When it comes down to securing your bitcoin and holding your keys, there isn’t a single path to storage. You can start with a method as simple as downloading a software hot wallet for free and generating a set of keys on your desktop or mobile device, or you can opt for something more elaborate, like having a signing device that generates keys offline, commonly known as cold storage.
Today we have several old storage wallet providers all gunning to improve their devices and encouraging you to hold your keys. There are signing devices with different price points, designed for different user bases and provide different user experiences. Since bitcoin doesn’t have a centralised company to dictate how wallets should be created and what they should be able to do, there is no real uniformity in signing devices, giving far more options.
The most popular bitcoin wallets can be considered partially air-gapped, as they provide a physical cable to USB connection but no Bluetooth, WiFi, or NFC connection ability.
While others have opted for the fully air-gapped method, where the wallet is completely disconnected from the internet, with the intent of adding additional security.
Air-gapped wallets are bitcoin wallets completely disconnected from the internet and any form of wireless communication. This generally means that they are disconnected from both traditional internet connections as well as Bluetooth, WiFi, NFC (near-field communication), and even USB drives.
Air-gapped wallets eliminate the need to connect your wallet directly to an internet-connected device and add friction for malware and hackers to compromise your setup. While some appreciate this added layer of security, air-gapped wallets are far less convenient than a traditional desktop, mobile, or non-air-gapped hardware wallet.
What does airgap mean?
Airgap is a security measure that physically isolates a device from an untrusted network, like the internet, by removing all network interfaces. Air-gapped computers are used in security-critical infrastructure. This data, which bridges the “air gap”, is commonly transferred using USB flash drives, SD cards or QR codes.
The security of an air-gapped system fully relies on the fact that the exchanged data is not malicious or maliciously altered during the transfer.
What is the Importance of Air-gapped wallets?
In theory, air-gapped wallets are meant to be more secure than traditional wallets. Since you’re trusting a physical connection between the hardware wallet and your computer. Supplying malicious code to the wallet through a USB cable connected to his PC or having a compromised cable is a possible attack vector that could expose your wallet.
To avoid this possible attack, air-gapped wallets eliminate the connectivity with all networks, which in theory, are much less susceptible to hacking than physically tethered wallet implementations.
How air-gapped wallets work
There are many proponents online pushing the idea that air-gapped wallets are significantly more secure than other types of bitcoin wallets, but no tool is perfect, and no tool can prevent user error. If you’re using an unsecured internet connection or a computer riddled with malware, you’re still going to be subject to attacks, even if you are using an air-gapped device.
Having a computer, you only use with your dedicated air-gapped device is recommended because it is hard to secure the entire path of signing a bitcoin transaction and is open to many attack vectors.
Regardless of the type of wallet you use, you still need to interact with a computer and an internet connection. An air-gapped wallet generally utilises a software application installed on a computer that supports PSBTs (Partially Signed Bitcoin Transactions) for bitcoin.
The user will create an “unsigned transaction” in the signing device application.
- This is generally encoded in a QR code that can be scanned with the hardware wallet.
- Alternatively, the transaction is recorded and stored as a file that can be read via a microSD card.
The hardware wallet will then sign the transaction with its private keys and display the signed transaction to the computer via a QR code or microSD file storage and writing.
The computer application can then broadcast the signed transaction to the network.
Stay up to date with your security
Air-gapped wallets are not more secure than their non-air-gapped counterparts but simply better at preventing a specific attack vector. Research shows that even an air-gapped wallet isn’t always an obstacle for the most dedicated hackers.
However, it does make things much harder, and adding pain points, is as good as it’s going to get. Depending on how much value you hold in bitcoin, it would encourage you to spare no expense and add as many failsafe as possible, regardless of their limitations.
There is no perfect security system, but let’s not make improvements to your security the enemy.
Your self-custody can continually be improved
If you’ve been considering migrating to a cold storage solution, this article might have been an underwhelming read. You thought or were probably told that cold storage is the ultimate in bitcoin security, and that would be all you need, but security cannot be bought, it needs to be practised, and these tools are only part of your found treasury management skillset. So you should be aware of all the risks involved and not simply think that now that you have a physical signing device, you can kick up your feet and rest easy.
Remember, you are holding the world’s scarcest asset, and each year, it becomes harder to acquire, and people will want what you have and do anything to get it. It is up to you to add barriers to that and force any exchange of bitcoin to remain a voluntary action.
When you migrate your funds from an exchange to a hot wallet, you add a barrier, and then to a cold wallet, you add another barrier. It’s not to say that each barrier doesn’t have possible attack vectors, its puts distance between your funds and threats. The more security you have, the more of a pain you become to attack, and attackers would opt to focus their energies on those with less security.
Why not both?
If you’re wondering between a partially air-gapped wallet and a fully air-gapped one, and you cannot decide, I would say, why not get both? The beauty of bitcoin is that there is no single way of doing things, and you could even combine the two. You could keep some of your funds in one wallet and the other half in another wallet.
The path to self-custody might start with creating 12 to 24 words, but it is the first step, and I would encourage you to keep going and keep making it harder for anyone to take a satoshi from you without your consent.
Do you take self-custody of your stack?
If you’re new to bitcoin and have not ventured down the self-custody rabbit hole, what is stopping you? If you’re already self-sovereign, how has the experience been since you took hold of your funds? Let us know in the comments down below. We’re always keen to hear from bitcoiners from around the world.