Wallet backup strategies
Bitcoin and cryptocurrencies are changing the way we own and exchange money. The key fundamental is to allow anyone to participate without the need of a third party service and not even any approval or identity check. Of course this comes as an advantages but bring back all responsibility on the owner. There is no bank to take care of the security, there is no insurance if someone get control of your bitcoin, ether, NFT and the proof of ownership that is your cryptocurrency wallet. If you own you private key, you own your coins. If you don’t have your private key, you don’t own these coins. If someone else get your private key(s), this person can do whatever he want with your coin and use your wallet identity to act in your “name” or pseudonym linked to this wallet. I own the NFT domain name (ENS=Ethereum Name Servie) elucblog.eth, this is a proof that the wallet address where is this ENS is under my control. I can sign message with this wallet and you can be sure that the message is signed by me as long as I’m sure that I’m the only person in control of this wallet. The ownership is written on the Ethereum blockchain with additional information like my blog URL eluc.ch and my Twitter account, so you have a high confidence that it’s the same person that control this website, the Twitter account @ElucTheG33K and the wallet linked to the ENS elucblog.eth.
How to ensure that you are the only one in control of your wallet at any time? and how to ensure that you will never loose control of your wallet under any circumstance now or in the future? This is where you need a backup strategies for your cryptocurrency wallet same as you should have one for your password manager, email account and important social media accounts. I will introduce several backup strategies and help you ask the right question to define what is the best for you and your situation.
Seed pass phrase
A bit of history
I will start with a some history of why we use seed passphrase to backup wallet. If you are not interested, feel free to skip to the next section. In the very beginning of Bitcoin, you had a set of private and public key or address, that allow you to receive bitcoins on one address and spend them to another address (that you control or not). This has lead to usage that were far from ideal. As everything is on the blockchain and you were mostly using the same Bitcoin public address all the time, quickly anyone could know how much bitcoin you own and who you receive from and send to in real time. In addition the fact that you must spend the whole amount of bitcoin on a given address to validate a transaction, for you to send you back the rest to your own address. For example, you were in the early days, mine a block on your computer (as it was possible in the very beginning when there was no dedicated hardware gathered in mining farms), you get the mining reward of 25BTC as it was in the beginning. You want to send 10BTC to your friend, but your address has 25BTC. So you must sign a transaction that send 10BTC to your friend address + 15BTC back to your own address. So everyone knows that you send 10BTC and not 25 or 15, as it’s obvious that the 15BTC remaining are coming back to you. From a privacy point of view it was a complete disaster.
One solution was to use a different address for the remaining bitcoins, here the 15BTC that should come back to you, it’s call change, like you get the 4.05CHF change back after paying 15.95CHF with a 20CHF bills. The change will come back to a new address, never used before, that is generated by your wallet. But for every new public address you have the private key associated with it, otherwise you will not be able to spend the change in the future and you loose your 15BTC in the void. After each transaction, a new set of private key and public address is generated, so you much do a backup of each new private key created in order to be able to access your bitcoins in the future if you need to restore your wallet on a new device. This would fatally lead to loss of bitcoin as most people will neglect to properly backup the new wallet file after each transaction, thinking that everything is in the hard drive but not thinking that the hard drive can fail, be stolen or even destroyed.
The solution was to introduce a way to backup a unique passphrase that will always generate the same set of private key and matching public key. This is called a deterministic wallet. This came in Bitcoin as a Bitcoin Improvement Proposal (BIP) but as it evolves with time several seed standard exist. The most used is the BIP-39 which is only for Bitcoin and BIP-44 which allow to use the same seed for several cryptocurrencies like it’s used in many hardware wallets and multi-coins software wallets. One seed phrase that is made of randomly selected 12 or 24 English words form a predefined list, will be able to generated an infinite number of private key for one or more type of cryptocurrency, just by change one index in the way it’s generating the key. One index give the coin type, 0 = Bitcoin, 1 = testnet, 2 = Litecoin, …, 60 = Ethereum,… and the other index give the address position 0 = first address, 1 = second address, …
Proper way to backup a seed phrase
As seen above if you read it, a single seed phrase will allow you to restore at any point now or in the future all cryptocurrencies managed by the wallet that generate de seed that have or will receive in the future. In short, your seed phrase is your key (or what allow your wallet to generate in the background your actual keys for you). This is a very precious and sensitive information to handle carefully. If someone access your seed phrase without you realize it, he might steel all the coins that you have in your wallet right now or he might wait to see if you use even more your wallet and once you have enough coins on it, he might transfer all of them to his own wallet, out of your control and you have no one to help you recover them, it’s lost forever.
Beside the security of your wallet itself, whenever it’s a hot or cold software wallet or a hardware wallet, the seed is the only think needed to get back access to your coins. If someone stole the seed generated on your Trezor or Ledger hardware wallet, he doesn’t need your hardware wallet device, nor your PIN, to spend your coins. There are several possible wallet to use and several possibility to store the seed phrase generated by the wallet.
Possible wallets to use
- Software hot wallet (on smartphone or computer connected to the internet)
- Custodial wallet (online exchange or other custodial wallet service, but remember, “Not your keys, not your coins“)
- Software cold wallet (generated on a trusted offline machine never connected to the internet before and securely erased after the seed and public key had a secure backup)
- Hardware wallet (single signature)
- Multi-sign Bitcoin wallet using a mix of software and or hardware wallets as cosigner
- Multi-sign Ethereum contract using a mix of software and or hardware wallets as cosigner
Possible way to store your backup
- Seed phrase stored on:
- A piece of paper
- A piece of paper laminated with plastic
- A text file generated offline and stored on a USB-flash or memory card (multiple copies recommended to prevent corruption)
- In a password manager (less recommended, unless for small wallet with low amount or testing purpose)
- All of the above could have (or not) an additional password to protect the seed (25th word, warning if lost, all coins are lost)
- All of the above can be one part of the backup if Shamir backup is used or if they are a cosigner of a multi-sign wallet
- All of the above can be stored as a single copy in one location or multiple copies in different locations
Single signature seed backup
Backup setup one or more copy of the same seed
n times the same backup in n distant locations
Optional: password protect hidden wallet
Withdraw:
Software wallet: device locking method (biometric, PIN, password) + software wallet PIN/password (if not using the phone lock system) + optional password for hidden account
Hardware wallet: hardware wallet device + PIN + optional password for hidden account
Or in both case: Seed pass phrase backup + optional password for hidden account
Security against lost or damage:
Loose access only if seed + device with software wallet or hardware wallet damaged or PIN/unlock scheme of password is lost – medium probability if store in same place, low if seed backup stored in several place
With optional password for hidden account, loose access in any case if password is lost – high probability
Ease of legacy:
Inheritor need only access to one of the backup seed and possibly some instructions (i.e. mention on the backup that it’s used with this type of wallet, thus some tool can search any possible key derived from a seed and check if any coins are in it, anyone that know a little what this seed phrase is will find a way to recover the coins)
Safe from theft:
Coin stolen if device running the software wallet is compromised – low to medium probability
Coin stolen if hardware wallet+PIN stolen – low probability
Coin stolen if one backup seed stolen – medium to high probability
With optional password, coin stolen if above + password stolen, low to medium probability depending how strong is the password
Wrench attack:
Attacker can force you to unlock your wallet without the need to get to another location or involve another person – high probability to get stolen if happening but should have low probability to happen unless the owner is a public figure or victim of a data breach online with name + address relate to crypo product or services. Can be mitigate by not delivery any crypto related goods to home address (pick up box delivery, in shop pickup, forwarding service, delivery at work under department name) and having a good habits to minimize personal data exposure online.
Pro
- Allow access to all present and future coins under the wallet seed
- Easy to manage backup by storing multiple copy of the same seed in several location
- No need to get access to 2 or more wallets/seeds to withdraw (which is also a con, see below)
Cons
- One wallet access (hardware + PIN or the seed) is enough to wipe all your coins present and future
- Physical threat not well covered
In addition to using a wallet that use a single seed to generate the private key and sign the transactions, you have two other options that are more secure, the Shamir backup seed and the multi-sign (multi signatures) wallet.
Shamir backup
Backup setup 2 of 3 (or any n of m with n < m)
3 different backup in 3 distant locations
Optional: password protect hidden wallet
Withdraw:
Trezor T + PIN (+ optional password)
Security against lost or damage:
Loose access only if Trezor damaged or PIN lost + 2 (n) backup lost – low probability
With optional password, loose access in any case if password is lost – high probability
Ease of legacy:
Inheritor need only access to 2 of the backup and possibly some instructions (i.e. mention on the backup that it’s Trezor T Shamir seed part n of m, n needed)
Safe from theft:
Coin stolen if Trezor+PIN stolen – low probability
Coin stolen if 2 backup stolen – low to medium probability
With optional password, coin stolen if above + password stolen, very low probability
Wrench attack:
Attacker can force you to unlock Trezor without need to get to another location – high probability to get stolen if happening but should have low probability to happen unless the owner is a public figure or victim of a data breach online with name + address relate to crypo product or services. Can be mitigate by not delivery any crypto related goods to home address (pick up box delivery, in shop pickup, forwarding service, delivery at work under department name) and having a good habits to minimize personal data exposure online.
Pro
- Protect all present and future coins under the Tezor set of seeds
- Define the recovery threshold (n of m needed to recover)
- No need to get access to 2 wallets to withdraw (which is also a con, see below)
Cons
- One wallet access (hardware + PIN) is enough to wipe your coins
- Physical threat not well covered
- Only compatible with Trezor T (costly)
Multi-sign wallet
Multi-sign is a special type of wallet that is controlled by multiple signatures. Unlike Shamir backup, not only the recovery seeds are split into parts that can be store in remote locations, but the multi-sign wallet is controlled by several actual wallets that can be split into different location or just their seed backup can be store in different location without even the need to keep a hardware wallet for each one of it.
Multi-sign is the best industry standard regarding security and cover a wide range of scenarios. A single user can use it to increase security against theft and loss by not storing enough wallet in the same location to send fund. Multiple users in enterprise or association environment can have control a wallet with different cosigner requirement. However they bring some restriction and additional complexity to use them, it’s the cost of the additional security. The biggest restriction is that most cryptocurrencies doesn’t offer multi-sign natively. Bitcoin does but not Ethereum (and thus all token based on Ethereum like ERC-20 or NFT). It’s still possible to do multi-sign with Ethereum but using a smart-contract like Gnosis-Safe and then only a few type of wallets are compatible with it (Trezor and Ledger are, then it’s mostly software wallet, like Metamask, or custodian wallet that are compatible).
Backup setup 2 of 3 (or any n of m with n < m)
3 different backup in 3 distant locations possibly controlled by several different persons.
Optional: one or more of the signer wallet can be a password protected hidden wallet on a hardware wallet
Withdraw:
Master public key of all wallet or original wallet file (Bitcoin MultiSign, very important) + 2 or more wallets that could be:
Hardware wallet + PIN (+ optional password)
Software wallet + PIN or password
Seed backup ready to be restored on a hardware of software wallet (if only used in recovery scenario)
Emergency restore possible with all seeds even if the wallet file and all x/zPub key are missing (the seed will allow you to get the public key x/zPub and recreate a new wallet out of it).
Security against lost or damage:
Loose access if both wallet file and all x/zPub key are missing and one seed/wallet is missing or not usable anymore (PIN forgotten, optional password forgotten, device damaged,…) – low probability if each seed stored properly with a copy of all x/zPub.
Loose access if more than 2 (n) wallets and their backup seed are lost or damaged – low probability if stored in separate locations
If more than one (m-n) wallets use an optional password in addition to the seed (password to unlock software wallet are not a concern as not part of the seed), loose access in if password is lost – low to medium probability
Ease of legacy:
Inheritor need only access to 2 of the backup seed or wallet + PIN or password and possibly some instructions (i.e. mention on the backup that it’s a cosigner of multi-sign wallet, cosigner n of m, n needed)
Safe from theft:
Coin stolen if 2 wallets + PIN or password stolen – low probability
Coin stolen if 2 backup seed stolen and no additional password – low probability if backup seed stored in physically remote location
With optional password on seed, coin stolen if above + password stolen, very low probability
Wrench attack:
Attacker can force you to unlock one or more single hardware or software wallet that you have at the location of the attack. If you have already enough coins on these to ease of the attacker and he is not aware of how many you have in total, you might get out of it with only a small percentage of losses. However if the attacker knows or think that you might have more coins, you will have to explain that it’s not accessible without traveling a long distance and/or involving a third party (other cosigner or opening a safe at a bank or accessing someone else property). This will lead to 2 or 3 more or less unpleasant scenarios. 1. The attacked give up and leave you safe. 2. The attacker try to force you to drive to the other location or contact another cosigner or anyone else to get the remaining seed to you so you can unlock more coins. Then the more you make it difficult or almost impossible, the more he can either give up or beat you up in rage with health or life threatening that any of these attack might involve. Of course the longer and more difficult it is, the less likely the attacker will get access to the coin and the more likely he might get caught during the attack or get compromised and caught later.
Again this scenario is very extreme and should have low probability to happen unless the owner is a public figure or victim of a data breach online with name + address relate to crypo product or services. Can be mitigate by not delivery any crypto related goods to home address (pick up box delivery, in shop pickup, forwarding service, delivery at work under department name) and having a good habits to minimize personal data exposure online.
Pro
- Natively compatible with Bitcoin
- Define the recovery threshold (n of m needed to recover)
- Can be use in various scenarios with various number of cosigners
- Best way to make it impossible to spend coins without at least 2 persons involved or moving physically to a second location
Cons
- Take more time to spend coins (with possible cost to travel more or less far) which is obviously a pro as well as it’s intended
- Not natively compatible with most coins, especially Ethereum, which require the trust in a smart-contract to use it
- Limited software and hardware wallet compatible
- Higher transaction fee at usage
Bitcoin wallet multi-sign compatible
Electrum + all hardware wallets compatible with it
Sparrow wallet + all hardware wallets compatible with it
Always double check any link and software signature using Github, Reddit and Twitter official channels.
Ethereum multi-sign smart-contract
Gnosis-Safe – compatible with Trezor and Ledger hardware wallets, Metamask and all wallet that can connect to Metamask, all wallets compatible with Walletconnect.
Always double check any link and smart-contract address using Github, Reddit and Twitter official channels.
Spread among many wallets
After some discussions online and preparing the comparison above, I figured out that there is no perfect solutions and some might accept the fact that they might loose a part of their coins to reduce the risk of loosing all of them. Indeed, if you try to find the solution that optimize every scenarios and put all you coin in it, you still have all your eggs in the same basket. Which mean any technical or practical mistake or a scenario that you didn’t think about might lead to a loss of all or almost all your coins at once. The only way to mitigate that is to combine several solutions. You might have multiple software hot wallets, software cold wallets, hardware wallets (single sign) and multi-sign wallets. Each wallet have more or less pro and cons, depending if you need to use them often, if the way you store the backup are prone to destruction, corruption or damage or not, if the wallet + PIN or backup are prone to be stolen easily or not. Then you spread more or less of your coins in each wallets and accept that in some scenarios you might loose some of them, with still high likeliness that you will never loose anything if done right for each wallet. It’s all a matter of compromise, like it is when using a wallet to keep bank notes (can be stolen), a piggy bank to keep coins (can be stolen), a safe to keep gold bar and bank notes (can be stolen, forced to open, destroy in fire), a credit card for daily expense (can be stolen and spend a lot contactless before you notice it), a bank account (can go bankrupt and insurance cover only up to a certain limit, can be si), broker account (can go bankrupt and might be difficult, long and costly to recover equities held in your name), a custodial cryptocurrency exchange or lending platform (bankrupt, hack, rug pull, coins seized,…) and even a DeFi platform (bug, hack, bad coding that lead to collapse, scam,…).
When you choose to spread your coins on several wallets and platforms, the best is to get organized. Keep a discreet paper notebook or sufficiently private electronic document where you list your wallets, if possible without full detail to not make the life easy to a potential thief that get access to your notes but still enough for your potential inheritors (that might be more or less aware about it). The worst would be to loose coins just because you don’t remember where they are stored and where is the key. But again it’s up to everyone to define what is best, some might want to keep as much in their head to limit any possible exposure but with more risk to loose or limit access for a potential legacy.
Here I will not list scenarios and pro/cons as each combination will have a different results of course.
What should I do?
Now you are waiting for me to tell you which solution is the best and why, but as you might have guess, it’s not that easy. Each users has to find his own setup and should not share with other what it is. The only thing I can recommend you to do is to go through as many scenarios as possible evaluated the probability that it might happen or not. Then you define one or more setup and see if this scenarios will protect all your coins or result in a partial or complete loss.
Scenarios to consider (non-exhaustive list)
- Lost device running the software wallet
- Lost of wallet file of a software wallet (especially for Bitcoin MultiSign)
- Lost of hardware wallet
- Lost of one backup seed for single signature wallet
- Lost of one backup seed for Shamir backup
- Lost of one backup seed for multi-sign wallet
- Lost of more than one seed for above two
- Lost of PIN for unlocking software or hardware wallet
- Lost of password protecting a seed (25th word)
- Bug of software preventing to spend your coin with the wallet directly
- Corruption or damage of device running a software wallet
- Corruption or damage of hardware wallet
- You loose access to your password manager
- You loose access to your second factor authentication device (U2F key, TOTP app,…)
- You loose access to your email account
- You loose access to your cloud account
- You loose access to your registrar (domain name)
- A service you use (bank, broker, exchange, DeFi,…) close down, get offline and lock you out temporary or definitely
- The government confiscate some or all of your money in bank and you relay only on your cryptocurrencies
- Your local currency, a stablecoin or a foreign currency you use and hold loose all its value within a few months/day/hours
- Fire or flood destroying all device and seed backup in a single location
- Fire or flood destroying some device but more resistance backup might survive
- Amnesia, you don’t remember anything and have to guess only from clue you left
- You die and someone (significant other, kid, parent, colleague, close friend,…) want to recover as many wallet as possible with or without your instruction
- A malware get control of one of your device running a software wallet
- Someone with bad intend find one or more of your PIN/passwords used in relation to cryptocurrency activity
- Someone with bad intend take control of your email account/cloud/domain name…
- Someone with bad intend find one or more of your seeds at one or multiple location
- Someone you know might get rid of a device or backup code not knowing what it is
- Someone you trust and reveal information about your coins, wallet, backup, password, whatever sensitive, might not be careful enough and reveal it to someone else on purpose or not or write about it somewhere not safe
- Someone you know might not be as trustful as you might have think once he learn about potential value of your coins
- Someone recognize you in the street because you are famous and know that you have cryptocurrency and force you to transfer as much coins as possible from your smartphone (if any at all) or a hardware wallet that you might carry with you
- Someone track down your home or work address and lock you in your home or office and threaten you and/or your relative until you transfer them coins or give them wallet/seed + PIN/password or whatever
- A natural disaster is coming to your city and you have only a couple of minutes/half-hour/couple hours/a day to leave to a safe place (option A, you are at home, option B you are not at home)
- A war start in your country and you want to cross the boarder to reach a safe country, but everything you carry physically might get confiscated and everything you leave behind might get stolen or destroyed
- A very powerful company or government want to take over your coins or limit your ability to use them
- Quantum computing crack down SHA256
- Aliens arrive on earth and you have to convince them that Bitcoin is the world currency before anyway else tell them the contrary
This list is quite long but surely non-exhaustive and I can guarantee that most if not all (except the last 2) have already happen to someone, somewhere in relation to cryptocurrencies or not. I read such stories all the time online, but of course your should not get too paranoid and reasonable judge which apply to you and which are more or less likely to happen and how much of an impact it will have on you, your family, your business and so on.
For the more likely or the most damaging scenarios, imagine how you will react and what you could do to recover partially or fully to be back to a more normal and safe situation. When possible play the scenario for real, like for example: try to access your email account when you loose your second factor authentication device. Try to recover a seed you created for testing with a very small amount of coins on a different device or with a software. Try spend from a multi-sign wallet created with all cosigner before sending too much on it. Try to leave a week/month without your bank account/credit card. Imagine what you want and make sense to your situation and just what you want to experience for educational purpose. I had a phase when I was paying everything cash for some months, thus paying bill cash might get costly now. I might try to leave on Bitcoin for a month, but it might get costly as well, especially in Switzerland, hopefully this will improve in the future.
If you like this post, want to add or correct something to it, feel free to leave a comment below.
Also be sure to subscribe by RSS and follow eluc@nostr.eluc.ch on Nostr, @eluc on Mastodon or @ElucTheG33k on Twitter to not miss any future post.
Disclaimer I’m not a financial advisor, nor a professional in any kind of industry link to finance, cryptocurrencies nor tax legislation. I’m just giving my personal opinion and life advise about topics that I like and experiment by myself on my free time. My articles could always have mistakes, inaccuracies or lead to misunderstanding of a more complex topic. I cannot by any mean be liable for any loss or issue you could have by following any strategy or using any app or product that I mention in my articles. Using any kind of investment product, cryptocurrencies, smart-contracts, app or tool always come with a certain risk. Before engaging your data, time and money in any activities, always do you due diligence and get informed by yourself about the implications and risks.
Affiliate links Some links in my articles can be affiliate links, usually I mention it explicitly. This mean that if you use the link to a shop or service and then buy the product or subscribe to the service offered, I will get a small commission on your purchase. For you it doesn’t cost anything more and in some case it’s also linked to a promotion where you can get a small discount as well, I try to write it clearly if it’s the case.
If you use the link and buy something there, I will know that someone did but I will not know anything about this person. If you don’t agree to use the affiliate link please visit the website of the shop or service by yourself, for example using a search engine without using an ads at the top of the results of course. If you agree to use them and make a purchase, thanks for the small support.
When I decide to place an affiliate link for a product or service, it’s not because I will maybe get some money from the affiliation but because I truly believe in the product/service and I’m using it myself. I will recommend the same way a product or service that doesn’t offer affiliation and will never give the advantage or highlight one product/service just because it offers an affiliation or because the commission offered is higher, but I hope it’s reflected well in my article.