You've bought some bitcoins on an exchange, and then you followed the common advice to withdraw your coins to a hardware wallet. That's definitely better than creating a webwallet on something.com or leaving them on the exchange! But there are some big problems with hardware wallets you should be aware of.
No! You must keep these words available and in the correct sequence, perhaps on a piece of metal, but they must also be kept totally private! Anyone who sees those 24 words, even for a split second, can sweep all of your coins at any time. A telephoto lens from a neighboring building, a drone hovering outside your window, a plumber, a maid, a realtor, a bank employee, the police with/without a warrant...anyone who sees those 24 words is the next owner of your bitcoins. The only way to protect against this threat is by enabling "25th word" passphrase protection.
So what's most private, secure, and reliable method for storing and using bitcoin? There are always trade-offs to be made, but for most people who are ready for the "next level" the best way is to run an always-on computer that is dedicated to bitcoin core. There are three important considerations to keep in mind with this approach:
There are a number of tutorials out there, including the one I wrote on being your own bank. By the way, I do not recommend using the Intel NUC which was used as an example in that paper. The eMMC storage became corrupted after only a few weeks.
A proper bitcoin terminal is modern minimalist art; you take a computer that can do all kinds of things, and make it do only one thing (run bitcoin core) and do that one thing really well. In general, you should:
Imagine that you store one of your optical disks in a safety deposit box at a bank. If someone who works at the bank decides to have a look at your disk, they will be able to see your wallet history. This is not so great for privacy, but at least they won't be able to steal your funds - that's because you encrypted the wallet with a passphrase. If you want to protect your privacy too (probably a good idea if you are mailing the optical disk across borders) you can go one step further and place the wallet.dat file in an encrypted container, using VeraCrypt, and then burn that encrypted container to optical disk. Even if you take these measures, you should assume anyone who has access to the disk is working on cracking your passphrase. Make sure to use a strong passphrase, and change it (and then burn new disks) each year!
Create a new receiving address. Scan the QR code which is displayed with your smartphone camera, then send the address via a messaging app like Telegram or iMessage, or something like airdrop to your laptop. From there you can send the address to the exchange or create an invoice and send it to whoever is supposed to be sending you bitcoins.
You need to get the address to which you'll be sending funds into the terminal. The best way to do this is to dedicate a USB stick to the mission of "address courier". Don't use the USB stick for anything but this purpose. Save the receiving address to a text file on the USB stick using your laptop, then stick the USB stick into your bitcoin terminal. Copy the address from the text file and paste it into your "Send" dialog box. Take a picture of the original invoice and double check the first four and last four characters to make sure the receiving address hasn't changed after you pasted it.
Yes. You will have more control over address types, so you can take advantage of new features (such as lower cost transactions) while remaining perfectly backwards-compatible. You will also be perfectly setup to work with multi-signature transactions, which provide better protection against malware as well as against physical threats and coercion. You also won't be subject to a vendor's constant marketing emails or a user interface cluttered with useless and risky features, like built-in token exchanges...
Creating a bitcoin terminal is definitely is not the only way to use bitcoin, and isn't necessarily something everyone will want to do. In practice, advanced users pursue a combination of approaches, keeping their bitcoin spread across multiple hardware wallets, in multi-signature schemes, a little bit on exchanges, and maybe a little bit on a mobile wallet. It's important to understand the costs and benefits of each approach so that you can competently manage risk.
So what is the "best" bitcoin wallet? I think it's the terminal you maintain yourself. But the best wallet is the one that you're comfortable with and one in which you fully understand the risks and are comfortable taking measures to control those risks.Return to main