Topic: Thinking of separating my holdings into two physical locations. (Read 147 times)

Because they have grown to be very common in modern society. Especially the usage of Credit Cards today, they're more viewed as something that's holding debt to the banks than a status symbol. Perhaps 70 years ago when the first Credit Cards were issued to important clients, they were good targets for robberies. Currently, no. Credit Card holders usually have more debt than wealth.

I'm debating because of the novelty of cryptocurrencies, and how some of its HODLers are probably in a path of accumulating wealth because they are HODLing the right coins. A smart criminal would target them, and one way to find that target? Hardware Wallets.

Well, because paying with cards is the norm, but if we go the similar way, if every time you pay, even $20 amounts, you take a wad of bills out of your pocket for a total of $5k you become an easy target for thieves. It's only a matter of time before they try to mug you. Cards are different because they would have to hijack you, go to the ATM get you to put in the PIN and take money out.


In the face of a $5 wrench attack, it depends on your resistance to pain and anxiety.  Most people would transfer their funds to the robbers right away after a couple of hard blows to the head.

The same reasoning can also be applied to credit/debit cards, leather wallets, and other "containers" of money: people who have or use them in public are clearly not that poor. Yet, we rarely see people being attacked just after paying at the checkout of a grocery store. Even worse, unlike banknotes or credit cards, a hardware wallet as such is almost useless and impossible to spend from because it is unlikely that a victim will provide a PIN code voluntarily.

It depends how far you want to take this line of thinking. Using a hardware wallet in public could certainly be seen as a potential advert to criminals that you hold a not insubstantial amount of bitcoin. So you only use your hardware wallet in private. However, when you bought that hardware wallet, you probably handed over your real name and address to the manufacturer. That information could very well have been sold, shared, or leaked, and so now your real name and address are linked to ownership of a hardware wallet. So maybe instead you bought the hardware wallet using a pseudonym, paying with anonymized bitcoin, and shipped to a PO box or other pick up location not directly linked to your real address. So far so good. But then all the bitcoin you have bought and sent to the hardware wallet were bought using fully KYCed accounts on centralized exchanges who we know sell your data to a huge number of third parties, not to mention being hacked for this data as well.

Not flashing your hardware wallet in public is probably a smart move, but you will never be able to completely mitigate against $5 wrench attacks unless all your use of bitcoin is completely anonymous, and almost nobody does this. It is wise, therefore, to have a system of plausible deniability set up just in case, such as the one I outlined above - additional passphrases which can be revealed to an attacker while your main stash remains safe behind different passphrases.

That's a good idea, actually, it's the practice in the banks where I work before that the backups are stored in different locations, that is to ensure that in terms of business disruption like flood and fire in one area, we can still get the other back up and would help the business to operate.

If we apply it in crypto, we know that data in a hard wallet is important to access our holdings, so if the hard wallet is destroyed due to fire or food, that means we also lose our funds.

So it's a great idea mate, I'm happy that you are thinking of a way to secure your holdings.

For safety from $5.00 wrench attacks, or any kind of robbery that involves violence, what's everyone's opinion in keeping away from purchasing, and owning any hardware devices that are directly associated with Bitcoin and other cryptocurrencies? I believe that it's going to be a problem when some people see you own a hardware wallet, the presumption would be = you own "a lot of Bitcoin".

 Do you mean that what is the Seed phrase that you use in your HW is the same one you will use in the new HW that you will buy? That's why I asked this because if they use the same seed it seems that the only thing that will happen is 2 in 1. This is if my understanding is correct.

    But I know that you have often read that most people say that you should not put all the eggs you have in one basket, maybe it is better to divide them to be safer.

In the comments I see good ideas to consider for the future. Now I am starting to have an amount that makes me consider splitting my holdings in two, so far not even that. In the future I could consider additional measures such as encrypting, hiding the holdings in different layers with passphrases, buying a CryptoSteel capsule, etc.

The point is to be proactive in case improbable events occur, but I consider the possibility of a $5 wrench attack near to 0 at this point.

What I see as logical is to increase security measures as you get more Bitcoin.

Yes, I encrypt the seed because I need a deterministic wallet not a single key.
I also used the BIP39-type encoding because it returns words and I can write them down with pen and paper otherwise I'd need a printer since writing down a base58 string (what BIP38 does) is hard and making mistakes is easy.

Although the details I changed are minimal but that's a valid concern and maybe I should try publishing the algorithm someday and have others comment on it or just have it on public domain.

That can be addressed too. Instead of saving your backup seed(s) only onto paper, if the amount of funds worth it you can also save onto steel - from CryptoSteel Capsule to Willi's steel plate or, if you want it cheaper or in a way that doesn't draw attention, then onto washers.

You are more of taking care of the security of your holdings, not just securing your assets but the total holdings value, because you are going to take half of your risk and have additional protection on top of it. It's like diversification mixed with security with an added bonus, easier track recording if you take care of tax for financial planning, etc.

This would be harder for someone that you would pass it on to.

What if you do like this:
- keep 1st device with a small amount sufficient for your current tasks and which you are ready to lose.
- if a situation arises with $5 wrench attack , then you will give this 1st wallet without regret and get off with minimal losses.
- although I don't like the idea of keeping HW and the seed-phrase in the same location, but the seed-phrase from 1st device can be kept side by side. All the same, this will have to be given away during the $5 wrench attack.
- Move the seed-phrase from the 2nd device to a vacation house or to another place and also carefully hide it.
- I would prefer to keep the 2nd device reset to factory settings and store it in the 1st location as a spare. If necessary, you can always restore from the seed-phrase.

- If the $5 wrench attack method is applied to you, then by giving 1st device, you will have time to restore access to the 2nd device from the 1st seed-phrase and quickly move it to another wallet. And then - run away until the attackers come back to you again.

In general, having 2 devices is a good idea and preferably from different manufacturers.

It depends on you. I personally have my main cold-storage seeds in encrypted USBs, hidden in different secret locations. One secret location is in my house, another one in my car, another at work, and the last one in my old room in my parents' house. They all look cheap, ordinary USBs, with directories named "My Files" with old useless/random files from work scattered with the encrypted folder nested in another folder with more random files that contains the seeds. The USBs can only be opened in Linux

Additional passphrases are always a good idea, but I would make a different suggestion here. There is no point owning a hardware wallet to protect $10 worth of bitcoin. An attacker knows this. If you reveal a seed phrase under duress which contains only $10 worth of bitcoin, they are going to keep hitting you until you reveal more. The amount you give away has to be large enough to plausibly be your holdings, and certainly be large enough to be worth buying a hardware wallet for.

Even better if you can use multiple different passphrases. 0.1 BTC on the seed phrase which you can give up under duress. If they keep hitting you, 0.5 BTC under an additional passphrase which you can give up as well. Meanwhile 5 BTC under a much stronger different passphrase which you keep hidden.

And obviously you need to use mixing or coinjoins to break the blockchain links between all these wallets. If you give up your seed phrase and attacker sees a transaction moving 5 BTC somewhere else, they are going to keep hitting you.

Nowadays attackers are already aware of such tricks that involve hiding your real funds behind additional passphrases, which means if they find something that looks like mnemonic words and check it with their software, they may still suspect you're playing with them and may somehow coerce you to reveal your actual secret. In other words, if your acting skills aren't good enough to pretend you are a stupid and poor person, don't even try to employ the strategy of plausible deniability.

Are you encrypting a seed phrase with this algorithm and not just single private keys? Why not just follow it pedantically instead of modifying some parts like encoding? What if, several years from now, you forget what encoding you used when constructing your encrypted words? Maybe I am wrong, let alone I am not a security or cryptography expert, but I see many shortcomings in this approach.

I would suggest a small, key/combination locked case to store your HW device/paper wallet to conceal the fact that you are even storing a wallet. This way it's not showing you have cryptocurrency in plain sight/if it is found from its hiding place. Of course it still shows something valuable is being hidden but at least it isn't instantly known to be your wallet.

I don't have a better suggestion for storage though I am sure there is a way with lower risk/more efficient way than keeping 50% in another location as current...though if you stick to this, then I think more thought into a viable emergency backup is necessary in the event that something as unlikely as a fire does actually happen. If you don't have to be exposed to potentially losing 50% of your holdings by having an emergency plan in place, then have an emergency plan in place. Even if it means encrypting portable storage with the entire seed phrase (or with a few words missing that you are sure not to forget) and putting it in a safety deposit box or storing/hiding it with a trusted family member. That way if something occurs, you can race there to recover what you otherwise would have lost. If it's encrypted well it would be unlikely that it would be a point of failure having this in place too.

That's true.
Here is an idea: how about using the BIP39 extra word? That way you can create two wallets from the same seed phrase. The one without the extra word could contain a tiny amount and the one with the extra word could contain the rest.
In an attack you just give up the seed phrase which they see the funds in and steal like $10 without knowing there is an extension that holds the rest without having any way of extracting it either.

The hardship is about getting it right since there is no standard for it and generally speaking inventing your own cryptography algorithm is not a good idea. I basically got the inspiration from BIP38[1] but instead of encoding the result using base58 I encode it like BIP39 to get words. The salt would add an extra word (128-bit entropy and a 32-bit salt to get 15 words) which could be increased in size to get 24.

[1] https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki

The bad thing about this is that it doesn't save you from a $5 wrench attack. You have to have a lot of willpower if they are hitting you in the head with the wrench to not give them the seeds and decrypt them right there.

Separating into two sides, you would lose 50% only. Although in this case the best thing to do is to be cautious, nobody knows that you have Bitcoin, but you can never be sure.

I have no idea about encryption. Is it difficult?



I will keep this in mind for the future. As your Bitcoin savings grow it's nice to consider other possibilities. Plus I think it's a good idea to have something at hand for potential robbers. Usually if they get something they are more likely to leave.

I personally don't like splitting the coins in the storage among more than one storage, instead I spread the backup into multiple locations. Obviously it can not be a simple seed phrase anybody can read and possibly steal if they get their hands on it, so I simply wrote a small script that would encrypt the seed phrase then convert it back to a mnemonic which I then write on the paper which can be safely stored anywhere.

If I were you I don't want to buy many HW for just to keep my holding. So, if you have a safe place and safety to write down the seed then you just have to think how to keep the seed safe to restore it to HW if you need it. HW is just media or agent, you can easy to swept and reset it into the new or old seed in every time.

You can create a new seed on the old HW, generate an address and send the fund then reset it. You can repeat it many times as how many you can split the holding.