Topic: Electrum Cold Storage (Read 2507 times)

Many thanks for this. I have read that Electron generates many addresses for receiving BTC. So, if the first one the offline wallet creates is the same as the first one the online wallet creates then all is well?

You are now smarter than the average Bitcoin user

Yes, keeping coins on Exchanges "long term" is a terrible idea. As the saying goes "If you don't control the private keys, you don't control the coins"... and I'm not aware of ANY exchanges that give the users control of the private keys for their accounts.

[/quote]

They definitely should.

You are now smarter than the average Bitcoin user

Yes, keeping coins on Exchanges "long term" is a terrible idea. As the saying goes "If you don't control the private keys, you don't control the coins"... and I'm not aware of ANY exchanges that give the users control of the private keys for their accounts.

No, not Bitcoin/the blockchain itself being hacked. I mean the exchange. My BTC has just been left in my online account with the exchange, which apparently is unwise hence why I'm going to put my BTC offline in cold storage. I haven;t actually created any wallet at all, yet. I was given a wallet to download by the exchange but I think it's pretty much meaningless, and I certainly didn't know what to do with it or how it works.

You just want to send some coins tO your wallet? That's easy... In the watching-only wallet, simply click on the "Receive" tab... it will give you an address to send to. You copy/paste that address to the withdraw/send page on the Exchange. They will then send the coins to that address.

You can get the address from either the offline wallet or the watching-only wallet. If they are configured correctly, they will generate identical addresses. The watching only wallet is essentially a "clone" of the offline wallet WITHOUT the private keys. I'd recommend using the watching-only wallet for the day to day tasks like generating addresses, checking balances etc. The offline wallet should only really be used for signing transactions.


ps. You should double check that your offline wallet and your watching only wallet ARE actually generating identical addresses before you start sending coins to your wallet

I don't know how you got the idea of Bitcoin being hacked. It was never hacked. only the 3rd party sevices like exchanges got hacked and that's because of their own stupidity.

Just keep your private keys safe and you'll never have to worry.

Thanks. I think it's clear enough for now. I'll generate the address in the offline/cold wallet and use it in the exchange. I'll start by transferring a tiny quantity of BTC just in case, then go through the steps of swapping code around the two wallets in order to register the transaction, et cetera.

I have read a bit (no pun intended) on this and probably know enough - now - to use the system, although I haven't much of a clue as to the ins and outs (like most, I imagine) - I probably never will know. BTC is so complex and so vulnerable to theft/hackers that I really don't know how it became so large a phenomenon.

Before you dive into complex stuff (like making transactions from a cold/watch-only wallet), you need some reading to do on the basics. At least get yourself familier with the concept of public and private keys.

I will give you  head-start:
Every bitcoin address is a combination of public key and private key. You can generate this online or offine, doesn't matter. Both work same, however offline method is more secure.

To receive BTC, you just give the public address to someone (like an exchange). Never give private key to anyone.

It is not necessary to use different address for each transaction. Addresses can be re-used as much as you like, however some people like to keep changing addresses for privacy reasons.

I get the parts involving setting-up an offline cold wallet and an online watch-only wallet, but not where sending BTC (to that two-part wallet) is concerned.

What you wrote, and what is included in online instructions for the Electrum wallet setup process, makes no sense to me.

I want to transfer BTC from the exchange where they were purchased into the Electrum cold wallet.  What you describe is sending money from the watching wallet. But how is this possible as the wallet has just been created and contains zero BTC? I guess I need some sort of address to give the exchange so it knows where to send my BTC to. Do I give the exchange the public key (xpub?) or a specially generated address? If the latter (the address) should that address be generated in the offline wallet or the online wallet? Also, for the same wallet (the same account, in essence) should that address always be used or can a new one be created - does a new one need to be created - for every transaction? Can I advertise that address for anyone to pay me their BTC?

This is basic stuff but it isn't clear to me, so I would be very grateful if you could clarify it.

Thanks.

P. S. I read that the xpub key should never be revealed, but was this a mistake on the writer's part; did the writer actually mean the private key (xprv)?

So it's not going to take 1.7365884x10^26 years but rather only 1.7365884x10^19 years. In other words not 3000000000000000000000000 times the age of the earth, but rather only 300000000000000000 times!

Hey, i just remembered your calculations and was wondering about one thing.
Technically even if you can run through 3.1536x10^13 seeds per year, if you consider that there may be around 10 milion of electrum wallets set-up with different seed phrases it only makes it 3153600 seed phrases to go through to find at least one working wallet.

If you are only interested in cold storage for bitcoin you can save yourself the hassle and just get a Digital BitBox hardware wallet for $78 shipped. I just set a friend up with one and it is very nice, the co-founder of the company is a Bitcoin Core developer.

Bonus tip:

Electrum has one more useful feature. In future if you decide to spend some BTC from your cold wallet, you don't need to actually transfer that wallet to a "hot" PC (which is connected to internet).

You can actually keep your wallet offline, sign a transaction from that, take that transaction on a USB flash drive, and broadcast it from a "hot" PC.

This way, your wallet never touches a hot PC, so there's no risk of any wallets to be hacked or malware attacks.

Google for the exact procedure.

Thanks again, appreciate everything!

Yep, watch address works exactly like you said. Enjoy and welcome to the club!

Everything works exactly as you said, thank you very much. I did all the steps and am about to format the laptop for the second time to close the case.
I will be keeping the only-watch wallet on my online PC though, is that completely safe and work the same as checking up a transaction on blockchain?

I'm not much familiar with Electrum, but do you have addresses on the "Addresses" tab?

*Edit: Nvm. I was on the watch-only wallet.

Private keys are helpful if in future you want to use some other program to recover your coins. Not all programs accept the 12 word seed, but all programs will accept a private key (even online wallets like blockchain.info). So it is good practice to keep them with you.

It is very easy to export private keys from electrum, just go through the menus and you'll notice an option. If not, just google it.


EDIT: Something like this -

I am in the middle of doing all that. You also noted to export and print private keys, do i need to do that in case of Electrum?
They only require you to have the 12 word seed to backup your coins. I am new to this and i can see that there's no private keys after i created the wallet.

So i'm now a bit worried, should i do something with private keys or can i leave it like this and just save the 12 word seed and not worry about anything?

I created a cold storage for a friend of mine. It was with Multibit Classic, but the process remains same for Electrum.

- Disconnect from Internet
- Format laptop to install clean Windows
- Install Multibit (or Electrum)
- Copy the 12 word seed to notepad & print to PDF as well as paper. Also save/print the QR code. *
- Export private keys to notepad and print to PDF as well as paper. *
- Print the list of public addresses so that you can send funds to them *
- Copy files (PDF, notepad, QR Code etc.) to a USB drive, then remove the USB drive *
- Format the laptop again, install clean Windows
- Keep paper wallet & USB drive in safe place

(* You can create multiple copies of prints / USB drives if you want to store them at multiple locations)

Yes, but to be completely safe you should format your laptop and install clean OS after you've done these steps. So that there are no traces of your wallet/password on your laptop and no malware can mess with it. If you don't want to format machine, you can use live Ubuntu USB drive as someone suggested above.



No need. 12 word is much more secure than you would think.

Uh, this is getting more and more confusing. Wish there was an easier way.

I'm actually just thinking of completely wiping my laptop and using disk recovery to restore it to the fabric settings (like a brand new laptop/data).
Then installing offline wallet on it, setting up a watch-only on main PC, sending money to it and wiping the laptop again to fabric settings.
This way i have wallet set up on a brand new PC with no malware, and just for a maximum of 1 hour. Then i wipe the laptop and can recover the wallet at any time with 12 word key.

So technically i do not even need to save the bitcoin wallet files because i can always recover the funds using the 12 words key.

This sounds the most easy to me and wouldn't take more than 30 minutes honestly. Especially that i won't be moving funds on this wallet for 6 months and at that time i plan to swap to paper wallet too.

I suspect this is why you need two pendrives to install Tails... as you can only install "actual" Tails from another Tails install... If you have windows, you first have to download and install an intermediary Tails on one pendrive, then boot from that and then install your actual Tails on the 2nd pendrive... a bit convoluted, but you're trading security for convenience.

After you have it setup... Tails should be safe from your Main OS as it it designed so that it doesn't attempt to mount and/or use other drives on your system unless you configure it to do so. Likewise with the networking side of it... You can disable all networking during boot.

The only other vector for attack that I can think of is some sort of BIOS based malware... I'm not aware of anything that advanced, but I'm sure someone is working on it.

Thanks a lot for your replies mate, really appreciate it!
Last question if you're still around, can Tails get infected by main OS in any way? I always keep my PC clean and have antivirus enabled all the time. I'm almost certain that my PC is not infected, but it's better to assume otherwise.

Therefore i'm not sure if i can just run it on pendrive and boot it on my PC that already has Windows 10 installed, then just choose for it to boot from pendrive.

Yup,, just boot tails as a LiveCD. The 12 words seed is all you need to get into your wallet.

You're not the only one that thinks that way so I'll break it down for you, its quite simple. For a 12 word seed, there are 2049 possible english words. With the English words, there are 2049^12 possible combination of seeds. Assuming I can bruteforce seeds at 1 million seeds per second, I can run through 3.1536x10^13 seeds per year. I'll be able to run through the possible seeds in 1.7365884x10^26 years. In comparison, we have  7.5 x 10^18 grains of sand on earth.

So just download Tails and do exactly the same thing just with cold wallet(no internet) on Tails and watch-only on a PC that's online.
Then store the wallet file on pen drives and remember + save the 12 word seed on a piece of paper in case of emergency.

That's gonna work and will be safe, right? Also, just wondering if the 12 word seed is the only thing that is required to get into a wallet, then isn't that not so safe?
There has to be at least 50-100 milion of people using etherum so it shouldn't be so hard to get into at least 1 wallet with random 10-20 combinations you write, no?

It is possible for the host machine to infect the virtual machine, its harder the other way round. Anyways, it is possible for the malware to record the screen and get your 12 word seed. Use one of your pendrives to run a live copy of Tails and you will be fine.

You can do whatever you want with the VM and the pendrive, just remember the 12 word seed. It is the most important thing in the Electrum cold storage. Pen drives can be prone to failure so I don't really recommend using them.

Okay, that is definitely a problem because i do not own a printer.

Back to the Electrum idea then, technically i could just:

1. Create a virtual machine that is disconnected from internet, this way i have a fresh installed Windows with no malware on it and separated from original system (no malware from original one can infect the VM).
2. Create a wallet on it and use the master public key to create a watch-only wallet on my online PC.
3. Then copy the address and send all btc i want to invest to that address.
4. Then copy the offline wallet file onto lets say 3 different pen drives and store them for a few years.

That would work fine, i guess? Or at least for a few months until i decide to switch to paper wallet.
This way i should not be infected/exposed to any kind of malware, i would be doing it offline as well and i would have it safely stored on 3 different pen drives that would work just as a BTC Storage, like the paper wallet.

Sorry for jumping from Electrum to Paper and then Electrum again but seems like paper is unavailable to me at the moment, though i definitely will change to it sooner or later as it seems best fit for me.
Just wondering if i'm missing anything with Electrum, do not want to wake up one day with my BTC wallet emptied out  

Also, am i allowed to just delete this virtual machine completely afterwards along with the wallet program, and then in future (lets say a year) restore the wallet with just the wallet file i stored on my pendrive?

This website has some great resources and templates for paper wallets: https://bitcoinpaperwallet.com/

They have an offline version to download and run on an offline computer to prevent security issues. Additionally they have warnings if you're not offline... a good FAQ about security of paper wallets... a tutorial video... basically, everything you need to know about paper wallets!

If you don't have your own printer... then paper wallets become a bit more difficult... you'd be able to use the software to generate the appropriate keys/addresses etc... but you'd need to transcribe it all onto paper by hand to be safe...

As you have already recognised, using an online service and/or print shop is a massive security risk!

The only issue with BIP38 is that it isn't well supported by any of the mainstream bitcoin wallets... you'd need to make sure that you saved copies of the software used to generate the BIP38 wallets, so that you can then decrypt them as and when required.

Yes. Just remember to send the coins to a new paper wallet for the best security.
Yup. It is impossible to hack a paper wallet if its generated in an air-gapped environment with sufficient entropy. You don't have to worry that much about printing a paper wallet on a printer that you don't own. It isn't that secure to do so but it would be sufficient to just encrypt your paper wallet with a password that you can remember using BIP38. You should store backups of your paper wallet and password in various places.

Thanks for both of your replies guys, really appreciate because it gave me good insight on how everything works.
I think i almost committed a grave mistake of playing around with cold Electrum instead of doing a paper wallet, as it seems it fits me best.
I plan on investing so i won't be using the funds on that wallet for a long time, i will only add more funds to it.

If something happens to bitcoin market in future (crash or something else) i can always just import then the paper wallet into a cold storage and send money safely, right?
I'm looking through the forum now to find a decent description on how paper wallets exactly work and how to create one/how to store it properly.

I found a few good answers about how safe it is and some people even say that if the wallet was generated in no-internet environment then there's 0 chance of btc being stolen/hacked after years.
I just can't seem to find a good tutorial on how to do create a paper wallet and how to print it as well, as i understand in order to print i'd have to connect to internet and i also can't imagine myself walking to a printing shop asking to print a btc wallet for me that contains 5 bitcoins.

Yeah, you'd be better off creating a small live Linux bootable distro on the pendrive... install Electrum on it (do NOT create the wallet yet) and then configure it so that all the networking features are disabled at boot time.

Once you've got it configured to be offline... boot off the pendrive, and setup your wallet in Electrum... noting the public address(es) as required. Backup the generated seed to paper and put it somewhere safe and secure. Shut down, remove the pendrive.

Then on an online computer, install Electrum, create a "watching only" wallet using the public addresses that you noted down.

This should effectively create a system that is effectively "air gapped".

If you want to send coins, create an unsigned transaction from the watching only wallet, put it on a 2nd usb stick. Then boot your distro from the bootable pendrive, sign the transaction on the 2nd usb stick. Shutdown, reboot into your online OS and broadcast the transaction.

A little convoluted and time consuming, but the increase in security is quite significant. Your private keys effectively never go near an online machine.

It's a concept but it may be possible for malwares to store your private keys while its offline and broadcast it online. You can use a live distribution of Linux[1] and install Electrum on it.

Your procedure will work but it isn't the best of the best way. If you don't spend your cold storage frequently, I would recommend you to just create a paper wallet. Unlike pen drives, it is harder to destroy paper when stored properly. Of course, the 12 seed word would suffice as a backup and it isn't really necessary to have the wallet file.

Paper wallets have QR codes and it's arguably much easier to send Bitcoins to it. I would recommend you to get an offline copy of bitaddress.org[2] and create and print the paper wallet.

Setting your client to include more word to the seed can reduce the chances of a collision but 12 words is enough and it won't really help.

[1] https://tails.boum.org/
[2] https://github.com/pointbiz/bitaddress.org

Hey,

I'm using online wallets for small daily/weekly transactions but i want to safely store some bitcoins on cold storage, fairly new to it though and not sure if my assumptions are correct.
I decided to go with Electrum and in another thread someone linked a step by step guide on there: http://docs.electrum.org/en/latest/coldstorage.html

I do own a laptop but i don't want to turn him into a bitcoin storage, and i don't want to get another one just for that. I don't want to buy devices of any sort, just store the wallet offline/cold.
I have 2 pen drives, and i do plan to use this wallet just to store bitcoins, not gonna withdraw or do any transactions on it for at least 3 years.

So i was thinking to disconnect myself completely from the network, install electrum wallet, create an address to receive bitcoins and send bitcoins from my online wallet to the electrum one that's still not connected to internet. Then ignore updating and just save the wallet file on pen drives along with 12 word password, also noting the 12 word password on some paper.

Would that do the trick? Would i still have the money on the wallet in a few years even though i did not update it before backing it up?
Is it smart to add more words to the 12 word password?