Author

Topic: Best Practices for transferriing BTC from exchange to Ledger wallet? (Read 211 times)

legendary
Activity: 2268
Merit: 18771
No problem at all. Glad to help, and be sure to reach out with any further questions or issues you encounter when you start going about setting things up.

If you are enjoying Antonopoulos' videos, then I would also recommend his book, Mastering Bitcoin. You can get the whole thing for free via his Github here: https://github.com/bitcoinbook/bitcoinbook. It's more technical than any of his YouTube content, but it does a great job of explaining some of the more technical aspects of bitcoin, transactions, wallets, etc. in an easy to understand way.
newbie
Activity: 11
Merit: 20
Thank you both! I feel very confident about diving into this now, thanks to all of the guidance that you and others have patiently given me in this thread. You've answered so many of my open questions, and I'm very appreciative.
 
o_e_l_e_o, thank you as well for mentioning Andreas Antonopoulous in my other post. If I had more merit points left that I could give you, I would. You're an incredible asset to this community.

I wish I'd discovered Andreas' YouTube channel years ago. I watched a couple of his introductory videos last night, and was blown away by how good they are. He has a large subscriber base on YouTube, but I'm a little saddened that his individual videos have had relatively few views over the years. It's a shame. He also seems to have stopped posting new videos on YouTube in the past year. I'm going to try to catch up on his video archive, and also subscribe to his Patreon to support his newer content.
legendary
Activity: 2268
Merit: 18771
Linux Distro recommendations
Tails is great a live OS which I use a lot, but that doesn't seem to me what you want here, especially if you are potentially planning on running a node. I often recommend Mint to users who are transitioning from Windows for the first time, since it is the closet to Windows in terms of look and feel and will therefore ease the transition, although personally here I would probably use Debian.

Using TOR instead of Firefox or Chrome
Again, Tor is great and I use it a lot, but I'm not sure it serves your purposes for everything here. I would certainly use it for general browsing, downloading Electrum, etc. in order to maintain your privacy, but if you are planning to log in to centralized exchanges then you might find they start blocking your accounts since your IP will constantly be changing. I would use Firefox for everything you don't use Tor for. Stay away from Chrome.

Using a VPN
Better than nothing if you are not using Tor, but inferior to Tor in terms of privacy. Little to be gained by using one while you are also using Tor. Same problem regarding centralized exchanges as above if your IP address keeps bouncing around different countries.

Using a dedicated crypto computer vs. air-gapped computer
You are absolutely right regarding the dedicated computer for crypto activities. This is a smart move, and the less software you install and the fewer websites you visit, then the lower your exposure to anything potentially malicious. This computer obviously can't be airgapped if you are planning to use it to log in to exchanges, visit block explorers, run a node, etc.

The benefit that an airgapped computer brings is that it is somewhere you can interact with your private keys while keeping them 100% offline. You transfer unsigned transactions created with a live watch only wallet to this computer using a USB drive or QR code, sign them in this airgapped environment, and then transfer them back to your live computer to be broadcast. Since the computer is airgapped, you cannot use it to log in to exchanges, run a node, etc. It is solely for the purpose of storing your keys and signing transactions. Now, a hardware wallet largely achieves the same goal. If you are already going to be using a Ledger hardware wallet, then you could argue an airgapped computer is unnecessary. Personally, I am of the opinion that a properly set up airgapped computer is probably more secure than a hardware wallet, but some people would disagree with me. The biggest point to note is that it is significantly harder to properly and securely set up an airgapped computer, and it is significantly easier to mess up and ruin your security, than it is when compared to using a hardware wallet.
newbie
Activity: 11
Merit: 20
o_e_l_e_o, Thanks for keeping me honest about the fact that I don't have an air-gapped system. I'll stop referring to it that way, and think of it as a dedicated crypto computer.  
dkbit98 Thanks for helping to round out my understanding of bitcoin account types, and for your guidance on blockchain explorers
Husires, m2017 Thanks for encouraging me to consider using Linux instead of Windows. I'm open to the idea
Elevates Thank you for the security tips, and for pointing me to Ledger Academy. I'll spend some time today using their learning resources

I'm grateful to all of you for your guidance. Your responses made me think of a few questions I wanted to ask, which will hopefully be useful to others as well:

1. Linux Distro recommendations - Is a mainstream distribution like Ubuntu preferred, or would you lean to a security focused distro like Tails, Qubes OS, etc?  Is there a go-to security focused distro you would recommend, that also offers good compatibility for running a full node and mempool explorer?  Most of the reviews I see online can't seem to agree on their top 3 recommendations for secure Linux distros, though many of the same names show up in their larger lists.

2. Using TOR instead of Firefox or Chrome - Would you have any concerns about using TOR as the primary browser for downloading software and performing crypto transactions? Traffic traverses a lot of nodes in TOR, but from a privacy standpoint, it should be more secure. I just don't know if this is considered a good or bad practice in the crypto community.

3. Using a VPN - Any thoughts on how important this is, if you're already using a privacy browser like TOR?  I've read conflicting things on the Internet about whether to use TOR + a VPN together or not. I have no idea what to make of it.

4. Using a dedicated crypto computer vs. air-gapped computer - In the foreseeable future, I'm not planning to spend crypto. I'm just stacking sats and accummulating coins for the the long-term. Given this, can you help me better understand what situations would warrant investing in an air-gapped computer? Although it's not air-gapped, I feel it's worth having a dedicated crypto PC solely to perform crypto tasks (e.g., logging into my exchange and transferring coins to my hardware wallet, using a block chain explorer, running a full node, running the ledger software, etc). The way I think about it is by restricting the number of websites/code I run on the dedicated PC, the less likely it is that I'll end up being exposed to crypto malware. To use a real world analogy, I think it's similar to the way that reducing the number of people you interact with reduces your likelihood of catching a virus and getting sick. What are your thoughts?

 
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
~snip

(Kind-of) Air-Gapped Computer
1. I bought a dedicated Windows laptop, re-formatted the hard drive and installed a fresh copy of Windows directly from Microsoft
2. I ran Windows Update to get the latest security patches
3. I installed the Chrome browser

~snip
1. Just in case, I would also reflash the BIOS (not the fact that the threat will be from this direction, but it is theoretically possible), after downloading it from the manufacturer's website.
2. Also, instead of Windows, I would install Linux. There are many different distributions for different needs. Including security.
3. Maybe Firefox is better? Again, after making the right settings.
legendary
Activity: 2268
Merit: 18771
Suppose, there is some virus or hack affecting some users and they mail those users to change their passwords with the help of some authentication with reply to that mail.
There is no scenario where you would need to (or even could) change the password on your local Ledger Live software or other wallet software by responding to an email. Just as there is no scenario in which you would ever need to respond to a Ledger email with any sensitive information, be it passwords, passphrases, seed phrases, etc.

If you get an email warning you of a vulnerability, then you should go on their website or this forum and double check its authenticity. If you get an email asking you to start following links, change passwords, or enter sensitive information, then it's almost certainly a scam.
member
Activity: 150
Merit: 17
Never respond to any emails which are coming from Ledger
Do not agree to this. Suppose, there is some virus or hack affecting some users and they mail those users to change their passwords with the help of some authentication with reply to that mail. Will you consider not replying to them even in that case. I understand what you are saying here but this should not be hard and fast rule. One should apply basic common sense based on the situation.

If you want to know anything just follow them on Twitter as they are pretty active on social media. Please also go through the Security tips shared by Ledger wallet.

That can also be unreliable in case their Twitter also gets compromised. So act according to the situation using your common sense.
sr. member
Activity: 756
Merit: 390
Since you are using a Ledger wallet to store a few cryptos this is my advice to you. Never respond to any emails which are coming from Ledger or look like are from Ledger. In most cases, the user is at fault whenever the ledger gets hacked as most of the time it was the user who responded to an email and compromised the wallet. If you want to know anything just follow them on Twitter as they are pretty active on social media. Please also go through the Security tips shared by Ledger wallet.
legendary
Activity: 1596
Merit: 1288
but I wonder if this is really necessary given that my private keys are stored on the hardware wallet and never make it to the PC. Technically, I guess it's not an air-gapped system, but more of a dedicated computer that will only be used for the following things:
It is necessary for many things, starting from reducing the cost of hardware and not ending with enhancing your privacy.

The minimum requirements for running Windows 10 are:

  • Processor: 1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS or 20 GB for 64-bit OS
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver


Source: https://support.microsoft.com/en-us/windows/windows-10-system-requirements-6d4e9a79-66bf-7950-467c-795cf0386715

Instead, you can install the Linux operating system with greater efficiency and complete control.
You don't want a lot of services, just browsing so Linux versions will be perfect even if you don't know how they work.

Just try to avoid downloading any unknown software and keep your hardware wallet in a safe place.
legendary
Activity: 2268
Merit: 18771
It should be a clean machine with no malware, bloatware or adware.
You installed Windows and Chrome. They are both spyware. So not a great start. Tongue

I refer to it as "kind-of air gapped" because I had to connect to the Internet to download Windows from the Microsoft web site, download patches through Windows Update, and install Chrome.
There is no such thing as "kind of airgapped". What you have is a non-airgapped device.

I read the purists saying you have to have a virgin computer that never touched the Internet, and install Linux on it, but I wonder if this is really necessary given that my private keys are stored on the hardware wallet and never make it to the PC.
No, it's not necessary (although it is certainly beneficial) to have an airgapped computer if you are using a hardware wallet.

- To log into the exchange web site to transfer my coins to my hardware wallet
- To run a full node (if I need to)
This couldn't be farther from an airgapped system. It's a dedicated system only for crypto activities, sure, and that's definitely better than doing all your crypto activates on your main system, but don't trick yourself in to thinking what you have is airgapped. It isn't even close, and if you use it as one would use an actual airgapped system (i.e. to generate entropy or store private keys), then you will run in to trouble and potentially lose your coins.

The rest of your steps are fine. The only thing I would add is to make sure to verify all software you download (Ledger Live, Electrum, etc.) before you install it.

bc1 - Bech32 (Pay 2 Script Hash) Native Segwit format
Minor nit pick: Bech32 is an encoding system like Base58, not a script type like P2PKH. And bc1q address are not pay to script hash, they are P2WPKH or P2WSH.
legendary
Activity: 2212
Merit: 7064
Q. The biggest risk seems to be accidentally sending the private key instead of the public key. Is that foolproof on modern hardware wallets (e.g., do you have to go through a stupid amount of work to get the private key, making it less likely to screw up) or is there something to watch out for?
You shouldn't keep private key or seed words anywhere online and you should never send them anywhere.
That is possible by using airgapped devices and by keeping seed words written on paper or on stainless steel.
Having hardware wallet will not protect you from stupidity of sending words to some phishing website that will easily steal your coins.

Q. Do public wallet addresses always start with 1 or 3 (which something I'd read)? How many characters long are public keys compared to private ones? Is there some other high confidence way confirm the string is the public key and not the private one?
Bitcoin addresses can start differently:
1 - P2PKH - (Pay 2 Public Key Hash) Legacy format
3 -  P2SH - (Pay 2 Script Hash) Compatibility format
bc1 - Bech32 (Pay 2 Script Hash) Native Segwit format
bc1p - Taproot  (P2TR - Pay To Taproot) Taproot format

Q. What blockchain explorer would you all recommend using?
One of the best explorers is mempool.space but you can use anything you like.
Good list of Bitcoin explorers is available on Jameson Lopp website:
https://www.lopp.net/bitcoin-information/block-explorers.html

Q. Do I need to set-up a full node to do this (i.e., is it really necessary)? If so, should I set up the node on my dedicated computer, or on my regular daily use PC? Does it matter?
If you run your own node than you can run your own mempool.space explorer, so you don't have to trust anyone else about Bitcoin transactions.
Everything is open source and available on their github page, it's not necessary to do it, but it's good for your privacy.
https://github.com/mempool/mempool
newbie
Activity: 11
Merit: 20
I feel you are confusing public key with address.
When you are going to receive bitcoin from someone, you should give him/her your address, not your public key. Address is the hash of the public key.

Yes, you're absolutely right. I was conflating "public key" and "wallet address" as being the same thing. In my defense, I've watched multiple videos on YouTube as I've been trying to learn crypto concepts that say explicitly that the public key is the same thing as your wallet address. Here are a few brief examples:

https://www.youtube.com/watch?v=GSTiKjnBaes
https://www.youtube.com/watch?v=bvSJm7fHXto

But based on what you said above, it seems like those videos are wrong (or at best, are oversimplifying). I searched some more and came across this video, which suggests it's more complicated than this, and that as you say, a wallet address is actually a hash of the public key, and not the public key itself:

https://www.youtube.com/watch?v=8es3qQWkEiU

Thank you for leading me in the right direction, Hossein! As a follow up question, I wanted to ask: Are there any situations where you'd ever hand out the public key directly to someone? I'm wondering why there's even a distinction between wallet address and public key (and why both exist) if all the other party needs is a hashed wallet address to transfer crypto to you.

A bitcoin address starts with 1, 3 or bc1.
A public key starts with 02 or 03 and includes 66 or 130 characters.
The most common private keys start with 5, K or L. It includes 51 characters if it starts with 5 and 52 characters if it starts with K or L.
A bitcoin private key can have other formats as well. But they are not commonly used. For example, it can be in hexadecimal format which includes 64 characters of 0-9 and A-F or it can be a mini private key which starts with S. A private key starts with 6p, if it's BIP38 encrypted.

Thank you for this as well! It's incredibly helpful to have as a reference.
legendary
Activity: 2380
Merit: 5213
It's why I'm trying to figure out if there are obvious clues to look for to distinguish a public key from a private one.
I feel you are confusing public key with address.
When you are going to receive bitcoin from someone, you should give him/her your address, not your public key. Address is the hash of the public key.

A bitcoin address starts with 1, 3 or bc1.
A public key starts with 02 or 03 and includes 66 or 130 characters.
The most common private keys start with 5, K or L. It includes 51 characters if it starts with 5 and 52 characters if it starts with K or L.
A bitcoin private key can have other formats as well. But they are not commonly used. For example, it can be in hexadecimal format which includes 64 characters of 0-9 and A-F or it can be a mini private key which starts with S. A private key starts with 6p, if it's BIP38 encrypted.

I think these are enough for being able to distinguish between address, public key and private key.  
newbie
Activity: 11
Merit: 20
Thank you for helping me fill out the gaps in my understanding, Hosseinimr. In particular, I appreciate the privacy related insights you pointed out about connecting to an Electrum server and the value of running a private node. Looks like I have a bit more learning to do on those topics.  Wink

I definitely don't ever want to give out my private keys. I'm mainly trying to avoid inadvertently doing that as I read the horror stories of people who accidentally sent their private key instead of their public one and had all of their coins stolen. I wish the two didn't look so similar. It's why I'm trying to figure out if there are obvious clues to look for to distinguish a public key from a private one.
legendary
Activity: 2380
Merit: 5213
Q. I was thinking of using the Electrum wallet. Are there any better options?
Electrum is surely a good option.


Q. Any concerns with installing the watch only wallet on my regular daily-use PC instead of the dedicated crypto PC?
The watch-only wallet doesn't contain any private key and there wouldn't be any problem unless there's someone else using that device and you don't want him/her to know you own bitcoin.


Q. Are there any best practices for setting up a watch only wallet?
Unless you care about your privacy very much, you can easily import your master public key into electrum and create a watch-only wallet to see your transactions and your balance.
With creating a watch-only wallet on electrum and connecting to a server, the server owner will know your IP address and can link it to your addresses.


Q. The biggest risk seems to be accidentally sending the private key instead of the public key. Is that foolproof on modern hardware wallets (e.g., do you have to go through a stupid amount of work to get the private key, making it less likely to screw up) or is there something to watch out for?
Why should you to send your private key to someone instead of your address?
You don't need to save the individual private keys at all. All you need for recovering your wallet is your seed phrase.


Q. Do public wallet addresses always start with 1 or 3 (which something I'd read)? How many characters long are public keys compared to private ones? Is there some other high confidence way confirm the string is the public key and not the private one?
Bitcoin addresses start with 1, 3 or bc1.
The most common format that is used for private keys is WIF. Such private keys start with 5, K or L.


Q. What blockchain explorer would you all recommend using?
I usually use blockchair.
Take note that the block explorer can watch your activity and with using a block explorer you may hurt your privacy.


Q. Do I need to set-up a full node to do this (i.e., is it really necessary)? If so, should I set up the node on my dedicated computer, or on my regular daily use PC? Does it matter?
If you want to protect your privacy completely, then I recommend you to run a full node and use bitcoin core or run your own server on electrum. Take note that for running a full node, you will have to download around 450 gigabytes of data.


Q. Lastly, can anyone help me understand the concept of sweeping and if it's something I need to explicitly do? Does ledger automatically take care of that?
With sweeping your private key, you send the fund from the address associated with that private key to your wallet.
newbie
Activity: 11
Merit: 20
First of all, I just wanted to say thank you to all of you who patiently answer questions for us newbies. We appreciate it more than you know. I'm getting ready to transfer BTC from an exchange to self custody on a Ledger hardware wallet. I've tried to get as educated as I can, but wanted to confirm if I'm missing anything in terms of best practices before starting. Here's what I have in mind:

(Kind-of) Air-Gapped Computer
1. I bought a dedicated Windows laptop, re-formatted the hard drive and installed a fresh copy of Windows directly from Microsoft
2. I ran Windows Update to get the latest security patches
3. I installed the Chrome browser

It should be a clean machine with no malware, bloatware or adware. I refer to it as "kind-of air gapped" because I had to connect to the Internet to download Windows from the Microsoft web site, download patches through Windows Update, and install Chrome.  I read the purists saying you have to have a virgin computer that never touched the Internet, and install Linux on it, but I wonder if this is really necessary given that my private keys are stored on the hardware wallet and never make it to the PC. Technically, I guess it's not an air-gapped system, but more of a dedicated computer that will only be used for the following things:

- To install and update the hardware wallet and install/run the ledger software and apps
- To set up a watch-only wallet
- To log into the exchange web site to transfer my coins to my hardware wallet
- To run a full node (if I need to)

I don't plan to use it for anything else, but in the back of my mind I'm wondering if any of this is necessary and/or putting my coins at risk

Setting Up the Hardware Wallet

1. Setup the Ledger. Create the seed phrase and write it down on paper (no photos, no copy paste, no online storage, etc.)
2. Make sure I go only to the real Ledger web site, install the Ledger software, and download the Ledger apps for the handful of coins I'm interested in storing (nothing too crazy - just half a dozen of the major, established coins)

Set up a watch only software wallet on my PC
I haven't done this yet, but was wondering if I could get your advice on best practices for doing this. Some specific questions I have:

Q. I was thinking of using the Electrum software wallet. Are there any better options?
Q. Any concerns with installing the watch only wallet on my regular daily-use PC instead of the dedicated crypto PC?
Q. Are there any best practices for setting up a watch only wallet?

Transfer the coins from the exchange to the hardware wallet
Here, I'm assuming that the general process is to log into the ledger software, say I want to transfer coins to to my hardware wallet. Take the public key/wallet address Ledger generates and give that to the exchange to initiate the transfer. I was planning to do all of this on the dedicated computer. Then wait for a while for the transaction to be validated and the transfer to be completed. I can use a block chain explorer to monitor what's happening with the transaction. Wait until multiple confirmations are showing to feel confident that everything went through, and check the watch only wallet to confirm the right balance is showing. Some general questions I have here:

Q. Am I missing anything or getting anything wrong in these steps?
Q. The biggest risk seems to be accidentally sending the private key instead of the public key. Is that foolproof on modern hardware wallets (e.g., do you have to go through a stupid amount of work to get the private key, making it less likely to screw up) or is there something to watch out for?
Q. Do public wallet addresses always start with 1 or 3 (which something I'd read)? How many characters long are public keys compared to private ones? Is there some other high confidence way confirm the string is the public key and not the private one?
Q. What blockchain explorer would you all recommend using?
Q. Do I need to set-up a full node to do this (i.e., is it really necessary)? If so, should I set up the node on my dedicated computer, or on my regular daily use PC? Does it matter?
Q. Lastly, can anyone help me understand the concept of sweeping and if it's something I need to explicitly do? Does ledger automatically take care of that?

Please let me know if I'm thinking about any of this the wrong way, and thanks again for your patience and willingness to help me figure this out! BTC still seems too complicated for mainstream adoption, but I'm committed to getting on board, and hoping someday that I can pay the knowledge forward.












Jump to: