Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Wallet software
Re: Judge my security of how I created my Bitcoin wallet
by
awavewalia
on 05/09/2025, 11:36:04 UTC
Hello all, I am the poster, and I read your comments.

ISSUE ONE

I can conclude I did indeed make some mistakes in my creation process even though some would call my actions superfluous with above average security.

I simply could not resist entering my seed (in a trusted program but on an Windows, an OS you all hate) to verify that if I recover using this seed, that I can access and use my own Bitcoin. This might be a sin to you, but it was a necessary security step to me and I couldn't see any way around it. This doesn't justify using a system that both had lots of old data on it that can also connect to the internet. I am unconvinced that using a system without any such old data that can connect to the internet is a security risk, so please explain why that might be a problem.

I will not be telling you the exact names of my wallets. I can only tell you what my wallets are not. I did not use software from MetaMask, Ledger, Trust, or Robinhood's new self-custody thingy.

I know these details isn't a seed phrase, but guess what, your own comments are telling me that I committed some mistakes. That means by your own logic my keys/seed were malware-vulnerable or vulnerable to some kind of network attack beyond my comprehension before I deleted the wallet file. Therefore, if I announce the names of the programs I used, I make it so any malware would target any leftover data I might have in my RAM or whatever.

Regardless, now that we are here today, it has been almost 30 days since my very first test transaction and over 7 days since my wallet last received a tiny amount of BTC. The BTC (over 0.012) is still there, unswiped. I'm still buying.

If the seed has not been used despite my failure to be internet-free entirely for this many days, should I assume it is not compromised and lying in wait to be used after the hacker believes the funding will stop? (There is an online paper wallet generator hosted in China or Russia where they wait one year to swipe your stuff because they assume you won't fund it any further or lost the private keys, but my concern is strictly compromised keys/seed or malware, not the program that generated my seed and test seeds prior.)

ISSUE TWO

I will create a second wallet on Linux on another device after a full format and wipe. Unless it's explained to me why I shouldn't, I plan to just download trusted wallet programs, play around with them, log in on my email and on my exchange on a browser (and no other websites), and, even if on Wi-Fi, create another seed and verify that it works for receive/send. I will then write the seed, delete the wallets and all dummy wallets, and format this other device a second time. Thoughts?