Opening old wallet, sync Bitcoin Core first or import first and sync after?

[operacjasamum]

I have an old Bitcoin Core wallet file with some coins I need to move to a different address now but I do not have Bitcoin Core synchronized. Should I start Bitcoin Core without a wallet, fully synchronize first and import that wallet after that or should I open my wallet before syncing?

In the first scenario it's going to reindex or sth after importing the wallet, isn't? How long it's going to take comparing to full synchronization? The second scenario does not look safe (it basically results in having a hot wallet for the time of synchronization) but if reindexing in the first scenario is about to be as lengthy as full synchronization then it's the same thing.

[nc50lc]

I have an old Bitcoin Core wallet file with some coins I need to move to a different address now but I do not have Bitcoin Core synchronized. Should I start Bitcoin Core without a wallet, fully synchronize first and import that wallet after that or should I open my wallet before syncing?

Either is fine as long as the node isn't set to be pruned.
The only disadvantage of loading the wallet.dat later is it'll have to "rescan" which could take a few minutes/hours to finish.

But if you need to prune due to storage issue, you must load the wallet before syncing the blockchain.

[Knight Hider]

The second scenario does not look safe (it basically results in having a hot wallet for the time of synchronization)

The second scenario makes it possible to load the wallet offline. Sync first, unplug your internet, open your wallet, wait a bit. Keep it offline for safety.

--Knight Hider

[hosseinimr93]

The second scenario makes it possible to load the wallet offline. Sync first, unplug your internet, open your wallet, wait a bit. Keep it offline for safety.

Take note that with disconnecting your computer from internet when opening your wallet, you don't really make your wallet more secure.
If you want to have an offline wallet, you should create your wallet on a computer that is always offline. You should have an offline device for generating your wallet and singning transactions and an online device for creating unsigned transaction and broadcasting your transaction. 

[operacjasamum]

Sync first, unplug your internet, open your wallet, wait a bit. Keep it offline

ah ok, so whatever happens after node is synchronized and upon loading a wallet, does not require pulling new data from the Internet. Good. I will need to go online later on anyway to actually broadcast the transaction but that's ok - I was worried about keeping a node with loaded wallet exposed to the world for many hours or even days during synchronization or reindexing (or whatever is happening there).

[DaveF]

Depending on the speed of the machine & drive & a lot of other things this could take a VERY long time.

Although @nc50lc said minutes/hours I have seen it take a lot longer on an older PC with a wallet with a large number of transactions it really can take a while and even if it does look like the GUI is frozen it is working in the background. Don't force close it or it will start from the beginning again.

OTOH, with a fast PC and a small wallet it is fairly quick.

-Dave

[Fudmottin]

Out of curiosity, what known attacks are there against a hot wallet on Bitcoin Core? I presume they are fixed as they are discovered.

[NotATether]

Out of curiosity, what known attacks are there against a hot wallet on Bitcoin Core? I presume they are fixed as they are discovered.

The most obvious attack is leaving the wallet unlocked for too long, allowing some hacker to leverage a totally unrelated vulnerability in some other software to gain access to your system and drain your bitcoins. bitcoin-cli does not prompt you to re-enter your password when doing sensitive operations like signing a transaction (unlike the GUI version of Bitcoin Core).

The solution to that is to not run Bitcoin Core alongside any other software on your computer.

[nc50lc]

-snip-
bitcoin-cli does not prompt you to re-enter your password when doing sensitive operations like signing a transaction (unlike the GUI version of Bitcoin Core).

To be fair, when using walletpassphrase command, the user is free to set how long the wallet should be unlocked.
If not prompting to re-enter the passphrase is the issue, the user should at least set just enough seconds for his operation.

In the GUI, it's automatically done so it'll be locked just after finishing what it needs to do.

[Fudmottin]

The computer is on a private IP network. So the only way in, so far as I know, is via the connection used by Bitcoin Core. Although it does get access to the outside world through other services such as NTP and whatever the heck Apple uses for software update.

My security plan, if it can be called that, is if any BTC of significant quantity is successfully mined, it gets moved into a cold storage wallet.

Anyone getting shell access to that machine would have a field day as they are now on my private LAN.

[DaveF]

The computer is on a private IP network. So the only way in, so far as I know, is via the connection used by Bitcoin Core. Although it does get access to the outside world through other services such as NTP and whatever the heck Apple uses for software update.

My security plan, if it can be called that, is if any BTC of significant quantity is successfully mined, it gets moved into a cold storage wallet.

Anyone getting shell access to that machine would have a field day as they are now on my private LAN.

Once a machine has access to the pubic internet, even if it's on a private IP stack behind a router it's still vulnerable.
Go to the wrong website, it's compromised. Copy the wrong file, it's compromised.

Take a look here:
https://support.apple.com/en-us/HT213670

dozens of things patched last month for macOS, and a bunch of them have the ability to get to parts of your file system.

Use a hardware wallet.

-Dave