Bitcoin Hardware Wallet with Metal Backup Plate - Essential tools for secure Bitcoin self-custody

BITCOIN SECURITY GUIDE

Bitcoin self-custody is much like learning to drive a car–no one starts on the highway! You begin slowly, perhaps in a parking lot, progressing bit by bit. Driving is one of the riskiest activities people engage in, yet most eventually master it. Taking responsibility for your safety and that of others is an essential life skill. Similarly, if you can learn to drive, you can also learn to hold Bitcoin securely, free from counterparty risk!

πŸ›‘οΈ Why Self-Custody?

  • Self-custody means you control your Bitcoin without relying on third parties.
  • It eliminates counterparty risks such as exchange failures or government seizures.
  • Listen to these podcasts to understand the basics: Podcast Episode 1 | Podcast Episode 2

πŸš€ Getting Started: Basic Self-Custody Setup

  • Purchase Bitcoin through ethical, preferably non-custodial brokers: BullBitcoin.com, Strike.me, River.com, Relai.app.
  • Use a reliable software wallet: Sparrow Wallet (Mac/PC/Linux), Nunchuk (iOS/Android/Mac/PC/Linux), Specter Desktop, Electrum
  • Read The 10 Commandments of Bitcoin Self-Custody.
    1. You shall backup your bitcoin seed
    2. You shall test your backups
    3. You shall Self-Validate with your Full-Node
    4. You shall not dox your bitcoin UTXOs
    5. You shall not have single points-of-failure
    6. You shall keep the Bitcoin Private Key always AirGap
    7. You shall Coin Control (manage your coins)
    8. You shall KISS (keep it simple stupid)
    9. You shall never advertise about your HODL to others
    10. You shall stay humble and stack more sats

πŸ€– Choosing a Hardware Wallet

  • A good hardware wallet must have these non-negotiable traits:
    1. A screen for transaction verification
    2. Be Air-gapped NO USB or Bluetooth or any other live connections to a computer or the internet
    3. Secure Elements to protect the seed
    4. Open-Viewable and Reproducible software to prevent vendor risks
    5. Real secure boot to prevent unauthorized firmware changes
    6. Use OPEN Standards avoiding proprietary vendor lock-in
    7. NO remote validation or PIN servers
  • We recommend: COLDCARD Hardware Wallet and this is how to set up a COLDCARD

πŸ—„οΈ Backing Up Your Wallet

πŸ”’ Enhancing Bitcoin Security

βœ… Test Everything!

  • Test small deposits and withdrawals before committing large amounts.
  • Test your backup recovery process before trusting it with significant funds.
  • Choose a reliable software wallet and keep a backup of the last known working version in case of abandonware.

🌐 Privacy & Security Best Practices

  • Operational Security (OpSec)
    1. Create a security budget - Divide your holdings into tiers:
      • Hot wallet: Small amounts for daily use
      • Warm wallet: Medium amounts for occasional use
      • Cold storage: Large amounts for long-term holding
    2. Implement a dead man's switch for emergency access
    3. Create a family emergency plan for accessing funds if needed
    4. Use decoy wallets to protect against physical coercion
    5. Reduce the amount of services and entities that know your home address or your name. Prefer LLCs, P.O. Boxes, etc.
    6. Remember Privacy and Security go hand in hand. The fewer people who know your details, the less risk you incur.
  • Device Security
    1. Use a dedicated device for Bitcoin operations
    2. Enable full-disk encryption on all devices
    3. Enable Lockdown Mode on Apple devices for enhanced security
    4. Use a password manager with a strong master password
    5. Consider using Tails OS for sensitive operations
    6. Keep a clean browser profile for Bitcoin-related activities
    7. Avoid Chrome browser extensions, many can become malicious
  • Network Security
    1. Use a VPN when accessing Bitcoin services
    2. Consider running a Bitcoin node for enhanced privacy
    3. Use Tor for sensitive operations
    4. Avoid public WiFi for Bitcoin transactions
    5. Use a unique email address without personal identifiers
    6. Switch your iMessage and FaceTime caller ID to your new email without personal details
  • Authentication Security
    1. NEVER use SMS-based 2FA - Use hardware security keys or authenticator apps instead
    2. Consider using a YubiKey as a second factor, but do not store your Bitcoin on it
    3. Beware of phone scammers (listen to this example interview) or impersonators asking for your 6-digit Google Authenticator PIN–never share it.
    4. If someone calls/dm/email/sms you from any bitcoin company, it's most definitely a scam. Never give them any information, just hang up.
  • Transaction Security
    1. Always verify addresses on your hardware wallet's screen
    2. Use multi-signature wallets for large amounts
    3. Implement coin control to manage UTXOs effectively
    4. Consider using CoinJoin for enhanced privacy
    5. Verify transaction amounts and fees carefully
    6. When sending large transactions to exchanges or services:
      • Don't trust addresses/QR codes shown in browsers
      • Verify addresses through multiple channels
      • Start with a small test transaction
      • Consider using a dedicated device for large transactions
      • Call the exchange to confirm the address before sending
  • Regular Security Maintenance
    1. Conduct quarterly security audits
    2. Review and update your security practices
    3. Check for wallet and software updates
    4. Verify backup integrity
    5. Test recovery processes

πŸ“š Keep Learning

Final Thoughts: Self-custody is a journey, not a one-time task. Stay vigilant, keep testing your setup, and continue learning. With the right knowledge and tools, you can secure your Bitcoin for the long term.

Take Action Today