When it comes down to securing your bitcoin and holding your keys, there isn’t a single path to storage. You can start with a method as simple as downloading a software hot wallet for free and generating a set of keys on your desktop or mobile device, or you can opt for something more elaborate, like having a signing device that generates keys offline, commonly known as cold storage.
Today we have several old storage wallet providers all gunning to improve their devices and encouraging you to hold your keys. There are signing devices with different price points, designed for different user bases and provide different user experiences. Since bitcoin doesn’t have a centralised company to dictate how wallets should be created and what they should be able to do, there is no real uniformity in signing devices, giving far more options.
The most popular bitcoin wallets can be considered partially air-gapped, as they provide a physical cable to USB connection but no Bluetooth, WiFi, or NFC connection ability.Â
While others have opted for the fully air-gapped method, where the wallet is completely disconnected from the internet, with the intent of adding additional security.
Air-gapped wallets are bitcoin wallets completely disconnected from the internet and any form of wireless communication. This generally means that they are disconnected from both traditional internet connections as well as Bluetooth, WiFi, NFC (near-field communication), and even USB drives.
Air-gapped wallets eliminate the need to connect your wallet directly to an internet-connected device and add friction for malware and hackers to compromise your setup. While some appreciate this added layer of security, air-gapped wallets are far less convenient than a traditional desktop, mobile, or non-air-gapped hardware wallet.
What does airgap mean?
Airgap is a security measure that physically isolates a device from an untrusted network, like the internet, by removing all network interfaces. Air-gapped computers are used in security-critical infrastructure. This data, which bridges the “air gap”, is commonly transferred using USB flash drives, SD cards or QR codes.
The security of an air-gapped system fully relies on the fact that the exchanged data is not malicious or maliciously altered during the transfer.
What is the Importance of Air-gapped wallets?
In theory, air-gapped wallets are meant to be more secure than traditional wallets. Since you’re trusting a physical connection between the hardware wallet and your computer. Supplying malicious code to the wallet through a USB cable connected to his PC or having a compromised cable is a possible attack vector that could expose your wallet.
To avoid this possible attack, air-gapped wallets eliminate the connectivity with all networks, which in theory, are much less susceptible to hacking than physically tethered wallet implementations.
How air-gapped wallets work
There are many proponents online pushing the idea that air-gapped wallets are significantly more secure than other types of bitcoin wallets, but no tool is perfect, and no tool can prevent user error. If you’re using an unsecured internet connection or a computer riddled with malware, you’re still going to be subject to attacks, even if you are using an air-gapped device.
Having a computer, you only use with your dedicated air-gapped device is recommended because it is hard to secure the entire path of signing a bitcoin transaction and is open to many attack vectors.
Regardless of the type of wallet you use, you still need to interact with a computer and an internet connection. An air-gapped wallet generally utilises a software application installed on a computer that supports PSBTs (Partially Signed Bitcoin Transactions) for bitcoin.
The user will create an “unsigned transaction” in the signing device application.
- This is generally encoded in a QR code that can be scanned with the hardware wallet.
- Alternatively, the transaction is recorded and stored as a file that can be read via a microSD card.
The hardware wallet will then sign the transaction with its private keys and display the signed transaction to the computer via a QR code or microSD file storage and writing.
The computer application can then broadcast the signed transaction to the network.
Stay up to date with your security
Air-gapped wallets are not more secure than their non-air-gapped counterparts but simply better at preventing a specific attack vector. Research shows that even an air-gapped wallet isn’t always an obstacle for the most dedicated hackers.
However, it does make things much harder, and adding pain points, is as good as it’s going to get. Depending on how much value you hold in bitcoin, it would encourage you to spare no expense and add as many failsafe as possible, regardless of their limitations.
There is no perfect security system, but let’s not make improvements to your security the enemy.
Your self-custody can continually be improved
If you’ve been considering migrating to a cold storage solution, this article might have been an underwhelming read. You thought or were probably told that cold storage is the ultimate in bitcoin security, and that would be all you need, but security cannot be bought, it needs to be practised, and these tools are only part of your found treasury management skillset. So you should be aware of all the risks involved and not simply think that now that you have a physical signing device, you can kick up your feet and rest easy.
Remember, you are holding the world’s scarcest asset, and each year, it becomes harder to acquire, and people will want what you have and do anything to get it. It is up to you to add barriers to that and force any exchange of bitcoin to remain a voluntary action.
When you migrate your funds from an exchange to a hot wallet, you add a barrier, and then to a cold wallet, you add another barrier. It’s not to say that each barrier doesn’t have possible attack vectors, its puts distance between your funds and threats. The more security you have, the more of a pain you become to attack, and attackers would opt to focus their energies on those with less security.
Why not both?
If you’re wondering between a partially air-gapped wallet and a fully air-gapped one, and you cannot decide, I would say, why not get both? The beauty of bitcoin is that there is no single way of doing things, and you could even combine the two. You could keep some of your funds in one wallet and the other half in another wallet.
You could even take your cold storage further by adding additional security measures like multi-sig and distributing the keys between your two wallets.
The path to self-custody might start with creating 12 to 24 words, but it is the first step, and I would encourage you to keep going and keep making it harder for anyone to take a satoshi from you without your consent.
Do you take self-custody of your stack?
If you’re new to bitcoin and have not ventured down the self-custody rabbit hole, what is stopping you? If you’re already self-sovereign, how has the experience been since you took hold of your funds? Let us know in the comments down below. We’re always keen to hear from bitcoiners from around the world.
2 Responses
Hey Che! 🙂 I’m reading some of your articles and have to thank you by words!
If someone’s interested, I homemade my money sving solution for cold storage. No, not paper and pencil.
Well the only thing a hardware wallet is for is signign the transactions offline. Now if you #HODL are you willing to make more than a bunch of txs every 4 years, so what’s the point for a Ledger Nano which anyone sees it could easily guess what’s for?
…Using an old phone with Android 5.1+ I made the factory reset then downloaded Samourai Wallet in it. It’s for advanced users which I’m not so dispose of a free afternoon to read their website, tutorials, set this rig up and test some basic functions wasting some tx fees.
Before even running the Samourai Wallet installer, you could now teorethically set your phone to OFFLINE for the rest of its days.
Obviously after done this you’ll have to install it, run 1st time and back up your 12 mnemonics, the passphrase, set a pin for the App and so on.
Second step is to back to your everyday ONLINE phone and there install both Samourai and Sentinel, from the same developers of Samourai but you could teorethically use any other wallet of which you can obtain the Public Keys (X Y or Zkey depends from the address type you use, exchanges use typically Legacy addresses while updated people should use Bech32 Segwit mostly).
On this “hot” phone you will create another wallet on Samourai. A fresh one. And back up mnemonics and passphrase of this too.
Sentinel is just a wallet monitor. You can monitor whatever wallet (if you have the Public Key correspondant to those type of addresses i.e. with the Pub Zkey if I’m not mistaking you could monitor the total balance of the UTXOs in all the Bech32 addresses controlled (generable) from that seed.)
Go back to your Offline Phone and notice how it features a display.
A camera, to scan QRs.
A full on-screen keyboard.
And a wallet app secured by a pin.
And it’s offline.
Get a coffee.
Pour milk and sugar at will.
Hold firmly the cup in one hand and your 100+ bucks LedgerX or Trezor whatever in the other.
You can now stir the coffee with it.
Break ending, get back to the Offline Phone which is now a cold storage device and retrieve from Samourai the Pub Keys.
Scan them with Sentinel, on the Online Phone.
You’re connected.
Now your Sentinel on the mobile can generate payment addresses for any of the wallets it monitors, to receive BTC on them.
You should need nothing else before the next bullrun.
Now it’s 2040, Bitcoin has reached 12.800.000 $ and you’ve been living under bridges for two decades but now it’s time to cash out.
…Just think of it: There’s no reason why Trezor should survive to Samourai or viceversa, or why should the 12-words standard survive that long instead of not. In a dozens-year perspective maybe better schedule an yearly check of the addresses and logins as well as how are evolving the standards for self custody. Even just check the freaking offline phone still lits up. Are the 12 words still safely stored? Do I remember the Passphrase?
Back on track, Spending and Withdrawals: You should be able, on the offline phone Samourai wallet, to scan a code with the camera and fill a sending transaction. To make a payment. It won’t obviously be transmitted anywhere but, you can show the transaction hash in form of a QR code!
Now, on the ONLINE phone Samourai Wallet there’s a feature which allows you to broadcast to the network any transaction, by hash or QR. Broadcast the transaction you previously compiled on the cold phone with Samourai.
You just sent a payment from your cold offline device signing the transaction completely offline.
Had you decided to sell that used phone, you probably won’t get back 40 bucks to buy a SafePal wallet. Which is the cheapest on the scene, the only with a camera featured, it’snot as air-gapped as this (until you set the phone to online and use it play to play Ruzzle do. not. do. it.)… and even has a smaller display than any suitable phone!
I really can’t grasp what you get more from a professional tool when you’re not a professionist, and I think of this often when I see people with overcumbersome cars, phones, washing machines, corkscrews…
You obviously can’t see the updated balance on the offline wallet. Not sure if there’s a way to upload it without connecting to the internet.
Anyways you’ll just have to connect, through Tor integrated, from a secure connection, and without touching anything else, just to see the updated balance there (you can already watch it on Sentinel!). Consider it would be a plus in case the cold phone lands into wrong hands: They’ll open the wallet and at first glance it will look zero balance unless the thieves realize it’s bc the phone is offline.
Apart of this, and retrieving your PayNym for that wallet ok, there’s no need to set the cold phone to online.
Better fund one of the wallets with a bunch of sats and try in practice some of the Samourai features and tools you’ll find out in the tutorials. Expecially, as said, try to send some sats from cold to hot wallet using an offline compiled tx sent through QR by the hot one, like described above.
Sure someone will have many little things to point out on this. I’ll probably agree that there must be a reason if people buys hardware wallets and companies keep producing them, etc. I’m not hoping that CZ listens me and keeps all the company’s funds in an old Nokia. DYOR.
I did, I was about to spend like 0.01 BTC on a USB key without even realizing what it is: It’s a signing device. I asked myself “What am I supposed to sign if I won’t spend a single sat until it’s worth a Bentley?” and so I found out the Samourai-Sentinel offline solution, which with some approximations seems to fit my use case. Yours or the answers you give yourself after DYOR might be totally different.
Hope to have been helpful to someone here! 😉
(Sorry if I’ve been too detailed but Bitcoin is very technical and I prefer to annoy than mislead.)
Lol wow that’s a mega comment, but I love it.
Yeah that’s the thing about bitcoin, there isn’t a single way to do anything, while many will follow the path companies working in custody set out to make it easy and to bias towards their product, you can go the complete DIY route. I have been looking at things like seedsigner and other DIY projects in the space which I think is important since shipping hardware wallets might not be the safest in certain countries and best to rather build from source.