Tired of waiting for your Bitcoin hardware wallet order? Or maybe you heard too many stories about stolen Bitcoins and you just don’t know who to trust anymore… Don’t worry though, hardware wallets are probably the safest bet out there and if you’re just looking for a hackproof storage medium for your cryptocurrency without much headache, then you should definitely go ahead and order a hardware wallet ASAP.
But if you are just like us as in you want to secure your Bitcoins yourself and learn the technology behind the digital currency in the process, then you are in the right place. Whether you want to turn your old notebook into a cold storage or just buy a Raspberry Pi to secure your digital coins, we at CryptoHQ are willing to teach you the process step by step. You don’t need to be a computer geek or a tech freak; all you need to do is be open-minded, curious and read the next lines very carefully, twice if needed, to also understand the process.
Cold Storage, Air-Gapped…
Before showing you the steps though, let’s clarify several terms you will often find on the Internet when searching about how to secure your Bitcoins .
Two of the most common terms are cold storage or air-gapped machine. Both refer to the same concept: a device that isn’t connected to the Internet, completely isolated from any unsecured networks.
Yes, the Internet is probably the most unreliable network in the world because of the many threats – known generic as malware – the user has to face when he’s online. Basically, when connected to the world wide web, any machine is vulnerable to outside attacks or hacks. The individuals behind the hacks are very capable and will steal your hard-earned bitcoins and cryptocurrency in a blink of an eye given the opportunity.
So, we need to prevent that from happening. And a cold storage or an air-gapped computer is the perfect solution to this problem. If the hackers don’t have access to the device storing your digital currency, then they can’t hack it right?
The most secure computer is the one 100% air-gapped. What does that mean? That device never touched any Internet connection in its life and also never will . Obviously, if you are using an old outdated notebook, the probability to never have been connected to the Internet is quite slim, but that’s not the point here. You can format the entire disk and from that point forward, NEVER connect the device to the Internet or any other unreliable network and it’s still hackproof or 100% air-gapped.
What we’re about to show you though isn’t a completely hackproof method to secure your bitcoins. Your device will need an Internet connection at first to install the Bitcoin wallet and its dependencies. However, the connection will be short-lived and you will only access the Bitcoin wallet site. After the installation, the device will NEVER be connected to the Internet or any other network again! It’s not 100% hackproof, but it’s fairly close.
Windows vs. Linux
One final point we have to make before beginning to build our hackproof Bitcoin wallet is about the operating system.
We strongly recommend avoiding any version of the Windows operating system for your cold storage or air-gapped machine. Windows is the most unreliable OS and vulnerable to most outside attacks you will find out there. Most of today’s malware is created to hack Windows as it is indeed the most used OS in the world. And lately, more and more ransomware attacks have been targeting the Windows-based devices – the WannaCry ransomware is the most notorious case.
A better and safer alternative is installing a Linux-based OS. Ubuntu is a great choice for any old notebook as it doesn’t require many resources and it is also user-friendly. If you plan to buy a Raspberry Pi and turn it into your Bitcoin wallet, you can very well use the officially supported Raspberry Pi OS Raspbian, based on Debian (Ubuntu is also Debian-based). The Bitcoin wallet will work on Raspbian or Ubuntu like a charm.
Obviously, Linux isn’t the safest OS by any means. Hackers also target the Linux-based systems but definitely NOT as often as Windows – you will often hear that Linux doesn’t need an antivirus solution as the hacking threat is quite minimal. Also, because it’s open-source, countless members of the community are actively participating to its development with no hidden agendas. On the other hand, Windows is a black-boxed OS with major security leaks opened for government agencies like the NSA – WannaCry was a malware that exploited such leaks.
This is why Linux is safer than Windows in terms of malicious attacks and the best choice for any cold storage or any air-gapped machine ready to store bitcoins.
STEP 1: Prepare Your Air-Gapped Device
Now that you clarified some important terms, let’s get down to business, shall we? And the first obvious step in building a hackproof Bitcoin wallet is preparing your air-gapped device.
If you use an old notebook, that’s perfectly fine, all you need to do is format the disk and install a Linux-based OS like Ubuntu. Remember, the newly-installed system will have very limited access to the Internet so don’t use it to browse the world wide web, install useless software or games. The only purpose of the notebook from now on will be to store your bitcoins safely. Don’t install anything else just yet besides the OS!
For better usability and practicability, we would recommend ordering a Raspberry Pi and use it as a cold-storage Bitcoin wallet. For those who never heard of it, Raspberry Pi is a very cheap and practical mini-PC. You can find out more on their official website:
The latest model – Raspberry Pi 3 Model B – is around €40 (the prices vary depending on your location). A full kit which also include a power supply, a case, and NOOBS (New Out Of The Box Software – an easy operating system installer for beginners) pre-installed micro SD is around €80.
If you want to buy your own micro SD, that’s alright, all you have to do is follow the instructions on their official website.
STEP 2: Install Electrum Bitcoin Wallet
This should be the ONLY TIME your air-gapped device will ever be connected to the Internet: to install Electrum Bitcoin Wallet and its dependencies.
Why Electrum? Because it’s cold storage friendly and one of the most used Bitcoin wallets out there.
To install Electrum, follow the steps described on wallet’s official website, in the Linux box:
In case you are unfamiliar with the Linux-based systems, the two command lines on the site have to be typed in the terminal. Just right click anywhere on your desktop and click ‘Open Terminal’ or click the prompt icon in the top bar if you are using Raspbian (if you are using Ubuntu, there is another option: just click the logo on the side bar and type ‘terminal’). Every time you type down a line of code – for example the line installing the dependencies – hit ENTER and wait for system to download and install. When all it’s set and done, you will see the $ sign appearing again just like when you first opened the terminal.
Only then, you can go ahead and type and second command line which basically installs Electrum Bitcoin wallet. Again, wait for the whole process to be completed and only then you can close the terminal, unplug your Ethernet cable or disconnect from your wireless network.
but be prepared to encounter errors and failures in the process especially if you are using the Raspbian OS. Don’t worry if you can’t install Electrum offline; as long as you only use the terminal and only type the two command lines from the Electrum official website when online, the device should be a reliable cold storage option. Remember, after you finished downloading and installing, disconnect and NEVER (!!!!) connect the device to the Internet.
STEP 3: Create An Offline Bitcoin Wallet
Now that you installed Electrum on your air-gapped device, it’s time to create an offline Bitcoin wallet. Before you do that though, make sure you are OFFLINE.
If you’re, open the terminal and type:
and hit ENTER. You can also click on the Electrum logo to open it but when you do that, it will automatically look for a connection to the Bitcoin network and we actually don’t want that. That is why the -o exists in the first place, it’s a command to open the program offline.
Next, an Electrum window will open signaling the creation of a new wallet. Encrypt the wallet with a strong password, write down the seed (Don’t be lazy!) and NEVER use a text document to just copy and paste the seed. (better safe than sorry!) Your seed is your key to your funds – if the wallet happens to get corrupted or you lose your password, you can restore it with this SEED. Wait for Electrum to generate your new Bitcoin wallet.
Now go to the menu → Wallet → Master Public Keys, copy that key in a text file (empty file in Raspbian), and move that file on a USB stick.
STEP 4: Move To An Online Machine
Online device you wonder? Indeed, we didn’t mention about an online machine before, but you still need an Internet connection to transfer your Bitcoin from one place to another right? You can’t just move your Bitcoins offline; your transaction won’t be broadcasted on the Bitcoin network.
What’s important though is that your cold storage won’t have any connection with your online device other than the USB stick used for file transfers.
So, going back to the process of building a hackproof Bitcoin wallet, go ahead and install Electrum on your everyday online computer. It doesn’t really matter if you are a Windows user since you will NEVER type the seed or the private key of your newly-created offline Bitcoin wallet on the online machine. That’s right, you won’t have to as it will become clear in the next step, the Electrum wallet on your online PC will be used either for receiving bitcoins or broadcasting your transaction to the Bitcoin network.
And yes, it will also be used to take a peek from time to time into your wallet. That’s why you copied the Master Public Key in a text file and transferred to a USB stick.
Since you installed Electrum on your online PC, open the program and choose the following options in the wizard: Standard Wallet (What kind of wallet do you want to create?) → Use public or private keys (Do you want to create a new seed, or to restore a wallet using an existing seed?) and paste the Master Public Key copied from your air-gapped device.
Voila, you now have a watch-only Bitcoin wallet.
STEP 5: Receive and Send Bitcoins
So, what does a watch-only wallet actually mean?
Well, it means that nobody and we mean NOBODY can steal your Bitcoins from your wallet since you don’t have a seed or private key stored on the online PC. You can only see your Bitcoin balance, transaction history, plus receive funds using the public address in the Receive tab (that’s the only information you are looking for when you transfer bitcoins INTO your wallet).
If you want to send funds OUT of your Bitcoin wallet, you will have to make use of your air-gapped device. But how do you send funds since the Raspberry Wallet will forever remain offline, you wonder? Well it’s not that complicated, all you have to do is read carefully and follow the steps presented in the Electrum documentation below:
Not as easy as 1,2,3 but we are sure you’ll get the hang of it fairly quickly. It’s not that difficult either. Once you made few transactions using this hackproof method, the process will become much easier. Just make some small transactions at first, especially if you are a newbie, to test things out and see if you did indeed understand the process.
So, there you have it! Before closing this page though, here are some extra things to take into consideration when you create your own hackproof Bitcoin wallet: