16GB microSD card, FLIRC case, power supply, ethernet cable)
- Purchase the Coldcard and related parts (microSD card, wall plug to power it, casino dice if you want to roll for additional entropy)
- Download and flash the myNode .img to a microSD card
- Enable Electrum Server on your myNode and note the internal IP
- Install Electrum Wallet on your desktop/laptop, run Electrum pointed to your electrs IP
- Initialise the Coldcard using offline set up (wall plug, not plugged to computer). Write down the 24 word seed etc.
- Shuttle the skeleton wallet using the Electrum wallet export from your Coldcard device on a microSD card, and import this skeleton wallet file (xPub) into your Electrum Wallet on your PC
- Use Electrum Wallet to import that xPub and use it to generate receiving addresses
- Instruct your exchange to withdraw coins to your receiving address. Test with a small amount first.
Now if you’ve just set up your first hardware wallet, congratulations! You’re now holding your own private keys, and you’re well on your way to being a fully fledged bitcoiner.
In the Bitcoin world, there are many pitfalls, and it takes a lot of research and learning. It is ultimately about personal responsibility and everyone taking accountability to learn the things they need to.
The following are some recommendations on further learning, and additional steps to improve your security, and sovereignty.
- Listen to SLP Hardware Wallet Interview Series and/or SLP Bitcoin Custody Series
- Passphrase – An additional security feature. Think of it like a 25th word for your 24 word seed, creating a new account. If you have a Trezor, once you’re more comfortable with the default account, and want to improve your security vs a hacker with physical access, it’s a good idea to set a passphrase (5 or 6 word passphrase chosen from the BIP39 list will likely be strong enough)
- Steel backup – Make sure your 12/24 word paper seed backup is also backed up using a steel backup product, such as BillFodl or CypherWheel (disclosure: my podcast is sponsored by CypherSafe).
- Inheritance – If you were to pass away, would your family/heirs be able to access your coins? If this concerns you, consider reading Cryptoasset Inheritance Planning by Pamela Morgan for best practices.
- Running your own node – See my article, Why Should I Run a Bitcoin Node? and then look into setting up your bitcoin node to do your own validation. If you’re using a Trezor, Ledger or other hardware wallet with default set up, moving over to using your own node gives you more privacy. Good options here are nodl, myNode, Ronin Dojo, RaspiBlitz.
- Multi signature – If you want to improve your security beyond a single signature set up, then Casa or Unchained Capital offer easy, guided multi signature setup (Disclosure: Unchained Capital is a sponsor of my podcast). Note, it is also possible to DIY multi sig with Electrum or Caravan by Unchained Capital, however this is not recommended unless you’re at an advanced level.
Still need help? Book a consulting call
If you’re a bit unsure on how to put this into practice, Ketan and I offer video call consulting. There’s no obligation to pay, simply bitcoin tip us whatever you think it was worth at the end of the call. Click on over to Consulting to book in a session.