Education / Intermediate / Section 11

Section 11 · Intermediate

Advanced Security

Intermediate–Advanced

⏱ Estimated reading time: 16 minutes

Multi-signature wallets. Hardware wallet advanced usage. Air-gapped solutions. Metal backups and seed splitting. Inheritance planning. Operational security.

Topics

Each topic will be filled with community-contributed content

Multisig: Distributing the Risk of Holding Bitcoin

Single-key Bitcoin storage has one fatal weakness: if that one key is lost, stolen, or compromised, your funds are gone. Multi-signature (multisig) wallets solve this by requiring multiple keys to authorise a transaction — distributing trust and eliminating single points of failure. For anyone holding significant bitcoin, multisig isn't optional — it's the standard.

How Multisig Works

A multisig wallet is defined by its threshold: M-of-N means M keys are required out of N total. Common configurations:

  • 2-of-3 — 3 keys exist, any 2 can sign. Use: personal with backup + geographic distribution
  • 3-of-5 — 5 keys exist, any 3 can sign. Use: corporate treasury, family inheritance
  • 1-of-2 — 2 keys exist, either can sign. Use: shared access with a partner

A 2-of-3 setup is the most popular for individuals: keep one key at home, one in a bank safe deposit box, one with a trusted family member or attorney. To spend, you need any 2 — no single location can be compromised to steal funds.

Why Multisig Beats Single-Key for High Amounts

  • No single point of failure — no one location can be robbed for all funds
  • Inheritance planning — heirs can access funds if one key holder dies
  • Removes vendor trust — no hardware wallet manufacturer holds all your keys
  • Institutional-grade security accessible to individuals

How a 2-of-3 Multisig Vault Works

Bitcoin Vault Requires 2 of 3 Keys Key #1: Home Safe SIGNED Key #2: Bank Box SIGNED Key #3: Co-Signer (Not needed to spend) If Key #1 is stolen, the thief cannot steal funds without Key #2 or #3.

A 2-of-3 multisig setup distributes risk geographically. An attacker must compromise two separate locations simultaneously to steal your funds, while you only need two locations to spend or recover.

"A 2-of-3 multisig setup means an attacker needs to compromise two separate locations, held by two separate people, simultaneously. This is a fundamentally different security model." — Jameson Lopp

Multisig Software (2024)

Sparrow Wallet, Specter Desktop, and Caravan are well-regarded open-source tools for creating and managing multisig setups. Unchained Capital and Casa offer guided institutional-grade multisig services for those who want professional support.

Want to go deeper?

This content is written and approved by Marius, AI-assisted using Claude (Anthropic), with references curated from: Jameson Lopp (lopp.net, PD) · Bitcoin Design Guide (bitcoin.design, Apache 2.0) · Mastering Bitcoin by A. Antonopoulos & D. Harding (CC BY-SA 4.0) · bitcoin-only.com (MIT).

Air-Gapped Wallets: The Highest Level of Physical Bitcoin Security

An air-gapped device is one that has never touched the internet and never will. For Bitcoin storage at the highest security tier, air-gapping your signing device means your private keys exist only on hardware that cannot be remotely accessed — ever. Not through Wi-Fi, not through Bluetooth, not through USB. This is the setup used by serious long-term holders, treasury managers, and security professionals.

How Air-Gapped Signing Works

Signing a Bitcoin transaction with an air-gapped device follows a PSBT (Partially Signed Bitcoin Transaction) workflow:

  1. Create an unsigned transaction on your internet-connected watch-only wallet
  2. Export the PSBT to a USB drive or QR code (offline data transfer)
  3. Sign the transaction on the air-gapped device
  4. Export the signed transaction back via USB or QR code
  5. Broadcast from your online device

At no point does the signing device connect to the internet, and at no point does your online device see your private key.

Hardware for Air-Gapped Setups

  • Coldcard Mk4 — dedicated Bitcoin-only hardware wallet with air-gap mode (QR or microSD only)
  • Seedsigner — open-source, DIY air-gapped signer built on a Raspberry Pi Zero (no persistent storage)
  • Passport — Foundation Devices hardware wallet with air-gap capability
"The only device that can't be hacked remotely is one that isn't connected. Air-gapping your signing key is the last line of defence." — Bitcoin security principle

Is Air-Gap Necessary for Everyone?

For most users holding under $10,000 in bitcoin, a quality hardware wallet like a Ledger or Trezor is sufficient. Air-gapped setups add meaningful friction — the security benefit justifies this friction only for larger amounts or specific threat models. Understand your risk level and scale your security accordingly.

Want to go deeper?

This content is written and approved by Marius, AI-assisted using Claude (Anthropic), with references curated from: Jameson Lopp (lopp.net, PD) · Bitcoin Design Guide (bitcoin.design, Apache 2.0) · Mastering Bitcoin by A. Antonopoulos & D. Harding (CC BY-SA 4.0) · bitcoin-only.com (MIT).

Seed Security: Protecting the Master Key to Your Bitcoin

Your seed phrase is the most important thing you own in Bitcoin. Twelve or twenty-four common English words that can regenerate every private key in your wallet — forever. Whoever has these words has your bitcoin. No password, no 2FA, no customer service can help if the wrong person gets them. Getting seed security right is non-negotiable.

The Core Rules

  • Never photograph your seed phrase — photos go to cloud services, can be hacked
  • Never type it into any computer — keyloggers, screenshots, clipboard capture are all risks
  • Never store it digitally — no emails, no password managers, no encrypted drives
  • Always write it on paper first — then migrate to metal for permanence
  • Never show it to anyone — legitimate services never need your seed phrase

Metal Backup: Surviving Fire and Flood

Paper degrades, burns, and gets wet. For long-term storage, your seed phrase should be stamped or engraved onto metal. Products like Cryptosteel, Bilodeau, and SteelWallet provide metal backup solutions. Alternatively, a set of metal letter stamps and a steel plate from a hardware store costs under $30 and works just as well.

"Your seed phrase is the master key to your entire financial life in Bitcoin. Treat it with more care than you treat your passport." — Jameson Lopp

Passphrase: The 25th Word

Most hardware wallets support an optional BIP39 passphrase — a user-chosen word or phrase added to the 24-word seed. This creates a completely separate wallet from the same seed. Benefits: protects against physical theft (attacker gets seed but not passphrase), enables plausible deniability (small decoy funds on base seed, real funds behind passphrase). Critical downside: the passphrase must also be memorised or securely stored — lose it and the funds are gone forever.

Want to go deeper?

This content is written and approved by Marius, AI-assisted using Claude (Anthropic), with references curated from: Jameson Lopp (lopp.net, PD) · Bitcoin Design Guide (bitcoin.design, Apache 2.0) · Mastering Bitcoin by A. Antonopoulos & D. Harding (CC BY-SA 4.0) · bitcoin-only.com (MIT).

Bitcoin Inheritance Planning: Making Sure Your Bitcoin Outlives You

Bitcoin's greatest strength — that only the key holder can access the funds — becomes its greatest weakness in death. If you're hit by a bus tomorrow, can your family access your Bitcoin? For most people who haven't planned, the answer is no. Unlike a bank account, there's no recovery process, no customer service, and no government authority that can override the cryptography. Inheritance planning is a responsibility every serious Bitcoin holder must address.

The Core Challenge

Your heirs need two things: access to your seed phrase (or private keys) and instructions on how to use them. Give them too much information in advance and you risk theft. Give them too little and the funds are lost forever at your death. The goal is a system where your family can access the funds after you're gone, but cannot easily access them while you're alive.

Common Approaches

  • Sealed letter with attorney — seed phrase in a sealed envelope held by a lawyer, opened only at death
  • Multisig inheritance — 2-of-3 setup where your estate attorney or trusted person holds 1 key
  • Shamir's Secret Sharing — mathematically split the seed into shares distributed to multiple people (none sufficient alone)
  • Inheritance services — companies like Unchained Capital and Casa offer Bitcoin-specific inheritance services
"If your family can't access your Bitcoin when you die, it's not wealth transfer — it's permanent loss. Planning is not optional." — Bitcoin inheritance principle

What Your Heirs Need

A complete Bitcoin inheritance package should include: the seed phrase (secured separately from instructions), the hardware wallet device, the wallet software name and version, any passphrase (stored separately), step-by-step recovery instructions, and a trusted contact who understands Bitcoin who can help them. Consider writing a "Bitcoin letter" explaining everything your heirs would need to know, stored securely and updated annually.

Want to go deeper?

This content is written and approved by Marius, AI-assisted using Claude (Anthropic), with references curated from: Jameson Lopp (lopp.net, PD) · Bitcoin Design Guide (bitcoin.design, Apache 2.0) · Mastering Bitcoin by A. Antonopoulos & D. Harding (CC BY-SA 4.0) · bitcoin-only.com (MIT).

Operational Security (OpSec): Staying Safe in the Bitcoin World

Technical security is only half the battle. The other half is operational security — the practices and habits that prevent attackers from ever knowing you have bitcoin worth targeting in the first place. Most Bitcoin theft doesn't involve breaking cryptography. It involves social engineering, physical threats, and exploiting the habits of people who are careless about what they share publicly.

The Threat Model Question

OpSec is personal. Your threat model depends on how much bitcoin you hold and who might know about it. A person with $500 in a mobile wallet has a very different threat profile from someone holding $500,000 in a hardware wallet. Ask yourself: who knows I have Bitcoin? What would happen if my home was broken into? What if a sophisticated scammer targeted me? Your answers should shape your practices.

Core OpSec Principles

  • Don't talk about your holdings — "not your keys, not your coins" is well-known; also: not your secret, not your security
  • Don't post purchase confirmations on social media — announcing you bought BTC at a price reveals you hold it
  • Be careful with address reuse — reusing addresses links all transactions publicly on-chain
  • Never confirm to strangers what you hold — even "I only have a little" can be enough to make you a target
  • Secure your email — exchange accounts are linked to email; email security = exchange security
  • Use a hardware wallet for significant amounts — software wallets on phones can be compromised
"The best security practice is for attackers to not know you're a target. The second best is making the attack too expensive to bother with." — Jameson Lopp

The $5 Wrench Attack

A classic Bitcoin security thought experiment: what if an attacker knows you have Bitcoin and is willing to use physical force? The best technical countermeasures include: multisig (you genuinely cannot sign alone), geographic key distribution (you'd need to travel to get all keys), and decoy wallets with small amounts (plausible deniability with a passphrase). No amount of cryptography protects you from physical coercion — distribution and deniability do.

Want to go deeper?

This content is written and approved by Marius, AI-assisted using Claude (Anthropic), with references curated from: Jameson Lopp (lopp.net, PD) · Bitcoin Design Guide (bitcoin.design, Apache 2.0) · Mastering Bitcoin by A. Antonopoulos & D. Harding (CC BY-SA 4.0) · bitcoin-only.com (MIT).

Key Takeaways

  • Multisig (M-of-N) eliminates single points of failure — a 2-of-3 setup requires two separate compromised locations to steal funds.
  • Air-gapped signing devices keep your private keys permanently offline, signing transactions via QR codes or USB without ever connecting to the internet.
  • Your seed phrase must never be photographed, typed into any computer, or stored digitally — metal backup is the standard for permanence.
  • Bitcoin inheritance planning is critical: without it, your family cannot access your funds, and the coins are permanently lost.
  • Operational security (OpSec) means not advertising your holdings — most Bitcoin theft exploits social exposure, not cryptographic weakness.

Frequently Asked Questions

What is multisig Bitcoin?

Multisig (multi-signature) is a security setup that requires multiple private keys to authorize a Bitcoin transaction. For example, a 2-of-3 multisig requires any 2 of 3 keys to sign. This protects against single points of failure like a lost or stolen key.

How do I protect my Bitcoin from hackers?

Use a hardware wallet for storage, enable multisig for large amounts, never share your seed phrase, use strong unique passwords, enable 2FA on exchange accounts, and verify software downloads. Keep your security setup simple enough to maintain consistently.

What happens to my Bitcoin when I die?

Without proper inheritance planning, your Bitcoin could be lost forever. Consider documenting your recovery instructions in a sealed letter, using a multisig setup with a trusted party, or working with a service that specializes in Bitcoin inheritance planning.

Continue Learning

← Intermediate

Lightning Network

Intermediate →

Bitcoin Around the World

See also: Bitcoin Glossary · Storing Bitcoin Safely · Bitcoin Privacy

Further Reading

Help Write This Section

This section needs contributors. If you can explain advanced Bitcoin security clearly and accurately, we'd love your help. All content is CC BY-SA 4.0 licensed with full author credit.

Contribute Content →

Learn more about contributing