This is not a guide on the most advanced security for your bitcoin holdings. It is an easy way to improve on what most people do. It is not about any one type of hardware wallet, but hardware wallets in general.
Aiming for extreme security right from the beginning is an unreasonable expectation; it must be done in stages, otherwise, you will have gaps in understanding, and such gaps are a security risk. It’s also a security risk to blindly follow advice if you are going to self custody; you need to understand some of what you are doing, too. This series is about what I call “Level Three” of my ZeroTrust System — getting coins off of the exchange and into your own custody with a hardware wallet. This is something Bitcoiners regularly advise newcomers to do, and it’s excellent advice. (For those interested, here is a detailed explanation of why keeping bitcoin on an exchange is a bad idea.)
As you can see from the ZeroTrust system, there are lots of things you can do, but getting all of your bitcoin off of the exchange is an important early step. Don’t forget to go back to level two as well if you skipped that.
Storing bitcoin on a hardware wallet is a huge improvement in security, but so much more can be done to improve security. This guide will explain what simple things you can do next, and help you understand what you’re doing and why in order to be safe and to give you peace of mind. I hope it may also spark interest to take your security further.
What Are Bitcoin Hardware Wallets?
People confuse what hardware wallets are, and what they do. They think that these devices hold your bitcoin. No! It’s important to understand these things so you know what you are doing and don’t mess up your security.
The hardware wallet holds the private keys. The private keys produce signatures and give you the power to spend bitcoin. So, they need to be kept hidden. That is the main purpose of a hardware wallet. To digitally hide and secure your private keys. The hardware device is locked with your pin. To keep your bitcoin safe, you need to…
- Prevent anyone from finding the hardware wallet
- Prevent anyone from knowing the PIN to access the contents of the hardware wallet
- Prevent destruction or loss of the hardware wallet
- Back up the 24 words (or 12) so that you can regenerate the wallet if the hardware wallet is lost/destroyed
- Don’t lose the 24-word backup
- Don’t let anyone find the 24-word backup
- Make plans for your hardware wallet and backups in case you die (inheritance plan)
If you kept your 24 words in a software wallet on a normal computer, there is a risk that there is malware on the computer — if someone gained access to your computer, then the bitcoin can be stolen, either by stealing your 24 words or manipulating the software wallet to spend to the attacker’s address (while showing you a different address on the screen!). Hackers are smart.
A hardware wallet solves this problem by never releasing private information from the device.
How does it work? Excuse the disgusting banking analogy (I’m sorry!), but it is effective…
Imagine a check payment and the following steps: You write a check with the sender’s name, your account, the amount, and importantly, your signature. The bank then receives the signed check and makes the transfer of funds.
Bitcoin transactions have similarities to check payments. They too have a sender, receiver and amounts, and also require signatures. Those signatures are digital and are done by private keys. The private key is inside the hardware wallet. We want it to stay there and never leak to the computer (or any computer) that is drawing up the details of the transaction.
These are the steps (follow where the transaction goes):
- Using your software wallet (it has no private keys), you draw up a transaction (sending address, receiving address, amounts, but no signature because it can’t).
- The software wallet then communicates with the hardware wallet (options are: USB connection, SD card, QR code) which receives the transaction unsigned.
- The hardware wallet has the private key and so, it can add a signature to the transaction it just received.
- The hardware wallet then passes the signed transaction back to the software wallet on the computer.
- The software wallet now has a signed transaction (something it could not have done without access to the private key/seed phrase).
- The software wallet is connected to a node (nodes store the blockchain), and it broadcasts the signed transaction to the node.
Once the transaction is sent to a node (preferably your own), this is what happens to it:
- The node shares the transaction with all of the other nodes on the network.
- The transaction sits in the queue (mempool) of all the nodes.
- A miner picks up the transaction from the queue and adds it to the current block it is trying to mine. It also adds lots of other peoples’ transactions to that block.
- If that miner wins the next block, that entire block is added to the blockchain, and the transaction is contained within it, so the transaction is now on the blockchain. It is said to have one confirmation.
- At some time (an average of 10 minutes later) another miner then adds their block to the blockchain, and the transaction in this example gets deeper from the tip of the chain; now it has two confirmations, and so on.
Once the transaction is confirmed (on the blockchain), the software wallets of the sender and receiver can communicate with any node and can update the balances of the addresses they have, based on movement of bitcoin as recorded on the blockchain. The payment can be “seen” by the wallets this way. A connection to a node is necessary.
The purpose of the hardware wallet in the above steps is to sign the transaction away from a computer that has access to the internet (and hackers).
How To Buy A Hardware Wallet
There are many hardware wallets on the market. The most popular does not necessarily mean the best. Keep in mind that to be the most popular, and maximize profits, some integrity is usually sacrificed to appeal to more people. Good security creates inconvenience for users and hurts sales.
The most popular hardware seem to be Ledger and Trezor. I won’t go into it here, but I have issues with them. But, if used correctly, using one is far superior to leaving your coins on an exchange. Some other good hardware wallets are Coldcard, BitBox2, Passport and Seed Signer.
When you buy one, make sure that you buy it directly from the manufacturer. Do not buy from a reseller, like Amazon, or eBay or secondhand. This is really important. A risk with these devices is that they can be tampered with in such a way that your bitcoin can be stolen.
Another risk is that you are identifying yourself to unknown people with your name, where you live and that you probably own some bitcoin. You are then a target for attack. If possible, try to buy the device without giving your real name, and have it shipped to a P.O. Box instead of your home address.
If you have quite a lot of value to secure, then I recommend buying two different hardware wallets (two different brands), and, as I will explain later, let one device check the integrity of the other. An alternative is to use an air-gapped computer to do that job. These computers have no possible way to access the internet (or other computers) as they do not have WiFi chips or Bluetooth devices.
You can have one built as a desktop computer, or build a very cheap one with a Raspberry Pi Zero — it’s so cheap it’s disposable! With such a computer, it’s secure enough to enter your private seed words, and check in a software wallet what addresses are produced, and compare them with any hardware wallet. It is also a better way to generate seeds, instead of letting the hardware wallet do it.
Opening the Packaging
When the item comes to you, carefully inspect it. If it was shipped to your home address, check that the packaging doesn’t label that a Bitcoin hardware wallet is inside. Otherwise, the entire delivery chain knows that you have bitcoin and where you live. If that happens, complain to the manufacturer.
As you unpack the device, the manufacturer may provide you with instructions on how to check for tampering. Follow this carefully.
How To Initialize A Bitcoin Hardware Wallet
Firmware Installation
A good security step is to first update the firmware. The device that was shipped to you usually has software contained (Trezor doesn’t), and you are trusting that whoever sent you the device installed genuine non-malicious software. It’s probably fine, but if you think about it, there is a risk there, and it is possible to eliminate it. The way to do that is to install the software yourself.
Many people skip the step of installing the software themselves. It’s hard. You do not have to do it — getting your bitcoin off the exchange is the number one priority, but at some point in your journey, learning how to securely update the software is wise.
Ideally, the software should be well known, open-source and verifiable that it’s genuine. This involves selecting the right hardware device (one that uses open-source software, e.g., Coldcard), and knowing how to verify the software before installing it. As an example, Coldcard provides a two-minute video on how to verify the software and how to install it into the device. The Ledger device, however, updates the firmware in a trusted way, by connecting to Ledger Live software. It only provides the benefit of having a new version of the software, not eliminating the trust of what the software is doing.
Adding A Seed
Read the manual to learn how to work your device’s controls.
At first use, you will generate a PIN that locks the device. The PIN is effectively converting the hardware wallet into a digital safe.
You will then…
Read More: How To Use A Bitcoin Hardware Wallet
