How do you protect your bitcoin? \ stacker news ~bitcoin

120 sats \ 10 comments \ @BitcoinIsTheFuture 12 Jul 2023 bitcoin

I use cold storage, multi-sig wallet, seeds written on paper in safes. Need to update the seeds of of paper in the future. This is a good idea - https://twitter.com/CooliganFields/status/1678371764315848704?s=20

view all related items

20 sats \ 0 replies \ @orthwyrm 12 Jul 2023

I am currently using the following scheme for single-sig + passphrase:

location #1: Seed backup location #2: Seed backup location #3: Passphrase backup memorised: Passphrase

In this scheme one back-up can be lost and funds still retrievable, so it's like a quasi 3-of-4.

I am considering an upgrade to a 2-of-3 multisig:

location #1: Seed #1 + xPub quorum location #2: Seed #2 + xPub quorum location #3: Seed #3 + xPub quorum digital: Various xPub backups

The main advantages of 2-of-3 in my case would be that it's more resilaint against evil maid attacks (as multiple devices need to be compromised), and I'd be unable to forfeit the keys while under duress (as nothing is memorised).

The main disadvantages of 2-of-3 in my case are complexity and potentially privacy (as the xPub quorum reveals one's balance).

I go back and forth on the decision to upgrade. I think SS+P is fine for now, but at some point we may be living in a more adverserial environment where KYC data is leaked and BTC is worth x10 today's price. I would certainly appreciate the extra security in such a scenario.

10 sats \ 2 replies \ @pajdo 12 Jul 2023

I use single-sig + passphrase

Seed backup:

Cryptosteel Capsule
Steel plate
DIY Stainless Steel Washers
MicroSD with encrypted seed backup (7zip, AES-256) - generated from Coldcard, protected by 12 words, never to be inserted into anything other than Coldcard, or Tails (in case of emergency)
Coldcard Mk4

Passphrase (six BIP-39 words):

Keeping in memory
DIY Stainless Steel Washers
Password manager, archived and stored under random name
KeePassXC vault inside of a Cryptomator vault stored in multiple cloud services and local flash drives
Standard Notes protected note

12 words for encrypted backups

KeePassXC vault stored in multiple cloud services (different from ones storing the passphrase)

I keep separate accounts for KYC, "Light" KYC, and P2P No KYC.

All other wallets are derived using BIP-85 from seed+passphrase as a master parent seed.

All online services are protected by YubiKeys or YubiKey Authenticator 2FA TOTP codes and very strong diceware master passwords.

Not ideal, probably too many backups, but I'm still learning. Will be moving to multi-vendor 2-of-3 or 3-of-5 multisig in the future, when I get more comfortable with it. And I should probably delete this comment soon.

0 sats \ 1 reply \ @chungkingexpress 12 Jul 2023

Thanks for the writeup. What do you define as "Light" KYC?

0 sats \ 0 replies \ @pajdo 12 Jul 2023

Purchased through sevices like Relai/Pocket/Bitkipi which have my bank details, but no other information

110 sats \ 2 replies \ @SimpleStacker 12 Jul 2023

Sadly, I have no more Bitcoin to protect after I lost it all in a tragic boating accident.

0 sats \ 1 reply \ @WeAreAllSatoshi 12 Jul 2023

You too?! What are the odds

0 sats \ 0 replies \ @BitcoinIsTheFuture OP 12 Jul 2023

lol 😆 it happens

0 sats \ 0 replies \ @OneOneSeven 12 Jul 2023

I keep my hardware wallet at the bottom of a lake

0 sats \ 0 replies \ @muteness11 12 Jul 2023

The best way is to post your 12/24 seed words on social media ..... Everyone will think its a scam or a joke so they wont do anything ... and one day u will dig for that to access your BTC

Think Differently :)

0 sats \ 0 replies \ @duvel 12 Jul 2023

How do people store their passphrase (seed password)? Do they use laminated paper in a safe e.g. or also in steel?