Define Prevent Repair: Develop a Bitcoin Security Plan

I updated my bitcoin security about a year ago, after listening to SLP-97 Every Bitcoin Hardware Wallet Sucks. Before Specter desktop, he said this of ColdCard:

“They’re the least bad, but it’s not something that your mum would really say, ‘Hey, this worked out great for me.’”

Since then, Michel wrote a guide on how to 10x your bitcoin security. (I also wrote a blog about how to set up an emergency paper wallet) I did not have a ColdCard last year and because I am a minimalist, so I don’t like to buy a lot of things. I had a Ledger Nano S, I thought this was good enough. This is when I became a bitcoin maximalist too. I wanted to trade my bags for more bitcoin because the halving was coming up and that tends to pump the price. I didn’t have too many shitcons(not a typo) left and I thought it would be a good idea to get rid of them.

The Ledger did not work with my electric privacy coin anymore. WTF? My worthless shitcoin was now un-spendable. I heard Mr. Flaxman say all hardware wallets suck. He especially seemed to dislike Ledger, explaining, “Ledger just says, “Good luck. Trust your malware-infected machine.”

That’s when I decided I was only going to HODL bitcoin. I should have bought a ColdCard, but I’m a cheap bastard. I alrady had an old Trezor One I could slap a passphrase onto. The Ledger passphrase was more complicated and already wrecked my z-cash. I decided to go bitcoin only on and secure it on my old Trezor One.

Of course, this meant I had to trust that Trezor would not commit a retirement attack. This is unlikely, but it’s an interesting thought experiment. What do you do if a devices manufacture or man in the middle intercepts a hardware wallet and puts one of a billion seeds contained in their database? I thought a simple passphrase could mitigate this risk. I keep the passphrase written on paper in my fire-proof safe. The Trezor and seed were in a safe deposit box. I planned on reviewing my security scheme every six moths. Who needs to waste sats on a Cold Card when you’re as clever as me?/sarcasm

Anxiety

Four months after I came up with this idea, I learned Trezors can be hacked in about 15 minutes. That made me a little worried. I decided to do some research on some other hardware wallets. Then the pandemic was the only thing on my Twitter feed and I was starting to freak out. I didn’t think about my hardware wallet much until the lockdown in Italy. MirBTC was writing a lot about how the whole country was on lockdown. I didn’t think that could happen here, but I never considered a pandemic in my threat model.

A week later, I panic bought enough toilet paper to last through 263,250 bitcoin blocks.

2,880 bitcoin blocks later, the banks closed.

I had no plan B for my Plan ₿.

My New Bitccoin Security Plan

I bought a Trezor Two (a second Trezor One) because I lost accesses to the first. Then I learned about a possible large transaction fee attack in June. They fixed it with an update, but it was the last straw for me. I decided to upgrade my security plan., but I needed to think a lot about it first.

A long time ago, I also had the bright idea that I would put half of my seed in a book in my house. I put the other half of the seed in a book at my parent’s house. Now I have no idea what happened to that book. It’s probably sitting in the finance store of a used bookstore. I also buried my seed words using PVC pipe a plastic bag and acid free paper. I would love to tell you this worked, but how the hell would I know? I forgot where I buried them.

Before you start searching bookstores and digging random holes in the Earth, I have obviously changed my setup. I don’t want to give too many details about my specific security plan, but I came up with it using what Tim Ferris calls Fear Setting.

“Set aside a certain number of days, during which you shall be content with the scantiest and cheapest fare, with course and rough dress, saying to yourself the while: ‘Is this the condition that I feared?”

The process involves defining your worst fear and coming up with a plan to mitigate that risk and repairing the damage in case of disaster.

Four months after I came up with this idea, I learned Trezors can be hacked in about 15 minutes. That made me a little worried. I decided to do some research on some other hardware wallets. Then the pandemic was the only thing on my Twitter feed and I was starting to freak out. I didn’t think about my hardware wallet much until the lockdown in Italy. MirBTC was writing a lot about how the whole country was on lockdown. I didn’t think that could happen here, but I never considered a pandemic in my threat model.

A week later, I panic bought enough toilet paper to last through 263,250 bitcoin blocks.

2,880 bitcoin blocks later, the banks closed.

I had no plan B for my Plan ₿.

Fear Setting

I bought a Trezor Two (a second Trezor One) because I lost accesses to the first. Then I learned about a possible large transaction fee attack in June. They fixed it with an update, but it was the last straw for me. I decided to upgrade my security plan., but I needed to think a lot about it first.

A long time ago, I also had the bright idea that I would put half of my seed in a book in my house. I put the other half of the seed in a book at my parent’s house. Now I have no idea what happened to that book. It’s probably sitting in the finance store of a used bookstore. I also buried my seed words using PVC pipe a plastic bag and acid free paper. I would love to tell you this worked, but how the hell would I know? I forgot where I buried them.

Before you start searching bookstores and digging random holes in the Earth, I have obviously changed my setup. I don’t want to give too many details about my specific security plan, but I came up with it using what Tim Ferris calls Fear Setting.

“Set aside a certain number of days, during which you shall be content with the scantiest and cheapest fare, with course and rough dress, saying to yourself the while: ‘Is this the condition that I feared?”

The process involves defining your worst fear and coming up with a plan to mitigate that risk and repairing the damage in case of disaster.

Here’s a sample of some of my fears. These are worst case scenarios. Many of them might be what Nick Szabo calls Pascal’s Scam’s, but this is better for my sleep than melatonin.

Define Prevent Repair

Seed Burglary

$5 wrench attack

Death/ wife’s ability to recover

6102/Communism

War

Solar Flares

Natural Disasters

House fire

How hot does a house fire get?

Bank Fire

Bank Burglary

What if is send my bitcoin to a b-trash address?

How long would it take to brute force my passphrase?

Bank Closure/Pandemic

Exchange Hack/KYC

Amnesia

My address is in a bitcoin business database

Retirement attack

Typo in my passphrase

Mistake in writing my seed words

HWW manufacture goes out of business

I didn’t include my prevention or repair measures. That would just be one more item in the define column. Everyone has different fears and different solutions. You might not be afraid of communism, but my uncle and his family lived in Egypt when communists took over. The probability of a bank vault getting robbed are slim, but it’s happened before.

After I wrote these things down, I got some new hardware and tested it several times. I was ready to move my funds. I was finally got an appointment to visit my safe deposit box. How would my wife no what to do with this piece of plastic and paper? My bitcoin would have died with me. I recovered my wallet from memory using Ed Cook’s techniques Tim Ferris wrote about in the Four-Hour Chef. It turns out, Ed Cook is a Bitcoiner.

The good news was that I found about $100 worth of bitcoin on a legacy address that I forgot about. Sweet!

The bad news is that I forgot my passphrase. I thought I had it memorized, but it had been almost a year since I typed it. That was the fatal mistake. Locking up my hardware wallet meant that I could not access it without going to the pandemic closed bank. No worries. I wrote the passphrase down and placed it in my safe. That passphrase didn’t work either.

I tried several iterations before taking a break. I was grouchy. Using the pessimistic power of Stoicism, I thought about what I would do if I were not able to recover by bitcoin. I still had a little. I vowed to try a new password every day until I finally unlocked it. I also found a python program that checks for typos in your passphrase. If you forget one of your seed words, there’s a program that can help with that too.

I read the code of BTC recover and that made me feel better. There were only so many likely combinations of my passphrase that it could be. There is no way I typed a q instead of a b, so I made a list of about 100 possible mistakes I could have made onto a txt file. Then I copied and pasted it into the passphrase field in the trezor.io wallet. After about 80 attempts, I finally unlocked my wallet. I forgot a space. I slept ten hours that night.

I wrote a post-mortem similar to this one from Gitlab to prevent those mistakes in the future. I also lost about 3,000 sats testing the multi-sig setup on Specter Desktop because I accidently erased the wallet using nano when I tried to fix a bug . If I ever need to send bitcoin from Specter Desktop to a Samourai Wallet again , I’ll copy and paste the address into this little program I wrote that makes all of the letters lowercase. I’m a neophyte, but it works.

When you set up your own bitcoin security plan, spend some time thinking about what can go wrong. Take steps to prevent mistakes. Test, test, test and retest. You should use testnet before you use real funds, but I tend to use small amounts of bitcoin. Restore your wallets. Make sure you wrote your seed words down and can recover your wallet using them. Make sure any passphrases you use are tested and retested. Put at least the first 4 letters of each seed word on steel. If you’re cheap like me, stamp them on washers. Check out this jig from Cryptocloaks.

Thanks for reading.

Leave a Reply

Shopping cart

0

No products in the cart.