How to securely store Bitcoin and other Crypto-Currencies
After following Bitcoin and Cryptocurrencies for a few years, one thing became very obvious to me. The number one risk when investing is not hacking or security flaws, it's user error. It's so incredibly easy to lose access to your private keys. The hacking risk is still to be taken seriously and the measures describe here help mitigate that risk as well.
- Hard Drive lost with 7,500 bitcoins
- Lost 900 Ether due to incorrect use of password manager
- I Forgot My PIN: An Epic Tale of Losing $30,000 in Bitcoin
- Bitcoin stolen from Blockchain.info wallet even with 2FA activated
- My $200,000 bitcoin odyssey, How I recovered cryptocurrency from a broken laptop
- Lost Electrum password holding 10.5 BTC
- 51 BTC locked up, can't remember seed/passphrase
This page is meant to list conventional best practices on hold to hold crypto-currency in an secure manner. I'm open to feedback on this, please email [email protected]. Full disclaimer: I have an affiliate link for Trezor below.
- Order titanium plates from Calti Wallet:
- Engrave your recovery seed
- Test your recovery process
- Holding your coins on an exchange, even a reputable one, even with 2FA enabled, is risky. Someone could impersonate you and steal your funds within minutes, while you are sleeping. The exchange could get hacked. You will not get your coins back if that happens. Centralised Exchanges Are Terrible At Holding Your Money
- The only sane way to store bitcoin / other crypto currencies is using a hardware wallet. Get yourself a Trezor or Nano Ledger S. A hardware wallet allows you securely receive and perform crypto-currency transactions even on a malware-infested computer.
- WARNING there are hardware wallet scams ongoing Guy buys a Ledger Nano wallet on Ebay, and it steals all his cryptocurrency ($34,000, which is his life's savings). Make sure to buy your hardware wallet from an official source. Do not use the hardwaret wallet if it comes with a scratch-off card!!.
- During the setup of your hardware wallet, you'll be asked to write down a 24 word (BIP39) passphrase (the "recovery seed"). Properly securing that passphrase is the most important step of the setup. This is the passphrase that you will stamp onto a plate of metal to preserve it for decades to come. Losing or destroying your hardware wallet would not affect you in any way, as long as you safeguard that recovery seed, you will still have access to your funds.
- You must be the only person to see your recovery seed. Do not ask someone else to stamp it into metal for you.
- NEVER enter your recovery seed into any electronic device, file, website, or even a password manager. The recovery seed will be shown to you ONCE on the screen of your hardware wallet, but never leaves its memory. It should never be typed onto a desktop computer / smartphone as those environments are vulnerable to hacking by malware. You may write it down on paper temporarily in a private location, until you have a chance to secure the materials for stamping on metal. Never write your seed onto an electronic device
- You MUST practice recovery of your hardware wallet. Once you've written down, or stamped the recovery seed, wipe out your hardware wallet, then restore it to ensure you've copied the recovery seed correctly. Do this before you send large amounts of funds to the hardware wallet. And repeat this every time you duplicate your recovery seed onto a new medium. Don't expect an "untested" recovery seed will save you the day you need it. Why you must test your recovery seed before sending large amount of funds
- By default, the 24 word recovery seed is the only thing required to access private keys. On the Trezor, there is an option to have an additional password, but I didn't enable this option. I don't trust myself to remember this password 10 years down the line. Why I don't trust myself to use a passphrase on Trezor
- This means keeping your recovery seed plates out of sight is extremely important.
- The current 316L stainless steel design has a melting point of 1400-1450 °C. This means it can survive even a sustained, severe house fire. Reddit thread on metal survivability to house fires, Blockplate fire survival video, ColdTI Torch video, Stamping and fire resistance of brass, copper, aluminum. Titanium has a melting point of 1600 °C.
- Properly securing and storing your recovery seed is much more important than securing your hardware wallet. In fact you should treat your hardware wallet as a disposable, fragile device which can be lost, destroyed, or wiped out any time, but can be replaced with a small amount of money. Your recovery seed cannot be replaced. Reddit user doesn't have recovery seed and is forced to perform trezor firmware update
- I have another set of plates in a separate geographical area, in a trusted location, should I completely lose access to my main location. Some people suggested safety deposit boxes, though there's some debate about how safe those are.
- With this redundant approach, the only risk I'm exposed to is theft of the plates by someone motivated enough (and knowledgeable enough) to extract the funds. Given the risk profile of my geographical location, I rate this probability as low.
- If you want to obscure the purpose of the plates, buy some more time in case of theft by an uneducated thief who doesn't understand crypto-currencies, you could coat your plate in plastidip. You can always peel it off if you need to read your seed, but it'll be a lot less obvious to a thief what to do with the plate. I've found that this requires around 5 generous layers of plastidip before the engraved letters are obscured.
Here is one way to stamp your recovery seed onto metal plates. Please scroll down to see alternative methods.
These steel plates are designed to have a BIP39 24 (or 25) word passphrase stamped onto them, using a letter punch kit, to allow recovery of crypto currency private keys. Whether for use with a software wallet, or a hardware wallet like the Trezor, having the recovery passphrase stamped onto corrosion-proof and fire-proof metal plates minimizes the risk of loss of private keys. You can see letter punching in action on this video, although with our plates we will punch the full BIP39 words using letters, not numbers: ColdTI Punching Video.
The stainless steel plates can be ordered from Lasergist using instructions below. They are laser-cut from 3mm stainless steel or any other thickness available on lasergist. Technically, the middle plate is the only one required and has laser markings indicating passphrase word ordering. By having additional plates cut, the passphrase can be hidden from sight and zipties can be added to prevent tampering. It also increases the weight of the whole assembly (close to 1kg with 3x 3mm plates) which helps prevent accidental misplacement.
The titanium plates were ordered as a custom-made item from Calti Wallets using the same designs available below, I believe he plans on making more of those available. Scroll down to see other places to buy similar products.
Titanium Grade 2, 2mm
These plates should resist a 1600 °C / 3000 °F house fire. They are much harder to punch than the stainless steel ones, so I recommend a carbide tip engraver (see additional hardware below).
Stainless Steel (316L), 3mm
Below is a description of the Adobe Illustrator files used to place the order from Lasergist.
If you just want the passphrase plate with the 25 locations to stamp words, the two files below are all you need.
If you want the front plate with your name on it, you need to submit these two as well (modify frontplate_laser.ai to include whatever text you want)
This plate is just an empty plate with the cutouts for screws, but no laser engravings:
And finally this files contains all above designs on different layers, which may be useful if you wish to customize the design further.
Head over to lasergist, start a new design
You will want to submit numbers_plate_shape.ai and numbers_plate_laser.ai, with the following options:
- Material: AISI 316 - Brushed
- Thickness: 3.0 mm
- Height: 134mm
- Width: 111mm
- Path Length: 2967mm
- Extras: Laser Engraving, Sandblasting
You may change the thickness and material used, and uncheck sandblasting if you wish (selecting different options may change the price). But with the above settings, the price for that plate comes out to USD $85.53.
Then depending on whether you want the other plates, repeat the process for frontplate_shape.ai, frontplate_laser.ai (of course you'll want to modify them first before submitting). With similar settings to above, it came out to USD $59.57
The backplate, backplate.ai doesn't require any laser engraving and cost $49.10 with the following settings:
- Material: AISI 316 - Brushed
- Thickness: 3.0 mm
- Height: 134mm
- Width: 111mm
- Path Length: 730mm
- Extras: Sandblasting
If you ordered seperate plates and want to fasten them together, you may order the following screws:
The 12mm screws are sufficient to hold 3x 3mm plates. If you have less plates, less thick, or more (perhaps you have different seeds for different coins), then you'll need to get different screws.
Then additionally, you'll want the letter punch kit. I ordered this one from ebay: letter punch kit. The design on the plate is designed to accomodate words at least 8 characters long, with each letter 4mm x 4mm.
If stamping proves difficult (I found it to be extremely difficult on the titanium grade 2 plates), you could use an electric Carbide Tip engraver such as this one Carbide Tip engraver
Finally, you can order zip ties to prevent tampering with the seed.
Feel free to ask those on the Reddit Thread or [email protected]
Also if you like this design, feel free to send me a tip !
- BTC: 39YGSE5M9b9ch4Xe4WHKRxyXVSm1cXmXZW
- Litecoin: MFzrhQuRMz7KL9kj8VVVVSMPcs17Yn7YFD
Crypto Tag An all in one solution with hammer, stamping kit, letter bits. The bit holder looks quite convenient, as from experience stamping manually is quite a bit of work. A very nice looking, premium solution, with a higher price tag than other alternatives in this list.
Calti Wallets A variety of cryptocurrency seeds made from titanium. As titanium is hard to stamp, I recommend a carbide tip engraver. Also provides security seals (similar to zipties).
hodlinox.com Stainless steel plates with interlocking tab.
cryptosteel.com This is a reusable steel "container" which holds the first 4 letters of each of your BIP39 recovery seed words. It sounds like a great product, many people like it. The thing that worries me is that the words could be accidentally scrambled, which is impossible to do if the recovery seed has been stamped onto a plate of metal. Also, only including the first 4 letters, while sufficient according to the BIP39 spec (since the first 4 letters uniquely identifies the BIP39 word), seems like you would lose on some of the inherent "error correction" of having the full word written down (which would be more resilient against a single missing letter in my opinion).
billfold.com Similar to the Cryptosteel, but with laser printer letters, made from 316 steel, and cheaper.
Blockplate Stainless steel plate which uses an innovative method to store the recovery seed onto a grid, without needing a letter punch kit, only a single basic punch.
coldti.com Kickstarter for titanium plates onto which you stamp the BIP39 word numeric identifier. Doesn't look like they reached their Kickstarter funding goal, but they are planning on selling on Amazon. They have cool videos showing the punching or engraving technique
Order a simple stainless steel or titanium plate from Ebay and punch it. It may be difficult to find the right size, but this is the cheapest option of them all.
You could just write your seed on a piece of paper, but a piece of paper is easy to misplace, accidentally throw away, the ink may fade, flood and fire are a concern. Hard to protect against tampering.
glacierprotocol.org , Glacier protocol description This is a method for ultra-secure storage of bitcoin, potentially more secure than hardware wallets. But also much more complex and costly. I haven't attempted that method. It requires significant more investment in money and time.