Not your keys, not your coins, right? You hear that all the time from hardcore bitcoiners. But how do you even start figuring that stuff out? An excellent guide on self-custody by econoalchemist.

1/35 A thread on getting started with #bitcoin self-custody:

How to:
– setup a new @COLDCARDwallet
– secure a seedphrase with @CypherSafe
– receive & send #bitcoin using PSBT with @SparrowWallet

Welcome to the wonderful world of radical responsibility 😉

2/35 This thread is the short version of a more detailed article which can be found on my blog here:

3/35 To follow along make sure you have the following items:

1 x @COLDCARDwallet
1 x MicroSD Card
1 x @usbCOLDPOWER Adaptor & 9v Battery
1 x USB to microUSB Cable
1 x @CypherSafe Cypher Wheel
1 x Balanced 6-Sided Die
1 x Desktop or Laptop computer 

4/35 If ordering these items online, think of the privacy implications & 3rd party risks associated with sharing your personal info related to Bitcoin materials. A PO Box, an alias, a burner email & phone number can go along way in guarding your privacy and keeping you safe. 

5/35 @COLDCARDwallet ships in a tamper evident bag with a unique identifier that’s programmed into the wallet. Inspect the bag for any signs of tampering.

Inside the bag is a ColdCard, paper backup template, sticker, & duplicate bag identifier.

6/35 If you bought the 9v @usbCOLDPOWER adaptor plug it in. Otherwise a wall wort will suffice. The main idea is to never plug the @COLDCARDwallet into a computer in order to keep it air-gapped.

7/35 Here is a chart to help familiarize yourself with the button’s functions on the @COLDCARDwallet

8/35 At first startup, accept the terms then verify the bag identifier matches between the printed number on the bag and the number displayed on the @COLDCARDwallet screen.

9/35 Create a strong PIN. Each PIN has a prefix & suffix which can each be 6 digits. Notate your anti-phishing words, these are presented each time the prefix is entered to ensure no tampering has occurred with the firmware or components. No one can help you recover this PIN.

10/35 Navigate to New Wallet, a 24-word seed phrase will be generated. You can scroll to the bottom & press 4 to add some random numbers from rolling dice, do at least 100 rolls. Never share your seed phrase with anyone & never save it in a digital format.

11/35 Copy your PIN prefix/suffix, anti-phishing words, & seed phrase to your wallet backup card. Be sure to secure this backup card like it was cash or jewels. And keep separate from your @COLDCARDwallet device.

12/35 A BIP39 passphrase is optional but like having a 25th word. Keep in mind no one can help you recover this. Your @COLDCARDwallet has no way of knowing if it’s correct, anything you enter will generate a valid wallet, but perhaps not the right one. Note the finger print.

13/35 A paper backup is ok, but stainless steel will withstand fire & flood. @CypherSafe makes robust backup devices like the CypherWheel. In the box is everything you need to secure your seed phrase: wheel, letters, tools, security cable/tag, & literature/sticker.

14/35 Using your wallet backup card, duplicate the first 4 letters of each seed word, in order 1-24, into the numbered pockets on both sides of the @CypherSafe CypherWheel.

Each word comes from an industry standard list where no two words share the same first 4-letter sequence.

15/35 The security cable is uniquely numbered, non-retractable, and tamper evident. This will help you ensure that no one has had access to your seed words.

16/35 @CypherSafe also offers recovery tags that you can order specific to the wallet that generated your seed phrase. This can help ensuring you have the correct derivation path.

Learn more here:

17/35 Let’s see how well the @CypherSafe CypherWheel protects the @COLDCARDwallet 24-word seed phrase under white hot, near melting temperatures. ~1,500° C

18/35 Success! The 24-word seed phrase is 100% recoverable. The tamper evident seal & cable for the derivation tag melted. But the @CypherSafe CypherWheel stood the test and protected the vital information needed to retrieve the #bitcoin

19/35 With the @COLDCARDwallet setup & the seed phrase secured on the @CypherSafe CypherWheel, you can send #bitcoin to your wallet in confidence.

Log in, apply passphrase, confirm finger print, & navigate to Address Explorer. P2SH, P2PKH, & Bech32 address formats supported.

20/35 Press 4 to view the QR code for your address so you can scan it from your mobile wallet. I’m using @SamouraiWallet on Android in this example. Enter the amount & double check the details before broadcasting.

21/35 @COLDCARDwallet can also export a .csv file of the first 250 addresses by pressing 1 after entering the address explorer and selecting your preferred address format. Insert the microSD card first.

22/35 If you want to spend from your @COLDCARDwallet while maintaining it’s air-gapped state, then you will need to utilize the Partially Signed Bitcoin Transaction (PSBT) option.

You should still be logged in with passphrase applied, then:

Advanced>MicroSD Card>Generic JSON

23/35 @SparrowWallet is an excellent companion wallet for handling PSBT’s with your @COLDCARDwallet. With this set up you can monitor your ColdCard’s balance, generate receiving addresses, & generate spending tx’s all while keeping the signing key safe & air-gapped. 

24/35 Check out this guide for getting started with @SparrowWallet

25/35 Insert the microSD card into your desktop or laptop. Launch @SparrowWallet, navigate to File>New Wallet. Select Air Gapped Hardware Wallet then next to the @COLDCARDwallet icon choose Import File and navigate to your Generic.json file.

26/35 You will have also named your new wallet. Then Double check the master finger print. The other settings can be left on default. Select Apply. You can set an optional password to encrypt your wallet data file.

27/35 From the @SparrowWallet home screen, navigate to the Receive tab. You can generate a new receive address & compare it to the .csv file to double check your work. Don’t reuse addresses. It is best practice to compare your deposit address to what is displayed on the ColdCard.

28/35 Ideally @SparrowWallet is connected to your own node. But if you’re not quite there yet, you can enable communication with the pre-selected public Electrum server to check your wallet against the #Bitcoin blockchain. This is the least private way to do it though.

29/35 After the deposit has received some confirmations it can be spent via PSBT. Navigate to the Send tab, insert the address you wish to spend to, set an optional label, set the miners fee, & hit create tx.

30/35 Next, review the details & finalize the tx. Then select save PSBT and point it to the microSD card.

31/35 Insert the microSD card into your @COLDCARDwallet. Log in, apply passphrase, & check finger print. Then select Ready To Sign & review details. Then select OK to sign. Your ColdCard will generate a signed version of the PSBT file on the microSD card.

32/35 Insert the microSD card into your desktop or laptop. Back to @SparrowWallet, select Load PSBT & navigate to the signed PSBT file. Then select broadcast tx. Now your tx has been sent to the #Bitcoin network.

You can monitor progress with the txid &

33/35 Make sure you keep your @COLDCARDwallet in a safe place, using this method, it is the only device that can sign your transactions. Plunge into running your own node because you don’t want to be using public electrum servers if you can avoid it. 

34/35 @COLDCARDwallet & @SparrowWallet have a ton of awesome features I didn’t cover here. And @CypherSafe has many products to secure your vital #Bitcoin information. So dive in and check them all out.

35/35 For further reading check out some of these resources:

Keep your @COLDCARDwallet firmware up to date



Leave a Reply