Are you looking to get involved in the rapidly evolving world of bitcoin and do it in the way it was intended, by taking no custodial risk? Then building a bitcoin full node is a great way to start, and the best part is you don’t need to be a tech guru to do it. Today there are plenty of plug-and-play options available for non-technical users. For those who love DIY, there are many online guides and video tutorials using all sorts of tech stacks and software.
Once you’ve secured the device, you want to convert it into a node, pick your preferred software stack and follow the applicable step-by-step instructions on getting your node set up. Your node implementation can be as simple or as complex as you want it to be, and you are always free to change it as you learn more about how to operate it.
Bitcoin is an open-source project that is permissionless, meaning anyone can join the network and become part of the network. While Running a bitcoin node can help secure the network for all users, ensure faster transactions, and contribute to a decentralised economy that exists without a centralized server, it does require some operational and security practices.
If you plan on running a node or run one and want to ensure you’re plugging some of the possible gaps for an attack, then let’s get started!
1. Use Tor or a VPN
The Tor Browser hides your IP address and browsing activity by redirecting web traffic through a series of different routers, ensuring that the location of your node is kept private. Because Tor hides browsing activity and blocks tracking, it’s used by whistleblowers, journalists, and others who want to protect their privacy online, so why wouldn’t you want that same level of privacy and security for your bitcoin?
If you find Tor traffic far too slow and the performance of your node is not up to scratch, you can try tunnelling your traffic through a VPN and even pay for one using a Lightning service like Tunnelsats.
2. Use a local node.
If you’re just the average bitcoiner, who wants to validate the chain and broadcast via their own node and maybe run a few Lightning channels, you can make do with the home internet and a local network-connected node.
You don’t need a cloud node or run your node on third-party services, which you now introduce trust into the equation. You are better off taking full control of your bitcoin node and learning the intricacies of running a node.
Additionally, you avoid having to give our KYC data, such as a name, email, or credit card payments that could be associated with traffic coming from a particular vendor and dox your bitcoin transactions.
3. Limit your hot stack.
A bitcoin node might sound like a good place to store your bitcoin, its sure is convenient to leave access to your funds on a dedicated bitcoin device, but just because you can do, it doesn’t make it a good idea.
There is nothing wrong with keeping a few satoshis in a hot wallet ready to fire off for day-to-day payments, but a bitcoin node wallet should not be the place you store your entire stack. A bitcoin node wallet is a hot wallet meaning the keys are active.
You could create a two of three multi-sig and use one of those wallets as your bitcoin node wallet, but this is an absolute ball-ache if you’re going to sign transactions. It’s easier to have your node as a single sig wallet and rather move your primary bitcoin holdings to a cold storage wallet instead.
Yes, you could be using the bitcoin in your node wallet to create Lightning channels and earn fees, which is tempting, but you have to consider if the yield you can get on Lightning is worth risking, which is all up to your risk tolerance and the size of your bitcoin positions. Take it from someone who has stuffed up a few Lightning channels in my time; this technology can see you burn yourself, and if you are going to get burned, ensure you limit the affected area.
4. Secure your home WiFi.
When I mean securing your WiFi, I don’t mean putting a password on it so the neighbours can’t stream YouTube videos while bumming off your connection. What I mean is ensuring that you have encrypted your WiFi connections so that anyone who would like to join your network or tap into that traffic has a much harder time doing so should they attempt to get on your local network.
If all you use the internet for is to look at Pinterest boards of holiday destinations or rage reviewing the latest season of your favourite show on IMDB, there’s not much on the line should someone hop on your network, but as you transition to using the internet of value, with bitcoin, there is a lot more on the line.
Updating your node to encrypt your connection scrambles the information sent through your network. That makes it harder for others to see what you’re doing or get your personal information. You encrypt your network by updating your router settings to either WPA3 Personal or WPA2 Personal. WPA3 is the newer — and best — encryption available for the average user, but both will work to scramble your information.
5. Use a secure password manager & 2FA.
We’re all lazy when it comes to passwords simply because today we have so many, and it’s easy to default to a password you use for something else, like your social media account or your email. But apart from securing your stalking habits and love letters, there’s not much of value being stored behind those passwords. With your bitcoin node, it’s different, so you should take a different approach.
Either ensure you have a long-ass password you can remember or have an app generate a password for you and store it in an encrypted service; which one you choose is up to you.
Having a password string being lengthy and complex is a good start, but we don’t want to make it easy for anyone to access our node and the bounty of bitcoin that lies within its remit. Passwords do offer protection but can be stolen through keyword loggers and cameras; you copy and pasting it and leaving it in a cloud note app or email, and that’s all it takes to get into your node.
After you’ve created a secure password and stored it in an encrypted password manager of your choice, it’s time to set up 2FA. This is usually an option on modern bitcoin node software that you can install or activate in the settings.
Once you’ve added 2FA, you might be tempted to use email or SMS as the option, but I encourage you to reject these options. Email and SMS are notoriously insecure, and even if they were, you are subject to social engineering scams that could see you handing over your password.
Instead, set up a 2FA using an authenticator app of your choice, get the secure token, and connect it to the app. Once set up, test your 2FA by logging out and logging in again to ensure that it is activated.
6. Secure your private keys.
This tip is universal for any amount of bitcoin, but when you generate a set of keys for your bitcoin node wallet, even though these are hot keys that can be accessed on the device, don’t keep more digital copies of these keys.
Instead, secure a copy of the keys offline by writing them down on a piece of paper that you can laminate and store safely or etch the seed phrase into a steel plate, so you have the recovery phrase should the worst happen, like a fire or flood that destroy your node.
If the only copy of these keys is accessible by logging into your node and that device doesn’t survive, I’m sorry to tell you, you’re NGMI (Not Going To Make It).
If you do have a copy of the seed phrase, you still have the ability to spin up a new node, re-install all the software, and recover your bitcoin wallet to its previous glory. If your wallet balance doesn’t reflect what you think it should, and you had Lightning channels running at the time of the failure, you may need to activate additional steps.
Once you have access to your wallet and funds, you can even try to run a channel backup to get your Lightning channel balances states and then broadcast to close those channels and re-acquire those funds locked in a channel.
7. Limit your apps.
Your bitcoin node not only holds the keys to your precious sats in the attached hot wallet, but it’s also holding all the data regarding transactions you’ve made, what public keys you’ve interacted with, what lightning channels you’ve established, and a host of other transactional data you would want to keep private.
The entire point of having a stand-alone device is to keep your bitcoin activities separate from your less secure online activities. By adding additional software that is not core to your bitcoin experience, you’re adding nice-to-have features that could add not nice to have security holes. If you are installing apps, ensure you vet them yourself if you can or only stick to apps from your node provider’s official app store.
Even then, don’t trust every app and every update listed in these app stores because mistakes and bugs can creep in. If you are intent on adding additional apps, you might want to use it on a different device instead or do research on that app and speak to other users or the team running the app first before installing it.
8. Run a UPS.
Preparing for the lights to go out is a reality bitcoiners should prepare for, especially if you’re running a bitcoin Lightning node that is actively routing payments. You want to be online at all times to facilitate payments and net routing fees and not have to run channel backups should your node be offline for too long.
If you’re running a node on an old Laptop with a decent battery, this point might not be of use to you since the device can remain on even when the lights go out.
However, many bitcoiners have opted to run a stand-alone device as a node. If you have gone for the pre-built node or DIY node, chances are it doesn’t have a battery onboard. Some Raspberry Pis can accommodate a battery pack, but this is not a standard feature. If you are building a custom node, you should splurge a little extra for a battery component and a few batteries to run the device and a few spares.
If you haven’t got the space in your casing for a battery pack or prefer a cleaner setup, opting for an uninterrupted power supply (UPS) is your alternative. A UPS will ensure that your device remains on at all times; it protects against surges once the power returns, which could damage your device.
9. Hide or obscure your node.
Running a node is an advertisement to others who see it that you’re pretty serious about your bitcoin. It could be a route to securing a sizeable windfall if intercepted, so why put it in a place where wondering eyes can spot it?
A laptop running on its own in the corner might not attract the most attention, but it is something that could be napped by intruders if out in the option. While custom branded bitcoin nodes are sure to attract attention if left out in the open.
Your node should be connected to the internet via an Ethernet port which can limit where you position it in your home, so plan accordingly when deciding where to place your internet connections or route cables to a place where you can hide your node from general traffic in your home.
Depending on how much bitcoin you leave on your node, you might want to either reduce that amount based on how easy it is to access or get creative in the way you hide and secure your node, by building custom housing, perhaps inside a desk or cabinet that isn’t easy to spot.
10. Shut up about your node.
If you’re going to the trouble of storing your node in a safe place and limiting access to it, it doesn’t help if you’re telling people you’re running a node or making it known to the broader public by posting about it on your social media accounts.
Not only are you advertising what to look for should someone gain access to your home, but you’re leaving yourself open to being targeted by those who understand that it could be worth nabbing your node along with any cold storage devices you might have at home. When you take custody of your bitcoin, you can be your worst enemy, so be sure you’re not doing yourself a disservice by being the primary security leak.
Please do not make yourself a target for $5 wrench attacks by criminals, be they ones wearing balaclavas or government badges.
Protect your ability not to trust but verify.
Running a bitcoin node is not only a way for you to be fully self-sovereign in your use of the bitcoin network, but it’s also a great way to support the decentralisation and security of the network. It also forces you to deepen your understanding of the bitcoin world and the various tools you can use in association with your node.
While there are potential risks and costs to consider, they should be weighed against the potential benefits of running a Bitcoin node, such as increased security, privacy, and accessibility. With the right setup and knowledge, running a Bitcoin node can be a rewarding experience.
How do you use your node?
Are you already set up with your bitcoin full node or pruned node? What implementation are you using? Do you have any security tips you think should be added to this list? Let us know in the comments below and help bitcoiners improve their node OPSEC.
