Bitcoin Wallet Cheatsheet: Secure Your Crypto (Self-Custody Guide)

// 0. What is Bitcoin?

Bitcoin :: The Basics

Bitcoin is a decentralized digital currency you can send directly to anyone ( peer-to-peer ) without needing a bank. Transactions are recorded on a public digital ledger called the blockchain .

Key Characteristics:

Decentralized: No single company, country, or person controls it. Run by a global network of computers.
Peer-to-Peer: Transactions happen directly between users.
Blockchain: A transparent, shared, and immutable (unchangeable) record of all transactions.
Limited Supply: Only 21 million bitcoin will ever exist, making it scarce.
Requires Keys: To own and control Bitcoin, you need special digital keys (explained next).

Learn More:

Official Starting Point: Bitcoin.org - Getting Started
Original Vision: Bitcoin Whitepaper

// I. Understanding Bitcoin Wallets

What is a Bitcoin Wallet?

It's software or hardware that manages your secret private keys . These keys are needed to access and spend your Bitcoin. The wallet itself doesn't store Bitcoin ; it stores the keys that control your funds on the blockchain.

Self-Custody :: Your Keys, Your Bitcoin

The core principle: "Not your keys, not your coins." This cheatsheet focuses on self-custody , where YOU control your private keys, not a third-party exchange or service. This gives you full control but also full responsibility.

Why Control Your Own Keys?

Sovereign Control: Only you can access or move your funds. No third party can freeze or lose them.
Censorship Resistance: No one can stop you from sending or receiving transactions.
Full Responsibility: If you lose your keys (or seed phrase), your Bitcoin is permanently lost . You are your own bank.

Cheatsheet Scope:

This guide covers wallet basics, types (Hot/Cold), secure operations, and advanced topics, focusing on tools and practices for effective self-custody.

Legal Disclaimer:

Educational information only. Not financial or security advice. Bitcoin technology evolves. Do Your Own Research (DYOR) and verify all information independently.

// II. Protecting Your Bitcoin: Cold Storage & Hardware Wallets

Cold Storage :: Keeping Keys Offline

Cold Storage means keeping your critical private keys completely offline, isolated from the internet. This dramatically reduces the risk of online theft (hacking, malware).

The Security Advantage:

Online Threat Immunity: Hackers cannot access keys that are never connected to the internet.
Malware Resistance: Viruses on your computer or phone cannot steal offline keys.
Best Practice: Considered the most secure way to store significant amounts of Bitcoin.

Hardware Wallets :: The Key to Cold Storage

Hardware Wallets are small, specialized physical devices designed to keep your private keys secure and offline ( cold storage ). They sign transactions internally, never exposing keys to your connected computer/phone.

Core Functionality:

Key Isolation: Private keys are generated and stored on the device, never leaving it.
Secure Signing: Transactions are confirmed on the device's trusted screen and signed internally. Only the signed transaction (safe to share) is sent back to the computer/phone.
Physical Security: Protected by PIN codes and often tamper-evident features.
Standard Recommendation: The most popular and recommended method for achieving secure cold storage for most users.

Common Examples:

Trezor , Coldcard , Ledger , BitBox02 (More details in Section VIII).

// III. Wallet Fundamentals

Private & Public Keys

Private Key: Your secret password. Used to sign (authorize) transactions. Guard it like gold. Public Key: Derived from the private key. Used to create receiving addresses. Safe to share.

Bitcoin Addresses

Identifiers used to receive Bitcoin, derived from your public key. Think of them like email addresses for money. Best practice: use a new address for each transaction.

Common Address Formats (Look at the starting characters):

Legacy (starts with '1') : Oldest type, highest transaction fees, maximum compatibility.
Nested SegWit (starts with '3') : Better fees than Legacy, good compatibility.
Native SegWit (starts with 'bc1q') : Current standard. Lowest fees , good error detection. Recommended.
Taproot (starts with 'bc1p') : Newest type. Offers potential future privacy and efficiency benefits.

Privacy Tip: Generate and use a fresh address for every payment you receive. Most wallets do this automatically.

Seed Phrase :: Master Backup

A list of 12 or 24 words that acts as the master backup for your entire wallet. If your device is lost or broken, the seed phrase lets you recover all your keys and funds.

Understanding Your Seed Phrase (BIP-39):

Function: The ONLY way to restore your wallet if your device fails or is lost. It IS your Bitcoin if the device is gone.
Generation: Created securely by your wallet (ideally offline by a hardware wallet).
Derivation: The seed phrase mathematically generates your master private key, which then generates all your individual private keys and addresses ( BIP-32 ).
Seed -> Master Key -> All Private Keys -> All Addresses
Security: Treat your seed phrase with EXTREME care. Anyone who sees it can steal ALL your funds. See Section VI for security rules.
Standard: Based on the BIP-39 standard.

How Transactions Work

Sending Bitcoin involves using your private key to sign a message that transfers ownership of specific Bitcoin amounts ( UTXOs ) to a recipient's address. You include a fee to incentivize miners to include it in the blockchain.

Transaction Flow:

UTXOs (Unspent Transaction Outputs): Think of these as individual "coins" or "notes" of Bitcoin in your wallet. A transaction spends one or more UTXOs.
Inputs & Outputs: Your transaction uses your UTXOs as inputs and creates new UTXOs as outputs (one for the recipient, possibly one back to you as change).
Transaction Fee (sat/vB): A small amount paid to miners, based on the data size of your transaction (in virtual Bytes) and network congestion. Higher fees usually mean faster confirmation. Measured in satoshis per virtual byte.
Mempool: A waiting area where transactions sit before being picked up by miners.
Confirmations: When a miner includes your transaction in a block added to the blockchain, it gets one confirmation. More confirmations increase security (6+ is often considered very secure).
Track Transactions: Use a Block Explorer like mempool.space

Transaction Fees

Fees ( sat/vB ) pay miners to include your transaction. They fluctuate based on network demand. Wallets suggest fees, but manual adjustment is possible for urgency vs. cost savings.

Understanding Fees:

Unit: Satoshis per virtual Byte (sat/vB). Higher sat/vB = higher priority for miners.
Estimation: Check sites like mempool.space for current rates for low, medium, high priority.
Wallet Defaults: Most wallets estimate fees, but you can often override them.
Too Low? Transaction may get stuck (see Fee Bumping, Section VII ).
Too High? Wasted funds.

// IV.A Hot Wallets :: ONLINE / CONNECTED

Software Wallets (Desktop/Mobile)

Apps installed on your computer or phone. Hot Wallets because your private keys reside on a device connected to the internet. Convenient for frequent use, but higher risk due to online exposure.

Custody Type Matters:

Non-Custodial: YOU control the keys/seed phrase. Examples: Electrum , Sparrow (Desktop); BlueWallet , Muun (Mobile). [Recommended Hot Wallet Type]
Custodial: A third party (like an exchange app) holds the keys for you. Easier to start, but you don't truly own the Bitcoin ( Counterparty Risk ). Not covered in detail here.

Threats to Hot Wallets:

Vulnerable to: Malware (viruses, keyloggers), Phishing attacks, OS security holes, physical theft of the device.
Best Use: Small amounts for daily spending, like cash in your physical wallet. Not for large savings.
Rule of Thumb: Only keep small, spendable amounts in hot wallets. Use hardware wallets for long-term savings / significant holdings.

Web Wallets

Accessed through your web browser. Often custodial (run by a website). Generally Considered VERY RISKY due to phishing, malicious browser extensions, and website hacks. Mostly avoided for self-custody.

// IV.B Cold Wallets :: OFFLINE / ISOLATED

Hardware Wallets (Recap)

Dedicated physical devices keeping keys offline. The gold standard for secure cold storage. Sign transactions securely without exposing keys. (See Section II for intro).

Key Advantages:

Maximum Security: Private keys never touch your internet-connected computer/phone.
Malware/Virus Immune: Designed to resist threats that affect software wallets.
Secure Confirmation: Lets you physically verify transaction details on its screen before approving.

Considerations:

Cost: They are physical devices you need to purchase.
Physical Security: Needs to be kept safe from physical theft or damage (though the PIN protects it, and the seed phrase is the ultimate backup).
Examples: Trezor , Coldcard , Ledger . (Comparison in Section VIII).

Paper Wallets

Printing your private and public keys directly onto paper. Largely Obsolete & High Risk. Difficult to use safely, easy to damage or lose.

Major Drawbacks:

Spending is Hard & Risky: Importing the private key into a software wallet exposes it online, defeating the "cold" purpose. Spending partial amounts is complex.
Fragile: Easily destroyed by fire, water, tearing, or fading ink.
Difficult to Generate Securely: Requires specialized offline procedures to avoid malware during creation.
Easily Compromised: If someone sees or copies the paper, funds can be stolen.

Recommendation: Use a hardware wallet instead for much better security and usability.

Air-Gapped Setups

Using a completely offline device (like a dedicated computer or certain hardware wallets) to sign transactions. Data is transferred via mediums like SD cards or QR codes ( PSBT standard). Maximum network isolation.

How it Works (Simplified):

Create an unsigned transaction ( PSBT ) on an online "watch-only" wallet.
Transfer the PSBT file/QR code to the offline signing device.
Sign the transaction securely on the offline device.
Transfer the signed PSBT back to the online device.
Broadcast the signed transaction to the Bitcoin network.

Pros & Cons:

Benefit: Eliminates almost all risk from online malware or network attacks on the signing keys.
Drawback: More complex workflow than standard hardware wallets. Potential (low) risk if the transfer medium (e.g., SD card) is compromised, though PSBTs mitigate this somewhat.

Often used for very high security needs. Hardware wallets like Coldcard or DIY options like Seedsigner specialize in this.

// V. Core Wallet Operations

Wallet Setup & Backup

Generate your seed phrase securely ( best done on a hardware wallet ). Write down the seed phrase accurately. Store it offline & safely. VERIFY your backup. Set a strong device PIN.

Initialization Checklist:

Hardware Wallet Prep: Verify device integrity (tamper seals), install official firmware if needed.
Seed Generation: Let the wallet generate a new seed phrase for you.
Seed Phrase Backup:
- Write words down CLEARLY and IN ORDER. Double-check spelling.
- Store OFFLINE ONLY. Metal backups (steel plates) resist fire/water. See Section VI.
- NEVER store digitally (photo, file, password manager).
Backup Verification: Use the wallet's function to confirm your written backup is correct *before sending any funds to the wallet*.
Set Strong PIN/Password: Protects the device itself.
(Advanced) Passphrase: Consider adding a BIP-39 Passphrase later for extra security (see Section VII).

Receiving Bitcoin

Generate a fresh receiving address in your wallet. If using a hardware wallet, ALWAYS verify the address shown on your computer/phone matches the address shown on the hardware wallet's trusted screen. Share the verified address/QR code.

Sending Bitcoin

Enter the recipient's address ( DOUBLE/TRIPLE CHECK IT CAREFULLY ). Enter the amount. Set an appropriate transaction fee (sat/vB) . Confirm the address and amount on your HARDWARE WALLET SCREEN before approving.

Sending Checklist:

Recipient Address: Paste or scan the address. Visually verify the first few and last few characters match the intended address. Beware of clipboard malware!
Amount: Enter the correct amount of Bitcoin to send.
Fee Setting: Check current network conditions (e.g., on mempool.space ) to choose a fee rate ( sat/vB ) that matches your urgency. Higher fee = faster confirmation.
Review on Software: Check all details on your computer/phone screen.
Hardware Wallet Confirmation: This is vital! Carefully check that the recipient address and amount shown ON THE HARDWARE WALLET'S SCREEN are correct before pressing the button(s) to sign/approve. This defeats clipboard hijacking malware.
Authorize & Broadcast: Approve the signing on the hardware wallet. The software wallet will then broadcast the signed transaction.

Checking Balance & History

Your wallet software shows your balance and transaction history. You can also use a public block explorer (like mempool.space ) by entering your addresses (not keys!) but be aware this links your addresses publicly.

// VI. Security Best Practices (OPSEC)

Seed Phrase Security :: Rule #1

[MOST IMPORTANT RULE] Your 12/24 words ARE your Bitcoin backup. Protect them above all else. Any compromise (digital or physical) means likely TOTAL LOSS.

Rule 1: NEVER Store Digitally. No photos, no typing into computers/phones, no cloud storage, no password managers, no emails/chats. Assume ALL online devices can be compromised. Rule 2: NEVER Share Your Seed. No website, app, or "support agent" ever needs your seed phrase. Anyone asking is a SCAMMER trying to steal your funds. Rule 3: BACKUP Physically & Securely. Use durable materials (steel recommended), verify accuracy, store securely offline (hidden, safe), consider redundancy (multiple locations).

Secure Storage Strategies:

Recommended: Verified accurate copy on metal plates (fire/water/corrosion resistant like SeedPlate , Cryptosteel ). Store in multiple secure, non-obvious physical locations (e.g., home safe, trusted relative's safe, bank deposit box - weigh risks of each).
Avoid: Plain paper (easily damaged/destroyed), easy-to-find locations, storing all backups in one place (single point of failure).
Consider: Test your backup/recovery plan periodically with a small amount or on Testnet (See Section VII).

Hardware Wallet Security

Buy hardware wallets directly from the manufacturer or authorized resellers. Use a strong PIN. ALWAYS verify transaction details (address, amount) on the device's trusted screen before confirming. Keep firmware updated cautiously.

Hardware Wallet Best Practices:

Source Securely: Buy directly from the vendor to avoid tampering during shipping (supply chain attack). Check tamper-evident seals upon arrival.
Strong PIN: Use a non-obvious PIN (more than 4 digits if possible). This protects against casual physical access.
(Optional) Passphrase: Understand how the BIP-39 Passphrase works (Section VII) before using it. It adds security but also risk if forgotten.
Trusted Display Verification: MANDATORY for every Send/Receive operation. It's your defense against malware on your computer/phone trying to trick you into sending funds to the wrong address.
Firmware Updates: Update only when necessary, using official instructions. Ensure your seed phrase backup is accessible *before* updating. Verify update authenticity.
Physical Protection: Keep the device safe from theft or prolonged unauthorized access ("Evil Maid Attack" where someone tampers with it).

Computer & Network Security

Use reputable wallet software from official sources. Keep your OS and security software updated. Be extremely vigilant against phishing scams. Avoid using public/untrusted Wi-Fi for sensitive operations.

Protecting Your Digital Environment:

Software Source: Download wallet software ONLY from official developer websites. Verify digital signatures if possible. Prefer well-known, open-source options when using software wallets.
System Health: Keep your operating system (Windows, macOS, Linux) and anti-malware software up-to-date.
Phishing Awareness: Be skeptical of emails, messages, links, or apps asking for wallet details, seed phrases, or urging you to connect your wallet. Verify requests through official channels. Never enter your seed phrase online or into any software except during wallet recovery.
Network Safety: Avoid connecting hardware wallets or performing sensitive actions (like seed recovery) on public Wi-Fi networks. Consider using a VPN.
Clipboard Malware: Malware can secretly change copied Bitcoin addresses. ALWAYS double-check pasted addresses visually AND confirm on your hardware wallet's screen.

Backup, Recovery & Inheritance

Your seed phrase IS the ultimate backup . The hardware device is replaceable. Have a tested recovery plan. Consider how your family could access funds if needed ( inheritance planning ).

Planning for the Unexpected:

Recovery Practice: Know the exact steps to restore your wallet using your seed phrase on a new/reset device or compatible software. Practice this (ideally on testnet or with a tiny amount) *before* you actually need it in an emergency.
Inheritance Planning: CRITICAL step often overlooked. If only you know how to access the funds, they could be lost forever upon your death or incapacitation.
- Provide clear, secure instructions to a trusted person/executor (without revealing the seed itself prematurely).
- Consider using Multisignature setups (Section VII) to distribute control.
- Explore specialized services (vet carefully!): e.g., Casa , Unchained Capital .
Backup Redundancy: Having multiple secure backups (e.g., two steel plates in different secure locations) protects against loss from a single event (fire, flood, theft).

// VII. Advanced Features & Techniques

BIP-39 Passphrase ("Hidden Wallet")

An optional, user-chosen word or phrase added to your 12/24 word seed. Creates a completely separate, hidden set of keys/addresses. Use with extreme caution.

How it Works:

Seed Phrase ONLY = Wallet A
Seed Phrase + Passphrase 'X' = Wallet B (Hidden)
Seed Phrase + Passphrase 'Y' = Wallet C (Hidden)
The passphrase is never stored on the device.
Use Case: Plausible deniability (reveal the non-passphrase wallet under duress). Adds security if BOTH seed and passphrase are required.

CRITICAL RISK:

If you forget the EXACT passphrase (case-sensitive, spaces count), the funds in that hidden wallet are PERMANENTLY LOST. There is NO recovery. You MUST back up the passphrase separately and securely from the seed, or memorize it perfectly (very risky).

Multisignature (Multisig)

Requires multiple keys (held on different devices/locations) to approve a transaction (e.g., 2-of-3 keys needed). Greatly enhances security and enables shared control.

Why Use Multisig?

Enhanced Security: An attacker needs to compromise multiple keys/devices/locations, not just one.
Shared Control: Good for business funds (multiple partners need to sign) or joint accounts.
Robust Backup/Inheritance: Distribute keys among yourself, a safe deposit box, a lawyer, family members, etc., so losing one key doesn't mean losing funds.

Setup:

Requires specialized software (like Sparrow Wallet , Specter Desktop , Nunchuk ) to coordinate multiple hardware wallets.
Uses PSBTs (Partially Signed Bitcoin Transactions) to pass the transaction between signers.
More complex than single-signature wallets.
Resource: Sparrow Multisig Guide

Using Your Own Full Node

Connect your wallet software (like Sparrow or Specter) directly to your own Bitcoin Core full node instead of relying on third-party servers. Maximizes privacy and trustlessness.

Benefits:

Privacy: Your wallet doesn't broadcast your addresses and transaction history to company servers.
Verification: Your node independently validates all Bitcoin rules and transactions; you don't trust someone else's node.
Network Support: Helps strengthen the decentralized Bitcoin network.

Requirements:

Requires dedicated hardware (like a Raspberry Pi or old computer), sufficient internet bandwidth, and storage space.
Easier setup options exist (e.g., Umbrel , Start9 ).
Requires compatible wallet software.
Resource: Node Implementation Options

Coin Control (UTXO Management)

Manually selecting which specific "chunks" of Bitcoin ( UTXOs ) are used as inputs when creating a transaction. Useful for advanced privacy and fee management.

Benefits:

Privacy: Avoids linking UTXOs from different sources together in one transaction, which can reveal information about your holdings. Allows separating funds (e.g., KYC vs non-KYC - *note: advanced topic with limits*).
Fee Management: Can sometimes help optimize transaction size and cost by choosing specific UTXOs.
Labeling: Allows you to label UTXOs with their source or purpose for better tracking.

Requires wallet software that supports this feature (e.g., Electrum , Sparrow , Specter ).

PSBT (Partially Signed Bitcoin Tx)

A standard format ( BIP-174 ) for transactions that are not yet fully signed. Essential for air-gapped and multisig workflows.

Common Workflows:

Air-Gap Signing: 1. Create unsigned PSBT online. 2. Move PSBT file/QR to offline signer. 3. Sign PSBT offline. 4. Move signed PSBT back online. 5. Broadcast.
Multisignature Signing: 1. Create unsigned PSBT. 2. Pass to Signer 1 -> Signs -> Partially Signed PSBT. 3. Pass to Signer 2 -> Signs -> Fully Signed PSBT (if 2-of-2). 4. Broadcast.

Facilitates complex signing arrangements without exposing keys online.

Fee Bumping (RBF / CPFP)

Techniques to speed up a stuck (unconfirmed) transaction by increasing the fee.

Methods:

RBF (Replace-By-Fee): If your wallet enabled RBF ( BIP-125 ) when sending, you can broadcast a *new version* of the same transaction with a higher fee. Miners will prioritize the higher-fee version.
CPFP (Child-Pays-For-Parent): If you received a transaction that is stuck, you can spend *that* incoming UTXO (even before it confirms) in a *new* transaction with a very high fee. Miners are incentivized to mine the stuck parent transaction so they can also mine the high-fee child transaction.

Requires wallet support for these features.

Shamir Backup (Seed Splitting)

Splits your seed phrase backup into multiple unique 'shares' (e.g., 3-of-5). You need a certain threshold of shares (e.g., 3 out of the 5) to recover the wallet. Increases redundancy.

How it Helps:

Redundancy: You can lose some shares (less than the threshold) and still recover your funds.
Security: An attacker needs to find multiple shares (the threshold number) to steal funds, not just one backup.

Considerations:

Complexity: More complex to set up and recover than a standard BIP-39 seed phrase.
Compatibility: Less widely supported by wallets. Primarily associated with Trezor hardware wallets ( SLIP-39 standard ).
Still requires careful management of the individual shares.

Testnet (Practice Network)

A parallel Bitcoin network where the coins have no real-world value. Excellent for safely testing wallet features, practicing recovery procedures, or learning without risking real money.

// VIII. Hardware Wallet Comparison

How to Choose a Hardware Wallet

Consider: Security Model (Chip Type, Code Audits), Bitcoin Focus vs Multi-Coin, Air-Gap Capability, User Experience, Advanced Features (Multisig, Passphrase), Price, Vendor Reputation.

Key Comparison Factors:

Security Chip: Secure Element (SE) is a dedicated, tamper-resistant chip (often closed-source) vs. a General Purpose Microcontroller (MCU) which relies more on software hardening (can be more open). Both have pros/cons.
Source Code: Is the firmware ( Open Source ) verifiable by the public, or ( Closed Source ) requiring trust in the vendor? Hardware design openness also varies.
Coin Support: Bitcoin-Only devices have a reduced attack surface (less code complexity). Multi-Coin devices offer convenience if you hold other assets but add complexity.
Air-Gap Features: Does it support true air-gapped operation (via SD card/QR codes like Coldcard ) or does it require USB/Bluetooth?
User Experience (UX): Ease of setup, screen quality, button usability, companion software quality.
Advanced Features: Support for Passphrases, Multisig (PSBT), Coin Control, Shamir Backup (SLIP-39), etc.
Price Point.
Vendor Reputation & Trust: Company history, security track record, community perception, responsiveness to issues.

No single "best" wallet exists. Choose based on your technical comfort, security needs, budget, and desired features.

Trezor (Safe 5 / Safe 3 / Model T)

[+] Long history, Open Source FW (device), User-friendly Suite, Passphrase (All). Safe 5: Large Color Touchscreen, Haptic feedback, Shamir/Enhanced Backup. Safe 3/5: Secure Element Option. Model T: Shamir Backup. [-] Safe 3/5 SE firmware is closed source. Model T uses MCU (less physical tamper resistance vs SE). No native air-gap mode (USB required). Safe 5 is higher priced.

trezor.io

Coldcard (Mk4 / Q1)

[+] Bitcoin-Only (reduced attack surface), Strong security reputation, True Air-Gap (SD card, NFC, USB-PSBT), Excellent PSBT/Multisig support, Open Source Firmware, Dual Secure Elements (Mk4/Q1), Physical security (PIN, Duress PIN, Brick Me PIN). Q1 adds QWERTY keyboard, larger screen. [-] Steeper learning curve than others, Requires coordinator software (e.g., Sparrow, Specter), Basic UI (functional, not fancy), Q1 is larger and more expensive.

coldcard.com

Bitkey

[+] Beginner-friendly setup, No user-managed seed phrase (removes major user error point), Simple hardware (fingerprint), Recovery assistance via 2-of-3 multisig (Mobile Key, Hardware Key, Server Key), Integration with partners (e.g., Cash App, Coinbase). [-] **Not traditional self-custody:** Relies on a 2-of-3 multisig where Block/Bitkey holds one server key, introducing counterparty risk (server availability, policy enforcement/limits, potential censorship). Mobile key is hot. Hardware key doesn't operate standalone like traditional HWs. Requires server interaction for signing/recovery. Closed-source components (especially server-side). Different trust model than fully user-controlled wallets.

bitkey.world

Ledger (Nano S+ / Nano X / Stax)

[+] Uses Secure Element (SE) chip, Wide Coin Support, Popular/Well-known brand, Polished Ledger Live companion app (Desktop/Mobile), Bluetooth (Nano X). [-] Closed Source device firmware & SE firmware, Requires trust in vendor. Controversial 'Ledger Recover' service (opt-in seed fragment backup). Past *customer data* breach (not keys). Heavy reliance on Ledger Live app. Multi-coin support increases code complexity/attack surface vs Bitcoin-only. Stax significantly delayed.

ledger.com

BitBox02 (Bitcoin-Only Ed.)

[+] Strong security focus (SE + Open FW parts), Minimalist design, BTC-Only version available, Good companion app. [-] Requires BitBoxApp, USB connection (no true air-gap).

bitbox.swiss

Seedsigner (DIY)

[+] Very Low Cost, DIY/Educational, Fully Air-Gapped via QR codes (stateless option), Fully Open Source HW & SW. [-] Requires assembly & setup, UX depends on components used, QR scanning can be slower.

seedsigner.com

Blockstream Jade

[+] Affordable, Bitcoin-focused, Optional QR Air-Gap mode, Open Source HW/FW, Stateless/Server-assisted security model option. [-] Server assistance ("Blind Oracle") requires trust (optional unlock), Basic UI.

blockstream.com/jade/

Foundation Passport (Batch 2)

[+] Premium build quality, Bitcoin-focused, Air-Gapped via QR/SD card, Strong security emphasis, Open Source FW. [-] Higher price point, Relies on companion app/coordinator SW.

foundationdevices.com

Making Your Choice

Factor in your technical skills, budget, need for other coins, desire for air-gap, open source preferences, advanced feature needs (like multisig), and trust in the vendor. Analyze the tradeoffs based on your personal threat model and use case.

// IX. App Wallet Comparison (Software/Mobile)

How to Choose an App Wallet

Consider: Platform (Desktop/Mobile), Ease of Use, Features (Lightning, Coin Control, Node Connect, HW Support), Security Model, Open Source Status, Vendor Reputation. App wallets carry inherent online risks; hardware wallets are advised for substantial amounts. Focus on Non-Custodial options where YOU control the keys/seed.

Key Comparison Factors for App Wallets:

Platform: Is it available for your device (iOS, Android, Windows, macOS, Linux)?
User Experience (UX): Is it intuitive for beginners or geared towards advanced users?
Key Features:
- Lightning Network: Does it support faster, cheaper Layer 2 payments?
- Coin Control: Can you manually select UTXOs for privacy/fee management?
- Full Node Connection: Can it connect to your own Bitcoin node for maximum privacy?
- Hardware Wallet Integration: Can it act as an interface for your hardware wallet?
- Multisig Support: Does it facilitate setting up or signing multisignature transactions?
Security Model: How are keys stored? Does it offer extra security features (e.g., Tor support)?
Open Source: Is the code publicly available for review? This increases transparency and trust.
Reputation: Vendor track record, community perception, responsiveness to issues.

Prioritize wallets that are non-custodial, well-reviewed, and ideally open-source. Test with small amounts first.

Sparrow Wallet

[+] Desktop (Win/Mac/Linux), Feature-Rich (Coin Control, Node, HW, Multisig), Privacy focus (Tor), Open Source. [-] Desktop only, Can be complex for beginners.

sparrowwallet.com

BlueWallet

[+] Mobile (iOS/Android), User-Friendly, Supports Lightning (custodial LDK node option), HW integration, Multisig Vaults, Open Source. [-] Some advanced features less obvious, LN is custodial by default (but configurable).

bluewallet.io

Electrum

[+] Desktop (Win/Mac/Linux), Mobile (Android), Long-standing, Advanced features (Coin Control, LN, Multisig, HW support), Open Source. [-] UI can feel dated/complex for beginners, relies on Electrum servers by default (can connect to own node).

electrum.org

Muun Wallet

[+] Mobile (iOS/Android), Very Simple UI, Seamless On-chain/Lightning handling (via submarine swaps), Non-custodial LN. [-] Fewer advanced features (no coin control/node connect), Unique backup method (Emergency Kit + Email/Password or Social Recovery - understand it!).

muun.com

Blockstream Green

[+] Mobile (iOS/Android), Desktop (Limited), Strong focus on Multisig security (2-of-2 with server, or 2-of-3), HW support, Tor support, Open Source. [-] Default multisig relies on Blockstream server for one signature (2FA helps), Fewer features than Sparrow/Electrum.

blockstream.com/green

Nunchuk

[+] Mobile (iOS/Android), Desktop (Win/Mac/Linux), Strong focus on Collaborative Multisig, Intuitive multisig setup, HW support, Air-gapped signing option. [-] Primarily designed for multisig (can do single sig), Subscription model for some features.

nunchuk.io

Making Your Choice

Choose based on your primary device (mobile/desktop), technical comfort, need for specific features like Lightning or Multisig, and privacy requirements. Always download from official sources and verify authenticity where possible.

// X. How People Lose Bitcoin (Avoid These!)

Seed Phrase Loss / Compromise

#1 CAUSE OF LOSS: Losing the physical backup, damage (fire/water), incorrect transcription, storing it digitally (photo/file/cloud -> HACKED), forgetting passphrase.

Phishing / Scams

#2 CAUSE OF LOSS: Being tricked into revealing your seed phrase or private keys to fake websites, fake apps, fake support agents, or malicious software.

Malware on Computer/Phone

Viruses stealing keys from software wallets, clipboard hijackers changing pasted addresses, fake wallet apps, keyloggers capturing passwords.

Physical Theft / Coercion

Theft of poorly secured seed phrase backups, theft of hardware wallet (PIN/Passphrase is defense), being forced to reveal keys ("$5 wrench attack").

Device Issues (Without Backup)

Forgetting PIN after too many tries (requires seed restore), device failure/damage without having a verified seed backup , accidental factory reset.

Lack of Inheritance Plan

Owner passes away or becomes incapacitated without leaving clear, secure instructions for heirs to access the funds. Bitcoin becomes permanently lost.

Supply Chain / Bad Vendor

Receiving a tampered hardware wallet (always buy direct!), using insecure or malicious wallet software from unknown sources.

Prevention is Key

Most losses are preventable through careful seed phrase management, vigilance against scams, using reputable hardware, and having robust backup plans.

// XI. Terminology Glossary

Key Terms Defined

Quick definitions for common Bitcoin and wallet terms used in this guide.

Address: Identifier used to receive Bitcoin (e.g., starts with 1, 3, bc1q, bc1p). Generated from your public key.
Air Gap: Keeping a device (like a hardware wallet or dedicated signing computer) physically isolated from network connections (internet, Bluetooth).
BIP (Bitcoin Improvement Proposal): Standards documents for the Bitcoin protocol (e.g., BIP-32, BIP-39).
BIP-32: Standard for Hierarchical Deterministic (HD) wallets, allowing many keys to be derived from a single master seed.
BIP-39: Standard for mnemonic seed phrases (12/24 words) used to back up and recover HD wallets.
BIP-44/84/86: Standards defining specific ways (derivation paths) to organize keys for different address types (Legacy, SegWit, Taproot) within a BIP-32 wallet.
Bitcoin Core: The primary, reference implementation of the Bitcoin full node software.
Block Explorer: A website or tool used to view information on the public blockchain (transactions, addresses, blocks).
Blockchain: The distributed, public, and immutable ledger that records all Bitcoin transactions.
Cold Storage: Storing private keys completely offline, away from internet connections. The most secure way to hold Bitcoin, typically achieved using hardware wallets or fully air-gapped devices.
Coin Control: Manually selecting specific UTXOs (unspent chunks of Bitcoin) to use as inputs when creating a transaction.
Confirmation: The inclusion of a transaction in a block added to the blockchain. More confirmations increase transaction finality.
CPFP (Child-Pays-For-Parent): A fee-bumping technique where you spend an unconfirmed incoming transaction (the 'child') with a high fee, incentivizing miners to confirm both the child and its stuck 'parent'.
Custodial: A service where a third party (like an exchange) holds your private keys for you. You don't truly control the Bitcoin; "Not your keys, not your coins."
Derivation Path: A specific "route" defined by standards like BIP-44/84/86, telling the wallet how to find/generate specific keys/addresses from the master seed (e.g., m/84'/0'/0'/0/0).
Fee Rate (sat/vB): The price paid for transaction inclusion, measured in satoshis per virtual byte of transaction data size.
Full Node: Software that downloads and independently validates the entire Bitcoin blockchain according to the network's consensus rules.
Hardware Wallet: A physical device designed to securely store private keys offline (cold storage) and sign transactions without exposing keys to a connected computer/phone. The recommended standard for significant holdings.
HD Wallet (Hierarchical Deterministic): A wallet using BIP-32, where all keys and addresses are derived from a single master seed (backed up by the BIP-39 seed phrase).
Hot Wallet: A wallet where the private keys are stored on a device that is connected to the internet (e.g., software wallets on phones/computers). Convenient for spending, but carries higher risk than cold storage.
Keys (Private/Public): Cryptographic pair: Private Key (secret, signs transactions), Public Key (sharable, derives addresses).
Mempool: The "waiting room" for broadcasted transactions before they are confirmed in a block by miners.
Multisignature (Multisig): A setup requiring signatures from multiple private keys (M out of N total keys, e.g., 2-of-3) to authorize a transaction.
Non-Custodial: A wallet where YOU control your own private keys and seed phrase ( Self-Custody ). This cheatsheet focuses on non-custodial solutions.
OPSEC (Operations Security): Practices and procedures to protect sensitive information (like your seed phrase and keys) and reduce risks.
Passphrase (BIP-39): An optional, user-defined "25th word" added to the seed phrase to create a hidden wallet. Lose the passphrase, lose the funds in that hidden wallet.
Private Key: The secret data that proves ownership and allows spending of Bitcoin associated with specific addresses.
PSBT (Partially Signed Bitcoin Transaction): A standard format (BIP-174) for passing transactions between signers or devices without revealing sensitive key information, used in multisig and air-gapped setups.
Public Key: Derived from the private key, used to generate receiving addresses. Safe to share.
QR Code: A square barcode often used to easily share Bitcoin addresses or transaction data.
RBF (Replace-By-Fee): A fee-bumping technique (BIP-125) allowing you to replace your own unconfirmed transaction with a new one that includes a higher fee.
Satoshis (Sats): The smallest divisible unit of Bitcoin. 1 BTC = 100,000,000 sats.
Secure Element (SE): A specialized, tamper-resistant chip found in some hardware wallets, designed to securely store cryptographic keys.
Seed Phrase: The mnemonic backup (usually 12 or 24 words, BIP-39) for your HD wallet's master private key. Your ultimate recovery tool.
Self-Custody: The practice of holding and controlling your own private keys, rather than relying on a third party. Empowers the user but requires responsibility.
Shamir Backup (SLIP-39): A standard for splitting a seed into multiple 'shares', requiring a certain threshold (e.g., 3-of-5) to recover the wallet. Offers redundancy.
Signature: A piece of cryptographic data created using a private key to prove ownership and authorize a transaction.
Software Wallet: A wallet application running on a general-purpose device like a computer or smartphone (typically a hot wallet).
Taproot: A recent Bitcoin protocol upgrade (P2TR addresses, starting bc1p) improving efficiency and privacy potential for complex transactions.
Testnet: A parallel Bitcoin network used for testing purposes, where coins have no real value.
UTXO (Unspent Transaction Output): An individual "chunk" of bitcoin recorded on the blockchain that can be spent as an input in a new transaction.
Watch-Only Wallet: A wallet loaded only with public keys or addresses. It can track balances and transactions but cannot sign or spend funds.