I’m trying to understand the best ways to protect a Bitcoin wallet.
Some obvious techniques include:
Backing up your seed phrase in multiple locations.
Split the phrase and avoid storing all copies in the same place.
But what do experienced users do to feel confident their Bitcoin is safe?
1. Is the only sign of compromise is if funds are moved unexpectedly? No way to know someone "logged in" or "tried to login" to your wallet?
2. If I suspect something, the only way to secure my Bitcoin is moving everything to another wallet?
Trying to understand how to secure a Bitcoin wallet like a bank account?
byu/Born-Wafer7110 inBitcoinBeginners
Posted by Born-Wafer7110
5 Comments
1. Make use of a passphrase and a decoy wallet. Leave some sats in the wallet protected only by the seed and the rest in the wallet protected by the passphrase. Store the seed and the passphrase separately at all times. If someone moves your sats from the wallet not protected by the passphrase, you will know that the seed has been compromised, but most likely the majority of your funds will still be protected until they break your passphrase. This will give you time to move your coins to another wallet. You can set an alert if funds are moved from your wallet, make use of that to monitor your decoy wallet to be quickly alerted of a compromised seed.
2. Yes.
If you back up your seed phrase onto anything besides a steel plate, you’re a moron.
1 Generally speaking, yes. From the PoV of the blockchain, which is how you see what’s happening, there is no such thing as “logging in to a wallet.”
2 Correct.
This is a normal progression in security –
1) better education in security best practices –
https://old.reddit.com/r/BitcoinBeginners/comments/1ha7ujy/strategies_for_keeping_your_bitcoin_safe/m16l8rx/
2) Hardware wallet
https://old.reddit.com/r/BitcoinBeginners/comments/1rlcnrx/best_place_to_buy_and_store_bitcoins/o8roul0/
3) Hardware wallet + metal backup seed
https://jlopp.github.io/metal-bitcoin-storage-reviews/
4) Hardware wallet + metal backup seed + extended passphrase
https://old.reddit.com/r/BitcoinBeginners/comments/g42ijd/faq_for_beginners/fouo3kh/
5) Hardware wallet + metal backup seed + extended passphrase and pairing your hardware wallet to your own bitcoin full node (example – sparrow with core backend)
6) More complicated security once you own millions of dollars in Bitcoin like multisig or SSS
Move to each higher level when you are ready
————
> 1. Is the only sign of compromise is if funds are moved unexpectedly? No way to know someone “logged in” or “tried to login” to your wallet? 2. If I suspect something, the only way to secure my Bitcoin is moving everything to another wallet?
Using an extended passphrase can help here because you have a decoy balance secured by the pin of your hardware wallet or the seed words which acts as a honeypot. Thus if that balance moves you know one person found your seed words or has your hardware wallet and pin and most your savings is secure with an extended passphrase where you can investigate and move your account over to a new set of seed words(and extended passphrase) at your leisure with no panic of someone being able to take most your Bitcoin
Don’t split the seed! Never! If say you split into 3 parts and someone gets 2 out of 3 it’s easy to calculate the rest. Use Shamir’s backup or multisig wallet so every share has full strength encryption. (Remember to save pubkey otherwise you lost everything)