Tired of waiting for your Bitcoin hardware wallet order? Or maybe you heard too many stories about stolen Bitcoins and you just don’t know who to trust anymore… Don’t worry though, hardware wallets are probably the safest bet out there and if you’re just looking for a hackproof storage medium for your cryptocurrency without much headache, then you should definitely go ahead and order a hardware wallet ASAP.

But if you are just like us as in you want to secure your Bitcoins yourself and learn the technology behind the digital currency in the process, then you are in the right place. Whether you want to turn your old notebook into a cold storage or just buy a Raspberry Pi to secure your digital coins, we at CryptoHQ are willing to teach you the process step by step. You don’t need to be a computer geek or a tech freak; all you need to do is be open-minded, curious and read the next lines very carefully, twice if needed, to also understand the process.

Cold Storage, Air-Gapped…

Before showing you the steps though, let’s clarify several terms you will often find on the Internet when searching about  how to secure your Bitcoins .

Two of the most common terms are cold storage or air-gapped machine. Both refer to the same concept: a device that isn’t connected to the Internet, completely isolated from any unsecured networks.

Yes, the Internet is probably the most unreliable network in the world because of the many threats – known generic as malware – the user has to face when he’s online. Basically, when connected to the world wide web, any machine is vulnerable to outside attacks or hacks. The individuals behind the hacks are very capable and will steal your hard-earned bitcoins and cryptocurrency in a blink of an eye given the opportunity.

So, we need to prevent that from happening. And a cold storage or an air-gapped computer is the perfect solution to this problem. If the hackers don’t have access to the device storing your digital currency, then they can’t hack it right?

The most secure computer is the one 100% air-gapped. What does that mean?  That device never touched any Internet connection in its life and also never will . Obviously, if you are using an old outdated notebook, the probability to never have been connected to the Internet is quite slim, but that’s not the point here. You can format the entire disk and from that point forward, NEVER connect the device to the Internet or any other unreliable network and it’s still hackproof or 100% air-gapped.

What we’re about to show you though isn’t a completely hackproof method to secure your bitcoins. Your device will need an Internet connection at first to install the Bitcoin wallet and its dependencies. However, the connection will be short-lived and you will only access the Bitcoin wallet site. After the installation, the device will NEVER be connected to the Internet or any other network again! It’s not 100% hackproof, but it’s fairly close.

Windows vs. Linux

Linux UbuntuOne final point we have to make before beginning to build our hackproof Bitcoin wallet is about the operating system.

We strongly recommend avoiding any version of the Windows operating system for your cold storage or air-gapped machine.  Windows is the most unreliable OS  and vulnerable to most outside attacks you will find out there. Most of today’s malware is created to hack Windows as it is indeed the most used OS in the world. And lately, more and more ransomware attacks have been targeting the Windows-based devices – the WannaCry ransomware is the most notorious case.

A better and safer alternative is installing a Linux-based OS. Ubuntu is a great choice for any old notebook as it doesn’t require many resources and it is also user-friendly. If you plan to buy a Raspberry Pi and turn it into your Bitcoin wallet, you can very well use the officially supported Raspberry Pi OS Raspbian, based on Debian (Ubuntu is also Debian-based). The Bitcoin wallet will work on Raspbian or Ubuntu like a charm.

Obviously, Linux isn’t the safest OS by any means. Hackers also target the Linux-based systems but definitely NOT as often as Windows – you will often hear that Linux doesn’t need an antivirus solution as the hacking threat is quite minimal. Also, because it’s open-source, countless members of the community are actively participating to its development with no hidden agendas. On the other hand, Windows is a black-boxed OS with major security leaks opened for government agencies like the NSA – WannaCry was a malware that exploited such leaks.

This is why Linux is safer than Windows in terms of malicious attacks and the best choice for any cold storage or any air-gapped machine ready to store bitcoins.

STEP 1: Prepare Your Air-Gapped Device

Raspberry Bitcoin WalletNow that you clarified some important terms, let’s get down to business, shall we? And the first obvious step in building a hackproof Bitcoin wallet is preparing your air-gapped device.

If you use an old notebook, that’s perfectly fine, all you need to do is format the disk and install a Linux-based OS like Ubuntu. Remember, the newly-installed system will have very limited access to the Internet so don’t use it to browse the world wide web, install useless software or games. The only purpose of the notebook from now on will be to store your bitcoins safely. Don’t install anything else just yet besides the OS!

For better usability and practicability, we would recommend ordering a Raspberry Pi and use it as a cold-storage Bitcoin wallet. For those who never heard of it, Raspberry Pi is a very cheap and practical mini-PC. You can find out more on their official website:

https://www.raspberrypi.org/

The latest model – Raspberry Pi 3 Model B – is around €40 (the prices vary depending on your location). A full kit which also include a power supply, a case, and NOOBS (New Out Of The Box Software – an easy operating system installer for beginners) pre-installed micro SD is around €80.

If you want to buy your own micro SD, that’s alright, all you have to do is follow the instructions on their official website.

https://www.raspberrypi.org/downloads/

NOTE
Use the safe approach and install the Raspbian OS offline without the need to connect the device to a wireless network or using an Ethernet cable. Just prepare the micro SD on your online machine so you don’t have to download anything from the Internet. Again, all the guidelines you will ever need are on the link above.

STEP 2: Install Electrum Bitcoin Wallet

This should be the ONLY TIME your air-gapped device will ever be connected to the Internet: to install Electrum Bitcoin Wallet and its dependencies.

Why Electrum? Because it’s cold storage friendly and one of the most used Bitcoin wallets out there.

To install Electrum, follow the steps described on wallet’s official website, in the Linux box:

https://electrum.org/#download

In case you are unfamiliar with the Linux-based systems, the two command lines on the site have to be typed in the terminal. Just right click anywhere on your desktop and click ‘Open Terminal’ or click the prompt icon in the top bar if you are using Raspbian (if you are using Ubuntu, there is another option: just click the logo on the side bar and type ‘terminal’). Every time you type down a line of code – for example the line installing the dependencies – hit ENTER and wait for system to download and install. When all it’s set and done, you will see the $ sign appearing again just like when you first opened the terminal.

Only then, you can go ahead and type and second command line which basically installs Electrum Bitcoin wallet. Again, wait for the whole process to be completed and only then you can close the terminal, unplug your Ethernet cable or disconnect from your wireless network.

NOTE
If you are an advanced Linux user, you can try and install Electrum offline without the need for your device to ever connect to the Internet. You can read and try out the suggestions from these two links:

https://bitcoin.stackexchange.com/questions/49609/how-to-install-electrum-wallet-in-an-offline-linux-computer

https://gist.github.com/jacoblyles/80898d6388880334f3e5a78785702ccc

but be prepared to encounter errors and failures in the process especially if you are using the Raspbian OS. Don’t worry if you can’t install Electrum offline; as long as you only use the terminal and only type the two command lines from the Electrum official website when online, the device should be a reliable cold storage option. Remember, after you finished downloading and installing,  disconnect and NEVER (!!!!) connect the device to the Internet. 

STEP 3: Create An Offline Bitcoin Wallet

Computer Offline BitcoinNow that you installed Electrum on your air-gapped device, it’s time to create an offline Bitcoin wallet. Before you do that though, make sure you are OFFLINE.

If you’re, open the terminal and type:

electrum -o

and hit ENTER. You can also click on the Electrum logo to open it but when you do that, it will automatically look for a connection to the Bitcoin network and we actually don’t want that. That is why the -o exists in the first place, it’s a command to open the program offline.

Next, an Electrum window will open signaling the creation of a new wallet. Encrypt the wallet with a strong password, write down the seed (Don’t be lazy!) and NEVER use a text document to just copy and paste the seed. (better safe than sorry!) Your seed is your key to your funds – if the wallet happens to get corrupted or you lose your password, you can restore it with this SEED. Wait for Electrum to generate your new Bitcoin wallet.

Now go to the menu → Wallet → Master Public Keys, copy that key in a text file (empty file in Raspbian), and move that file on a USB stick.

STEP 4: Move To An Online Machine

Bitcoin Online KeyOnline device you wonder? Indeed, we didn’t mention about an online machine before, but you still need an Internet connection to transfer your Bitcoin from one place to another right? You can’t just move your Bitcoins offline; your transaction won’t be broadcasted on the Bitcoin network.

What’s important though is that your cold storage won’t have any connection with your online device other than the USB stick used for file transfers.

So, going back to the process of building a hackproof Bitcoin wallet, go ahead and install Electrum on your everyday online computer. It doesn’t really matter if you are a Windows user since you will NEVER type the seed or the private key of your newly-created offline Bitcoin wallet on the online machine. That’s right, you won’t have to as it will become clear in the next step, the Electrum wallet on your online PC will be used either for receiving bitcoins or broadcasting your transaction to the Bitcoin network.

And yes, it will also be used to take a peek from time to time into your wallet. That’s why you copied the Master Public Key in a text file and transferred to a USB stick.

Since you installed Electrum on your online PC, open the program and choose the following options in the wizard: Standard Wallet (What kind of wallet do you want to create?) → Use public or private keys (Do you want to create a new seed, or to restore a wallet using an existing seed?) and paste the Master Public Key copied from your air-gapped device.

Voila, you now have a  watch-only Bitcoin wallet. 

NOTE
The OS on your online PC doesn’t really matter but we still recommend to use a Linux-based OS. Why? The USB sticks can be compromised too you know. Even if you’re unfamiliar with Ubuntu, you should try at least to install it alongside Windows and use it only for Bitcoin transaction purposes. By doing so, your USB stick is used ONLY for file transfer between the air-gapped device and online PC should be secure.

STEP 5: Receive and Send Bitcoins

Bitcoin TransactionsSo, what does a  watch-only wallet  actually mean?

Well, it means that nobody and we mean NOBODY can steal your Bitcoins from your wallet since you don’t have a seed or private key stored on the online PC. You can only see your Bitcoin balance, transaction history, plus receive funds using the public address in the Receive tab (that’s the only information you are looking for when you transfer bitcoins INTO your wallet).

If you want to send funds OUT of your Bitcoin wallet, you will have to make use of your air-gapped device. But how do you send funds since the Raspberry Wallet will forever remain offline, you wonder? Well it’s not that complicated, all you have to do is read carefully and follow the steps presented in the Electrum documentation below:

http://docs.electrum.org/en/latest/coldstorage.html

Not as easy as 1,2,3 but we are sure you’ll get the hang of it fairly quickly. It’s not that difficult either. Once you made few transactions using this hackproof method, the process will become much easier. Just make some small transactions at first, especially if you are a newbie, to test things out and see if you did indeed understand the process.

So, there you have it! Before closing this page though, here are some extra things to take into consideration when you create your own hackproof Bitcoin wallet:

Things To Consider
  • There is a chance the wallet can be comprised if you use a compromised USB stick to moves things around between the offline and the watch-only wallet (master public keys, transactions). If you use a Raspberry Pi, you can buy a Pi Camera and use it to read QR codes to avoid the USB stick transfers. Or you can also use the USB stick ONLY for the sole purpose of transferring text files between the air-gapped device and online PC. No other files involved. This should be fine also.
  • ALWAYS AND WE MEAN ALWAYS check the source. Don’t trust anybody when it comes to handling your bitcoins. Double check the links to see if they are correct when you plan to download a hardware wallet software like Electrum and don’t install unofficial third-party software by any means. Just use what official sites like bitcoin.org recommend. Since there is a good chance Bitcoin will continue rising, the number of malicious attempts will increase exponentially.
  • You can also follow these very guidelines if you want to secure your Litecoins and build a hackproof Litecoin wallet. Electrum also has a Litecoin wallet that functions very similar to the Bitcoin wallet. Check their site https://electrum-ltc.org/ and build a hackproof Litecoin wallet yourself!

1 COMMENT

  1. Malware can persist after a drive format (BIOS infection). USB drives with ha hardware write disable switch are available (kanguru drive). Decent hardware wallets are meant to be used on computers even if that computer is infected with malware. You will be able to use whatever computer you want, not need another computer to hold coins, and is small enough to pocket. If you have a significant store of coins the price of a wallet may be justified. Check if the coin type you want to use the wallet with is supported by that wallet. Whatever you do, be sure to have a backup to get your coins back that won’t allow someone else to.

LEAVE A REPLY

Please enter your comment!
Please enter your name here