Skip to the content.
Español ES | Français FR | Italiano IT | Dutch NL | Hrvatski HR

Originaly posted on Substack on Sep 23, 2021

Updated here on Nov 22, 2024

Ok, well, we already have some BTC in our wallets. It is time to know how to protect them well, and here we will present some basic procedures.

Many people nowadays are not ready yet to THINK like a bank, so with this guide I will try to explain how to manage your wallets, addresses (UTXOs) and the whole stash in a well organized way, prepared for the future hyperbitcoinization.

TO REMEMBER

IMPORTANT RULE:

Separating your BTC into three levels of stashing:

A. HODL - your "central bank", savings, most of your stash, onchain, cold wallets

B. Cache - your "commercial bank", operations center, medium size of stash, onchain and LN, disposable wallets

C. SPEDNL/mobile - your spending pockets of cash, daily use, small amounts

Think like a bank - manage your funds in three levels of stash

Each part has its protection methods and you have to think like a new banker, now you are managing your bank and a bank always has different levels of volume and access.

As you will see there are so many ways to keep safe your bitcoins, imagination do not have limits and technology back it up.

Basic hardware and software recommendations

You are not very proficient with computers and technology. Fine, no problem, but at least pay attention and take some basic measures, to be more protected.

Use a clean environment

Always use a clean computer / device when is about to use it with Bitcoin. Don’t use a shared computer with somebody else, don’t use a computer that is for work or play. Usually those end up in being infected with malware (no matter how many antivirus you install).

Option A

Just take a second hand laptop or PC, no need to be super powerful and install a Linux OS (Linux Mint is more user friendly). Use that Linux machine exclusively for Bitcoin stuff. Don’t watch movies or porn, don’t play games, do NOT use for remote control access, JUST BITCOIN.

Install on this OS Bitcoin Core as your node, so you can connect all your wallet apps, and other Bitcoin stuff. If you use Bitcoin sporadically, there’s NO NEED to keep this Bitcoin Core node always online, 24/7. It is enough to update its sync blocks more often or even before you start using it with your wallets to do your txs.

This Bitcoin Core node is your door to the Bitcoin world.

Install also Electrum and Sparrow or Specter as main cache wallet apps. Optional you could use Green, Nunchuck, Wasabi if you want more tools (mixing, coinjoin, multisig, HW etc).

This PC/Laptop will be your main operational “bank”, where you will do all the funds management, redistribution, coin control etc. Secure it with a good password !

Install also on this KeePass password manager (it comes also in Linux Mint as base app), to keep at hand all your Bitcoin information. Save the KeePass database on a secure USB stick, encrypted. You can use Linux disk manager to encrypt your USB. That means every time you open that USB, it will ask you for a password. And every time you need to consult your passwords and accounts etc from that KeePass database you will HAVE to plug it into your PC and open it. Make a copy of it on another USB.

Option B

If you do not have another spare PC/Laptop, at least use TailsOS, with a bootable USB stick. Here I wrote a dedicated guide how to setup that TailsOS USB.

Option C

If you want to use your regular PC, at least separate all your Bitcoin stuff from your regular OS. For this, install a VM (virtual machine) and inside that VM install a Linux OS and do all the Bitcoin stuff inside that VM (see option A).

For Windows machines you can use as VM software: Microsoft Hyper-V or Oracle VirtualBox.

Be your own bank - Think like a bank and act like a bank

A. HODL wallets - savings - central bank

This is your “central bank” / “saving bank”, the one that has most of your savings, your treasure, the “fattest” part of your money, that you are not going to move it for a long time, that stays there waiting for the moment when you really need it.

These wallets are the ones that are normally almost never connected to the online world. Online wallets are always exposed to phishing attacks, malware, key theft, device hacking. People lose their BTC, because they lose control over their devices, NOT because BTC wallets are not secure. Almost all wallets are safe and offer more advanced security options or less. But the weak point is in the user who does not perform the security steps.

Here you only deposit the BTC that you think you are not going to move, for a long time. You can use also their XPUB as "read only" wallets to only deposit there, so no need to "open" the wallet to online world. Here you have a guide about how to use watch-only wallets using the MPK (Master Public Key).

But you do not deposit here directly from the sources of income (exchanges, ATMs, sales etc). Here, in HODL, they come (only) after you have done a good coin control and “cleaning” in the "cache level". We will talk about this cleaning in another dedicated guide, which is called “mixing / coinjoin with wasabi / samourai“. You can also have a procedure named "Lightning Cleaning Machine" (LN), that was explained in this guide.

When you create a new wallet, always save from them, in your KeePass database or whatever safe method you want:

For “reading” an XPUB/ZPUB, you can use: Electrum, Sparrow, Bluewallet, Sentinel.

Recommendations for HODL (level 1):

You always have to think in the future, how much you will start spending from a UTXO. So always have prepared many different UTXOs with many amounts.

Examples:

But always try to spend the whole UTXO if is possible. Keep in mind: is better to use LN for spending. There’s no limit of amount for sending over LN, only that you need enough liquidity in your LN channels.

So remember: into these “vault” wallets, you only deposit BTC. Do not use them as your regular day to day wallets! You put them into a safe place and “forget” about opening them. As I said before, you do not need to open them in order to just deposit new bitcoin into new UTXO, use the “watch-only” method for that.

Examples of HODL wallets: