Judge my security of how I created my Bitcoin wallet

[awavewalia]

I tried very hard to find a seller to sell me their BTC but man, if they have it, they want to hold it! They don't want to sell, they just wanna buy. I was forced to start with an exchange, one that almost everyone in the U.S. knows the name of, and then patiently wait to send it to self custody. I'm still sending some over to my wallet.

Let's evaluate how I created my Bitcoin wallet. I changed minor details from reality, but I want you to judge my actions as if everything I wrote here is true, and I want you to judge me critically and more harshly than usual:

My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:

1) I ran a simple anti-virus scan. Free trial. It says I have no viruses but said I have bank statements exposed and unsafe. This did not instill confidence, as the point of anti-virus is to protect my files even if I have a bank statement or several saved as a PDF file. It also stated it did not run network scans. This is on Windows 11. Remember that it is on Windows 11 for your judgment

2) I used a wallet program {Program 1} to generate a seed offline. I wrote down the derivation pathway it said it used, and BIP seed it generated. After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.

3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet.  I matched the receiving addresses to the addresses in {Program 1}.

4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}

5) I downloaded another program for a wallet {Program 2}.

6) I started sending funds to the BTC wallet. My watch-only cell phone wallet showed that funds are filling up the wallet. Multiple people at this point knew I was buying on an exchange, but they probably still think I have funds on the exchange or have been trading for shitcoins.

7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.

I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.

9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.

Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine? I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,

Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep. I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.

I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.

Here's what I didn't do:

I never used one of many, many, many Chrome web extension wallets, because I don't get how that could possibly be more secure than a solo wallet program in a window(s) meant only for itself.

I never entered my real storage seed into Exodus, Wasabi, or Phantom and did not use them for creation. I might have had them installed at some point, but generated or entered dummy seeds to see what the addresses would look like while learning about Bitcoin.

I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...
I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.

Bonus question:

Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.

It feels really good to hold BTC no one but me can handle.

[Guccho]

Well, you should be proud that you did much better than beginners, and you never used browser wallets, nor did you expose your seed on the Internet. The primary vulnerability here is that you stored all of this on a general purpose laptop using Windows and left it connected to the internet with years old files on it. With or without explicit malware, that surface area is large and random. To achieve greater peace of mind, most people ultimately transfer to a dedicated hardware wallet or at least a clean air gapped device to generate seeds. I like your concept of dividing money into two wallets having two arrangements, as this will decrease the risk at a single point. Keep in mind though that simplicity is also security and therefore do not complicate it to such an extent that you cannot pick it up later.

[Catenaccio]

Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.

You can create you wallet a same way, same method, and it's best if you create your wallet offline, that's it.

You only need to make multiple wallet backups with different methods, and store your backups at difference places. It increases your chance of always having at least one wallet backup which can be used for wallet recovery.

Don't try to create wallet in strange methods that can cause troubles in accessing it later or can cost you bitcoin loss from wallet funding.

How to back up a seed phrase?

[Ruttoshi]

From your explanation it shows that you are setting up Electrum cold storage wallet but you didn't specify it. After setting up your cold storage, you are not to connect it to the internet through wifi or modem which you did. You are use USB stick to transfer signed transactions from your Electrum cold storage to your watch only wallet after creating and signing your transaction offline.

Electrum cold storage

You should also write your seed phrase on the paper, make three  duplicates and store them in three different locations far from each other. Don't split the words instead use passphrase for additional security and keep the passphrase in a separate location from the seed phrase.

Of course, you can create a hot wallet and use it to store only small amount of bitcoin.

[Solosanz]

Hmm.

You make common mistakes just like most people did.

You use vulnerable device because you've connected your device with internet and you use bad OS. At least you should create on device that never connected to internet and using open source OS like Linux. Even better if you format all your disk and remove your ethernet port.

You also didn't verify the GPG/PGP key.

The security of your wallet is quite low, treat it as a hot wallet.

[Pmalek]

I am not sure why you are hiding the names of the wallets you used. You should tell us for your own sake. Regardless of that, I have a few comments.

What you have created on your computer is a hot wallet. More precisely, you had two hot wallets connected to the internet with your seed imported. I am not sure if your goal was to create a cold storage or not but you didn't do that. A properly air gapped system needs a freshly installed OS (a Linux distro is best) and shouldn't be connected to the internet after the OS has been installed. You connected your computer a few times. Theoretically, if there is malware on your system or you used questionable/fake/malicious wallets, your keys could have been leaked. The way you sign transactions on an airgapped system is by moving PSBTs (partially signed bitcoin transactions) back and forth between your cold and hot wallets. Another computer or mobile serves as the device for creating and broadcasting the transactions. Your cold wallet only signs it.

Since you don't have a cold wallet there was also no need to export your master public key and import it into your phone wallet. Your hot wallet on your Windows computer can do everything on its own. Create, sign, and broadcast transactions.

Finally, replying on your memory alone for seed backups isn't recommended. Everyone suggests to make multiple physical backups of your seed, keep them safe, and in different geographical locations if possible. You can still memorize the words if you want but there should be physical copies that you can use to refresh your memory if something goes wrong.

[jukheer]

Simplify it all and get a hardware wallet. If on a budget, Ledger Nano S Plus is around $60 with a current promotion. Grab some steel/titanium seed backups.

Make a bootable USB with Tails OS tails.net and run it live to use Ian Coleman and it comes with Electrum wallet. Make a new seed phrase with passphrases (or BIP-85) for additional wallets

[rdluffy]

Simplify it all and get a hardware wallet. If on a budget, Ledger Nano S Plus is around $60 with a current promotion. Grab some steel/titanium seed backups.

Make a bootable USB with TAILS OS tails.net and run it live to use Ian Coleman and it comes with Electrum wallet. Make a new seed phrase with passphrases (or BIP-85) for additional wallets

Better to chose a Trezor T model for 64.5 USD
https://trezor.io/trezor-model-t


To OP
From what I understand, you are keeping your seed only in your head?
I don't recommend doing that, nor creating complicated methods for creating a wallet or strong password, because what makes sense to you today may not make sense in a few months, and you can easily forget it

[PrivacyG]

Here is my judgement,

There is no point in unplugging your computer from the internet if you are going to re connect it later on.  In some cases, it can do damage to the security of your wallet even if you connected to the internet before doing all the steps of creating a wallet.

I agree with Pmalek, hiding the name of the program you used makes no sense.  In fact, if you want critics then you must mention what program you used.  For all we know, you could do every single step perfectly right and it would mean nothing if you used a random script off github nobody heard about.

But, and maybe this should have been the first bullet of my judgement, it makes no sense to do this if you are using Windows in the first place.  To most of us who care about real security, Windows is a joke.  It is any thing but secure.  Linux is a way better choice.  Even the worst distributions are miles better than Windows.  So if you want to do this, maybe the first thing you should think of being secure is the operating system your entier setup will be installed on.

When something feels really convenient, ask yourself why.  Windows is more convenient than Linux, but lacks the security and control over your own computer and also lacks the bloatware and spyware Microsoft purposely injects into all their operating systems.  The entire setup can be done offline.  It is what we call Airgapped Wallet, which is the best thing to do if you are particularly looking for security.

[awavewalia]

Hello all, I am the poster, and I read your comments.

ISSUE ONE

I can conclude I did indeed make some mistakes in my creation process even though some would call my actions superfluous with above average security.

I simply could not resist entering my seed (in a trusted program but on an Windows, an OS you all hate) to verify that if I recover using this seed, that I can access and use my own Bitcoin. This might be a sin to you, but it was a necessary security step to me and I couldn't see any way around it. This doesn't justify using a system that both had lots of old data on it that can also connect to the internet. I am unconvinced that using a system without any such old data that can connect to the internet is a security risk, so please explain why that might be a problem.

I will not be telling you the exact names of my wallets. I can only tell you what my wallets are not. I did not use software from MetaMask, Ledger, Trust, or Robinhood's new self-custody thingy.

I know these details isn't a seed phrase, but guess what, your own comments are telling me that I committed some mistakes. That means by your own logic my keys/seed were malware-vulnerable or vulnerable to some kind of network attack beyond my comprehension before I deleted the wallet file. Therefore, if I announce the names of the programs I used, I make it so any malware would target any leftover data I might have in my RAM or whatever.

Regardless, now that we are here today, it has been almost 30 days since my very first test transaction and over 7 days since my wallet last received a tiny amount of BTC. The BTC (over 0.012) is still there, unswiped. I'm still buying.

If the seed has not been used despite my failure to be internet-free entirely for this many days, should I assume it is not compromised and lying in wait to be used after the hacker believes the funding will stop? (There is an online paper wallet generator hosted in China or Russia where they wait one year to swipe your stuff because they assume you won't fund it any further or lost the private keys, but my concern is strictly compromised keys/seed or malware, not the program that generated my seed and test seeds prior.)

ISSUE TWO

I will create a second wallet on Linux on another device after a full format and wipe. Unless it's explained to me why I shouldn't, I plan to just download trusted wallet programs, play around with them, log in on my email and on my exchange on a browser (and no other websites), and, even if on Wi-Fi, create another seed and verify that it works for receive/send. I will then write the seed, delete the wallets and all dummy wallets, and format this other device a second time. Thoughts?

[Pmalek]

A hardware wallet offers you both convenience and security. If you buy a quality brand, you will be much safer than playing around with hot wallets on various setups. The idea is to keep your keys as far away from the internet. You can't achieve that with internet-connected computers, even if you unplug your cable or turn off the WIFI occasionally. The safest systems are airgapped but they are also the most complicated to set up and work with. Hardware wallets are in-between and a good compromise. They offer enough from both worlds to be suitable for most people. If you have the money and plan to invest more and more in the future, I would seriously consider an upgrade in security.

If you need help with selecting the right hardware wallet, there are many people here who can guide you.

Since you are still not naming the software you used but have called them "trusted programs", let's do this: Name 5 or 10 wallets that you feel belong in this "trusted programs" category and see what the community thinks of them. Also name 5 or 10 wallets that you feel aren't trusted. Put the programs you used anywhere you want in these lists without stating where they are.

[rdluffy]

...
I know these details isn't a seed phrase, but guess what, your own comments are telling me that I committed some mistakes. That means by your own logic my keys/seed were malware-vulnerable or vulnerable to some kind of network attack beyond my comprehension before I deleted the wallet file. Therefore, if I announce the names of the programs I used, I make it so any malware would target any leftover data I might have in my RAM or whatever.

I respect your opinion and concerns, but I don't see any way that could happen, hehehe
Be careful not to get paranoid about it

Pmalek already suggested a hardware wallet, and for less than $70 you can buy a Trezor and avoid having to take so many steps

Another “easy” solution is to create a bootable USB drive with Tails and generate your wallet completely offline

[marcus222]

Bro, you’ve basically done Bitcoin bootcamp on nightmare mode. You made it way harder than it needs to be, then still used Windows and stayed online. That’s like locking your vault with 3 combos then leaving the door cracked open. Just get a Trezor and enjoy life without second-guessing every RAM byte.

[SilverCryptoBullet]

A hardware wallet offers you both convenience and security. If you buy a quality brand, you will be much safer than playing around with hot wallets on various setups.

OP must choose open source hardware wallet brands to buy and must know how to buy hardware wallets.
If he buys a close source hardware wallets, it's risky and also waste money for something unsafe.
If he buys used hardware wallets because of wanting to save some money, it's dangerous practice.

[LIST] Open Source Hardware Wallets
[GUIDE] How to buy a Hardware Wallet the right way

[pooya87]

I tried very hard to find a seller to sell me their BTC but man, if they have it, they want to hold it! They don't want to sell, they just wanna buy.

Or maybe it's because in such a trade a fiat payment is reversible while a bitcoin payment is not and they don't want to lose money!

My Lenovo Windows laptop was purchased around 2 years ago.
10 years of files without checking where they're from.

There are 2 red flags here. First is the usage of Windows which is the worst operating system when it comes to security. And second is the fact that you have files you don't know the origin of which may contain malicious software that may not even be recognized by an AV.

2) I used a wallet program {Program 1} to generate a seed offline.

Offline can mean a lot of things in this context.
If you simply cut the laptop you described above from the internet, in that context offline does not mean secure at all.
You also need a "clean environment" for it to be secure. Which is why people usually advise using a Live Linux.

4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}

Another indication that you did not use an air-gap device to generate your seed and protect it.

Could my BTC be swiped or have you managed to hold all your BTC with worse security practices than mine?

You could store your coins in a web wallet and never lose them but that doesn't mean you are safe. What you described is a weak and vulnerable setup that exposes you to various risks.

I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.

I don't know about Knots but you can't produce a seed phrase with bitcoin core. It doesn't have that option.

Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that?

Learn more about actual Cold Storage and how to use an Air Gap device with a clean environment to generate your seed and hold the majority of your coins in that. Then you can store a small amount in any other wallet (even a hot wallet).

Also I'd advise against memorizing a mnemonic, it is not a reliable method in the long run. Think 10 years later when you have difficulty remembering a couple of words or their order and lose all the money you painstakingly accumulated for a decade!

[m2017]

My Lenovo Windows laptop was purchased around 2 years ago. Even then, I barely used it. It is essentially a glorified hard drive that I use to answer stupid emails.
This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from. Let's fast forward to last month:

In my opinion, you have already made a mistake at this stage, namely, you decided to install the bitcoin wallet on a laptop that was used for everyday tasks (no matter how often you do it). This creates potential risks.

I would recommend separating the laptop for everyday tasks (surfing, movies, games, etc.) with the laptop for bitcoin. It is not necessary to have 2 laptops. It is enough to have a 2nd hard drive (HDD, not SSD for reliability reasons), on which the Linux distribution will be pre-installed (a priority over Windows) and install the bitcoin wallet on this OS. In the future, only under this OS interact with cryptocurrencies (purchase, sale, exchangers, etc.). Such HDDs can be connected via external USB ports (for the duration of operation). And if you add a hardware wallet to the bundle, it will be better from a security point of view.

You can perform all the other listed points on the Linux OS.

[LoyceV]

I want you to judge me critically and more harshly than usual:

Even though this topic is a week old, I like your challenge and I'll be harsh

But first: it really depends on how much money you're storing. If it's $50 worth of Bitcoin, don't worry too much. But if it's $1000+, keep reading!

Windows laptop

That's your first mistake. In general, Windows is a magnet for problems. But switching to Linux without knowing what you're doing isn't great either.
Your second mistake is doing it online, that creates a hot wallet instead of a much safer cold wallet.

This laptop contains data I have had for over 10 years. Family photos, bank statements, executable files that are for old games, emulated game file save files...I moved so many over. 10 years of files without checking where they're from.

I wouldn't worry too much about static files, other than making regular backups.

1) I ran a simple anti-virus scan. Free trial.

Free or paid, it's always a good start to assume they don't know all possible threats.

2) I used a wallet program {Program 1} to generate a seed offline.

I'm going to be extra harsh on this: you can't omit the name of the software here! It could be you used the worst possible piece of shitty compromised wallet software out there, so that's what I'm going to assume. Not good!
Being offline when you create the seed isn't enough. It's better to assume malware will quietly remember the seed and wait until it can broadcast your seed when you go online again.

I wrote down the derivation pathway it said it used, and BIP seed it generated.

"BIP" is too general: it's a Bitcoin Improvement Proposal. It should come with a number (probably 39). If you're writing it down, be thorough.

After writing this down, I never had it in view of a camera or another person. Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.

Have you tested your backup to make sure you can restore the same Bitcoin addresses if you start from scratch?

3) I QR-scanned a master public key. My camera saw nothing else. On a mobile device (I never created any serious wallets on my mobile devices), I created a watch-only wallet.  I matched the receiving addresses to the addresses in {Program 1}.

What's the purpose of this step? I'd be more interested in restoring the keys than creating a watch-only wallet.

4) I closed {Program 1} but it was still installed. Connected to wi-fi for a minute, disconnected, then I deleted the wallet inside {Program 1}

Why? If the purpose was to create a cold wallet, you could have done all this from an air-gapped offline Linux Live system running from DVD.

5) I downloaded another program for a wallet {Program 2}.

Why?

6) I started sending funds to the BTC wallet.

Did you withdraw funds from the exchange?

Multiple people at this point knew I was buying on an exchange

Who are these people? People you tried to buy Bitcoin from in person? People working at the exchange? People reading your emails? Is that the email address you've posted in your Bitcointalk profile?

7) I connected to Wi-Fi on two different occasions and would stay online for over 24 hours each time. I used my mental seed to recover my wallet in {Program 2}, and confirmed that even there, BTCBitcoinBTC is being received live while on Wi-Fi.

Why would you expose your seed phrase to different wallets? That doubles the risk in case one of them is compromised.

I deleted the wallet file from {Program 2} offline. I uninstalled {Program 1} entirely.

How safe is that from hard drive recovery?

9) {Program 2} remains installed. I still send funds to the wallet, now only visible from the seed in my head and the master public on my cell phone.

Going back to this quote:

Any time I practiced the seed, I destroyed the torn scrap paper from my practice runs.

Did you not keep a physical copy of your seed phrase? Are you really willing to risk you still remember the seed 5 (or 25) years from now?

Could my BTC be swiped

Yes.

or have you managed to hold all your BTC with worse security practices than mine?

Yes. I'm okay with risking small amounts in risky environments, being fully aware I'm one mistake away from losing them. But it's like asking someone if they've been robbed on the streets: you know it's possible, and you know the chance of it happening to them doesn't influence the chance of it happening to you in the future.

I think I've been pretty thorough, but imperfect. Most losses are due to public wifi or fools screen-sharing. I did not cross $10000.00, I probably never will except by BTC itself going up by itself,

It sounds like you want to keep your Bitcoin long-term. Why not create a proper cold wallet on Electrum, air-gapped on a system that runs exclusively from RAM so there are absolutely no traces? And keep a backup of your seed words! You'll have to consider what's more likely: someone gaining access to your backup, or you forgetting the words you try to remember.

Do not leave comments saying that I might spit out some part of the seed phrase while I'm asleep.

Good point, I didn't even think about that yet: some one-night stand might get you drunk to get the words out of you! Jokes aside, unless you're an active sleep talker, this wouldn't be my main concern.

I carry around four hints for four words in the seed, even though I remember all of them. Now that I've mentioned this detail, I'm going to shred into fragments even that hint for those four in the next 2 days.

You know I once forgot where I stored a paper wallet for years, and later forgot and remembered again how to access my made-up brainwallet? The mind is a funny thing to rely on!

I was unaware of Bitcoin Core and Bitcoin Knots throughout this entire process so I did not use them to generate a seed. I still don't know if I need them or no.

Bitcoin Core isn't the best place to generate seeds. You'd get a wallet, but no seed words. Electrum is much better if you want a seed.

I did not use the Coleman io generator offline, as it, if I understand would run in a browser. That means it would allow any browser to display the seed AND every single private key, meaning a browser could save that info as if it was a manual field entry, username, etc...

Coleman's site is a brilliant thing, but you should NEVER use it on a computer that you're going to use for something else again. For educational purposes, I'll quote my post on how to safely sweep a paper wallet. You can apply bits and pieces of it to your situation:

Online:
Install Electrum on your PC.
Import your address to create a watch-only wallet.
Preview the transaction, Copy the unsigned transaction. Put it on a USB stick.

Offline and running without hard drive storage:
Get a Linux LIVE DVD. Use Knoppix or Tails for instance, or any other distribution that comes with Electrum pre-installed.
Unplug your internet cable. Close the curtains. Reboot your computer and start up from that DVD. Don't enter any wireless connection password. Keep it offline.
Start Electrum. Import your private key.
Copy your unsigned transaction from the USB stick, load it into Electrum.
CHECK the transaction in Electrum. Check the fees, check the amount, check all destination addresses (character by character).
If all is okay, sign the transaction. Copy it back to your USB stick.
Turn off the computer. That wipes the Live LINUX from memory and all traces are gone.

Online:
Use your normal online Electrum to (check again and) broadcast the transaction.

I also wanted to be able to connect to the internet at least twice just because it proves that if I wanted to, the seed works and so I can spend the BTC some day or simply pass it back to an exchange 20 years from now.

That's not necessary. Your seed produces private keys, those keys produce addresses. If you can reproduce those addresses from your seed on an offline system, preferrably with a different piece of widely available software, you know you can access your funds. There's no need to see it in a wallet.

Do you think it's a good idea to create a second wallet and seed with a different method, and I keep a minority of my BTC on that? It forces me to remember 24 words, but considering how wonderfully I did with just 12 holy words and how well I can keep the secret, I feel like I can do this over and over again with my practice methods and immunity of the few hints to my words online to dictionary attacks.

I use more than 2 wallets, all for different purposes. You may want to extend your seed phrase with a custom password, that way you don't need to remember even more words. Or just write it down

I will create a second wallet on Linux on another device after a full format and wipe. Unless it's explained to me why I shouldn't, I plan to just download trusted wallet programs, play around with them, log in on my email and on my exchange on a browser (and no other websites), and, even if on Wi-Fi, create another seed and verify that it works for receive/send. I will then write the seed, delete the wallets and all dummy wallets, and format this other device a second time. Thoughts?

There's no need to waste time reinstalling an OS with the risk of leaving traces of your wallet on your hard drive, when you can simply create a wallet while running from RAM. If you've never tried it, you'll be amazed what a Linux Live DVD can do.