I tried very hard to find a seller to sell me their BTC but man, if they have it, they want to hold it! They don't want to sell, they just wanna buy. I was forced to start with an exchange, one that almost everyone in the U.S. knows the name of, and then patiently wait to send it to self custody. I'm still sending some over to my wallet.
Let's evaluate how I created my Bitcoin wallet. I changed minor details from reality, but I want you to judge my actions as if everything I wrote here is true, and I want you to judge me critically and more harshly than usual:
My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:
1) I ran a simple anti-virus scan. Free trial. It says I have no viruses but said I have bank statements exposed and unsafe. This did not instill confidence, as the point of anti-virus is to protect my files even if I have a bank statement or several saved as a PDF file. It also stated it did not run network scans. This is on Windows 11. Remember that it is on Windows 11 for your judgment
2) I used a wallet program {Program 1} to generate a seed offline. I wrote down the derivation pathway it said it used, and BIP seed it generated. After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.
3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet. I matched the receiving addresses to the addresses in {Program 1}.
4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}
5) I downloaded another program for a wallet {Program 2}.
6) I started sending funds to the BTC wallet. My watch-only cell phone wallet showed that funds are filling up the wallet. Multiple people at this point knew I was buying on an exchange, but they probably still think I have funds on the exchange or have been trading for shitcoins.
7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.
I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.
9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.
Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine? I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,
Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep. I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.
I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.
Here's what I didn't do:
I never used one of many, many, many Chrome web extension wallets, because I don't get how that could possibly be more secure than a solo wallet program in a window(s) meant only for itself.
I never entered my real storage seed into Exodus, Wasabi, or Phantom and did not use them for creation. I might have had them installed at some point, but generated or entered dummy seeds to see what the addresses would look like while learning about Bitcoin.
I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...
I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.
Bonus question:
Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.
It feels really good to hold BTC no one but me can handle.
Let's evaluate how I created my Bitcoin wallet. I changed minor details from reality, but I want you to judge my actions as if everything I wrote here is true, and I want you to judge me critically and more harshly than usual:
My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:
1) I ran a simple anti-virus scan. Free trial. It says I have no viruses but said I have bank statements exposed and unsafe. This did not instill confidence, as the point of anti-virus is to protect my files even if I have a bank statement or several saved as a PDF file. It also stated it did not run network scans. This is on Windows 11. Remember that it is on Windows 11 for your judgment
2) I used a wallet program {Program 1} to generate a seed offline. I wrote down the derivation pathway it said it used, and BIP seed it generated. After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.
3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet. I matched the receiving addresses to the addresses in {Program 1}.
4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}
5) I downloaded another program for a wallet {Program 2}.
6) I started sending funds to the BTC wallet. My watch-only cell phone wallet showed that funds are filling up the wallet. Multiple people at this point knew I was buying on an exchange, but they probably still think I have funds on the exchange or have been trading for shitcoins.
7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.
I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.
Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine? I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,
Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep. I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.
I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.
Here's what I didn't do:
I never used one of many, many, many Chrome web extension wallets, because I don't get how that could possibly be more secure than a solo wallet program in a window(s) meant only for itself.
I never entered my real storage seed into Exodus, Wasabi, or Phantom and did not use them for creation. I might have had them installed at some point, but generated or entered dummy seeds to see what the addresses would look like while learning about Bitcoin.
I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...
I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.
Bonus question:
Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.
It feels really good to hold BTC no one but me can handle.