Topic: Options & Best Practice To Move Coins From Core To A Hardware Wallet (Read 163 times)

Which is why I was suggesting to install Electrum on the same device that has Bitcoin Core installed and is already housing his private keys. Sure, the system is not set up as a true airgapped device, and may be compromised, but his private keys are already on it and he is going to have to extract them one way or another. Far better to keep them on the device with no internet connection than to put them on a USB and transfer them to another device, especially if you are transferring them to another device which will be alternating between an online and an offline mode.

I would much rather keep the private keys on a potentially compromised but airgapped device which they had already been stored on without issue for 4+ years, than transfer them to a hot wallet, however briefly.

His system is not airgapped. According to his OP, his computer hasn't been online since 2017, which means that it was connected to the internet before that. He believes that it's compromised. That's why he doesn't want to dump his private keys and export them (via USB) for example, to a different device.

The easiest thing to do would be to export the private keys of addresses that contain coins, import them into Electrum, and transfer it over to his hardware wallet. The problem is the malware that could be transferred in the process from PC 1 to PC 2. Using QR codes maybe? If it weren't for the potential compromise, I wouldn't worry about exposing my private keys to a hot wallet since the funds are moving elsewhere (to a hardware wallet).     

That would probably work, but crypto-inc mentioned his computer may possibly be compromised. And it's software is outdated by several years.

Tails would work just fine too. It's actually a smaller download, so you're right, for this purpose it's probably the better choice.
Get it at Tails.boum.org.

https://distrowatch.com/table.php?distribution=knoppix&pkglist=true&version=9.1 lists Electrum 4.0.9.

A couple of questions just for my own education.

Given that OP has Bitcoin Core already installed on an airgapped computer, why recommend that he switches between going online and offline multiple times on a different computer? Why not (after backing up his Bitcoin Core wallets) just download, verify, and transfer Electrum over to his already airgapped computer and import the private keys from his already airgapped Bitcoin Core wallets to a new airgapped Electrum wallet?

Given that you want your Linux distro to be as private and secure as possible, why not use one specifically designed for that purpose such as Tails over Knoppix?

That file is from 23-Nov-2019, the iso is from 20-Feb-2021.

I remember it's 4.something. I just checked KNOPPIX_V9.1DVD-2021-01-25-EN.iso: it comes with Electrum 4.0.9.
The one time I tried to use an older version to sign offline, it didn't work (I think it was something like not being able to read the unsigned transaction).

The 1.3 sat/byte I recommended was to prevent a fee <1 sat/byte after signing. If you create a 1 sat/byte transaction from a Legacy read-only wallet, it ends up with only 0.8 sat/vbyte after signing offline. That means you have to start over, including several reboots if you have only one computer.
Currently, the minimum fee won't get you a quick confirmation.

Pro-tip for Knoppix: if your computer has enough memory, use this boot option:
Once booted, you can remove the DVD.

If you're okay with exposing your private key to a hot wallet, you can indeed sweep them.
But that's not what you asked for:

Thanks again.

What about sweeping in this instance, is there any reason you would advise against using this method of moving coins ?

Could a mix of following your approach & sweeping be done safely ?

Change addresses are just 'addresses' to the rest of the world, so as long as you can dump the private key, you're good to go.

For privacy: one at a time, to a new address.
For safety: it doesn't hurt to do them one at a time if the amounts are high enough to worry about.
For convenience: all at once

Thanks for your assistance.

Would your advice remain the same considering my version of Core uses change addresses ? It’s version 0.13.2

Also, the wallet was used often in the past to mainly receive but also to send on a number of occasions, each time a transaction was incoming a new receiving address was used making for multiple private keys one for each receiving address, would this in anyway potentially cause an issue when attempting to move the coins ? Should the coins ideally be moved individually or all at once or it doesn’t matter ? I’ve come across a number of horror stories involving change addresses hence the panic! & added confusion on my part.

I would handle the old offline Bitcoin Core as if it's paper wallets: get the addresses, and get the private keys. As long as it's offline, there's no risk.
Then, on an online computer, install Electrum, and import the addresses (or one at a time, for privacy). You'll get a watch-only wallet, create a transaction to your Ledger address. Set the fee at 1.3 sat/byte.
Copy the unsigned transaction to a USB stick. Note that you're still safe, no private key has touched the internet!

Reboot your computer, or get another one. Download a Knoppix Live Linux DVD. Boot your computer, DO NOT go online. Unplug cables, don't connect to Wifi. Start Electrum (it should be available by default), create a new wallet, enter the private key to the address you created a transaction from. Then copy the unsigned transaction into Electrum, VERIFY the transaction details, check all characters of your Ledger address (get the actual Ledger and verify it on it's tiny screen). If all is good, sign the transaction, export to USB stick, and turn off that computer. All traces will be wiped from memory.
Use your online Electrum to broadcast the now signed transaction on your USB stick.
Rinse and repeat for your other addresses.

I typed something similar earlier this year:
Note: when in doubt, don't do it!

Hello everyone

I'm looking for advice on the safest and most secure way to transfer bitcoin from an old out dated device, not been online since 2017, using bitcoin core version - 0.13.2 (wallet.dat file)

It's on an old computer that has not been used or connected to the Internet in several years. The device may possibly be compromised and I'm reluctant to dump the private keys to import on another device via electrum.

I have a ledger I would now like to use to keep the coins but I'm unsure of the best way to move them that doesn't risk exposing the private keys, involves 3rd party software or required the old device to be connected to the Internet.