Author

Topic: Easiest and most secure way to cold store bitcoins (Read 232 times)

legendary
Activity: 2268
Merit: 18771
- Install Linux TailsOS through an USB key
Tails isn't meant to be installed, but rather ran directly from the USB drive. When you remove the USB drive, all activity from that session is wiped unless you have set up persistent storage.

Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?
Tails has Electrum bundled in to it already. You will not have to download Electrum separately. It will run directly from the USB drive.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?

What I want is that when I plug the USB to the offline computer with the OS on it I can find Electrum on it like the last time.
With that, your initial concern persists because in events of a theft, if the USB flash Drive/PC is stolen, then your wallet files will be stolen as well.

If you still want that, Tails has the option to create a "persistent storage" where you can store the wallet file.
It's basically an encrypted storage in the USB flash drive which is exempted from Tail's "amnesia". It's protected by your admin password.
My suggestion is at least set a different password (strong ones) for the persistent storage and your Electrum.
jr. member
Activity: 48
Merit: 27
Exactly.

I expect to:
- Find an airgapped PC
- Install Linux TailsOS through an USB key
- Install Electrum and create the seed.

Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?

What I want is that when I plug the USB to the offline computer with the OS on it I can find Electrum on it like the last time.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
If you're going for a live-OS as suggested by NeuroticFish, I'd recommend my personal favorite: TailsOS (tails.boum.org).

Booting it up and restoring the seed every time you need to sign takes a few minutes but your bitcoins will be safe even if the flash drive or cold-storage PC got stolen.
The only factor that you can be hacked is through the seed phrase so do your best to remember it so you wont have to keep the paper backup in an accessible storage.
legendary
Activity: 2212
Merit: 7064
I want to keep things simple but as unbreakable as possible.
You can't really have both simple easiest and most secure option all in one for storing bitcoin.
Easiest cold storage would be some open source air-gapped hardware wallet or signing device, with seed phrase backup stored on paper or metal.
I like the idea of having mini-computers like this used only for this purpose, and this is easiest option for you, but I won't say it's most secure.
Most secure option is more complex and you need to know what you are doing, one mistake could mean losing of your coins.
 
legendary
Activity: 2268
Merit: 18771
But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?
Most good Linux OSs come with the option of enabling full disk encryption when you install them. Pick a long and complex encryption key, and anyone who steals your airgapped computer won't even be able to see that you have Electrum installed on it, let alone try to steal your coins. The other option is as NeuroticFish has said, where you only use a live OS with no persistence on the airgapped device, use that to create your wallet and write down your seed phrase, and then import your wallet from a paper copy of your seed phrase every time you want to access it.

Alternatively, if you have access to multiple airgapped devices, you can set up a multi-sig wallet, meaning an attacker would need to steal and compromise two or more devices to access your wallet.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I am technologically knowledged to set up both an offline wallet and an watch-only wallet.
But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?

If you plan to HODL, i.e. won't actually spend the coins, you can write down and save safely in multiple places the recovery seed, keep the watch only wallet and wipe the offline computer (or use a live OS from start for the cold storage).
If you indeed want to spend and use the cold storage then you have options like:
* use an OS with strongly encrypted HDD
* use live OS with no persistence (just then you'll have to access often the seed, hence sub-optimal)
* use a strong password for your wallet and make sure you can move the coins to safety in a timely manner after the cold storage theft is noticed (using the seed backup)

So if you use a hard-to-discover long password (or phrase) you're not "dead", even in case of theft.

LE:
Also keep in mind that the "offline computer" can actually be an-OS-on-an-USB stick, which can be hidden easier and doesn't look that valuable as a laptop.
jr. member
Activity: 48
Merit: 27
I am technologically knowledged to set up both an offline wallet and an watch-only wallet.
But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?
legendary
Activity: 2268
Merit: 18771
I currently use Electrum and I am very satisfied with the software.

I want to keep things simple but as unbreakable as possible.
Do you have an old computer or laptop you no longer use? How technical minded are you? Could you open up an old device and remove the WiFi card? Could you format the hard drive and install a new operating system? If you could do these things, then I would set up this old computer as an encrypted airgapped device and install Electrum on it, with a watch only wallet on your main computer. This takes a bit of time to set up, but is easy to use and very secure once set up.

If you don't think you could achieve the above, then the next best option would be a reputable open source hardware wallet.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I want to keep things simple but as unbreakable as possible.

The correct method for not getting your funds stolen is keeping the actual keys/seed offline.
As said, one method at hand is Electrum as cold storage, and keep in mind that the cold storage must remain offline forever (if you must go online, that wallet/system must be wiped out first).
If setting up a cold storage is a difficult task for you, next best option is acquiring hardware wallet (but please do some reading on the topic before spending money)
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
I currently use Electrum and I am very satisfied with the software.
If it's good enough for you then why switch?
Or are you using it only as a "hot wallet"?

Because it can be set-up as a cold-storage: electrum.readthedocs.io/en/latest/coldstorage
jr. member
Activity: 48
Merit: 27
Hello all,

I am looking for the most secure but also easy way to cold store my bitcoins.

Actually I don't want to use a custody as they would own my private key.

I currently use Electrum and I am very satisfied with the software.

I want to keep things simple but as unbreakable as possible.
Jump to: