Wallet Security Recap
You already covered wallets in Bitcoin Fundamentals. This lesson focuses specifically on the wallet hygiene that protects forum-active members — people who receive BTC in many small chunks and transact with strangers regularly.
The forum-earner threat model
Distinct from a long-term HODLer's threat model:
- More incoming transactions (campaigns, bounties, services)
- More known counterparties (campaign managers can see your payment address)
- More public exposure (your service threads may show payment addresses)
- More privacy leakage surface (every income source links addresses)
The recommended setup
Earning wallet: A separate wallet used only to receive forum income. Hot wallet on a phone is fine; the balance is small + recent.
Sweeping wallet: Periodically (weekly or monthly) sweep the earning wallet's balance into a hardware wallet for long-term storage.
Cold storage: Hardware wallet (or multisig) for savings. Never touches the forum directly.
This pattern keeps the forum-exposed wallet small + low-stakes. Even if it's compromised, the loss is bounded.
Address management
- Generate a fresh receive address for every new campaign / client
- Don't post your seed-generating xpub publicly (it leaks your entire balance history)
- For service threads, list a static donation address separately from your primary earning address
Wallet software hygiene
- Verify wallet binaries (covered in the blog post on wallet verification)
- Update wallet software regularly
- Don't import seeds across multiple wallet apps simultaneously
- Don't use wallets that won't tell you their source code license + audits
Phishing-aware wallet UX
The most damaging wallet attacks now are interface-level:
- Fake wallet apps that mimic real ones
- Browser extensions that swap clipboard BTC addresses
- "Recovery" prompts that ask for your seed in the wrong context
Defenses:
- Install wallet apps only from official sources, verified
- Never paste your seed into anything you didn't intentionally invoke
- Cross-check the recipient address character-by-character before any meaningful send
Backup discipline
- Seed phrase on metal, in two separated physical locations
- Don't store seed digitally (no cloud, no screenshots, no password managers)
- Test recovery once on a fresh wallet install BEFORE depositing significant amounts
- Document any passphrase ("25th word") in a way the heirs of your estate could eventually find without making it easy for an attacker to find first
When to upgrade
Move from single-sig hot to single-sig hardware when balance > ~1 month's expenses.
Move from single-sig hardware to multisig when balance > ~6 months' expenses.
This isn't a rule, just a useful default. Costs of upgrade are paid in time + complexity; benefits are paid in catastrophic-loss avoidance.