Bitcoin Forum

Ok i saw many newbies fall for all kinds of scams lately and i feel sorry for them, so i put together this tutorial to help people to store their bitcoins very safe, without the need to rely on (scammer) 3rd parties or just any kind of unnecessary risk.

So basically if you want to store your coins 100% secure you have to store it on your own device , and not on an online wallet or 3rd party. As the saying says: "everything that's not in your hand it's not yours". If it's not in your hand it's not money, it's debt, the promise of the 3rd party that it may or may not pay you. Also many wallets don't run on 100% reserves, which is just the same as the fiat system, so it will meet the same ends...

Also many online wallets have been hacked lately which could be the users fault, but it could also be the service's fault, and by storing them there by default your funds will be targeted because they store huge amount of coins, whereas if you hold your coins in a place nobody knows about, then its safe.

Ok let's start.

Programs you will need:
■Cleopatra: http://www.gpg4win.org/features.html
■A good antivuris& internet security: I recommend Kaspersky Internet Security 2015 because of this:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/
http://www.techpowerup.com/209925/nsa-hides-spying-backdoors-into-hard-drive-firmware.html
■Malware Cleaner like MalwareBytes: https://www.malwarebytes.org/
■Armory Wallet: https://bitcoinarmory.com/download/
■Veracrypt: https://veracrypt.codeplex.com/
■Linux operating system for extra security (verified by Cleopatra, after you download just check the checksum to see if it has been tampered with) or just a clean Windows or Mac


Hardware & physical objects you will need:
■Multiple solid USB sticks (ATLEAST 3)
■A junk and cheap PC which meets the system requirements of the programs listed above (preferably old because newer ones could contain firmware (http://en.wikipedia.org/wiki/Firmware), but not that old that it fails because your bitcoins could be lost then)
■Your casual online PC that you are on right now
■Multiple A4 papers or similar and a pen
■A router through which you connect to the internet (optional)

After you got these tools, you will then proceed to set up your own "cold wallet" or "hardware wallet" or "offline wallet" as it is known.
You will need your usual online PC and the offline PC that you bought or your old pc that you used years ago.

Here are the steps to set up your offline wallet:


1) Set up the antivirus & MalwareBytes on your online PC, scan it and remove any virus or threat is found, all of them. Set up a strong firewall with your internet security software and if you have a router password protect it (the default password is always ADMIN, so change that)
2) Use original operating system, if it's pirated then run a full antivirus scan & anti-malware on it because there may be some malware hidden in it, even if it's original there can be some intentional malware in it so either way scan the operating system's cd, or .iso file or however you got it, to make sure no rootkit,malware or other malicious tools is built in it. If you detect any, then get another copy, until you find a clean one. (Make sure the antivirus you choose & MalwareBytes is fully updated though before scanning it)
3) Get your PC that you will dedicate to keep your bitcoins on (it can be a laptop too) and set up the operating system on it
4) Make sure you create atleast 2 or more partitions on the harddisk, because 1 will be encrypted later, and 1 for the operating system
5) Enable hidden folders and files if you are using windows on both the online and offline PC to see if anything shady sneaks itself into the USB stick, but ofcourse you will scan it also with the antivirus & MalwareBytes!



6) Disable networking in the BIOS, or remove the network card from that PC (https://www.google.com/#q=disable+network+from+bios)
7) Plug out any device that is connected to it, router, telephone wire, wireless stuff, or any other network or cable except the electricity, so that there is no other interface with which you can interact with this PC but the USB sticks, everything else should be disabled
8] Install the antivirus & MalwareBytes on this computer via the USB stick to check if there is any firmware on it, leftover rootkit or malware from previous OS or any other malicious stuff
9) After the stuff is clean,format the entire hard disk again and reinstall the operating system,and don't reinstall the antivirus nor MalwareBytes after (cos you never know if the antivirus or MalwareBytes itself is not doing something shady, you dont have to trust them more than needed ), and re-enable the hidden folders and files mentioned in step 5)
10) Make sure that in the process of doing this you dont put any other virus on your clean offline PC by any other means
11) After the clean PC is totally cleaned then it's time to install our bitcoin stuff there, first encrypt your non-system partition with Veracrypt or other trusted open source encryptors (this step is crucial unless you want it to be cracked by hackers, the encryption software must be 100% trusted and open source)
12) Encrypt that hard disk and put atleast a 30-35 digit random password for it which you generate here: https://www.random.org/passwords/, however don't use those passwords, instead generate 10 different passwords and combine them into 1, by your own, so that nobody can guess them (in case random.org collects or logs the passwords generated)
----Also write on a paper that password perhaps multiple times, because if you lose this password you cannot ever access that partition again so since your bitcoins will be stored here, you should have paper backup of this password stored in a secure place---

13) Download armory to your online PC, verify that it's genuine and not tampered with , with Cleopatra by checking it's checksum or the PGP-Signature of the author:
https://bitcoinarmory.com/tutorials/armory-basics/verify-download/
14) After download finished, disconnect your online PC's internet temporarly so that no other stuff can go in there, put the USB stick into your online PC and scan the stick itself, perhaps format it, then put the Armory on the stick and check it's checksum again before pulling it out just to make sure there was no malware on your PC that tampered the software after you downloaded it!
15) Put the stick into the offline PC and install Armory there inside the earlier encrypted partition
16) Securely Format the USB again (https://bitcointalk.org/index.php?topic=1002719.msg10957863#msg10957863) and pull it out from the PC so that nothing is connected to it until we don't set up the sensitive stuff
17) Open armory and set up your wallet on the offline PC, from that encrypted partition, also in armory's settings use a very robust wallet


---Of course if the PC is crappy use whatever resources it can support, but still a 10 second open timer is recommended, because this is your safe wallet anyway, capable of storing billions of $ so definitely worth the wait time for this extra layer of security---
18) Enter the passphrase for the wallet, again use a the  https://www.random.org/passwords/ and combine for yourself a unique random password from those generated there, but never use 1 entirely from there. Also dont use the previous password again.
19) Make alteast 2 paper backup of this aswell (the private key), now you can print it out with armory, however make sure the printer you use is not network connected, and after you finished printing restart it so that the cache of the printer is cleaned out
20) Until now you got 3 sensitive data: the password of your encrypted hard-disk partition and the password of the wallet and the backup of the private key, make sure you got 2 backups of each stored at very safe locations
21) Use another USB stick or multiple sticks to put a digital backup of your wallet aswell, not the same one are you used before to install the stuff it must be a different and clean one,Securely Format the USB again (https://bitcointalk.org/index.php?topic=1002719.msg10957863#msg10957863) ,however this stick is as-is and you can never ever plug this in into the online computer, but only this offline computer in case the hard-disk of the offline PC fails you will have a digital backup of the wallet , but you need to set up step 0-18 again for another PC that you will buy then to store your bitcoins. But never ever plug that USB stick (where the digital copy of the wallet is) into an online PC again!!!)
22) Ok you are ready now, your encrypted bitcoin wallet is set up in an encrypted hard disk, and you have 3 sensitive data that you must secure yourself, of which the private key is the most important. Even if the other 2 password is compromized, if you wipe your PC before they can access it (the wallet), then without private key they still cant stole your money. But of course the other 2 passwords are also important + your USB backup of the wallet. Keep these stuff very safe!
23) For additional security you can set up a password for your operating system, however its not that much needed, and it can be easily bypassed if a burglar enters your house, but they can't break the double-encrypted wallet! This password is only needed if you leave your house and don't want your wife or children accesing your PC, it's more like a privacy protection rather than security.
24) Never ever install anything else on the offline PC, even if it's not in the encrypted partition, it can only contain the clean OS install, the armory and your wallet(s), just as never put anything else on the stick that stores your digital wallet copy either. They should be left as they are!

Ok now you got a perfectly secure offline storage which can store even billions of $ worth of bitcoins, but it can still be compromized when you do a transaction. So here is how to securely transact and spend funds from it!




You will use the offline transaction method of armory which you can read upon here it't tutorial:
https://bitcoinarmory.com/tutorials/armory-advanced-features/offline-wallets/

http://i60.tinypic.com/9080mt.png

 After you read about it and familizarized yourself with the process, here is how to do it securely:
1) The blockchain has to be on your online PC and also a verified download of armory, by Cleopatra:
https://bitcoinarmory.com/tutorials/armory-basics/verify-download/
2) Create a "New Offline Transaction", specify the details: address(es),how much bitcoin to send, etc. Double check if you entered the stuff correctly, and then put the Unsigned file on your USB stick that you used to install the things on the offline PC. Make sure that before plugging that USB stick back into the Online PC, you put it into the offline PC and Securely Formatted (https://bitcointalk.org/index.php?topic=1002719.msg10957863#msg10957863) it beforehand.
3) So after you formatted the USB on the offline PC, put it on the online and put the Unsigned file on in, then move that Unsigned file onto the offline PC
4) Plug the USB into the offline PC, copy the Unsigned file into the offline PC's desktop
5) Plug out the USB
6) Open the encrypted partition, and the Armory and import the file
7) Check again if all details are entered correctly
8] Sign the file, you will need the wallet's password for this
9) Close armory, and close the encrypted partition too
10) Plug back the USB stick,Securely Format the USB again (https://bitcointalk.org/index.php?topic=1002719.msg10957863#msg10957863), and then put the Signed Transaction File back into it
11) Move the USB into the online PC and copy the Signed Transaction File, import it into the Armory, and verify again if all details are entered correctly
12) Broadcast the transaction
13)Securely Format the USB again (https://bitcointalk.org/index.php?topic=1002719.msg10957863#msg10957863)
14) Waint until 6 confirmation of the transaction, and then it's all complete


After you know how to keep the bitcoin 100% securely offline, and have your online PC also relatively safe, you can then monitor your wallet from your online PC without the need to compromize the private key for it. I have developed a software with which you can monitor your bitcoin addresses from your online PC without the need to compromize your offline storage. It's just like any other program on your PC now and you don't have to trust me more than any other developer whom's programs you currently use on your online pc .


My software has no access to any of your funds, since they are all kept securely offline. What my software does it checks your balances from your online PC through an internet API that connects to the blockchain. So you don't even need the blockchain downloaded on your PC to use my software, it's all lightweight and portable. You can check your balance of any of your addresses (or even other's address) to keep yourself updated with how many bitcoins you have. Also it loads instantly you don't have to wait half an hour to load like armory!

► DOWNLOAD FREE DEMO! (https://dl.orangedox.com/RBFF3nUY0UfqD77LeR/v1.60_Quick%20Wallet%20DEMO.rar)


This tutorial might be hard to read, disorganized, although it's as accurate as possible, but probably not that detailed and descriptive,also this forum needs internet and sometimes it could go down, so I summed up everything , more descriptive, with picture illustrations and links to download these tools in my
FREE E-BOOK that is a Guide to keep your Bitcoins 100% safe.

DOWNLOAD MY FREE E-BOOK HERE! (https://dl.orangedox.com/IdfJScHNXT25dKaszu/Guide%20to%20keep%20your%20Bitcoins%20Secure%20v1.00.pdf)

Enjoy :)

Thanks so much for writing this up OP! it helps a lot!

Very nice tutorial!  Good instructions, and pictures I give it a thumbs up.

Thanks guys, i`m still updating my post to rething if i missed something.

Also if you guys think that i missed something security related then please tell me to correct it.

I want to make a guide here that is 100% hackproof, so please help contribute to it, thanks!

good giude, but i think newbie, are searching for something more easy and immediate

for example: i think windows firewall is good enough, no need to dl something else

the third point you described (Get your PC that you will dedicate to keep your bitcoins) is everything they need without adding too much

desktop dedicated entirely to btc without installing/surfing, will do the trick, if not connected to wi-fi or any other network, just with its own network

Yes that is true, however that is only half security.

Because windows has alot of backdoors and shady malware can always sneak into the USB and into the other PC.

Especially in this surveilance era that we live in right now, i need 100% security if i had 1 million $ to store on my own, so each step must be carefully considered.

Also armory has the lockbox feature so you can set up 2 PC's and store the wallets in 2 pieces through a lockbox for extra security.

Also this is only a storage tutorial, i`ll soon write part 2, where i`ll write about how to access the storage safely, because thats a bigger challange, than just purely storing it.

So stay tuned ;)

OP you should put up a BTC address for tips incase any noobs want to thank you for helping them out.

I would definitely add malwarebytes to whatever antivirus you might recommend. Other than that nice guide

Nice article.
Here is another thread written earlier - https://bitcointalk.org/index.php?topic=17240.0

Well i recommended Kaspersky IS 2015 because it has everything from rootkit scanner which can hide itself in the root sector of the USB, to normal antivirus, secure keyboard input (which can be helpful in other fields), and firewall with complete internet scam detection like phising site or virused site.

Thanks i`ll read it , gain wisdom from there and implement it in this one

If anyone wishes to support me then click the link on my signature and buy one of my high-quality products  ;)

If only they can start accepting BTC directly, I would continue using their software.  ;D How are you hoping to prevent Bad Usb virusses written into the firmware? A format will not clear the firmware.

We had some old computer and printers at work, destined to be destroyed, so I visited bitaddress.org and saved it for offline use... I then disconnected it from the internet and printed 200+ paper wallets for future use. {I then destroyed the hardware} so there are no way to get to that information.. It's already recycled material.

Those paper wallets are laminated and split between several destinations.... I used 5 for "Honey traps" on sites and none of them where hacked or accessed... so the rest should be safe.   ;)

What do you mean by this?

Kaspersky has anti rootkit scanner. I just heard in the news that Kaspersky detected many new firmwares in hardware planted by the NSA to spy on people.

Since Kaspersky is Russian, and no other antivirus detected it but this, it can already be said that which antiviruses work for the governments and which are trustworthy lol.

http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216


Well thats a bit crude, resetting the printer would have been enough, the printer doesnt have storable memory, only a cache, so after you keep it offline enough or just simply restart, the cache is ereased.

Or print something else with it, that also ereases the previous cache.

But i guess you wanted to make sure.

I`m not sure about honey traps, what did you store there 0.001BTC or similar? Some hackers could only target funds bigger than 1 BTC, so if you store like 10BTC next to a 0.001BTC honeytrap then only the 10BTC could get stolen and you realize it too late.

Also i dont think bitadress.org is a safe way to create an address, there can be millions of things that could stole the private key: keylogger,spyware,trojans. You can never make 100% sure that the online pc doesnt have virus, but you can with the offline PC. That is why it's better to only generate new addresses with the offline PC with a non-tampered Armory or BitcoinCore wallet

Would you people consider the block chain wallet secure because that is what I recommend to most people who are new to bitcoin because it is super easy.

I`d say all online wallets have moderate security. Sure they can be hacked, or some keylogger reads your password while your write it in, or your government is suspicious about you and all it takes is a court order to empty your online wallet, and you can do nothing about it, as the wallet will comply with the authorities.

So I personally would never store more than 1 BTC on online wallets. Sure they are good for quick-access spending wallets if you want to shop stuff or buy things with bitcoin, and you need quick access to funds (because using the offline funds needs more carefulness), then go ahead.

However if you want to store your retirement fund or your savings, then definitely dont trust them. I don't care if angels run the wallet service, you can never trust a 3rd party with 100% confidence, especially not for funds > 1m$.

Just look how responsibly banks handle the funds:
http://www.wsj.com/articles/banco-de-madrid-files-for-bankruptcy-after-parent-accused-of-money-laundering-1426495127

thanks for putting this tutorial together. i am think of taking over a pc from a family member to use it solely for bitcoin.
i will buy a new hard drive for security purposes but can ram memory also contain a virus?

Check the harddrive for hidden firmware on your online PC before putting your bitcoins on it.
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216

Yes ram can also contain virus, that it is why it has be be carefully put on the offline PC. And after you want to use the funds there you need to be cautious with it.

I`ll put together a tutorial how to spend from the safe offline wallet without compromizing it. Done!

so, even a brand new hard disk is a potential risk. you can't trust anything nowadays.
regarding the ram. is it enough to just run a full system virus scan to make sure everything is clean? 

It's not that its a potential risk, the newer the harddisk the higher the risk is, since all this surveilance got out of control. And its getting worse and worse. We live in a global tyrrany now.

A full system scan is imperative, but i also urge people to download Malwarebytes too, since Kaspersky could miss a few malware. I just ran a scan last night with it and picked up other malwares that were not detectable by Kaspersky.

Of course with this method the funds are 100% secure, however the online PC could still be compromized and if you use your online pc for interne banking then it could be a serious problem.

However for bitcoin it isnt until you follow those steps with military discipline, no hacker could hack your coins :)

Nice writeup.  Here's a very simple one :)

1) Go here: https://www.buytrezor.com (you can pay with BTC)
OR
1) Go here: http://www.amazon.com/gp/product/B00R6MRI50 or http://www.amazon.com/gp/product/B00R6LSAZI to purchase from one of our community members (windpath).  If you're Amazon Prime, free 2 day shipping.
2) Wait for it to arrive
3) Set it up
4) Safe and secure

I have my doubts about these hardware wallets in general, for example worst case scenario they go bankrupt and that website can't be accessed anymore, how will you extract the bitcoins then from the device?

Or i also heard that the website is pretty slow and has some bugs.

Again these devices are good for quickspending, like a normal money wallet, but i would not use them for long term big wealth storage...

Ok thanks I will keep recommending it to my friends.

Sure, since so many newbies dont know how to secure their funds well, we need to help them keep their money safely.

I just saw another minor exchange got hacked and hacker stole some funds, so its hard to keep your money secure but it's possible!

There is 1 vulnerability though, there are malwares that can infiltrate themselves inside the nonpartitioned sector of the USB stick..

So if they are hidden well enough them they could copy themselves into the offline PC, steal the private keys, copy back on online PC and then broadcast it to the hacker

I`ll find a solution for this, stay tuned :)

Your tutorial is great ! I sincere thanks for your post. I will mark this page to learn it carefully

Sure, study it carefully and if you find a vulnerability in my tutorial please tell. This is the exact methodology that I too follow, so if there is 1 vulnerability I risk my coins also by using this tutorial, so it's better if we all study it and see if we missed anything, because it's better to be paranoid and careful with our coins, than to learn it through the hard way :)


I studied malwarebytes and indeed its a good one. It picked up malware on my Pc that Kaspersky didnt saw, so I added it to the list.

It's a free trial that I have and it's already doing wonders. So definitely recommend Malwarebytes too.

So i added it into the tutorial

good guide OP :) appreciated!

Though I have learned about how to keep bitcoin for safety but I am not sure I have done it right

If you are not sure about your coins are safe or not, then create a safe cold storage and transfer your coins there, because your current storage could be compromized and let's just not risk that. Better to do some extra work to make it secure than to find out the hard way isnt it...?

Alright I found a solution to this one, I searched hours on the internet to find out how to make sure that the VOLUME BOOT RECORD or the USB stick is clean.

Ok the USB stick has basically 2 sectors, the main sector which is partitioned, so there you can put files which you transfer from 1 PC to the other, (and if the hidden files & folders are shown) then you dont have to worry about a virus copying itself to the USB stick because you see it.
And when you put the unsigned transaction file, make sure that only that single file is on the USB and nothing else, because everything else could be a virus.

However there is a hidden sector in the USB stick which is called the VOLUME BOOT RECORD which contains firmware settings and it's usually 4kb size, but advanced viruses can hide here, obviously 4kb is not enough for a sophisticaded virus, so if you see that this unpartitioned sector is like 20-30 mb size, then its 100% that you have a VBR virus on it, which could steal the private keys and infect the offline PC.

As you can see my USB stick is 100% clean!
http://i58.tinypic.com/ih01ms.png

So to avoid this I put together the last phase to make sure nothing else sneaks out of the offline PC, and even if it infects the offline PC it can never sneak outside it and broadcast the private keys to the hacker.

So let's start:

HOW TO ELIMINATE ALL VIRUSES AND MALWARE FROM THE USB STICK (Windows)

0) Plug in the USB stick in the offline PC, where your bitcoin's are stored and follow the next tutorial, to clean up the USB before putting stuff on it, and connecting back to the ONLINE PC, so that even if it has a virus on it, it cannot send back any info to the ONLINE PC!
1) Open the start menu and write in the search "CMD" without quotes,( right click on it and "Run as Administrator" if needed).
2) In CMD write the following: "DISKPART" without quotes, and open the disk partitioning tool
3) You can now close CMD, we will work in dispartition tool now
4) Type in "LIST DISK", without quotes
5) Open the start menu again and write "disk management", and open "Create and format hard disk partitions"
6) See there which disk number your USB stick is, for me Disk 0 is my harddisk and Disk 1 is my USB stick, see for you which one is it, and remember the # number of the Disk.
7) Go back to the disk partitioning tool and you see there also the same thing
8] Type in "SELECT DISK #" ,no quotes, replace the # with your disk number of the USB stick, so for me its Disk 1, so I write "SELECT DISK 1", you write your own number there. Make sure you select the USB stick and not the HARD DISK, because otherwise you can mess up your windows!!!!
9) Type in "CLEAN" , no quotes, this will replace the VBR with 0 like the factory version had so any virus that was in there is now dead, this process could take a while, so wait until its finished
10) Type in "CREATE PARTITION PRIMARY", no quotes
11) Type in "SELECT PARTITION 1",no quotes, this is 1 for everybody so dont replace that number
12) Type in "FORMAT FS=FAT32"  or  "FORMAT FS=NTFS" ,no quotes,depending on what the USB stick can support, my USB can only support FAT32, so if you write the NTFS version and it returns an error at the end, then do it again with FAT32 because your USB doesnt support NTFS then. This process could take like 30 minutes but you must do this every time the USB stick is plugged in the offline PC to make sure no virus can steal your private keys.
13) Type in "ASSIGN" , no quotes
14) Type in "EXIT"

Now if you did this correctly, your USB stick is 100% clean from any virus. You must do this process every time your USB stick plugs into the OFFLINE PC, to make sure even if there is a virus on it, to not get out with your private keys, so it's a very important part!

 

Nice Job  This is very easy to read

Thanks, because my tutorial is a little bit too stretched out in this forum, although its perfectly correct, but its disorganized and hard to read.

I`ll make a FREE E-book where i`ll sum it up and make it more organized, so it will be easier to read and study even offline, because obviously this forum needs online internet access.

So stay tuned until i`ll write my FREE e-book ,which will be FREE TO DOWNLOAD!

Enjoy my hard work, this is my contribution to the bitcoin community :)

Alright I finished my e-book, its 100% free to download and distribute, however I would appreciate some donations since I put hard work into writing this (you will find a donation address at the last page of the e-book). It's basically the same thing as in post #1 , but more detailed, with pictures and more organized, as it's hard to explain everything in a forum in detail.

So here is your FREE e-book about how to protect your bitcoin with 100% security (i`ll post this link into post #1 aswell):

DOWNLOAD HERE FOR FREE! (https://dl.orangedox.com/IdfJScHNXT25dKaszu/Guide%20to%20keep%20your%20Bitcoins%20Secure%20v1.00.pdf)

Thanks for taking the time to write this.

We are however, not sure that your program doesn't have any hidden malware.
Blockchain.info may be used to monitor addresses.

1. using a hardware wallet such as TREZOR that has basically two functions - it keeps your bitcoins in an offline storage and when connected to a computer, it enables a highly secure way of spending as well (immune to viruses, hackers and keyloggers).

2. creating an offline cold storage which is useful for storing bitcoins, but has its limitations and security risks when you decide to spend the coins

This guide will instruct you on how to create an offline wallet, a wallet that never even touches the internet in its plaintext form. This security measure is also referred to as being an air gap. For all practical purposes, this wallet is safe from all online threats, such as viruses and hackers. It is however still exposed to offline threats, such as hardware keyloggers, extortion, or people looking over your shoulder.

The below procedure may seem tedious, but remember that security almost always comes at the cost of convenience. When you deposit money at a bank, you let them worry about security. Bitcoins, however, are stored on your computer and that means you are fully responsible for securing them.
How to Deposit Funds

    Set up a Wuala account, or other cloud backup service of your choice.
    Create a strong and unique password offline (manually). This password should be at least 20 characters long; it should contain numbers, upper and lower case letters, and symbols. It should be as random as possible, ie it should look something like this: Zr%8qL03&cvwS9@05AatdP71. Never use this password elsewhere.
    Do not forget this password. Recite it several times a day. It is easy to overestimate your ability to remember a password several months in the future. To be on the safe side, write it down and store the piece of paper in a safe deposit box.
    Download Bitcoin Linux binary and save it on a USB drive.
    Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
    Disconnect machine from the internet. Unplug any network cables and disable wireless. Verify that wireless is disabled in the icon on the upper right corner (Ubuntu). Double check that machine is disconnected by opening the web browser.
    Run bitcoin while disconnected to the internet. The client will show 0 connections and 0 blocks, but it will still generate a wallet.dat file and a bitcoin address.
    Encrypt your wallet using the strong and unique password from step 2 above. (Bitcoin Client > Settings > Encrypt wallet)
    Copy wallet.dat (found in hidden folder .bitcoin in your home directory) to USB drive.
    Save bitcoin address to a text file and copy it to USB drive.
    Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.
    Backup encrypted wallet.dat file in several places:
        Send it to your 5 best friends by email attachment and ask them to save it for you.
        Save it on your Wuala account created in step 1.
        Save it on several USB drives and CDs and store them in different geographic locations.
    Send bitcoins to the address saved on the USB drive. Double check in the block explorer that they have been sent or you can add Watch Bitcoin Address in BlockChain Wallet.

How to Retrieve Funds

    Boot from Ubuntu liveCD, as in step 5 above.
    Insert USB drive.
    Run bitcoin client and close it again.
    Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
    Connect to the internet.
    Restart bitcoin client.
    Wait for blocks to download (optional).
    Send bitcoins.

How to Setup Watch Bitcoin Address

Watch Bitcoin address is a way for you to check your cold storage balance online without exposing your private key.

    Create an wallet account at https://blockchain.info/wallet/
    Go to import/export.
    At "Add Watch Only Bitcoin Address", add your bitcoin address.
    Wait for the balance to synch.
    You can also download the mobile version at Google Play, Apple Store

Indeed, but my program will always rest on the online PC and never get it touch with the Offline PC, if you read carefully the tutorial you will see that nothing will penetrate and coult extract data from the Offline PC, unless people are negligent and forgot to format their USB sticks.

Also my software is not it any form , nor it has to be , trusted than any other app that you have on your online PC. Besides my software used the Blockchain.info API too, it's just that it aggregates the data.

Instead of checking every single address on Blockchain.info separately, you can use my software and check the entire wallet automatically by inputting the addresses, which will be stored in a file. Also the software refreshes it every 20 seconds so it updates automatically.

It's a tool for lazy people.

Any donation is appreciated :)

Anyone would like to comment or give a feedback about this tutorial or the e-book? It would be really nice since I want to see if it helped you secure your bitcoins :)

Also if you would like change anything in the methodology of the tutorial feel free to comment it, it's not a perfect guide so maybe I missed something.

Your tutorial is good for people who give some time here, as you need to be a bit more lenient I feel as not everyone who hops here is a tech geek and so, a bit easy language should be used, even if gets a bit more detailed then that would be awesome...

Thanks a lot OP, helped me out a ton.

+ 1 !  easy and efficient  ;)

i use his software and its 100% safe ive scanned it and have used foe 2 months with no problems

Yes, well i use an offline PC, because a laptop has wi-fi by default, which could be hacked i guess so I just dont want to risk it. My old PC is from 2003 and works very well as a bitcoin container.


Well i think my tutorial is pretty easy to understand. I think my e-book is pretty detailed, so check that out:
https://dl.orangedox.com/IdfJScHNXT25dKaszu/Guide%20to%20keep%20your%20Bitcoins%20Secure%20v1.00.pdf

No problem, its my contribution to the bitcoin community.

Yep, that was my goal, since i got so much inspiration from the bitcoin community i thought i give it back for free.

If you want to thank me you are always welcome to donate, but otherwise its 100% free as my charity.

So did anybody learned some security for your bitcoins from my book? Let me hear your feedback guys!  :)

  some people might think this is overkill but you can never be too safe

Yes, i should also add it there , that it should be noted that some OS' could track your private keys and log it, so either use linux for that, or always boot a virtual OS from a USB stick.

I`ll add a tutorial about that later.

i think the key might be stored in the ram ,i do know some malicious softwares live in the ram...

Yes, but if its offline then that doesnt matter. What matters is if the windows keeps a log file on the private key, and it can sneak out somehow.

And even if it cant, because my tutorial wont let it, as we will format the USB stick very frequently.

It can remain there and when you sell your old PC, somebody could find it and see it there and access your coins.

haha , never thought of that,did you hear about that guy that throughout 200,000 dollars worth of bitcoin in the garbage and he scoured the dump for a year with no luck !!!

Alright then, so c`mon guys post in this thread, and show me your feedback.

Let's not let this thread die, because it supplies very useful information to newbies how to protect bitcoins agains theft, so help me out guys, its a community service :)

Nice tut, I was thinking of buying a Trezor but just went along with some 17 char encrypted paper wallets made from the github version of offline bitaddress booted on an ubuntu CD

Trezor is great and everything, but it costs 120$

This is free, and you actually have everything in your own hands

We don't know what's what in the Trezor wallet, Armory however is open source

That's pretty cool, keep helping our newbies  :)

I`m not sure about the safety of Trezor. This tutorial is pretty much my methodology, I am currently now using this method and so far my coins haven't been stolen, despite the computer I`m on now had some viruses (so i use Bitdefender 2015 to counter it, but its not enough)

So yea, the best defense is self defense, don't rely on third party ! Good luck!  ;)

this is a good Tutorial, appreciated work

Thanks for nice feedback, hope you learned something today.  :)

This thread should be a sticky.

Yes I agree, if a moderator can be kind and please stick my thread, that would be nice  ;D

Anyone please? This thread is really important!  :)

You could ask in Meta.  But I highly doubt it becomes a sticky. 

If you have to bump you own thread up and ask yourself for sticky, those are two indicators it is not needed as sticky.

I will, but maybe there are no moderators here reading it. I havent saw any moderator here for a long time so who knows.

Im sure one of them saw it.  But if you want to bring it to their attention go to meta. 

But again chances are very very low of this being a sticky.

Why? Should I rewrite it, make it more readable? Perhaps easier to explain.

Please explain.

Sure this is my opinion.  I could be wrong.  

But I would first make it more readable.  Pulling it up just a lot of bullets and numbers.    Also a sticky is not meant for personal gain, so I would get rid of e-book and software you wrote.  (again my opinion)  Stick with well known tested software.   Also no one is able to guarantee 100 percent secure.  That is misleading.  Lets say they had virus before installing your suggestions on virus protection, etc.

Add some more pictures, it would be even better to have entire process documented.  You could even do a video if is to much for thread.    Remove those horrible blocks meant to draw attention.

This would make it a better thread (in my opinion).  Even if you do all this I still think getting a sticky is low.  They are valuable space things such as rules, newbie information, etc.    But that is for moderators above my pay grade to decide, Meta is place to bring it to them.

its great to know that people here are muvh concerned about newbies. the beginners are targeted more than the qualified ones. these steps are good to be followed and can help newbies in securing their wallets. yet another simple way is to download a wallet on your mobile device which gives high security as well.

Download wallet to your mobile device?

The mobile phone is the least secure electronic equipment that is out there. All mobile phone data is directly sent to a 3 letter agency....  ::)

move bitcoins into separate wallets and store those offline.
To keep all your eggs in one basket is inviting disaster.
 ;)

Offline is best.  Cold storage can be great.   Here is a few steps instead of pageful.  

Buy Raspberry Pi.  Only use it for BTC wallet related use, update to current OS and patches/fixes, install a linux anti virus.  (Do not use this for surfing web, anything besides BTC wallet, not forums etc, etc.

Create wallet and store an encrypted backup on new usb drive, even two is not bad.   And print off a paper wallet of it (Use the oldest printer you have that works with it, one with no network connection is best if want to be totally paranoid.  After unplug Raspberry Pi.  Store Raspberry pi, usb drives, and paper walllet or wallet's in safe places.

So two paragraphs and you can have a very secure cold storage wallet.

nice tutorial, thanks for the effort.

do you need both malware cleaner and an antivirus at the same time? i mean is it really necessary, i am using Eset smart security and it has Antispyware. do i need more?

about your software for monitoring balance, is it open source. because i would love to take a look at the code since i am a fan of programming.

I'm securing my bitcoins rather well, on a separate dedicated machine

yes
https://bitcointalk.org/index.php?topic=936724.0

I would agree it's like 2 lines of defense.  Should your antivirus catch it... yes. But this is not the perfect world.  Having malwarebytes backing your AV is a good second line.

Also encryption or 2FA at this point is really a smart thing to do.

I think an expert user doesnt need an antivirus anymore, because its more risky to use an antivirus than not, if you are an expert.

Who knows what spyware the antivirus would have in it, that could spy, or even send back information to a 3rd party.

This is why we stick with well known anti-virus software, and download from trusted sources at home.   

Not downloading in public where someone might be "malicious" with your internet.   Cold storage computer (again great job for raspberry pi) is meant to stay on a secure network such as a normal home network.

Great initiative!
Added this thread to my watchlist.

can you elaborate further how mobile phone is the least secure device and details about that 3 letter agency ?
if it is that least secured we all would like to know about it !!
thanks .

You have provided an excellent guide, but it does seem like too much work for a newbie to follow.
In any case, thanks for the guide, it can be useful even to the more experienced user
Keep up the good work :)

Thank you GreenStox , great tutorial! Sticky this thread

I enjoyed reading this guide, it was very well written. Thanks for posting, It is very important to make sure your bitcoins are secure and this thread is nice for bitcoin beginners.

very good guide. thanks for that.
i want to ask you something. i think about creating address... what if your created wallet has my private key also? i mean is there any chance to create same private key and address?
i want to explain more because my english;
for example; i use 1sT2GVdd3... for a while. and i have 10BTC atm. somebody, who wnats to start BTC create bttc address. and what a lovely... multibit create same address!!! :S is it possible?

The risk of Bitcoin address collision is approximately 1/2^160 address generated. It is more fesible to solomine using a celeron than trying your luck at making an address collsion. You can probably find an address collision if you build billions of ASICs specialised for such operation together with the computing power of the entire world and two suns. However, weak/flawed RNG can cause the address to be predictable. See this (http://arstechnica.com/security/2015/05/crypto-flaws-in-blockchain-android-app-sent-bitcoins-to-the-wrong-address/), this (http://blog.blockchain.com/2014/12/08/blockchain-info-security-disclosure/) and this (https://bitcoin.org/en/alert/2013-08-11-android).

Yes that is why that new BIP-XXX or wtf was its name, is used to create deterministic addresses.

So you only need 1 random number as a seed and you can generate a really big hash from that using even a flawed RNG because without the initial seed they cant even find out the flawed mechanism

Random + Nonrandom = Random
Nonrandom+Nonrandom = Nonrandom

Atleast thats how i understand cryptography.