Securing Your Private Keys

• •If someone else holds your private keys (exchanges, custodians), you don't truly own the Bitcoin.
• •You're trusting them not to lose, steal, or freeze your funds.
• •Self-custody means you control your keys = you control your Bitcoin.
• •With great power comes great responsibility—you must secure your keys properly.

• •Self-custody: Holding your own private keys instead of trusting a third party.
• •Custodial wallet: A service (exchange) holds your keys. You log in with username/password.
• •Non-custodial wallet: You hold your keys (as a seed phrase). You're the bank.
• •Seed phrase: 12 or 24 words that represent your private key(s). Can restore your entire wallet.
• •Hardware wallet: A physical device that stores private keys offline and signs transactions securely.
• •Multi-signature (multisig): Requires M-of-N keys to spend (e.g., 2-of-3). Removes single point of failure.
• •Passphrase (25th word): Optional extra word added to seed phrase for a hidden wallet.

1. Custodial (Exchange)

• •Security: Low (you don't control keys)
• •Convenience: High (easy login, no seed phrase)
• •Risks: Exchange hack, bankruptcy, account freeze, KYC
• •Use case: Small amounts, frequent trading

2. Software (Hot) Wallet

• •Security: Medium (keys on internet-connected device)
• •Convenience: High (easy to spend)
• •Risks: Malware, phishing, phone/computer theft
• •Use case: Daily spending money

3. Hardware Wallet

• •Security: High (keys stored offline)
• •Convenience: Medium (requires device to sign)
• •Risks: Physical loss, hardware failure, supply chain attack
• •Use case: Long-term savings (cold storage)

4. Paper Wallet

• •Security: High (completely offline)
• •Convenience: Low (awkward to spend from)
• •Risks: Physical damage, loss, hard to secure properly
• •Use case: Long-term cold storage (less common now)

5. Multisig

• •Security: Highest (requires multiple keys)
• •Convenience: Low (complex setup)
• •Risks: Losing multiple keys, inheritance complexity
• •Use case: Large amounts, estate planning, business funds

DO:

• •Write it down clearly on paper or metal.
• •Store in 2-3 secure, separate locations (home safe, bank box, trusted location).
• •Consider splitting 2-of-3 multisig across locations.
• •Use metal backup for fire/water resistance.
• •Test recovery on a spare device before depositing large amounts.

DON'T:

• •Never type seed phrase into computer/phone (except secure hardware during setup).
• •Never store digitally (no photos, emails, cloud, notes apps).
• •Never share with anyone (no "support" will ever ask for it).
• •Never store with passphrase (if using one—keep separate).
• •Never tell anyone you have Bitcoin (physical security).

• •Buy directly from manufacturer: Avoid Amazon/eBay (tampering risk).
• •Verify authenticity: Check for tamper-evident packaging.
• •Generate seed on device: Never use a pre-generated seed.
• •Verify receive addresses: Always check address on hardware screen before funding.
• •Update firmware: Keep device firmware updated (from official source only).
• •Use PIN/passphrase: Protect against physical theft.
• •Test recovery: Practice restoring wallet on spare device.
• •Popular options: Ledger, Trezor, Coldcard, BitBox, Foundation.

Example: 2-of-3 Multisig

• •Create 3 separate keys (3 hardware wallets or 2 hardware + 1 software).
• •Require 2 of the 3 to sign any transaction.
• •Store each key in a different location.

Benefits:

• •Lose one key? Still have access with other two.
• •Attacker needs to compromise 2 locations (much harder).
• •Estate planning: Family members each hold a key.

Complexity:

• •More complex to set up and use.
• •Need to track which keys are where.
• •Requires compatible wallet software (Sparrow, Electrum, Specter).

Phishing

• •Fake wallet apps, fake support, fake hardware wallet sites.
• •Solution: Bookmark official sites, verify URLs, never share seed.

Clipboard malware

• •Malware replaces copied addresses with attacker addresses.
• •Solution: Always verify first/last 6 characters on hardware wallet screen.

Supply chain attacks

• •Tampered hardware wallets sold on secondary markets.
• •Solution: Buy directly from manufacturer, verify packaging.

$5 wrench attack

• •Physical coercion to steal your Bitcoin.
• •Solution: Use passphrase for hidden wallet, don't advertise holdings, consider multisig.

Inheritance problem

• •You die, family can't access Bitcoin.
• •Solution: Dead man switch, multisig with trusted parties, clear instructions in will.

• •What: An optional extra word added to your 12/24-word seed.
• •Effect: Creates a completely different wallet. Seed + passphrase = new wallet.
• •Use case: Plausible deniability (small amount in seed-only wallet, real holdings in seed+passphrase wallet).
• •Risk: Lose passphrase = lose access to that wallet forever (even with seed).
• •Best practice: If used, back up passphrase separately from seed. Don't forget capitalization/spaces.

• •Problem: Bitcoin is bearer asset. If you die without sharing keys, funds are lost forever.
• •Solutions: