Topic: Which is the most SECURE Bitcoin wallet? (Read 5347 times)

A Bitcoin wallet is only as safe as the focus and attention you put into it. As long as you know how to use Bitcoin like the people in the darknet markets do then I would consider that as safe. Being "safe" is not only about protecting yourself from theft. It also should mean that you are protecting your privacy and hiding your activities well enough to make you truly safe.

Well, in the end I decided to buy a Ledger HW1, and put it in the safe box at my father's house.
I decided to lower my paranoid threshold 

Bitcoin core is quite heavy, it will take some time to download it... paper wallets are still some of the safest out there.

In such unlikely event I would buy a new ledger hardware wallet and of course I would have kept a copy of the 24 seed words in a very good encrypted file of word document, encrypted even better in a .rar file.
I would keep such file in my google email account. I have a 65 character password to this RAR file which takes the hacker an eternity to find out. I would restore my wallet via this 24 words seed. Easy peasy.

And no , no one can come and steal my PC with my hardware wallet plugged in in my home. I even have gone with my laptop and hardware wallet to some bars near my home and I have sold bitcoin to a friend of mine.

What you are assuming happens 1.10000000000000000000000000 time, but it's a good thing you want to be sure.

A Trezor wallet would be the most secure and convenient, however it is expensive. A cold wallet setup is as secure, however is annoying to use regularly and needs a dedicated device to run. The best free setup would be to use a multisig wallet like BitGo.

You don't get the problem. And you didn't read my post well.
YOU DON'T KNOW WHAT IS FLASHED ON A HARDWARE WALLET WHEN YOU BUY IT, NOR YOU DO KNOW WHAT CODE HAS BEEN COMPILED INTO AN APP WHEN YOU DOWNLOAD IT.
I hope this is clear now.

Neither you can ask the mainstream users to learn coding, flashing hardware, etc.
This is a main point of failure in the Bitcoin system.

Same goes for apps on Google Play: I developed few things for Android in the past.
I could just compile and upload. Voilá: downloadable.
I guess this goes for ANY app. Google can't check thousands of apps submitted every day.
So my scenario is perfectly possible, and again, this is a point of failure that should be looked into... before it's going to happen, I guess.

Now, of course there's no way to be 100% sure about the software or hardware one is using, unless he checks and compiles it himself.
But on the other side, I think there SHOULD be a way to make things more transparent in this regard, or sooner or later some huge amount of value will be stolen this way.
I didn't think deeply into it, but probably wallet developers, starting with the Bitcoin Wallet developers, should put in the works a system to allow people from all the world to check the code RIGHT BEFORE it gets compiled and uploaded to Google Play.
Having the code available is not enough, imo, for the reasons I explained before.
What people must be sure of, is that the Wallet hitting Google Play is safe. The availability of the code as open source doesn't grant anything, apart the option to start a new wallet from that code for free.

First of all blockchain.info is not the official wallet , It must be Bitcoin Core which is created by Satoshi Nakamoto. But i think there is no such thing as an "official" bitcoin wallet due to the bitcoin is open source and there is no bitcoin company or corporation in bitcoin world, so no one cant declare any wallet to be official, however online wallet it might not secure what if the sites is offline, in my opinion hardware wallet is secure than online wallet.

I believe that it was one of the earlier wallets out there for Android. That being said, Android system is NOT designed to be secure and since most users only use the OEM's OS, it is possible that the OEM had unpatched vulnerabilities or backdoors. Android has proven to be insecure with the bug several years ago that allowed the reuse of the 'K' value and subsequently resulted in many of the user's address being compromised. This wasn't detected since the developers didn't realise that they were using the less random values.
By default, the app store doesn't update applications automatically so it won't really be a huge problem. However, the problem is with the user installing the app from the app store. The developer can open source the app but place a backdoor in the app store's version which can compromise the user's security. A user should compile the source code themselves and use it if they really value security.
The OSes that are running on many hardware wallets are open sourced and anyone can check it.

That's why backups are important. If you value your BTCs, you should be keeping secured backups in a diverse geographical location.

I'm pretty sure most hardware wallets can be secured with a pin code.

after a long study of reading your post for most secure wallet . i thought that there is no solution of your problem . i will suggest you just believe and trust upon the official blockchain wallet . because blockchain in most trusted and official holder of btc .

Yes, that's exactly what I was referring to... In the end it's all about trust, as in you should trust yourself only and Bitcoin gives you that ability (and when you trust others, you might get screwed)

So you didn't read my post throughfully.

But this set apart, what would you do if your house would burn? You would lose the house AND all your BTCs.

And if somebody comes and steal your PC with your hardware wallet plugged in? Wouldn't it be fun? XD

I have the cheapest hardware wallet Ledger HW.1 and it works like it should and it fulfills all of my needs.

You just have to set up it on Linux or a freshly formatted Windows 10 version for example. It is very convenient to use when at home you are the only one that deals with bitcoin, you can leave it connected in the USB port and none know your PIN except you. This way you can use it just like any desktop wallet.

This is what I plan to do when I get my gaming PC after 2-4 weeks hopefully.

Keeping it in your house is the best scenario if you keep high order (most of the families do keep order in their family) of your house. This is what I am doing and so far it's going pretty well without any problem, I just check occasionally once in every 2-3 days just to make sure my bitcoins are there but I know I am getting paranoiac as bitcoins are there. There's no possibility of stealing if you set it up right.

For me a closed source hardware wallet is the safest bet.

The problem here is: it is as safe as you can keep your paper! It's like cash: how safe would you feel if you keep $1000 in your house? And what if you want to keep it there for 10 years? What if someone just steals it?

This stops the problem from someone stealing your wallet and taking your money. But if the wallet is stolen, you can't access it anymore either. So you need backups.
On top of that, for long term storage, you need to remember the password. You can't use a password that you've used anywhere else, so it's less likely you can remember it for a long time.
Or, if bad things happen to you, someone else in your family can't access it.

I'm still wondering myself what's a good way for long-term offline storage. In the end it's a compromise between getting-it-stolen and losing-access-on-your-own.

With any laserprinter, the paper will last hundreds of years.

Note: not using everything means the change will be send somewhere, depending on what software you use. That's another reason to swipe the full balance.

Why you say that it's all about trust?
I don't think it is.
MtGox and more examples showed us you can't trust. But I didn't even need those examples. Money is money, and Bitcoin is money.
And humans are still humans. I can't see why you should trust more the Bitcoin scene developers than any other financial institution.
The fact that most Bitcoin people are dreamers hoping in a more free world doesn't mean that robbers won't get into the scene.
Quite the opposite: as it's a pioneers ground, criminals have better land to work.
And even non-criminals could always go down on temptation.
Dreaming is nice, but with money you better keep your eyes open (and your ass well shut! XD)

Yes, I think we all have to agree on that.


Exactly, hence why you should flash your own compiled version of the software if you distrust the way it comes from factory and shipping.


Indeed, I can't, but Bitcoin is all about needing no trust. So if you only trust yourself and want to be safe, that's the way to do it.


Yes, I have to agree on that too, from this point of view Bitcoin Core should be the safest wallet.

If you have control over the private keys, then it is the most secure.  If someone else or a website has control over that key, then there is an issue for potential loss.

While I agree that banks are the problem, you can't go over the fact that your money are protected in there. If the bank gets robbed, there's no repercussion on your money, they are insured, you will get your money, no matter what. Of course this doesn't include huge bank problems and the bail in shit. But a group of robbers entering a bank won't affect your funds.

But your BTCs at home are unprotected. You can't insure them, because no insurance is accepting it, at least for now. You have to provide your own funds safety.

Trezor is open source, and you have the code available, BUT when you buy one, you don't know what is flashed in it.
You don't know if the software flashed in it, on 11.11.2021 anybody connecting a Trezor to internet will see his BTCs flying away.

Also, you can't ask to all people to become programmers. That's not a viable way to spread Bitcoin into mainstream. Even most coders wouldn't waste time on checking all the wallets' code.

You can't even ask people to compile the code themselves. I mean, I could do it, I am somewhat of a programmer myself, but it's really an annoying waste of time and I should be sure that somebody checked the code from Github before I compiled it, as I am not able.

So, apart raising the problem with this thread, I would like to receive a concrete answer.
At the moment, I think there's no grant anywhere that what you use as a wallet is exempt from the safety problems I exposed.
You download a wallet and you can't know what's in it.
But a larger team, means also more difficulty to put malicious code in the final version that is uploaded to a store.
In this regard I guess the Bitcoin Wallet, the official one, is probably the most reliable under this point of view.
Is there any expert in the wallets scene around here?

Some people don't catch all of this. They just see an opportunity to steal, and they will do. MtGox didn't teach you anything?
Read my text again, it's very clear.
You COULD do it.
A single person is enough to create a wallet.
A single person is enough to put up a system like I described, compile, upload to the Store, take the money and run away.
If that person gets like 1000 BTC, that's more than enough in some countries to live without working a single day more in his life.
You probably couldn't easily identify who is the person. Or that person could also go live in a country without extradition.

And this is only ONE possible scenario.

i was talking about secure wallet providers who are endorsed by bitcoin.org and since you have a hypothetical doubt about them running away with the coins by creating a back door,will tell you this,if you are thinking like that you cant even come online,because literally anyone could hack or create a backdoor in the softwares you are using in your system and can very well steal every information and money you are holding. so if you are planning to come online be aware of the risk, as a registered company you cant just create a back door and steal all the clients money,you have to face the law and i dont think anyone would ruin their business and dignity for that,and for my technical ability i do run an IT firm .

if you are experienced enough,i would like to hear your thoughts regarding this,i just said about how i back up my wallet for future use,if i have a good encryption i just need my wallet.dat file to use at a later time. i would like to hear you advice regarding this since i am not an expert in this field but i have being doing this way.

Finally someone understands what I've been saying on this forum for years


To overcome that fear you will need to learn the ins and outs of Bitcoin wallet coding, programming and have a sharp eye to detect potentially dangerous code. No other option.


No problem about robbery? So you leave your money in the biggest theif's wallet and no problem about robbery? Sorry about the offtopic, but I had to reply to that...


There are no known vulnerabilities in the most widely used wallets. Therefore, they're equally secure.
You cannot be 100% sure that there will never be a rough party in the development of Bitcoin Core or other wallets. However, Bitcoin Core development has many developers contributing, making it harder for it to be compromised.


I guess it is, eventually there are some malicious apps making their way through store's approvals. That's why it is advised to compile from source.


Trezor is open source. Not sure about other wallets. In what regards to Trezor, you either have compromised hardware or, if in doubt, you can flash a software you trust yourself.

How do I know that a wallet is not secretly sending my seed to the developers?

It is not that hard or complex.  Providing that you are not the type of person or have a computer that has the potential to die frequently, any offline wallet will work. 

How can I be sure that the compiled code in Trezor is the same that is published online?

Thank you for your suggestions!

Thank you for the effort, but it doesn't seem you know what you are talking about.
Let me be clear, I am on Bitcoin since 2013 and know a bit about it. I also wrote some articles on CoinTelegraph and a book about it.
But on the technical side I didn't dig deep into programming and security.
But I am also a little bit of a programmer, so I know something about it, that you seem to not be aware of.
Then let me explain: if tomorrow I make a wallet app, let's call it GODLIKE WALLET, and then I put it on the Google Store, anybody can download it.
I can make it open source: you could see the code on Github and check that there's no backdoor or any trick to allow me, the developer, steal your funds.
I could run loyally for some time, wait until its adoption becomes large, let's say 50000 installed clients.
THEN, I could make a new build, with a piece of code to send all the Bitcoins in the wallet to an address, and upload it to the Google Store.
People would update it, and as soon as they would launch it, all their funds would be transferred to my address.
The code on Github wouldn't be updated, people would trust it, and even if for just few hours, the compromised wallet would be live on the Google Store, stealing all funds from thousands of clients.
I would probably receive hundreds of Bitcoins.
I would then move those funds to some altcoin with anonymous transactions, and immediately reconvert those altcoin funds into Bitcoin.
There, the robbery is served.
But I don't know if this a realistic scenario, because I acknowledge that my know how doesn't get so deep into the mechanism, so I'm here asking this purely technical question about wallet apps and hardware.
I'm asking if there's a way to be sure about the purity of a wallet from the developers side, when one installs it or buy a hardware one.

I'm earning BTC on this forum for months already, so I have been able to stack some bucks up recently with the help of the forum. A week ago I was wondering about the same thing: how can I store my money safely? I mean I'm using a BTC wallet on my phone and my computer, so.. just one, little infected download and it's all gone.. so I researched and found out about Offline, Paper Wallets. They're the safest ones, it seems. Now the question is... How are you going to do it the safest way?

1. Make sure the PC you're going to use is NOT infected. You have to be 100% sure about it. If you're paranoid about it like me, download a Live Linux CD and make a bootable CD/USB with it. Why? Because if your PC is infected, even going offline isn't safe because as soon as you're turning the internet on.... the data's being transferred automatically to the hacker. Live CDs are removing ANY change made on the system (including files, folders, history, temp files, RAM, everything!) when you shut it down. The PC has to work with a printer you got at home. Again, if you're paranoid, you can use an old printer. Newer ones got memory, which means they can be hacked.

2. As soon as you got the clean PC in front of you, power it on (or boot the Live Linux CD/USB). Connect it to the Internet, but DO NOT DO ANYTHING ON IT YET!

3. Open a browser. Again, don't do anything else than what I am saying! Go to bitaddress.org. When the site is loaded, disconnect from the Internet.

4. You need now to move the mouse over your screen fast to generate your Bitcoin Address. The website is made to work offline too, so don't worry about it.

5. Don't connect to the Internet anymore! When the generation process is complete, click Paper Wallet on the top.

6. Now here's a tip I can give you: split your money into more addresses. So if you got .1BTC, split it into 4x .025, 2x .05, 10x .01 or anyhow you want. This is a step to make it even safer in case you are afraid of one of them being hacked or stolen. But I have made the mistake to split it into over 30 wallets which was a pain... I've lost +$10 in commission so don't exaggerate. So at "Addresses to generate:", type in the number of addresses you want to generate.

7. You may be now wondering what "BIP38 Encrypt?" is. This is a Wallet Encryption, so you can't take the funds off you wallet without entering the password. It's good for the safety in case your house will ever take part of a burglary, but it's harder to find wallets accepting these encryption (when you need to import it) and if you forgot the password.. It's all gone.

8. When you're done, press "Print", print the paper and cut it (so you'll have 'banknotes'). Now I recommend you to laminate the paper you're going to print after you cut it, to make it waterproof. Here's how I did it, REALLY cheap: look up "DIY Scotch Paper Laminating" on YT. It's less than $1. Shut down your computer, unplug the USB/eject the CD.

9. NEVER share/snap the right side of your banknotes. Store them safe, never give them to anyone. The right side of the paper is what you need to take your funds from the wallet. Okay, so now go to your online wallet.. scan the LEFT QR Code and send as much as you want to the wallet(s).

10. You're done!

And a tip: always withdraw ALL your funds from a paper wallet. So if you have a 0.1BTC paper wallet, don't take just 0.001 out of it. Take everything, for safety reasons.

Your advice is just plain wrong.

If you are your own bank,the risk increases,this is infact the biggest disadvantage of bitcoin,if you cant take care of that then saving your money in bitcoin is not a good idea.You cant just be scared about the development team releasing the core wallet,since it is an open source project you could check whether they have planted any backdoors if that is your concern. since you have this many concerns,you could keep all the coins in a paper wallet and you could store it in your bank locker. I have seen many threads here saying many stupid things about how people are saving their paper wallets like digging places in their garden and keeping it in pen drives and hiding somewhere and so on. If you have your bitcoin .dat wallet then you are safe no matter what,even if you are using third party wallets. Hope this helps and hope i cleared most of your doubts.

To be secure you have to keep your private keys offline. You have always been able to do that with Electrum and Bitcoin Armory using two computers. A hardware wallet like Trezor is open source and much more convenient. Ledger Nano S is another alternative but the Secure Element used cannot be open source due to NDAs.

I know there are many threads about the BEST Bitcoin wallet, but I don't think that's the right question to ask.
There's no best, but only the one that fits better one's needs.

What I'm looking for, is the best way to protect my BTCs.
What bothers me is the fear that some of the developers could slip a backdoor or a mechanism to steal all the Bitcoins from all the wallets one day.
I know this may look an absurd fear, but still, I don't think it can't be ruled out.
I'm also just out of reading about a bug in the CoPay wallet where using a multisig transaction one could steal all the coins in a wallet, due to a bug. Don't know how old that article was though.

However, the problem is that with banks, our savings are protected: if robbers steal the bank, they have insurance, you always can get your money... at least until the government wants to fuck you up and lock your account, of course.
But in normal conditions, you don't have to think about your savings safety: they are there, you forget about them and no problem about robbery.

With Bitcoin, you are your own bank.
This means that YOU have to make sure your savings are... safe.

Now, a phone app would be ok for me. I could print the seed words and put the paper in my father's strongbox.
But as I wrote here up, I am scared by developers themselves.
I know that most wallets are open source, and anybody can check the code, but still I don't know WHO or IF the code of wallets has been really checked by anybody.
I myself surely can't check it.
My programming skills are very basic and I don't know enough of blockchain functioning to check anything, and I guess the same goes for 99999 people on 100000 on the planet.

So my question is: what is the most secure wallet out there? I suspect it's the Bitcoin Wallet from the Bitcoin Wallet Developers, right?
Still, how can we be sure they are not going to group up and fuck up everything when Bitcoin price will go up?

This in regard to the Bitcoin Wallet.
Switching to "third party" wallets, we have more problems: even though the developers make the code open source, how can I know that they won't one day upload a completely different version to the Store and get my money? Is this a realistic possibility?

With hardware wallets, the problem persists and becomes even worse. Of course hardware wallets can't be open source (I think), so nobody can check what they really do and what's really running in their chip.

Well, I think I made my point clear.
Hope somebody can help me up in choosing the most secure wallet out there.
Thank you in advance!