Hacking Lives

Share this post

Hacking Lives
Hacking Lives
Bitcoin self-custody
Copy link
Facebook
Email
Notes
More

Bitcoin self-custody

Simple steps to make complex topic very simple. Security, privacy and total control over your wealth in first place.

Stallion
Oct 23, 2023

Share this post

Hacking Lives
Hacking Lives
Bitcoin self-custody
Copy link
Facebook
Email
Notes
More
Share

Managing your own assets independently of a third-party custodian is known as self-custody. When it comes to Bitcoin, self-custody refers to having total control over your assets, including the private keys that let you access and use your money. Self-custody wallets, sometimes referred to as non-custodial wallets, are software or hardware wallets that hold private keys that can be represented as seed phrase for easier interpretation of private keys. If you are a technical person you can read more about mnemonic representation here.

What is self-custody? It means that you and only you are fully responsible for your own assets and no third party can interfere or modify it. This has many benefits such as full sovereignty and freedom, but it comes at a cost of own responsibility. That is why I write this article to simplify whole complexity into couple of simple steps you can follow.

Thanks for reading Hacking Lives! Subscribe for free to receive new posts and support my work.

1. Wallets

Wallets keep your private keys secure and accessible, allowing you to send and receive bitcoin in a simple and secure way.
Unlike a normal wallet that stores cash, bitcoin wallets technically do not store your bitcoin. Your assets live on the blockchain, but can only be spent using a private key that is stored inside the wallet.

1.1 Software wallet

One kind of bitcoin wallet that may be installed on a PC or mobile device is called a software wallet. Because it is online and easier to hack than a hardware wallet, it is often referred to as a "hot wallet." Software wallets are a popular option for smaller amounts since they are simple to use and can be downloaded for free. The following are important things to know regarding software wallets:

  • there are custodial wallets that is not recommended to use, because you trust another party that will allow you to withdraw your assets. It is very simple to use but you put your trust into another party that will not steal from you. You can imagine this the same way like bank account. You also trust another party that will allow you to withdraw and spend. If they decide not to, you have a very limited options what to do with it.

    If you have some tiny amount for daily spending (such as beer, lunch, etc..) you might use those wallets but I recommend not to use it.

    Anyway, one of the great working custodial wallets might be Wallet of Satoshi.

  • Another type are software non-custodial wallets. Difference lies in who has a control over the funds. In this case it is you. Because you will need to write down your seed phrase (more on that in later section). If anything goes wrong you can restore the access to the wallet via seed phrase and get to your funds.

    These non-custodial wallets are safer than custodial ones but, again, they are hot wallets, so it is not advisable to store a significant amount in them. Use it again for daily regular spending.

    One of the examples might be wallet such as Phoenix wallet or Breez wallet.

    I also have to mention Zeus App and with their new 0.8.0 wallet you can start using it in non-custodial way even without own your own lightning node. I was briefly playing with the new wallet and there are great improvements compared to older versions, even though there are some caveats to this that are more advanced topic.

    These wallets are not great for big amounts or for HODLing (HODL is a crypto slang term meaning to buy-and-hold).

1.2. Hardware wallet

One kind of bitcoin wallet that keeps private keys safe offline is a hardware wallet. Because it is not connected to the internet, it is less prone to hacking than software wallets, which is why it is also known as a cold wallet. The only function of hardware wallets, which might be simple plug-in devices or USB drives, is to secure a user's private keys and sign bitcoin transactions offline. Hardware wallets are the safest way to store keys to your bitcoin.

The following are important things to know regarding hardware wallets:

  • They are non-custodial, you control your private keys.

  • You want to choose the wallet that is open source and you or anyone else can verify what the wallet does. This is the best approach to security. You don't want to trust a manufacturer's claims, you want to know that what they claim is true and verifiable.

  • Make your own research but one of the best open-source wallets is Trezor Safe 3 (entry level) or Trezor T (more expensive). Trezor was the first hardware wallet ever created and they have come a long way forward. They also offer Trezor Suite platform that communicates with hardware wallet and it makes it very easy and understandable to work with your bitcoin (send, receive, transfer…), even for beginners which is the intention of this article.

    Not recommending anything but for me it is Trezor, I am using Trezor devices for years. And by the way, the owners are great honest guys.

2. Buying a hardware wallet

When buying a hardware wallet you want to make sure:

  • Ideally, you should buy directly from the manufacturer or from official resellers. You will want to be sure that the wallet is authentic and has never been opened. Many manufacturers put the "integrity sticker" on the package so you know it has never been opened before.

  • If you want to preserve your privacy, it is a good idea to buy a wallet with a made-up name and deliver it to the pick-up store to protect your privacy. You may also want to pay on delivery with cash or many hardware wallet manufacturers allow you to pay with bitcoin. More information about protecting your privacy when shopping can be read here - Become James Smith

3. Setting up a hardware wallet

Now it is a time to set-up your brand new hardware wallet. When you plug-in your wallet to computer it should ask you to download a firmware and later ask you to create a new wallet or restore wallet. I suppose you are a new user and you want to create a new wallet.

Again, each manufacturer has a slightly different approach, but what I can say is that Trezor has its own onboarding process within the Trezor Suite and makes it simple for everyone. Besides, they have wiki with many additional resources.

One note: no matter what manufacturer you’ll choose. BIP39 standard is compatible across majority of wallet manufacturers. That means you can restore your access to your wallet on another hardware or software device that support BIP39.

3.1 Seed

Seed phrase is a mnemonic representation of private keys.

You want to make sure that you will do following:

  • generate seed and write it down on a piece of paper. Do not write seed into computer, don’t take photos of it, do not store it in cloud. Just offline.

  • You want to be alone and have enough time.

  • You want to be in a room without any cameras or other recording devices.

  • When you generate your seed you want to test it and make “restore” wallet. You will double check that what you wrote down on a paper is correct and works. It is important to note that you need correct words in correct sequence.

3.1.1. Twelve words

12 word seed is one of the options it can generate. It provides 128 bits of entropy as security of your private keys. 128 bits of entropy means that there are 2^128 possible combinations of the 12 words, which makes it extremely difficult (impossible) for an attacker to guess or brute-force the correct combination. In other words as simple as possible, it would take a billion years to brute force this “password”.

3.1.2 Twenty-four words

Another option is to generate a 24-word seed phrase. As you can imagine, this would add another 12 words and add another entropy, which would mean that it would be even harder to brute force this "seed". But I have to say that it doesn't make much sense to use 24 words because the difference in brute force will be from a billion years to billions of years, which makes no difference to the user. On the other hand, it only adds complexity since you have to type 24 words instead of 12 words, you have to have them correct, you have to store them safely, etc.... In my humble opinion it does not make much sense to use 24 words.

3.1.3 Shamir Secret Shares

Shamir secret share - this is the type of seed where you can split seed into separate shares (each share has 20 words which means there is great entropy) and you can identify how many shares you will need to restore access to your private keys. One of the examples can be 2 out of 3, which means that you will need 2 shares out of 3 to restore access. Very popular is 3 out of 5. Just before setup, think about your own needs and plan the whole share storage setup (where are safe places, how many different safe places you have in your life circle).

Shamir Secret Sharing is a great way to store your seeds. Minimizes one point of failure. Imagine you only have one seed (12 or 24 words) then you could face a single point of failure such as it gets stolen, you can't find it anymore, a building collapses and you can't find it in ruins, etc.... That's why it's good to double down on diversification and have more options without compromising security (if one share of itself is stolen / lost it is not a threat to your setup).

If your amount of assets is huge or you want to be sure you can access it in the future in case something bad happens I strongly suggest you use Shamir secret shares. This is the best option of all you can do while keeping it simple. I wrote pretty extensive article on that.

Shamir secret shares set-up on Trezor hardware. It is this simple.

3.2 Passphrase

Passphrase is another level of protection.

PASSPHRASE is an additional word / phrase on top of your seed. Imagine this as the 13th or 25th word (or phrase) that is creating a totally different derivation path to your bitcoins. This means that with the passphrase implemented you have an extra layer of protection and even in case your seed is compromised no one will be able to access your bitcoins without this passphrase.

Passphrase adds another layer of security and it creates another wallets. This way it is simple to have multiple family wallets on one device. Each wallet under different passphrase (e.g. Alan, Bob, Clay, Dan, Emily…)

What you need to know:

  • The passphrase should not be together with your seed. Should be kept separately from your seed.

  • Passphrase should be long to protect you well (you want at least 5-6 words or around 20 or more characters).

  • You cannot loose passphrase. If you do you can't access your bitcoin. So, don’t lose it.

To access hidden wallet you need passphrase.

Why to use passhrase?

  • It adds additional security. Even in the unfortunate event of exposing the seed your bitcoin is still protected by an additional layer - that is passphrase.

  • To be able to spend your bitcoin you need passhrase.

Do you want to sleep soundly? Then I suggest to use passphrase. Extra layer of security.

3.3 PIN

The PIN is a lock on the screen of your physical hardware device. It is used when you have access to your physical wallet and want to unlock it. You will use the PIN every time you access your wallet. On the other hand, if you forget or lose the pin, you still have the option to restore your wallet with the seed and pasphrase (if implemented).

3.4 Difference between seed/passphrase/pin

I will try to explain differences in very simple and concise way:

  • SEED - store it well, offline, this is the ultimate access to your funds if anything goes bad. Never share with anybody. Seed is very very important.

  • PASSPHRASE - if you activate passphrase which I suggest to do then store it well because this will be as important as seed. You will need passphrase to access bitcoin and spend it. Difference is, that you need passphrase every time you access bitcoin in the wallet. That is difference from seed.

    Store passphrase in different place than seed.

  • PIN - digits that unlock your hardware wallet. If you forget it you still have option to restore wallet from seed. You can write down your PIN into your password manager for example.

3.5 Storing Seed and Passphrase

As I mentioned at the beginning, you wrote down the initial seed and passphrase on a piece of paper when you were setting up your wallet. Now it's time to think about where and how to store this crucial data. There are much better ways than on a piece of paper.
I suggest using the metal solution. Seed and passphrase should be able to survive these bad scenarios that could happen:

  • fire - paper burns → bad

  • flood/water - record on a paper becomes smudgy → bad

  • unintentionally throw it in the trash (which might happen very easily with paper) → bad

  • Record durability - paper and pen is not durable enough for years to come and becomes unreadable → bad

There is not a single best option how to do it. I suggest following:

  • read great tests from Jameson Lopp on metal solutions

  • If you have some money and want to evitate inventing the best DIY solution then the good options are commercial solutions for seeds such as Trezor Keep Metal for 12 words or for Shamir. Note: I have not tested it yet, but looks pretty solid from what I can tell. Anyway there are tons of commercial solutions on the market. Make own research.

  • If you want to go the DIY way then option might be to get stainless steel washers and stamping die. You will stamp every word on a separate washer (don’t forget to keep the order/sequence of words and not mix it) and when you are done you will place it into a waterproof container. If you go this route I suggest to read the article mentioned above from Jameson and think what works the best for you.

    photo from seed testing article econoalchemist.com

Conclusion

To be fully sovereign you have to accept full responsibility for your actions. That means that everything falls on you and that any mistake will cost you dearly. However, if you accept responsibility you will gain freedom, full ownership of your assets that no one can take away from you. Learn self-custody and you will become a free man.

  • For daily spending use software lightning wallet, 100% recommend non-custodial wallet where you are in control of your funds.

  • Get yourself brand new hardware wallet for storing bitcoin for longer period of time.

  • Generate new seed in a secure way.

  • Implement passphrase (highly recommended).

  • Test it that all works well.

  • Send a test transaction to newly generated address.

  • After testing it you can generate a new address and send the rest of your funds into cold storage.

  • Record your seed on a metal solution and store it in a safe location.

  • Record your passphrase on a metal solution and store it in a different safe place.

You have now become a self-sovereign individual over your bitcoin.

Disclaimer: I am NOT affiliated with or paid by mentioned products/services in any way. All mentioned is my opinion and I have not received any financial or any other compensation.

Did it help or do you like it? You can send some sats to stallion@walletofsatoshi.com or to bitcoin lightning LNURL: lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpd3kxjmmwavy8ja

you can scan the QR code with your wallet if you want to send me a tip. Your help will be much appreciated.

Thanks for reading Hacking Lives! Subscribe for free to receive new posts and support my work.

Share this post

Hacking Lives
Hacking Lives
Bitcoin self-custody
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Stallion
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More