- This guide to using a bitcoin hardware wallet explains everything you need to know to securely store and control your bitcoins.
Cryptocurrency Hardware Wallet is mandatory at this time. Because your cryptocurrency is not fully safe with exchanges like coinbase, hotbit, gate.io, robinhood, binance and more. This exchanges are safe but lots of issue are some time have available in this platform like cyberattacks and more.
Hardware wallet explained
How do they work and why are they important.
Hardware wallets are a key component of the blockchain ecosystem. They provide security and usability when interacting with the blockchain. Here’s why you should have one if you haven’t already.
Protect your assets even when the computer you are using is not secure. Hardware wallets give you an extra layer of protection against cyber attacks, phishing sites, and malware.
Many Assets in One Location
A hardware wallet can work with multiple blockchains simultaneously. It allows you to manage Ethereum and Alt. Coins, bitcoin, Stellar lumens, Dogecoin, Lite-coin, Shiba-Inu and more, all on a single device. All of them can be easily backed up with a recovery phrase.
A hardware wallet, often a small plug-in device, is a portable key to securely access your crypto assets from anywhere. A hardware wallet can let you “log in” to multiple dApps without creating new accounts. You can also use them to log into regular apps like Google and Facebook.
Platforms like Radar Relay allow you to trade directly from your hardware wallet. It is the safest way to trade digital assets as you retain custody of your tokens at all times. Assets trade directly from your wallet instead of being deposited into an exchange wallet. It saves you time by excluding fees from deposit delays and withdrawal limits.
This is not a guide on the most advanced security for your bitcoin holdings. It’s an easy way to improve what most people do. It is not about any one type of Cryptocurrency hardware wallet. Rather it is about hardware wallets in general.
Aiming for extreme security from the start is an unreasonable expectation. This must be done in stages, otherwise, you will have gaps in understanding, and such gaps are a security risk. If you are going into self custody. So blindly following the advice is also a security risk. You also have to understand what you are doing. This series is about “Level Three” of my ZeroTrust system. Receive coins to and from the exchange with the Cryptocurrency hardware wallet in your custody.
This is something that bitcoiners regularly recommend to newcomers to do. And this is great advice. (For those interested, here’s a detailed explanation of why it’s a bad idea to keep bitcoins on an exchange.)
As you can see from the ZeroTrust system. There are many things you can do, but getting all your bitcoins off an exchange is an important initial step. Don’t forget to go back to level two even if you skipped it.
Storing bitcoins in a Cryptocurrency hardware wallet is a huge improvement in security. But much can be done to improve security. This guide will explain what simple things you can do next. Will help you understand what and why you are doing it to stay safe and give you peace of mind. I hope it can arouse your interest to take the security further.
What are cryptocurrency Hardware Wallets?
People confuse what Cryptocurrency hardware wallets are and what they do. They think these devices hold your bitcoins. Not! It’s important to understand these things so you know what you’re getting into and don’t jeopardize your safety.
The Cryptocurrency hardware wallet contains the private key. The private key generates the signature and gives you the power to spend bitcoins. That’s why they need to be kept hidden. This is the main purpose of the hardware wallet. To hide and secure your private keys digitally. The hardware device is locked with your PIN. To keep your bitcoins safe, you need to…
- Prevent anyone from finding the hardware wallet
- Prevent anyone from knowing the PIN to access the contents of the hardware wallet
- Prevent destruction or loss of the hardware wallet
- Back up the 24 words (or 12) so that you can regenerate the wallet if the hardware wallet is lost/destroyed
- Don’t lose the 24-word backup
- Don’t let anyone find the 24-word backup
- Make plans for your hardware wallet and backups in case you die (inheritance plan)
If you keep your 24 words in a software wallet on a normal computer. So there is a risk of malware on the computer. If someone has gained access to your computer, bitcoins can be stolen. Hackers are smart enough to spend it at the address of a software wallet attacker by either stealing or manipulating your 24 words (showing you a different address on the screen!).
A hardware wallet solves this problem by never releasing personal information from the device.
How does this work? Sorry (I’m sorry!), the disgusting banking analogy, but it’s effective…
Imagine paying a check and the following steps. You write a check with the sender’s name, your account, amount, and most importantly, your signature. The bank then receives the signed check and transfers the money.
Bitcoin transactions have similarities to check payments. They also have a sender, receiver and amount, and require a signature. Those signatures are digital and are done by the private key. The private key is inside the hardware wallet. We want it to stay there and not leak to the computer (or any computer) that created the transaction details.
These are the steps (follow where the transaction goes):
- Using your software wallet (it has no private keys), you draw up a transaction (sending address, receiving address, amounts, but no signature because it can’t).
- The software wallet then communicates with the hardware wallet (options are: USB connection, SD card, QR code) which receives the transaction unsigned.
- The hardware wallet has the private key and so, it can add a signature to the transaction it just received.
- The hardware wallet then passes the signed transaction back to the software wallet on the computer.
- The software wallet now has a signed transaction (something it could not have done without access to the private key/seed phrase).
- The software wallet is connected to a node (nodes store the blockchain), and it broadcasts the signed transaction to the node.
Once the transaction is sent to a node (preferably your own), this is what happens to it:
- The node shares the transaction with all of the other nodes on the network.
- The transaction sits in the queue (mempool) of all the nodes.
- A miner picks up the transaction from the queue and adds it to the current block it is trying to mine. It also adds lots of other peoples’ transactions to that block.
- If that miner wins the next block, that entire block is added to the blockchain, and the transaction is contained within it, so the transaction is now on the blockchain. It is said to have one confirmation.
- At some time (an average of 10 minutes later) another miner then adds their block to the blockchain, and the transaction in this example gets deeper from the tip of the chain; now it has two confirmations, and so on.
Once a transaction is confirmed (on the blockchain), the sender’s and receiver’s software wallets can communicate with any node and update the balance of the addresses they hold based on the movement of bitcoins recorded on the blockchain. can. can do. The payment can be “viewed” by the Wallet in this way. A connection to a node is required.
The purpose of the hardware wallet in the above steps is to sign transactions away from a computer that has access to the Internet (and hackers).
How to buy a Cryptocurrency Hardware Wallet?
There are many hardware wallets in the market. Most popular does not necessarily mean best. Keep in mind that some integrity is usually sacrificed in order to attract more people, in order to be the most popular and make the most profit. Good security creates inconvenience for users and hurts sales.
The most popular hardware appears to be Ledger and Trezor. I won’t go into it here, but I have a problem with them. But, if used properly. So using one is much better than leaving your coins on the exchange. Some other good hardware wallets are Coldcard, Bitbox2, Passport and Seed Signer.
When you buy one, make sure you buy it directly from the manufacturer. Do not buy from a reseller, such as Amazon, or eBay or secondhand. This is really important. There is one risk with these tools. That they can be tampered with in such a way that your bitcoins can be stolen.
Another risk is that you are identifying yourself with people who are unknown to you. Where do you live and you probably have some bitcoins. Then you are the target of attack. If possible, try to buy the device without revealing your real name, and give it a P.O. send to box instead of your home address.
If you have too much value to protect. So I recommend buying two separate hardware wallets (two different brands), and, as I’ll explain later, let one device check the integrity of the other. One option is to use an air-gapped computer to do that job. These computers have no possible way to access the Internet (or other computers) because they do not have WiFi chips or Bluetooth devices.
You can be made as a desktop computer. Or make a lot cheaper with the Raspberry Pi Zero – it’s so cheap it’s disposable! With such a computer, it is secure enough to enter your private seed words, and check into a software wallet. Know what addresses are generated, and compare them to any hardware wallet. This is a better way to generate the seed, than to let the hardware wallet do it.
When the item comes to you, inspect it carefully. If it was shipped to your home address. So check that the packaging does not label that the bitcoin hardware wallet is inside. Otherwise, the entire delivery chain knows you have bitcoin and where you live. If this happens, complain to the manufacturer.
The manufacturer may provide you with instructions as you unpack the device. How to check tampering. Follow it carefully.
How to Initialize Bitcoin hardware wallet?
Updating the firmware first is a good security step. The device that was shipped to you. That usually includes software (Trezor does not), and you’re trusting whoever sent you the device. That installs genuine non-malicious software. That’s probably fine. But if you think about it, there is a risk, and it is possible to eliminate it. The way to do this is to install the software yourself.
Many people skip the step of installing the software themselves. It’s difficult. you do not have to do that. Getting your bitcoins off the exchange is the number one priority. But at some point in your journey, it’s wise to learn how to update software safely.
Ideally, the software should be well known, open-source and verifiable that it is genuine. This includes selecting the correct hardware device (one that uses open-source software, eg, ColdCard), and knowing how to verify the software before installing it.
For example, Coldcard offers two minutes of video. That’s how to verify the software and install it in the device. However, the Ledger device updates the firmware in a reliable way, by connecting to the Ledger Live software. It only provides the advantage of having a newer version of the software. Doesn’t take away the trust of what the software is doing.
Add a Seed
Read the manual to learn how to make your device’s controls work.
On first use, you will generate a PIN which locks the device. The PIN is effectively converting a hardware wallet into a digital vault.
You will then be given the option to derive a seed phrase, usually 24 or 12 words. You have to write down these words. Why? If you lose your hardware wallet or it gets damaged. So Word can restore your bitcoins to any other HWW of any brand.
When do you record words? So you should be alone, and make sure no one can see you through a computer camera, an open window, or a passerby, etc. Also, do not say words out loud while the voice recording is on a device, such as a computer. Edward Snowden reveals how our computers are spying on us. Even if they seem off! The words you are going to write are your weakest point of protection, but necessary.
No matter how secure your hardware device is, if someone has access to your written words. So they can take your bitcoin – even without needing access to your hardware wallet. All they have to do is enter 24 words into their hardware wallet, and spend their bitcoins in that wallet. over which you have no control. Then your balance will be zero.
So, write neatly and carefully. Making an error when writing words, or writing in such a way that you misinterpret your handwriting in the future. This would mean if you need words to restore a damaged or lost hardware wallet. So you will fail and have access to your bitcoins. Get out. It has happened to people.
The hardware wallet will usually get you to write down the words as it displays them to you one by one, and then it will ask you to enter into the device that you typed it correctly.
Adding a passphrase is a very important security and storage feature. Don’t confuse this with “password,” which is commonly used to lock wallets or devices. A passphrase is an additional word that you add to a 12- or 24-word seed. The difference is that it is not limited to 2,048 possible words in a seed. You can choose any word of your choice or a random string of text.
I suggest making it at least 15 characters long, not obscure in any way, not easy to guess and probably something you can remember. If it’s too long, it’s going to be a real pain to log into a clunky hardware wallet every time. Each device has a different way of applying the passphrase. If you choose to skip this step, it becomes a bit difficult to store your words securely (explained later).
Once this process is complete, what is called an “extended private key” in the wallet creates a number of individual private keys, each of which forms an associated public key, which each creates an associated address. There’s more here if you’re interested.
Create Viewable Wallet
A Watching Wallet is a software wallet, usually on your desktop, that contains an extended public key, and with it, can create the addresses of all your wallets. These addresses are associated with seed words, but the words and private keys are not stored here. That is, no coins can be spent. They can only be seen.
A Watching Wallet starts out looking like empty addresses until it connects to the blockchain (a public node, but preferably your own node), and requests data about the value contained in all the addresses. Viewing wallets provided by hardware wallet manufacturers are usually very basic (eg, Ledger Live, Trezor Suite), and only show one address at a time when you use them.
You have effectively infinite addresses (linked to your mnemonic seed words) that are not shown to you by these software packages. If you use third-party open-source software such as Electrum Desktop Wallet, Sparrow Wallet or Specter Wallet, you see a lot more of your wallet and more on how the coins in your wallet are spent in transactions. control takes place. You learn a lot more about how bitcoin works.
Before you install your Watching Wallet, you should consider malware. Your regular computer, with which you surf the Internet, almost certainly has malware. The most extreme security would be to buy a dedicated computer, install the Linux operating system on it, and only use it for bitcoin transactions. Less extreme would be to take an old computer and clean it with a newer operating system (Linux, Mac, Windows – security in that order). Most people would use a regular computer and I don’t think I would be able to stop them. At the very least, if you do this, every time you send and receive coins, double-check the address you are spending on the computer screen and hardware wallet.
The way to set up the watching wallet with the hardware wallet’s software is straightforward if you follow their instructions. But setting up on third-party software is a process…
- Download software, ideally open source, direct from the software’s website or GitHub.
- Verify the hash of the package and the GPG signature — this ensures the software has not been tampered with. If you are an expert, compile from the source code. This article contains a video demonstration of me verifying the GPG signature for an Electrum desktop wallet. This article explains GPG signatures and hashing.
- Extract the extended public key (xPub) from the hardware wallet and load it into the watching wallet — the process for this varies with the device and the software package. This link contains information on how to do this for Electrum, and this one for Sparrow.
Once you do this, you no longer require the hardware wallets software and can continue to connect to the third-party software, which is always much better.
Make a test transaction to receive and spend
Your hardware is set up and you have the watching wallet set up on a clean computer. Perfect. Now you want to receive all your bitcoin sitting on the exchange, right? No. First, you must receive a tiny amount and test that you have the power to spend. Proceed as follows…
- Factory reset the device.
- Restore the device with the seed words you wrote down.
- Make a second watching wallet using the newly-created, restored xPub in the hardware wallet, and compare the addresses.
- Send a tiny amount to address #0 from the exchange, e.g., $100 worth (not too small).
- Spend this $100 worth and send it to address #1 within your wallet (this requires a bitcoin transaction and costs some fees. Don’t spend more than 1 sat per byte if your software gives you that level of control).
If that worked, proceed to the next step.
Test your seed words on another device
Most people will skip this step. Ideally, you should restore the seed phrase into a second device, and make another watching wallet by extracting the xPub from that. Inspect the resulting addresses (receiving addresses and change addresses if you know how), and compare them with the previous watching wallet you made. If they are identical, you are good to go.
Back up your words
You can’t send all your bitcoin from the exchange to the watching wallet just yet, sorry.
You really must consider the backup of the words. So far, they are written down on paper. But you should make another copy. Some people get obsessed about recording the seed words down on metal because it can be fireproofed. They even pay money for fancy metal backup contraptions — not necessary.
If you duplicate your backups and keep them separate, a fire in both locations is your disaster scenario, not a fire in one location. You may still prefer to protect yourself from it. You can just get any scrap metal and use a $12 engraving pen to engrave your seed in it. If you want to test fire resistance, try placing it in a BBQ and see how it fares. See if you can read your etching. I did my test and it was fine.
The next thing to consider is “what if someone finds a backup”? Some people believe that splitting the words into separate spaces and storing them in different places is a good solution, but this is a terrible idea, as it increases the risk of the seed being brute force calculations. goes. You must have a passphrase and it is effective to keep it separate from the words. To spend bitcoins, you will need to be able to restore the seed words and passphrase (simply entering the seed without the passphrase will regenerate the wrong wallet).
Where to keep backup?
Make sure everything is not in one place as some kind of disaster could mean that everything is lost.
You can keep your hardware wallet in your home, and seed words there too, as long as you have a copy elsewhere, perhaps a safety deposit box, or the home of a trusted family member. The use of passphrases becomes important if you pass your seed on to other people, even if you trust them, because you may not necessarily trust their storage practices. They have the seed but no passphrase; If they store it insecurely and it is stolen, your bitcoin is safe because the thief will not have the passphrase.
Establish a legacy plan
It is difficult and depends on a lot of things. A simple solution might be to memorize the passphrase and keep it somewhere safe and tell your heirs what the passphrase is and where the seeds are kept. The obvious problem with this is that your coins could be stolen by your heirs while you’re alive, or they could be attacked and information left behind.
Protection against this type of thing requires more advanced storage (multi-signature) and a carefully designed recovery plan should you die. If interested, I offer this as a service and may be contacted for details.
Transfer your funds from the exchange
Your wallet is created, passphrase applied, test spent, seed backed up in multiple locations, legacy plan considered… Now, you can transfer your coins from the exchange to your viewing wallet. I can withdraw.
One thing to consider is whether you must transfer everything at once or in small packages.
Each withdrawal will give you a different coin with a different history, so to an outside observer, your knowledge of one coin being yours does not give information about your other coins, and therefore your total balance.
Ideally, you want to have coins/withdrawals of a low cost; You can transfer the amount in the future when the value of bitcoin is too high. But if you take it too far, you will make multiple withdrawals, and the exchanges will add withdrawal fees. I think it is wise to mix large and small coins. This is something you should consider, I can’t offer any advice that suits everyone.
Security in Three Steps
While every wallet is a little different, using them is pretty similar:
- Plug the device into your computer and unlock it with your PIN.
- Create a transaction, like a trade on Radar, then confirm it on the device’s screen.
- Rest assured your keys aren’t in danger.