offline bitcoin storage guide
requirements: computer, coldcard, battery, usb cable, microsd card, card reader, dice
This guide will get you setup with using bitcoin in a reasonably easy, affordable, and secure way. It is best to keep bitcoin keys offline and never connected to the internet. Someone would need physical access to steal money, similar to gold secured in a safe. After you get comfortable with this setup you can easily upgrade your security and privacy without changing the software you are using.
this setup is relatively cheap for the security it provides
~$150: coldcard + computer
~$450: recommended full setup: bundle + card reader + dice + computer
- buy coldcard
a. best not to ship to your house for privacy reasons but they claim to delete customer records after 120 days - check bag for tamper
- open bag, check device for tamper
- download newest firmware to computer
- load it on to microsd card
- remove microsd from computer, insert into coldcard
- connect coldcard to battery, power on
a. some battery packs do not stay on for low power devices, the coldpower offered directly from coinkite is great
- check bag number on device
- use microsd to install latest firmware:
Advanced > Upgrade >From MicroSD - create pin
- click new seed words
- click 24 words (do not click the dice roll option)
- the screen will show you 24 words
- press 4 to add dice
- roll at least 100 times
a. this adds your own entropy to the built in coldcard entropy, so you are not solely trusting the coldcard’s random number generator - backup your wallet by storing the secret backup words somewhere safe in steel
a. this is called your seed
b. anyone with access to these words can spend your bitcoin
c. never enter them into your computer
d. enter them directly into a coldcard when restoring from backup
e. for additional security use SeedXOR feature in coldcard settings to split your seed into two parts, both sets of words would be required to recover/spend your bitcoin, store them separately on steel
f. if you have a second coldcard, practice the recovery process by recovering the seed words into the second coldcard, if you did the back up correctly both coldcards should show the same receive addresses - download and install sparrow wallet
- follow the steps to add coldcard
- OPTIONAL: For better privacy install and run Bitcoin Core on the same computer to easily use Sparrow with your own node
IMPORTANT THINGS TO REMEMBER
-
always verify receive addresses on the coldcard address explorer going forward
-
make sure to clearly label your receive addresses in Sparrow so you know what their source is when you go to send from them in the future
-
always double check destination and change addresses directly on the coldcard screen during the transaction sending process
-
never connect your coldcard directly to the computer, use a microsd card to transport the data
-
can also be useful to have an additional backup that is a second coldcard already setup with the same wallet
-
always test your backups, consider doing a full restore process on a new device
-
the coldcard is designed to be secure even if your computer is insecure but best practice is to use a dedicated computer with it that you do not use for anything else - if a malicious actor gets access to your computer they can compromise your privacy and potentially steal funds
-
You may want to experiment with a multisig setup using the same software stack as above as you get more comfortable. The nice thing about the above setup is you can easily move to multisig in the future.
