Originally published on Unchained.com.
Unchained is Bitcoin Magazine’s Official US Co-Managing Partner and an essential sponsor of related content published through Bitcoin Magazine. Please visit our website to learn more about the services we offer, our storage products, and the relationship between Unchained and Bitcoin Magazine.
Properly controlling your keys requires some additional responsibilities, but it is an essential part of Bitcoin security. But what happens when you have to travel? If I keep a large amount of Bitcoin in cold storage, should I carry the keys to my Bitcoin wallet with me? And if you travel with more than one key, what steps should you take to keep it secure?
Consider these seven tips for traveling with Bitcoin in a way that minimizes risk and maintains control.
1. Carry only the necessary wallets
Bitcoin allows you to segregate your funds across multiple wallets, so you only need to carry the keys you need for a small amount of Bitcoin. You can secure your Bitcoin savings with cold storage multisig while keeping some sats in a hot wallet on your phone like BlueWallet or Muun.
You can spend and receive Bitcoin by carrying your keys only to the wallets you need, leaving most of your money in a secure cold storage setup, such as multi-signature, which eliminates a single point of failure.
2. Consider your destination
Consider your destination and travel plans when assessing the risks of traveling with Bitcoin keys. What is the relative risk of crime in your destination? Is your destination a country or city with a high crime rate? What do your surroundings look like?
If your destination has a high crime rate or petty theft is rampant, assume your phone will be stolen. Keep your smartphone well-secured and do not hold the keys to any significant amount of Bitcoin on that device. Minimizing potential Bitcoin loss by storing only small amounts in your mobile wallet is one consideration, but storing your keys in a multi-signature wallet on your smartphone while traveling also increases the chance of compromise, which could result in laborious key replacement. .
If you attend an event where Bitcoin ownership is assumed, adjust your security model around the assumption that everyone knows you own Bitcoin. This might mean making sure every single-signature wallet has a passphrase, or protecting small amounts of Bitcoin with multi-signature and distributing the keys in your belongings while you travel.
3. Don’t travel with a backup of your seed phrase.
You should always protect your seed phrase, but remember that it is an unencrypted secret to your specific key and can be compromised much more easily than a hardware wallet. Private key data in hardware wallets is typically protected within a secure element behind a PIN and requires a PC to access, but seed phrase backups are easier to physically steal, copy or photograph.
For most general travel, you should travel with at least one hardware wallet with a backup of your seed phrase in a safe storage location.
If you must travel with a backup of your seed phrases,
In some situations, you may need to travel with a backup of your seed phrase. Permanent physical residence moves (we’ve published a guide you should read if that’s your situation) and traveling to set up key items safely stored in a multi-signature setup are all legitimate reasons to travel with a 12 or 24 word seed. paragraph.
If you must travel with essential stationery, there are things you can do to minimize your chances of exposure and maintain peace of mind.
- Stay unnoticed by airport security: Split up your seed phrases by keeping a paper backup of your seed phrases in a book or by writing them down in a physical notebook using a rule you can remember. Do not use suspicious metal locks or cases. If the bag is pulled for suspicious reasons, there is a much greater chance that the seed phrase will be visible.
- Use crypto for your single-signature wallet: A PIN can secure your hardware wallet, but a password protects your seed phrase! Although passphrases are generally riskier compared to other managed setups such as multi-signature, it may make sense to use a passphrase with a single-signature wallet while traveling with your seed phrase as long as it is properly backed up (rather than relying on your memory). Do it!).
- Take advantage of your travel companions: For example, consider a multi-signature wallet (see below), give one seed phrase to your travel companion, keep one seed phrase for yourself, and keep one seed phrase in your hardware wallet’s checked bag. If you absolutely need to check if one seed phrase is already at your destination, you can compromise it by temporarily storing it in a password manager before you leave (see below).
4. Watch what you say and show.
An attacker must know who they are attacking before they attack. This is where operational security comes into play. Most of this advice applies to saving wealth using Bitcoin in general, but it can especially apply while traveling.
While on the road, you are often subject to the whims of people and circumstances beyond your control. This is a riskier situation where you publicly announce that you may be holding a significant amount of Bitcoin.
- Don’t talk about Bitcoin with people you don’t trust.: One of the easiest things you can do is talk less about Bitcoin! Be careful when “spreading the word.”
- Do not put Bitcoin stickers on your laptop or devices: It looks like a big neon sign that says “This device stores private key data!”
- Do not wear Bitcoin-related products.: Wearing merchandise or clothing with Bitcoin logos, especially in places where people know what to look for, is an unnecessary target on the back.
- Don’t Talk About How Much Bitcoin You Own: In general, it’s a good idea to only share the amount of Bitcoin you have on a need-to-know basis. Knowing you are a higher value target may cause an attacker to consider more extreme or risky actions.
In particular, these actions can pose physical risks when traveling even without your private key data. If someone tries to attack you with a $5 wrench and you don’t have any bitcoins to give, your bitcoins may survive, but your kneecaps may not!
5. Create a bait wallet
Whether you travel with a hardware wallet or a software wallet, you can use many wallets to create a decoy wallet. A decoy wallet allows you to create a second wallet that is completely separate from your primary wallet and can be activated in a blackmail scenario. This usually adds enough funds that you’re willing to lose, but enough for the attacker to think he’s gotten what he wants.
There are a few ways to set up a bait Bitcoin wallet.
- Single Signature + Password
- Using one key in a multisig quorum
- Blackmail PIN
Single Signature + Password
Using your password, an attacker can set up a secondary wallet that can access some of your funds. You can also decoy your default wallet while using a password for it. However, always consider the pros and cons of using passwords, and always make sure you back up your passwords properly (case sensitive).
Multi-signature
When using multisig, if you can keep secret the fact that a specific hardware wallet or seed phrase is part of your multisig setup, you can protect yourself by using one of the keys in the quorum as a decoy. This can be done by using one hardware or software wallet, usually part of a multi-signature setup, as a standalone wallet. An attacker can access funds sent to a singlesig wallet associated with that seed while not having access to or even knowing about the multisig wallet.
Blackmail PIN
Some wallet manufacturers allow you to set up a blackmail PIN. This feature allows an attacker to set up a second PIN to give them access to a second decoy wallet. If you are attacked, provide the attacker with an incorrect PIN and have a smaller amount of funds in that wallet.
For example, the Coldcard hardware wallet offers three types of duress PINs: One unlocks the decoy wallet, one destroys the seed upon entry, and one creates a countdown to a customizable “brick mode”. Using these tools gives you confidence that attackers have no access to your underlying Bitcoin keys at all.
6. Consider multi-signatures to eliminate single points of failure.
Bitcoin’s native multisig feature can be helpful in creating decoy wallets, but it is also a powerful tool for mitigating travel risk in general. Maybe you need to travel with your private keys, but you want to avoid the single point of failure of a single-signature wallet. Traveling with three hardware wallets, with each key held as one in a multi-signature quorum, can help reduce risk.
If you’re traveling, there are many unique features that multisig offers. Each of the following has security implications and tradeoffs to consider that are beyond the scope of this article, but you can also:
- Hand out any keys you have while traveling.: You can travel on an airplane using 2/3 multi-signature, with one key in your possession and the other key in the secret compartment of your carry-on baggage. The third key and seed phrase backups are geographically distributed to other secure devices. location. This keeps the three keys separate, so two of the three must come together to access funds.
- Store your seed phrase digitally: Temporarily compromising the seed phrase by storing it in a password manager ensures that at least one seed phrase backup for the multisig quorum is already at the destination. Once you arrive at your destination, you can perform key rotation for the seed phrase temporarily stored on a device connected to the Internet.
- Email your hardware wallet or seed phrase to yourself.: If you are traveling with significant Bitcoin funds and do not want to have yourself stolen from a 2/3 multi-signature physical attack while traveling, you can, for example, mail one hardware wallet or seed phrase to your destination. You can carry one key with you and access your funds when you arrive.
- Partner’s Opposition Signature: Your managing partner, whether a financial institution like Unchained or a trusted third party, can arrange to sign transactions while traveling if you want to travel using a small number of keys with multi-signature.
You can configure your own multi-signature wallet using tools like Sparrow, Electrum, or our own Caravan. If you need help setting up multi-signature or understanding travel best practices in the context of co-management, our team can help. that.
7. Make an inheritance plan
It’s a good idea for anyone with significant Bitcoin wealth to have an inheritance plan, but this is especially true when traveling. If something happens while you’re traveling, you’ll want to have peace of mind knowing that your Bitcoins will be delivered rightfully to your next of kin without a problem.
If you’re traveling with self-managed Bitcoin in a single sig wallet, this can be very difficult, but multisig (even better for inheritance purposes, including co-managing partners in a multisig setup) can offer the best of all worlds. . You can enjoy peace of mind knowing that your self-managed Bitcoin will be processed even while you are away.
We previously wrote an article explaining the intricacies of how to set up a Bitcoin inheritance plan, something you should consider before you travel.
More Bitcoin Security Considerations
Travel procedures are important, but there is much more to Bitcoin key security. Check out our guide to seed phrase storage best practices, the pros and cons of backing up paper and metal seed phrases, proper security of your wallet configuration information when using multi-signatures, and the principles of storing your seed phrase in a safe. Box.
Originally published on Unchained.com.
Unchained is Bitcoin Magazine’s Official US Co-Managing Partner and an essential sponsor of related content published through Bitcoin Magazine. Please visit our website to learn more about the services we offer, our storage products, and the relationship between Unchained and Bitcoin Magazine.