In this guide
- Thinking about threats
- Key management fundamentals
- Cold storage and hardware wallets
- Multi-signature security
- Operational security
- Common attack vectors
- Security for custodial holdings
- Building defense in depth
Thinking about threats
Security without threat modeling is guesswork. Before choosing measures, understand what you're protecting against.
The three categories of loss
1. You lose access. Your keys are destroyed, forgotten, or inaccessible. No one can spend the bitcoin, including you.
2. Someone else gains access. An attacker obtains your keys through hacking, theft, or deception. They spend your bitcoin before you can stop them.
3. You're coerced. Someone forces you to transfer bitcoin through physical threat, legal compulsion, or manipulation.
Different measures protect against different categories. A steel backup protects against fire (category 1) but not against a burglar who finds it (category 2). A complex passphrase protects against theft but creates risk of forgetting (category 1).
Matching security to your situation
Your threat model depends on:
- Amount at stake. Higher values justify more complexity.
- Technical ability. Sophisticated setups are only secure if you can operate them correctly.
- Physical environment. Do you have secure storage? Do you travel frequently?
- Social environment. Who knows you hold bitcoin?
- Time horizon. Security for a decade is different from security for a month.
There is no universal best setup. There is only what's appropriate for your situation.
As a baseline, start simpler than you think and add structure only when you can maintain it:
- If you are learning, prioritize clean backup and recovery over clever features.
- If the amount is meaningful, remove single points of failure (often with multisig or collaborative custody).
- If heirs are involved, design for execution, not just secrecy.
The security-usability tradeoff
Security measures that are difficult to use tend to fail. You forget procedures. You take shortcuts. You make mistakes under pressure.
The goal is not maximum security. It's maximum security that you will actually maintain. A simpler setup used correctly is more secure than a complex setup you bypass or botch.
Key terms
- Private key: The secret that authorizes spending bitcoin. Anyone with the key can move the bitcoin.
- Seed phrase (recovery phrase): A list of words that can restore a wallet. Treat it like a master key.
- Hardware wallet: A device that signs transactions without exposing keys to a general-purpose computer.
- Multisig: A wallet requiring multiple keys to authorize a transaction (e.g., 2-of-3). See multi-signature.
- 2FA: An additional login factor. Use authenticator apps or hardware keys. Avoid SMS for high-value accounts.
Key management fundamentals
Bitcoin security comes down to key management: how you generate, store, back up, and use your private keys.
Separate the wallet interface from the asset: a wallet app is a tool. Control lives with the keys.
Seed phrases
Most wallets use a seed phrase: 12 or 24 words that encode your private keys. Anyone with this phrase can spend your bitcoin.
Generation matters. Seed phrases should be generated by trusted software or hardware with proper randomness. Never use a seed phrase someone else gave you. Never generate one from a pattern you invented.
Physical backup is essential. Write it on paper or stamp it in metal. Never store digitally where it can be hacked.
Location matters. A backup in your home doesn't help if your home burns down. A backup in a bank safe deposit box may be inaccessible during a crisis.
Passphrases
A passphrase (sometimes called a "25th word") adds an additional secret. With a passphrase, someone who finds your seed phrase still can't access your bitcoin.
The tradeoff: if you forget the passphrase, your bitcoin is gone. Passphrases work for people with strong memory practices or secure passphrase storage. They're dangerous for people who might forget.
The backup paradox
Backups create security against loss but risk against theft. More copies mean more places an attacker might find them. Fewer copies mean higher risk of total loss.
The right number depends on your threat model: how likely is physical disaster versus theft? How much do you trust the locations?
Cold storage and hardware wallets
Cold storage means keeping keys on devices that never connect to the internet. This eliminates the largest category of attack: remote hacking.
Why cold storage works
Most bitcoin theft happens remotely. Attackers compromise computers through malware, phishing, or vulnerabilities. They search for wallet files and seed phrases. They wait for you to unlock a hot wallet.
Cold storage removes most remote attack paths. If your keys never touch an internet-connected device, remote attackers cannot directly extract them.
Hardware wallets
Hardware wallets are dedicated devices for cold storage. They hold keys in secure chips and sign transactions without exposing keys to your computer.
- Buy from manufacturers directly. Devices from third parties may be tampered with.
- Verify the device is genuine. Most manufacturers provide verification procedures.
- Keep firmware updated. Vulnerabilities are discovered and patched.
- Verify what you're signing. Confirm recipient address and amount on the device screen, not just on your computer.
Hardware wallets are not perfect. They can be lost, stolen, or fail. They are one layer, not a complete solution.
The operational challenge
Cold storage is only as secure as the procedures around it. If you enter your seed phrase on an internet-connected computer "just once," you've defeated the purpose.
Simple rule: keep seed phrases offline, and verify address and amount on a trusted display before signing.
Multi-signature security
Multi-signature setups require multiple keys to authorize a transaction. A 2-of-3 multisig requires any two of three keys to spend.
Why multisig matters
Multisig eliminates single points of failure:
- No single key compromise is fatal. An attacker who obtains one key still can't spend.
- No single person can act unilaterally. Reduces insider risk and coercion vulnerability.
- One key can be lost without losing funds. With 2-of-3, you can lose one and still recover.
For significant amounts held long-term, multisig provides security that single-key setups cannot.
Common configurations
2-of-3 is standard. You control all three keys, stored in different locations. Any two can spend. Protects against single-key loss and theft.
3-of-5 provides more redundancy. Can lose two keys and still recover. Appropriate for very large amounts or organizations.
Collaborative custody involves a third party holding one or more keys, providing recovery assistance without unilateral control.
Multisig complexity
Multisig is more complex to set up and operate:
- You must securely generate and store multiple keys.
- You need to preserve the wallet configuration, not just the keys.
- Spending requires coordinating multiple keys, which may be in different locations.
Multisig security is worth the complexity for amounts that justify it. For smaller amounts, the complexity may introduce more risk than it removes.
→ Read: Bitcoin Multisig Guide
Operational security
Technical measures fail when operational practices are weak. Most successful attacks exploit human behavior, not cryptographic vulnerabilities.
Information security
What you reveal affects your security:
- Don't disclose amounts. The less people know, the less attractive you are as a target.
- Secure communications. Assume email and SMS are not private. Use encrypted messaging for sensitive discussions.
- Watch for reconnaissance. Unusual questions about your holdings or security are warning signs.
Physical security
Your digital security is limited by your physical security:
- Where do you keep backups? Who has access?
- Are you carrying devices or backup materials that could be lost or stolen?
- Consider what an intruder could access with 30 minutes alone in your home.
Social engineering defense
Social engineering attacks manipulate you into compromising your own security:
- Phishing. Fake websites or messages that trick you into revealing keys or sending bitcoin.
- Impersonation. Attackers pretending to be support staff, friends, or authorities.
- Urgency manipulation. Creating time pressure to prevent careful thinking.
Defense requires skepticism. Verify requests through independent channels. Take time before acting on urgent requests. Assume anyone asking for keys or seed phrases is an attacker, since legitimate services never need them.
Common attack vectors
Understanding how attacks happen helps you prioritize defenses.
| Attack | How It Works | Defense |
|---|---|---|
| Phishing | Fake sites capture seed phrases | Download from official sources only |
| Malware | Searches for wallet files, monitors clipboard | Hardware wallets, dedicated devices |
| SIM swapping | Carrier transfers number to attacker | Authenticator apps, not SMS |
| Physical theft | Access to devices or backups | PINs, passphrases, secure locations |
| $5 wrench attack | Physical coercion | Don't advertise holdings, duress wallets |
Phishing and fake software
The most common attack is tricking users into giving up their own keys:
- Fake wallet websites that capture seed phrases during "setup"
- Malicious browser extensions that modify recipient addresses
- Fake support that asks for seed phrases to "verify" accounts
- Compromised software downloads that include malware
Defense: Download from official sources. Verify checksums. Never enter seed phrases on websites.
Malware
Malware can:
- Search for wallet files and seed phrases stored digitally
- Monitor your clipboard for bitcoin addresses and replace them
- Log keystrokes when you type passwords
- Wait for you to unlock a wallet, then try to drain funds
Defense: Keep systems updated. Don't install from untrusted sources. Use hardware wallets. Be aware of address substitution. Verify on a trusted display.
SIM swapping
Attackers convince your carrier to transfer your number to their SIM, then use SMS recovery to access accounts.
Defense: Don't use SMS for two-factor on important accounts. Use authenticator apps or hardware keys.
Physical theft
If someone gains physical access:
- Hardware wallets can be stolen (PINs provide some protection)
- Seed phrase backups can be photographed or copied
- Computers can be accessed if not properly encrypted
Defense: Use PINs and passphrases. Encrypt devices. Secure storage locations.
$5 wrench attacks
Physical coercion: someone threatens you until you hand over bitcoin.
This is the hardest to defend against. Possible mitigations:
- Do not advertise holdings (best defense is not being targeted)
- Duress wallets (decoy wallets with small amounts)
- Time-locked withdrawals
- Geographic distribution of keys
Security for custodial holdings
If you use a custodian, your security depends partly on their practices and partly on yours.
Evaluating a custodian
- Hot wallet exposure and controls. How much is kept online, and what limits access?
- Multi-signature or distributed control. Multiple approval requirements?
- Insurance. What coverage exists?
- Security track record. Have they been breached? How did they respond?
- Transparency. Do they publish practices? Independent audits?
Your account security
Even with a secure custodian, your account can be compromised:
- Strong, unique passwords. Never reuse passwords.
- Two-factor authentication. Authenticator apps or hardware keys, not SMS.
- Verify withdrawal addresses. Confirm through multiple channels before large withdrawals.
- Monitor activity. Set up notifications.
- Be suspicious. Verify communications are genuinely from your custodian.
The tradeoff
Custodial holdings trade self-custody risk for counterparty risk. You no longer worry about losing keys, but you depend on the custodian's security and honesty.
For many holders, the answer is using both: some in self-custody for control, some with a trusted custodian for simplicity.
Building defense in depth
Defense in depth means multiple independent layers. If one fails, others still protect you.
Layered security example
For significant self-custody holdings:
- Hardware wallet: Keys never touch general-purpose computers
- Multi-signature: Multiple keys required, stored in different locations
- Passphrases: Finding a seed phrase is not enough
- Geographic distribution: No single location contains enough to steal
- Operational discipline: Consistent practices without shortcuts
An attacker would need to defeat multiple layers simultaneously.
Avoiding single points of failure
Review your security. A single point of failure is any component whose failure alone would result in loss:
- Is there one device that, if compromised, gives access to everything?
- Is there one location that, if accessed, exposes all backups?
- Is there one person who, if compromised or coerced, can take everything?
- Is there one piece of information that, if forgotten, locks you out forever?
Each "yes" is a weakness to address.
Maintenance and documentation
Security degrades over time. Hardware fails. Software develops vulnerabilities. Circumstances change.
Schedule periodic reviews. Verify backups work. Update software. Reconsider whether your setup still matches your situation.
Document your setup clearly enough that you can reconstruct it if you forget details, trusted people can assist if you're incapacitated, and heirs can access holdings after your death.
Store documentation separately from the keys it describes.
→ Read: Bitcoin Inheritance Planning
Further reading
- What Breaks Custody. Common patterns in custody failures.
- Full-Reserve Custody. Why 1:1 reserves matter for custodial security.
- Our Security Standards. How we approach institutional security.
- Bitcoin Custody Guide. Broader custody context.
Further sources
- BIP32: Hierarchical Deterministic Wallets. Core standard for HD key derivation.
- BIP39: Mnemonic code for generating deterministic keys. The seed phrase standard.
- Bitcoin Core security advisories. Responsible disclosure and advisories.
