Want to invest in bitcoin but don’t want to trust the security of your coins to a third party? You need to set up your own personal bitcoin vault! Follow the steps in this guide to get started. If you need assistance with the process, join the #bitcoin:matrix.org channel on Matrix and drop your question in the chat. (Remember not to share your recovery/seed phrase or private keys with anyone else!)
Step 1. Buy a hardware wallet
Hardware wallets are devices that keep your bitcoin private keys permanently offline. Private keys are the files that are needed to sign bitcoin transactions and authorize transfers to other bitcoin addresses. If your private keys are stored on a computer that is “online” – that is, connected to the internet – then there is a risk that the private keys could be compromised by a remote hacker via malware that you unintentionally installed on your computer.
By storing private keys permanently offline, hardware wallets limit your risk to physical security threats. This means that a thief would have to have physical access to the hardware wallet in order to even have a chance at stealing your bitcoin. As we will see later in this guide, even physical access will not be enough for a thief to steal your bitcoin if it is properly stored in a hardware wallet.
Hardware wallet options that I can recommend based on first- or second-hand experience:
- Ledger Nano
Step 2. Set up your hardware wallet
After you have received your hardware wallet, you will need to set it up. Steps vary depending on which hardware wallet you have purchased; step-by-step instructions are included with each device. Generally, these steps will include downloading an app that is used to manage your hardware wallet, writing down your hardware wallet’s secret recovery phrase (sometimes also called a “seed phrase”, and as the name implies, is meant to be kept secret), and adding a PIN to protect against thieves who gain physical access to your hardware wallet.
Step 3. Protect your secret recovery phrase
The secret recovery phrase that is generated when you first setup the wallet is essential to protect in case anything happens to the hardware wallet itself, such as loss, theft, or breakage. This recovery phrase will consist of 12 or 24 words that you will need to recover your wallet if anything happens to it.
The easiest way to protect this recovery phrase is to write it down. But then you have to think about how to protect this written copy – if anyone gains access to it, they’ll be able to recover your wallet just as easily as you could and move your bitcoin to their own address. So you need to treat your recovery phrase just as sensitively as you would physical cash, jewelry, precious metals, social security cards, and other valuables.
Let’s say, for example, that your hardware wallet recovery phrase is 24 words. You could protect this recovery phrase a few different ways, depending on your risk tolerance:
- You could write down all 24 words in one place and put them in a safe with other valuables.
- You could write 12 of the words down on one piece of paper and keep it in your safe, and write the other 12 words down on another piece of paper and store that piece of paper in a separate location, such as a safety deposit box. Then, you (and any prospective thieves) will need access to both pieces of paper in both separate locations in order to recover the wallet.
- In addition to storing 12 of the words in one location and the other 12 words in another location, you could also send one copy of one of the sets of 12 words to one trusted associate and one copy of the other set of 12 words to another trusted associate. These trusted associates could be, for example, a family member and a lawyer. Then, if anything happens to either or both of your own copies of either set of 12 words, you can ask your trusted associates to send you the copies you shared with them. Additionally, if anything happens to you, and your own copies become irrecoverable, you can leave instructions with your lawyer for both of the trusted associates to combine their copies of the words to recover your wallet and execute your will.
- If you are storing a lot of value in your hardware wallet, you may consider using a tool like Cryptosteel to ensure that each copy of your recovery phrase is protected against fires, floods, and electrical storms. You might also consider upgrading your wallet to a multisignature wallet.
Step 4. Purchase bitcoin and transfer it to an address generated by your hardware wallet
Choose a service to purchase bitcoin and complete any steps that may be required to initiate your purchase (such as ID verification and adding two-step authentication – you want to make sure you add two-step authentication to all services that offer this). Use the local app that is required to manage your hardware wallet to create a new bitcoin address.
When you are ready to transfer your bitcoin to your hardware wallet, copy+paste the address you generated with your wallet’s local app into the withdrawal window of the service you bought bitcoin from. Double-check that the address you pasted matches the address generated by your hardware wallet, then withdraw the funds. Within a few seconds to a few minutes, you should see the bitcoin appear in your local app.
Options to purchase bitcoin that I can recommend based on first- or second-hand experience:
- Kraken – purchase bitcoin with a bank account in many countries, including large-block bitcoin trades “over the counter”. Does not service New York.
- Gemini – purchase bitcoin with a bank account if you reside in New York.
- HodlHodl – purchase bitcoin with a variety of payment methods, including cash and bank transfers, from traders in the marketplace. The quality of each transaction varies depending on the trader you choose to buy from.
- LocalCryptos – purchase bitcoin with cash from local traders in the marketplace. The quality of each transaction varies depending on the trader you choose to buy from.
- CoinATMRadar – this website will help you find a Bitcoin ATM near you where you can buy bitcoin with cash. Bitcoin ATMs often add a steep markup but offer the convenience of being able to buy your bitcoin same day, on the spot.
Extra security tips
- Always double-check to confirm that the transaction details shown on your hardware wallet screen match what you expect, including the recipient/contract address, send amount, transaction fee, etc.
- Use two-factor authentication with any online accounts you have that support this feature. If given the option, use an authenticator app instead of SMS/text message.
- Use a password manager to generate long, unique passwords for each of your digital accounts.
- Use an email service that lets you generate a one-time-use email address for each of your digital accounts. This way you can block the email address if it gets leaked or starts receiving lots of spam.
- Be careful clicking links or opening attachments that you don’t have a good reason to trust.
- Double-check and confirm that email senders really are who you think they are.
- If someone you think you trust is asking you over text/email to send them money, insist on a voice or video call (or even better, an in person meeting) to verify their identity. Even if the message is from an account you know belongs to them, their account could have been hacked.