Bitcoin Forum

The cost of a hardware wallet is not excessive, given the price of bitcoins. I'm looking to choose an approach.

I've read about the Electrum setup of a watching wallet online combined with a wallet holding the private keys, on an air-gapped computer.

If this is correctly set up, is the hardware wallet inherently more secure?

For example, if I compare the 2 approaches, how do the 2 setups compare if:

- Hardware failure?

- Malicious attacks?

While the hardware vendor client database can be hacked, allowing criminals to come knocking on my door, can the same happen with Electrum?

Also, looking longer term, what would be the consequences of developers ceasing to maintain Electrum?

Should I also export my private keys, in addition to the seed phrase (with appropriate safety and storage precautions)?

What other criteria should I consider?

I'd appreciate any advice from the experts.

I'm compelled to say yes. Hardware wallets are specifically designed to be secure with convenience at the expense of their price tags. There are also hardware wallets which are able to be airgapped efficiently just like what you can do with Electrum. The only problem that I can see is with the leaks like Ledger's, telling everyone that you own a hardware wallet. I don't send any HW wallet to my residential address so that's fine with me.
Similar. Both can be imported into another wallet easily.
Hardware wallets are mostly hardened against side channel attacks which most computers are not designed specifically for. The secure element present in some of them also prevents people from brute forcing or extracting the seeds out of the hardware wallet in the event that it gets stolen. AFAIK, some has limited attempts which will brick the entire device once that threshold is reached and thus making brute forcing pins ineffective.
No.
Nothing. You can extract the private keys from the HD seed generated with Electrum very easily and just import it into another wallet. It's open source as well so I highly doubt that it would just stop development and not create a fork from it and someone else taking the helm
No. The 12 word seeds is all you need. You can of course do that but you'll be having to secure more things and have to continually update that list if you use your wallet frequently.

No, electrum cold wallet is also very secure and safe, if done correctly, both are safe and secure. Also, electrum in that form is a cold wallet while the other electrum is a watch-only wallet. You need to be careful of your computer not to have malware that can attack your hardware wallet during bluetooth connection for transaction signing. While I still believe more in electrum cold wallet signing with QR code generating from the watch-only which is malware resistant. Although, we still need to totally do all necessities to avoid malware.

All you need to protect is your BIP39 seed phrase, ones you have it properly backup against damages and attackers, and safe from loss. You can import the seed phrase on another hardware wallet or BIP39 supported wallet which will generate back private keys, addresses, bitcoin and other fund balance immediately.

About malacious attacks, there are some vulnerabilities reported in some reputed hardware wallets, while also they can be attacked if your wallet extension device (the computer you use to access it) is having malware. An example is the malware that changes recipient's address to hackers address, that is why you need to check and recheck the address you inputed before sending. The malware can be trasmited through the USB while QR code is still resistant to such which is safest for transaction signing.

There are some ways to buy hardware wallet avoid your information being given. You can read the link below for that.

[GUIDE] How to buy a Hardware Wallet the right way (https://bitcointalk.org/index.php?topic=5288201.0)

About electrum wallet cold storage, electrum wallet can not be connected to your email, home addresses and the likes, I will prefer to make use of electrum cold wallet. But read the guy above for how to buy hardware wallet appropriately to be able to buy hardware wallet without it linking to your information.


I do not think electrum wallet will cease to exist because it is well supported and developed by Bitcoin developers. But if there is any doubt, know that electrum wallet is an open source wallet, it has a tool (https://github.com/FarCanary/ElectrumSeedTester) you can also use to generate the master private keys and private keys which you can be imported on other reputed Bitcoin wallet.

You do not need to, ones you know the seed phrase that can be used to generate the private keys using some tools if need be. Like the link I posted above for electrum and iamcoleman for BIP39 seed phrases.

Protect your seed phrase, do not let it lost, do like three backup that will make you to be able to access it anytime you want and also do all that are compulsory to make it impossible for attackers to steal.

An air-gapped is not malware resistant. It is possible to infect an airgapped wallet though transferring information from an air gap is hard. Hardware wallets are not susceptible to malware attacks. They are designed to not be compromised through any malware as the private keys should never leave the device.

An important note, hardware wallet attacks are often fairly sophisticated, save for a few of the less developed ones. They often take advantage of any sidechannel vulnerabilities which can be evasive or costly and often comes after loads of research. In comparison, the main protection against any attacks is the airgap and the airgap only. Hardware wallets are designed to resist any malware attacks and would be alright to be connected to a computer infected with malware.

Hardware wallets would always have a confirmation before signing such that the user is aware of the addresses that is in the transaction. The similar case can be made for an air gapped wallet if the user doesn't check the transaction properly.

Yes, you are right. I did not generally mean air-gapped wallets, like the hard drive ones that can still be vulnerable to malware attack while online during transaction. But, I mean electrum wallet making use of QR code for signing which I believe is more malware resistant. But, bluetooth can also be used instead of QR code, which I believe is not as malware-resistant if compared to QR code type. Just an opinion, I am all ears to correction.

I'm going to disagree with the post above and say that I prefer airgapped cold storage to hardware wallets. There have just been too many issues with hardware wallets in the last few years, from the database hack you mentioned through to unpatchable vulnerabilities allowing extraction of seed phrases, for me not to believe there are not other vulnerabilities or issues which exist but either have not yet been discovered or have not yet been disclosed. My feeling is that a properly set up, permanently airgapped device, using whole disk encryption, is safer than a hardware wallet, but I concede that such a set up is significantly more complicated than using a hardware wallet, and much more prone to user error. The side channel attacks mentioned are not high up on my list of possible attack vectors since my airgapped device is only ever used in a sealed room inside my house with no one else around, all curtains drawn, no webcams, etc.

Another big question to ask yourself is portability. There is no denying that a hardware wallet is far better than airgapped cold storage when it comes to carrying it around with you and transacting on the go.

Thanks for those responses.

I am not clear if the Electrum seed phrase can be used directly in other BIP39 wallets.

I entered the Electrum seed for a wallet I just created in "The Electrum Mnemonic Seed Tester" tool, and it gives the same private keys as created in the wallet.

So, if I wanted to swap to another wallet (not Electrum) would I need to use the above tool as an intermediate step?

Also, if I went down the Electrum air gap route I would go through the following steps:

1. Prepare the air gap pc using a dedicated laptop, with a LAN, WiFi, Bluetooth etc disabled in the BIOS.

2. Instal a fresh copy of Windows 10 from a Microsoft DVD onto the laptop, checking that all networking is disabled.

3. On an online PC, do virus and malware checks, format a USB and download Electrum onto the USB, checking the signature.

4. Transfer the USB to the air gap laptop, and instal, with wallet encryption.

Would this be secure enough?

Portability is not high on my list.

It cannot. Electrum uses their own system for creating seed phrases which is slightly different to the BIP39 system. You can read their motivation for doing so here: https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation. There are one or two wallets which will accept Electrum seed phrases, but the majority of wallets will not. However, the way Electrum turns seed phrases in to addresses is still common knowledge and very easy to do. Any piece of open source BIP39 software could be changed to work with Electrum phrases with a few very small modifications. You do not have to worry about Electrum ceasing to exist in the future and you having no way of restoring access to your coins.

You could use the above tool to extract the private keys to individual addresses and then use those private keys to sweep the funds, yes. There are also a number of other ways you could do this.

I would use an open source OS, such as Linux distro of your choice, rather than any version of Windows. Also make sure you format the computer before installing any fresh OS on it. If you can physically remove the WiFi, ethernet, etc. hardware rather than just disabling it, then even better.

Other than the database hack, I don't think having the vulnerabilities is too much of an issue. Most of the vulnerabilities involves sophisticated equipment to glitch the firmware and seems like it came after hours of intensive research to discover. There's nothing much to research on for airgaps wallets because there isn't any incentives to do so. Of course, side channel attacks is not an issue for most but you can never really get too paranoid as well. Kind of helps that their competitors are always trying to hack each other's device as well.

My air-gapped storage before I started to use a HW wallet involves a Raspberry Pi which is much cheaper than even an old laptop. I'd check the signature on the airgapped wallet instead of the online computer, it's not the target computer to run the wallet after all.

I'd say it is partly a matter of preference.
I personally prefer to do things myself so I always go with the air gapped setup using Electrum and a Linux distro offline. That is also because I don't want to put my trust in a company and their product. As Leo said above there have been issues with hardware wallets and they do have vulnerabilities.
But it may not be easy for others to do the same, after all creating a secure cold storage is not easy. It is also harder to spend from this setup than it is to spend from a hardware wallet.

There is no universal answer here and it depends if you are newbie, average user or tech expert.

Your own setup can be very safe if you are advanced user, BUT I would never recommend anyone to use AirGapped setup if you are newbie and just getting to know how Bitcoin works.
It is complicated for average users and there are to many steps in the process that with one small mistake can result in losing or locking your coins forever.
There are so many horror stories with people overcomplicating things like this and I heard Andreas Antonopoulos speaking how people are sending him messages about this all the time.
Jameson Lopp for example is using both options and he tried and used almost all hardware wallets.

Having hardware wallets is good enough for average users BUT I would only choose open source option and I would never buy and order them with my real name, address or phone number, to avoid future leaks.

I don't disagree with you, but the fact that these vulnerabilities keep popping up with some regularity means there is a not-insignificant chance that there are more as of yet unknown or undisclosed vulnerabilities, perhaps one or two of which are much easier to exploit.

I would say that using two webcams is easier than using USBs, and although it is more costly if you do not currently own two webcams, it is also much safer. Saving transactions to file, copying them to and from USB drives, importing them from file, etc., is much more time consuming than just clicking "Display as QR Code" and pointing a camera at the screen.

---

If you do choose to go with a hardware wallet OP, I would always advocate using a strong and random passphrase (or perhaps several for plausible deniability), and for maximum security opting to enter it manually on the device each time you want to use it, as opposed to storing it on the device which some wallets will allow you to do.

I would say that I'm a newbie/average user.

But the steps in https://electrum.readthedocs.io/en/latest/coldstorage.html#coldstorage (https://electrum.readthedocs.io/en/latest/coldstorage.html#coldstorage) seem to be well described. Following it step by step appears to be straightforward. Receiving BTC is the same whether Electrum is air-gapped or not.

Because of the extra step of signing the transaction on the air gapped wallet, it's not as easy nor as quick to spend BTC, as using a hardware wallet, or a non-airgap setup.

But I think if we are considering an air gap solution, it's because we are dealing with non-trivial value. In which case, care and time are amply repaid, and outweigh speed or convenience.

Keep in mind that you can always create and use multiple types of wallets for different purposes and each with a different amount. Let's say you have 10BTC:
1. Paper wallet storing 6BTC for long term HODL and not touched for years
2. Air gapped Electrum storing 3BTC as a cold storage that can be accessed if needed
3. Hardware wallet storing 1BTC as a safe but quickly accessible wallet that could be carried around (eg. when traveling)
4. Hot wallet on desktop or mobile storing 0.05BTC to spend on stuff you want to buy or receive payments!

pooya87, that's an excellent strategy...if only I had 10BTC  ;D

Seriously though, can you please explain why you favour the paper wallet for long term HODL when this WiKi https://en.bitcoin.it/wiki/Paper_wallet#:~:text=A%20paper%20wallet%20is%20the,and%20should%20not%20be%20used. (https://en.bitcoin.it/wiki/Paper_wallet#:~:text=A%20paper%20wallet%20is%20the,and%20should%20not%20be%20used.) so strongly discourages it?

If I do generate a paper wallet, would this https://github.com/pointbiz/bitaddress.org (https://github.com/pointbiz/bitaddress.org) be a suitable tool?

OP, the Electrum air-gapped set up option is better for your OPSEC in that no one knows that you are a Bitcoin user. It has become especially concerning after Ledger leaked their customers’/users’ personal information.

https://pbs.twimg.com/media/Ep4B2LwW8AIXwan?format=jpg&name=large

I think paper wallets are not terrible as it is basically just another way to store your keys or seeds. The points as stated in the wiki are completely valid and are indeed downsides of paper wallets. Generating a paper wallet would most likely involve an offline computer so rather than doing that, I'll just make an Electrum wallet, export the master public key, write the seed and laminate it.

If you want to make it more indestructible, use some metal stamping tool to etch it into a block of metal.
Here lies another problem; that hasn't been any new commits for the past few years which means it doesn't have segwit support. Not exactly a big problem but it works fine if you want to generate legacy address.

Thanks to all for the superb advice.

One final question, is whole disk encryption recommended in addition to wallet encryption?


I believe that an air gap Electrum wallet is the best solution for me.

I prefer whole disk encryption for a number of reasons.

Firstly, I use it regularly on most of my devices, so I am very familiar with it.
Secondly, it eliminates the risk of leaving behind unencrypted information accidentally. If I accidentally save some sensitive information or a piece of software creates some unencrypted back up or log, it doesn't matter since it will all be encrypted anyway when I'm finished using the device.
Thirdly, it provides plausible deniability. If someone finds an encrypted hard drive, they have no idea that there might be bitcoin on it. If someone finds an encrypted Electrum wallet file, it's a different story. You can also take this further by using hidden volumes to decrypt different data to what you are really protecting.

Whether or not these are vectors of attack which would concern you is up to you. I would recommend LUKS for Linux or VeraCrypt if you go with Windows.

I've always said that this wiki page is greatly exaggerated. Basically it's whole argument is that because people may not correctly create paper wallets then they are considered unsafe. This is true about everything, even your hardware wallet if used incorrectly could be unsafe.

A correctly created paper wallet is the safest option in my opinion.
A correct way is:
1. Created offline on a clean and secure OS
2. Using a trusted tool (open source and verified)
3. The tool generates mnemonics
4. Is encrypted before written on paper
5. More than one backup is created from it and stored separately in safe places.

When you have 10 BTC, it would be a good idea to spend a little to get either a workstation or old server, install OS, install Bitcoin Core, install Fulcrum or ElectrumX or EPS (Electrum Personal Server) and you can then use that as your full node to connect to from your Watch-Only Electrum wallets.

I've also read that hardware wallets choke on 15-on-15 multisig transactions (or can't even do them) whereas any computer with Electrum can do it relatively quickly. Not that I have 15 different wallets. 2-of-3 multi-sig is pretty much a good standard already.

My opinion , no need for electrum wallet to be online.
Use TAILS OS and a downloaded , signature verified electrum wallet. Air gap the TAILS loading.
Create your off line wallets. back it up and never get the wallets online. EVER!

This is exactly what OP is describing - creating an Electrum wallet on an airgapped computer and keeping it permanently offline.

However, you still need a watch only copy of your Electrum wallet which can go online. A watch only wallet only contains addresses, not private keys, and therefore cannot be hacked or have coins stolen from it. You can create one by exporting your master public key from your airgapped Electrum wallet, transferring it via USB or QR code to your internet enabled device, and then importing it in to a new Electrum wallet. Without your online watch only wallet, you will not be able to see incoming transactions to your addresses, and will therefore not be able to create any transactions.

You should know that airggaped computers also have many  potential attacks than hardware wallets because they are not really designed to keep secrets.
I am not saying hardware wallets are perfect, but airgapped computers are also far from perfect solution especially if you don't know what you are doing and you make one small mistake.

Here is just some of possible attacks on air gapped computers:

1. Cold Boot Attacks (https://en.wikipedia.org/wiki/Cold_boot_attack)
2. The Chilling Reality of Cold Boot Attacks (https://blog.f-secure.com/cold-boot-attacks/)
3. Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems (https://www.zdnet.com/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/)
4. Sniffing Keystrokes With Lasers/Voltmeters (https://dev.inversepath.com/download/tempest/tempest_2009.pdf)
5. Generating Covert Wi-Fi Signals from Air-Gapped Computers (https://arxiv.org/pdf/2012.06884.pdf)
6. Flaws in self-encrypting SSDs let attackers bypass disk encryption (https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/)
7. NSA TEMPEST Attack can remotely view your computer and cell phone screen using radio waves! (https://climateviewer.com/2014/01/18/nsa-tempest-attack-can-remotely-view-computer-cellphone-screen-using-radio-waves/)
8. LED-it-Go (https://cyber.bgu.ac.il/advanced-cyber/system/files/LED-it-GO_0.pdf)
9. USBee (https://arxiv.org/abs/1608.08397)
10. AirHopper (https://arxiv.org/abs/1411.0237)
11. Fansmitter (https://arxiv.org/abs/1606.05915)
12. DiskFiltration (https://arxiv.org/abs/1608.03431)
13. BitWhisper (https://arxiv.org/abs/1503.07919)
14. Unnamed attack (https://arxiv.org/abs/1703.07751)
15. GSMem (https://www.usenix.org/node/190937)
16. xLED (https://arxiv.org/abs/1706.01140)
17. aIR-Jumper (https://arxiv.org/abs/1709.05742)
18. HVACKer (https://arxiv.org/abs/1703.10454)
19. MAGNETO & ODINI (https://arxiv.org/abs/1802.02317)
20. MOSQUITO (https://arxiv.org/abs/1803.03422)
21. PowerHammer (https://arxiv.org/abs/1804.04014)
22. CTRL-ALT-LED (https://ieeexplore.ieee.org/document/8754078)
23. BRIGHTNESS (https://arxiv.org/pdf/2002.01078.pdf)
24. AiR-ViBeR (https://arxiv.org/abs/2004.06195v1)
25. POWER-SUPPLaY (https://arxiv.org/abs/2005.00395)
...

I am sure there are more attacks that are not listed here, and it was all collected with more explanation by this website :
https://airgapcomputer.com/

Most of those attacks are incredibly theoretical, and most are completely mitigated by not plugging in unnecessary hardware such as speakers or scanners to your airgapped device, and by preventing physical access to your airgapped device, meaning the attacker cannot measure LEDs flashing, fan speed noises, weak magnetic fields, screen brightness, power line consumption, etc. Simply using your airgapped device with the minimal hardware, keeping it inside your house (even better, locked in a safe), and only using it in a room with no other electronics and the curtains closed, will mitigate almost all of these attacks.

If someone manages to break in to your house, load malware on to your airgapped device, and set up some kind of covert monitoring device on your power cable or a microphone to record your hard drive noise, all without you even noticing it has happened, then you have much bigger problems to worry about.

Indeed. I keep reading about people claiming that cold storage is not safe and show big list of possible attacks.
A 5$ wrench attack is much more likely than all those together.

They do not invent attacks. Theoractical attacks are discovered with substantiated evidence that it is possible. I don't think it's bad to be researching on these to highlight the possible loopholes?

I don't think anyone goes as far to say that cold storage isn't safe. I've mostly seen people highlighting the focus of hardware wallets and the hardened nature of them against more novel attacks. If you are that conscious about security, then you could possibly get a hardware wallet shipped through a reshipper and do some simple auditing by yourself and could probably give you a peace of mind.

$5 wrench attack is much more likely and that is why most HW wallets have plausible deniability built into it as well. Don't think it's fair to shoot down hardware wallets like that; they do still provide much more protection against sidechannel attacks which is what you would be concerned about if you're absolutely paranoid. Using a drop address or a PO box for the shipping would be necessary as well.

You are right, I didn't phrase it good. I wanted to refer to those considering hardware wallets safer than cold storage.
Imho cold storage is safer because you can have much more control on what happens there and which in most cases you don't really need to update, versus hardware wallets which are not all open source, which can have bugs and hidden flaws (them or the wallets installed).

Both hardware wallets and cold storage are geared to defend against any traditional malware attacks and both can do so relatively well.

It's a stretch to say that cold storage is safer. Most hardware wallets are audited regularly, even at times by competitors who obviously have an interest to exploit each other's devices. Vulnerabilities can happen with cold storage as well, they are not immune to it. There are hardware wallets which acts like an air gapped storage as well, like ColdCard but with the added benefit of it being easier to use as well as it being hardened against side channel.

In terms of the theoretical exploitation surface, it could be argued that having a hardware wallet which is specifically designed for storing Bitcoins safely is better than a person with little to no knowledge having to set up one themselves and exposing it to unnecessary risks.

Open source ≠ free of exploits. Companies like Ledger operates like a corporation with specific NDAs to follow. If you don't like to use devices that are not open source, avoid them. Plenty of HW wallets which are open source still.

Sure, they are hardened against side channel attacks, but they are also vulnerable to different attacks which airgapped, encrypted, cold storage is not vulnerable to. Seed phrases can be extracted from Trezor devices, and Ledger devices had a critical bug which would allow bitcoin to be stolen when the user was interacting with an altcoin, for example. Neither of these are possible against a well set up cold storage device.

There is no perfect solution for bitcoin storage, and each has its own pros and cons. But writing off cold storage because of incredibly difficult and rare attacks such as an attacker listening to the speed of your computer fan is incorrect, when by far and away the most likely way to lose your coins is through user mistake, simple malware (such as clipboard malware), or physical coercion.

I would argue that the plausible deniability of cold storage can outperform that of a hardware wallet. With a cold storage device I can use hidden volumes to decrypt fake or misleading "sensitive" data much in the same way that a passphrase on a hardware wallet can lead to fake or misleading wallets, and in both cases I can keep my main sensitive data/wallet completely hidden. The difference is with a cold storage device I could be hiding anything, from bank details to business accounts to wikileaks data etc., whereas with a hardware wallet, it is immediately obvious that I am hiding cryptocurrency.

I would agree with this. A hardware wallet remains the logical choice for anyone who feels they do not have the technical knowledge to safely set up and use an airgapped device, but for those of us who do, an airgapped device can definitely be better than a hardware wallet, depending on what attack vectors you are most concerned about.

Is there any research done on physical attacks to exploit the OS or the wallet software to glitch it to reveal the seeds or any sensitive info? I don't think Electrum (in this case) can be immune to such bugs, I mean JSON RPC was unencrypted for a long time. Is it possible for the attacker to clone the disk/sd card to have access to the encrypted storage to bruteforce?
I don't think cold storage is insecure by any means. I've only switched to ColdCard because it is something like a cold storage while being way easier to use. It's slightly annoying to have to start my RPi up to make my transactions every time. Side channel defenses are just the icing on the cake.
I agree.

Not really, some of those attacks starting from top have actually been done in real life and not just written as some wild theory.


It is not so hard to make 5$ wrench attack on your airgapped computer also, especially if it is laptop.


I would agree with you here, and if you listened to people like Jameson Lopp or Andreas Antonopoulos they would also say the same thing, and tell you the stories of many people who lost Bitcoin just because they made their own airgapped computer for storing BTC, made everything over complicated and lost access to their BTC in the end.
Sounds like crypto horror story but it happens more often than we think, so for most people it's better to keep it as simple as possible.

Opsec? Comsec? ... If you are a target, they will get you. Osama Bin Laden had air gap computers and hundreds of flash drives discovered at the time of his death. His house had armed guard security. His "transactions" were sent by courier to go connect to some internet cafe far away. They still got him.

If you are a target of some large enough adversary and you are not a government agent yourself protected by a small private army, then someone will eventually use a $5 wrench on you, or someone you know.

I still prefer the computer. Do just enough, and your bitcoins will be safe "enough". And that can be good for up to a few million dollars worth maybe. If you have a billion dollars worth, then you probably have regulated custodian holding some of the coins for you.

Still, we can all see "Loaded"'s address with 40k BTC, has not moved in several years. It's probably on an air gap machine.

Silk Road dude, Ross Ulbricht made a few mistakes, and he had access to maybe thousands of bitcoins. The FBI and DEA eventually got him. There's a movie out there now. Silk.Road.2021.1080p.BRRip.AC3.x264 or something if you care to search for it.

(The movie is good, but it's not very accurate, as we know it has been changed a little bit for presentation.)

The idea was that if you are known to have the coins and somebody is already targeting you, there's a better chance he will go for a 5$ wrench attack than something so highly sophisticated as presented in those lists.


Yes, overcomplicating the things are easily leading to that. And some try to do cold storage when they don't understand what happens there, again losing funds (I remember that there was a thread about Electrum 4.0.phishing "stole the coins" when the user came online! with the "cold storage"! to broadcast a tx)