Be Your Own Bank - Think like a bank

A full guide how to start with Bitcoin and use the 3 levels stack

Originaly posted on Substack on Sep 23, 2021

Updated here on Nov 22, 2024

Ok, well, we already have some BTC in our wallets. It is time to know how to protect them well, and here we will present some basic procedures.

Many people nowadays are not ready yet to THINK like a bank, so with this guide I will try to explain how to manage your wallets, addresses (UTXOs) and the whole stash in a well organized way, prepared for the future hyperbitcoinization.

TO REMEMBER

NOT YOUR KEYS – NOT YOUR BITCOINS. Yes, custody of your keys (seeds) is the most important aspect for Bitcoin owners. So please, DO NOT use “banks for your BTC”. In Bitcoinlandia YOU are your own bank. Custodial BTC wallets is what exactly can kill Bitcoin - losing control of your own money is going back to fiat money and fractional reserves.
You have to stop acting as usual with the banks: “oh well I put the money in a bank and they take care of everything …” Bad, very bad this type of thinking. Bitcoin is PROPERTY and must be treated as something yours, personal, not transferable. So learn to use it well and very important: protect it.
Start learning this technology. Stop crying and saying that “I am not capable of doing this” or that “technology is not good for me”, these are just excuses and it does not solve anything. Put yourself together and learn how to use this technology. If you manage the fucking Facebook, well, you also be able to manage your BTC. If you do not understand this aspect, then Bitcoin is not for you. If you ignore this aspect, you will lose ALL your BTC. This is not a joke!
Backups. NEVER have only one copy of your backup copy of your seed/ keys. Always make more than one copy and keep it in different places. You never know what will happen to you and your keys.

IMPORTANT RULE:

Separating your BTC into three levels of stashing:

A. HODL - your "central bank", savings, most of your stash, onchain, cold wallets

B. Cache - your "commercial bank", operations center, medium size of stash, onchain and LN, disposable wallets

C. SPEDNL/mobile - your spending pockets of cash, daily use, small amounts

Think like a bank - manage your funds in three levels of stash

Each part has its protection methods and you have to think like a new banker, now you are managing your bank and a bank always has different levels of volume and access.

As you will see there are so many ways to keep safe your bitcoins, imagination do not have limits and technology back it up.

Basic hardware and software recommendations

You are not very proficient with computers and technology. Fine, no problem, but at least pay attention and take some basic measures, to be more protected.

Use a clean environment

Always use a clean computer / device when is about to use it with Bitcoin. Don’t use a shared computer with somebody else, don’t use a computer that is for work or play. Usually those end up in being infected with malware (no matter how many antivirus you install).

Option A

Just take a second hand laptop or PC, no need to be super powerful and install a Linux OS (Linux Mint is more user friendly). Use that Linux machine exclusively for Bitcoin stuff. Don’t watch movies or porn, don’t play games, do NOT use for remote control access, JUST BITCOIN.

Install on this OS Bitcoin Core as your node, so you can connect all your wallet apps, and other Bitcoin stuff. If you use Bitcoin sporadically, there’s NO NEED to keep this Bitcoin Core node always online, 24/7. It is enough to update its sync blocks more often or even before you start using it with your wallets to do your txs.

This Bitcoin Core node is your door to the Bitcoin world.

Install also Electrum and Sparrow or Specter as main cache wallet apps. Optional you could use Green, Nunchuck, Wasabi if you want more tools (mixing, coinjoin, multisig, HW etc).

This PC/Laptop will be your main operational “bank”, where you will do all the funds management, redistribution, coin control etc. Secure it with a good password !

Install also on this KeePass password manager (it comes also in Linux Mint as base app), to keep at hand all your Bitcoin information. Save the KeePass database on a secure USB stick, encrypted. You can use Linux disk manager to encrypt your USB. That means every time you open that USB, it will ask you for a password. And every time you need to consult your passwords and accounts etc from that KeePass database you will HAVE to plug it into your PC and open it. Make a copy of it on another USB.

Option B

If you do not have another spare PC/Laptop, at least use TailsOS, with a bootable USB stick. Here I wrote a dedicated guide how to setup that TailsOS USB.

Option C

If you want to use your regular PC, at least separate all your Bitcoin stuff from your regular OS. For this, install a VM (virtual machine) and inside that VM install a Linux OS and do all the Bitcoin stuff inside that VM (see option A).

For Windows machines you can use as VM software: Microsoft Hyper-V or Oracle VirtualBox.

Be your own bank - Think like a bank and act like a bank

A. HODL wallets - savings - central bank

This is your “central bank” / “saving bank”, the one that has most of your savings, your treasure, the “fattest” part of your money, that you are not going to move it for a long time, that stays there waiting for the moment when you really need it.

These wallets are the ones that are normally almost never connected to the online world. Online wallets are always exposed to phishing attacks, malware, key theft, device hacking. People lose their BTC, because they lose control over their devices, NOT because BTC wallets are not secure. Almost all wallets are safe and offer more advanced security options or less. But the weak point is in the user who does not perform the security steps.

Here you only deposit the BTC that you think you are not going to move, for a long time. You can use also their XPUB as "read only" wallets to only deposit there, so no need to "open" the wallet to online world. Here you have a guide about how to use watch-only wallets using the MPK (Master Public Key).

But you do not deposit here directly from the sources of income (exchanges, ATMs, sales etc). Here, in HODL, they come (only) after you have done a good coin control and “cleaning” in the "cache level". We will talk about this cleaning in another dedicated guide, which is called “mixing / coinjoin with wasabi / samourai“. You can also have a procedure named "Lightning Cleaning Machine" (LN), that was explained in this guide.

When you create a new wallet, always save from them, in your KeePass database or whatever safe method you want:

seed words (12 or 24)
XPUB / ZPUB (this is the master public key from which you can generate new deposit only addresses, using any wallet app that support that function)
the first 5-10 addresses (is good to have them at hand to verify your recovery)
date of wallet creation (sometimes this information is good at recovery)
label, any other information you want (UTXO size, names, purpose usage)

For “reading” an XPUB/ZPUB, you can use: Electrum, Sparrow, Bluewallet, Sentinel.

Recommendations for HODL (level 1):

Use multiple wallets, with multiple UTXOs. Don’t keep just one wallet with a giant UTXO. That’s stupid. Is also a method of protecting against the so called “$5 wrench attack”. If one wallet is compromised, the others could remain safe so you are not losing everything in one shot.
Each of these wallets, establish them their levels of UTXO amounts: one for high amounts, one for medium amounts, one for smaller amounts.
Let’s consider this as a scenario (is up to you how to set your own levels):
- high = UTXO higher than 0.1BTC
- medium = UTXO between 0.01BTC and 0.1BTC
- small = UTXO smaller than 0.01BTC
So in this case let’s say we have 3 wallets (each with a different set of seed) and each one with specific amounts of UTXO. You can change the size as you which, important is that you will use multiple wallets for different amounts. Later these wallets will be saved in different places.

These wallets will be ONLY to hold your stash!
Consider creating also a dedicated wallet with small-medium UTXOs in case you need later to open Lightning channels. You could use it with multiples UTXO with different amounts between 1M sats and 10M sats. This way you will not have to use your long term holding stash with bigger UTXOs. Calculate your future spending possibilities, that will be over Lightning Network (LN).
Do not keep giant UTXOs in only one BTC address in one wallet. That will be an unique point of attack and failure and if you lose all will be a disaster. Always spread your stash into multiple locations.
Move to these wallets only UTXO from your cache wallets, where you already did a good coin control.
If a wallet, in time, will have many UTXOs (like more than 100), is better to start a new one. Usually when a wallet have too many UTXO loading it into an app, will be very slow and hard to manage it. Cost you nothing to create a new one and start fresh with a new set of UTXO.
Never pay directly from these HODL wallets! Always try to move first a specific UTXO to your CACHE wallet and from there organize the payment (directly onchain or through LN).
I personally keep a copy (I have many) of each wallet information (seed, xpub, other useful info) into a password manager like KeePass. Offline, secured, encrypted into a USB stick. Just to have it at hand when is really needed. Yes, some will say that is not secure. I invite you to test to break it and see you in 150 years. Yes, this is NOT the only copy I have. I have also all the info split into pieces and saved in different locations. Just in case… But these HODL wallets I almost never open them, I just use their xpubs to deposit. So I barely need that encrypted USB to open it.

You always have to think in the future, how much you will start spending from a UTXO. So always have prepared many different UTXOs with many amounts.

Examples:

You want to spend from a holding wallet for opening a small LN channel, use a 1M UTXO
You want to buy a car of 0.0155 then use a UTXO of 0.02 or if you do not have one like that, use a 0.1BTC and keep the change.

But always try to spend the whole UTXO if is possible. Keep in mind: is better to use LN for spending. There’s no limit of amount for sending over LN, only that you need enough liquidity in your LN channels.

So remember: into these “vault” wallets, you only deposit BTC. Do not use them as your regular day to day wallets! You put them into a safe place and “forget” about opening them. As I said before, you do not need to open them in order to just deposit new bitcoin into new UTXO, use the “watch-only” method for that.

Examples of HODL wallets:

Hardware wallet (HW). It is like a USB memory and inside it has a security chip that saves and control your seed/keys. When using it, at the time of doing some tx, it asks for a password/PIN. The best known are: ColdCard, Jade, BitBox, Trezor, KeepKey, OpenDime. A complete list of HW here. These are the easiest wallets to use for people who do not want to worry much about security and are less techy, but who do not want to leave this aspect in the hands of others.
Paper / steel Wallets. These are wallets in which you write the keywords and keep this medium, whether it is paper or steel, in a safe place, with copies if you can, better.
Steganography. It is an advanced method of hiding your keys inside an image or document file. It is based on an algorithm of introducing additional bits to a file and protecting it with a password. This can be done with several applications and the simplest and most open source is OpenStego.

Here is an example, this photo of some pretty cats, contains 1BTC, inside the file are inserted the keys of a BTC address

I can send this photo to anyone (it is necessary without digital alterations/ compression) anywhere in the world, without anyone knowing that this photo contains 1BTC. Or I can even have it as a desktop background or in a digital photo frame-box. In PLAIN sight! But always with copies!
Shamir’s Secret Sharing. It’s a method to split the seed into parts. More details here. Also now we have a nice tool that help us to encrypt that Shamir Secret Sharing: is named Shush.
TailsOS. Is a simple version of Linux, installed on a bootable USB memory stick. You can also use it as your own emergency OS and use any other wallet. If your PC is infected or you are not sure of its “cleanliness” or you are simply using another PC that is not yours and you do not want to leave “traces” with your BTC (public PCs or other people), then you simply connect this USB and boot with TailOS as if it were your PC. Sure, you have to know how to boot a PC with a USB and NOT with its hard drive OS. A presentation on TailOS here.

Keep in mind: this OS is read only so nothing is saved on the stick. On this OS stick you can configure also a persistent partition, hidden, where you can save data and/or store copies of your wallets. This partition is encrypted with a password you choose at its creation. Here you have a guide about that.

TailsOS also come with already installed Electrum wallet and KeePass app. So you are ready to go and use them as emergency access to your bitcoins. You can use this "mobile OS" anytime, anywhere, safe and clean without depending on any other OS in any PC.
USB stick memory. If so, a simple USB memory, but BEWARE, encrypted. If you don’t want to spend money on expensive HW, you can use any USB memory (with copies!) where you can store your data on your BTC wallets. There you can put your kdbx file from the password manager (KeePass), or simply files with your copies of wallets/data. I remind you: DO NOT LEAVE this memory open, always keep it encrypted. Here is an example of how to encrypt a USB memory with Windows, and how to encrypt a USB memory with Ubuntu Linux.
Madness in plain sight! What if I tell you that I have on 3 websites on the internet, in plain view of all, in some texts, such as this page for example, where within the text, I have inserted 12 words of a seed? Because that’s. You can simply use the 12 words in English, which are from the linguistic dictionary, to write a beautiful text, a love letter, a story, a literary work, a blog etc. and only YOU know the position and order of these words. Let’s say you already have a HW, but you’ve lost it. Well, if you already have the words of the recovery seed in a text published somewhere online, then you simply access this text and extract them. You do the same if you want to send someone BTC, but you don’t want anyone to know, absolutely no one. You simply send him this text as an email. Nobody is going to realize that it can contain the keys. Even if you think about it, they have many years of trying until they can find the order …
Phrase within another sentence. Another little madness, you can use, for example, a phrase from your text “Madness in plain sight” and put it in PublicNote This algorithm (which is open source and you can take it offline if you want) makes an encryption of this text resulting in another text. An example: I put in PublicNote the text “this is a test”, which turns it into “this is my 12 word password”. So again hiding text in plain sight but this time a little more “hidden”. They also have a mobile version.

B. Cache wallets - Operations Center - Commercial Bank

Here is the site of “management”, the “commercial bank” intermediary. Here you receive most or all of the largest income in BTC, to be able to categorize and control them. Here you receive from exchanges, when you exchange fiat money for BTC, here you receive from sales of your products/services with your website/business.

From here you start moving parts of your BTC: in HODL or in SPEDNL mobile wallets or simply leave them here in the middle, for the next necessary movements.

Normally these are wallets that are used on PC, desktop wallets, due to the functionalities of the available applications and the higher level of security than a mobile wallet.

On this level also stays the node wallets (BTC and/or LN). A node is also a place where you can operate your mixing/coinjoin/ Lightning cleaning machine and move funds into LN channels.

On this level also you will organize the funds for opening new LN channels, swaps between LN ←→ onchain as are needed.

You will use multiple wallets also, is up to you how you organize this level, but keep in mind: YOU are the banker now, at this level you act as a commercial bank managing funds for all type of destinations and use.

Recommendation to add some more privacy on your cache level wallets:

When you organize your UTXOs or make payments, sometimes you will end up with some change coins, in small amounts. Usually the wallet app automatically is putting the change into a new BTC address of the same wallet. This sometimes, if you do not label correctly and mixup change with other UTXO, you can reveal the link between those addresses that come from the same wallet.

So if you want to keep more privacy, is better to not mix these changes that come from the same wallet.

Let's say you need to move to a HODL wallet a 10M sats UTXO. But in your cache wallet you have a 10.5M sats UTXO. That means you will end up with a 500k sats UTXO in a change address.

Instead of sending funds to bc1HODLdestination and letting the wallet pick a change address, make it a transaction with two outputs to yourself, having the second destination be an address from your new wallet.

Now your tx should look like this bc1HODLdestination,10 000 000 sats | bc1new-cache-wallet,500 000 sats, meaning the remaining coins will be used as for another move later.

Make sure to properly label your transaction in the new wallet for proper coin control hygiene.

Examples of cache wallets (desktop):

Electrum – one of the best and easy to use for this type of transaction. It has coin control, address labels, master password to enter the app, it has change control, fee control and other very good features. Now also the new version has LN support so you can use trampoline channels or simply open private LN channels with your own node.
Sparrow – is also unique in that it contains a fully featured transaction editor that also functions as a blockchain explorer. This feature not only allows easy editing of all of a transaction’s fields, (including for example locktime and sequence), but importantly viewing the hexadecimal representation of the transaction at all times with detailed highlighting.
Specter – Is a desktop software application, which connects to your Bitcoin Core node. Specter Desktop functions as a watch-only coordinator for multi- signature and single-key Bitcoin wallets. Very powerful and safe wallet app.
Wasabi – one of the BEST of the best in terms of privacy of your BTC transactions. With this you can manage the BTC that you have bought from KYC exchanges and want to lose tracking. This is for “advanced” users.
Fully Noded – Sovereign, secure, powerful, easy to use wallet that utilizes your own Bitcoin Core node as a backend. Providing an easy to use interface to interact with your nodes non wallet capabilities
Nunchuk - Multisig wallet, safest self-custody solution, privacy oriented app, multi-device sync, air-gapped signing, software key, connect to own node, for all major platform OS.
Bitcoin Core – it is a Wallet Node, also with coin control, labels, fee control. But it is also for a little more advanced, and it needs a lot of space on your hard drive because it is downloading an entire copy of the blockchain, and it works with this copy always, which is also then synchronized with the entire Bitcoin network, always downloading the last blocks. This wallet also serves to verify transactions and include them in the blockchain. But this is done automatically, you as a user do not have to worry about this.
Clams - remote node management, onchain/LN/node wallet with a interface to connect to your own BTC/LN node.
Bluewallet Desktop - only for Mac users, same capabilities as mobile version
Blixt Node Desktop - nice and complex desktop app for Lightning neutrino node, only for macOS available for the moment.
Bitcoin / LN Nodes - there are many software solutions for running a node (here a dedicated guide about this), from which we can mention: myNodeBTC, Umbrel, Embassy, RaspiBlitz, NODL. Use your node onchain wallet only as a ramp-on for funding your LN channels. Use one UTXO/channel open.
BTCPay Server - your own node, your own payment processor, powerful tool for merchants and webshops
LNBits - a special software suite, on top of your own node, with many extensions and functionalities, LNDHUB wallets, LNurl and many more. See more here.
Thunderhub - remote LND node management software, with capabilities of onchain/LN wallet
Ride The Lightning - remote node management software (LND / CLN / Eclair), with capabilities of onchain/LN wallet.

C. SPEDNL wallets - Mobile - daily spending

These are your “pockets” from day to day, where you normally spend and it is recommended with LN (Lightning Network)

Here, is not necessary to have large amounts of BTC, only what you think you are going to spend in a short period of time.

It is not because you think that mobile wallets are not safe. No, these are as safe as others, but mobiles are often lost, broken, stolen etc. And it is not very comfortable and recommended to walk with all your BTC on a mobile. Also if someone (bad) sees that you have many BTC on your mobile (sneaking on your back paying with sats), they can rob you, threaten you, etc. Better to play the role of “poor man” who does not have much.

Examples of SPEDNL wallets:

Zeus LN – double wallet, onchain and LN, but it works only with your own node, supports Lightning Address, embedded LN node. More documentation here.
Blixt wallet - powerful app for pro-users, full node neutrino with many pro-features, self-custody Lightning Address. Detailed guide here, use case guide here.
Green Wallet – very good and secure, multisig, support LN on mobile (here I wrote a guide about).
Phoenix Acinq – one of the most simple and easy to use, for newbies, unique interface for onchain and LN. I wrote a step-by-step guide here.
Breez wallet - simple, intuitive, onchain/LN, podcasting, custodial channels
BitBanana – double wallet, onchain and LN, but works only with your own remote node
Electrum – if you want the functionalities of the Electrum desktop, here you have its mobile brother, you can also use the same desktop seed/wallet, but not sharing same LN channels
BlueWallet – a double wallet too, onchain and LN, supports LNURL, LNDHUB wallets, custodial channel, proprietary channels, Tor, connect to own node, coin control, payjoin etc. Here a dedicated guide with LNDHUB.
CoinOS - custodial onchain/LN wallet, but very easy to use, NWC, ecash, no KYC
Blink - custodial onchain/LN wallet, but very easy to use, light KYC
LifPay - custodial LN wallet, very easy to use, NWC, no KYC
Walletano - custodial LN wallet, but very easy to use, no-KYC, DC guide
LN Voltz - Brazilian Community LN Bank, LNBits with all functionalities and much more
La Wallet - Argentinian Community LN Bank
Zebedee wallet - gamers/social wallet, very simple and with good functionalities for in games use, supports Lightning Address
Wallet of Satoshi - fully custodial LN wallet, but very easy to use
Sats.Mobi - Telegram LN bot, custodial, with fully functionalities of a LN wallet, supports Lightning Address and LNURL.
LNDHUB wallets - LNBits and Bluewallet Lightning LNDHUB capabilities offer great ways to use own custodial LN wallets for your family and friends in a perfect private way.

Here is a detailed comparison guide about all LN wallets and their functionalities.

Here is a detailed guide about how to get started with LN wallets and stack sats.

SWAPS SERVICES

Here is a detailed guide about submarine swap services