Skip to content

Wallet Security Recap

You already covered wallets in Bitcoin Fundamentals. This lesson focuses specifically on the wallet hygiene that protects forum-active members — people who receive BTC in many small chunks and transact with strangers regularly.

The forum-earner threat model

Distinct from a long-term HODLer's threat model:

  • More incoming transactions (campaigns, bounties, services)
  • More known counterparties (campaign managers can see your payment address)
  • More public exposure (your service threads may show payment addresses)
  • More privacy leakage surface (every income source links addresses)

The recommended setup

Earning wallet: A separate wallet used only to receive forum income. Hot wallet on a phone is fine; the balance is small + recent.

Sweeping wallet: Periodically (weekly or monthly) sweep the earning wallet's balance into a hardware wallet for long-term storage.

Cold storage: Hardware wallet (or multisig) for savings. Never touches the forum directly.

This pattern keeps the forum-exposed wallet small + low-stakes. Even if it's compromised, the loss is bounded.

Address management

  • Generate a fresh receive address for every new campaign / client
  • Don't post your seed-generating xpub publicly (it leaks your entire balance history)
  • For service threads, list a static donation address separately from your primary earning address

Wallet software hygiene

  • Verify wallet binaries (covered in the blog post on wallet verification)
  • Update wallet software regularly
  • Don't import seeds across multiple wallet apps simultaneously
  • Don't use wallets that won't tell you their source code license + audits

Phishing-aware wallet UX

The most damaging wallet attacks now are interface-level:

  • Fake wallet apps that mimic real ones
  • Browser extensions that swap clipboard BTC addresses
  • "Recovery" prompts that ask for your seed in the wrong context

Defenses:

  • Install wallet apps only from official sources, verified
  • Never paste your seed into anything you didn't intentionally invoke
  • Cross-check the recipient address character-by-character before any meaningful send

Backup discipline

  • Seed phrase on metal, in two separated physical locations
  • Don't store seed digitally (no cloud, no screenshots, no password managers)
  • Test recovery once on a fresh wallet install BEFORE depositing significant amounts
  • Document any passphrase ("25th word") in a way the heirs of your estate could eventually find without making it easy for an attacker to find first

When to upgrade

Move from single-sig hot to single-sig hardware when balance > ~1 month's expenses.

Move from single-sig hardware to multisig when balance > ~6 months' expenses.

This isn't a rule, just a useful default. Costs of upgrade are paid in time + complexity; benefits are paid in catastrophic-loss avoidance.

Loading quiz…