Bitcoin: How to hold bitcoin for investment

Motivation: How security for Bitcoin differs from Fiat

There is a difference in how security from fraud is achieved for fiat currency or bitcoin.

Unlike fiat transactions that can be reversed in case of fraud, blockchain transactions can not be cancelled. This implies that unlike banks and brokers, the larger and more reputable Bitcoin company, the more they attract hackers. If a vendor holds the private keys for you and gets hacked, there will be no recourse. Bitcoin wallets are only as secure as their private key.

The largest and most reputable Bitcoin company Mt Gox fell victim to a 740,000BTC heist. The conjoined efforts of the US and Japanese law enforcement was impotent to reverse the electronic transfer. Bitfinex, the creator of Tether also was hacked repeatedly and lost its customer's bitcoin.

It is best for the principals, not their agents, to control their wallet key creation.

Safest of all is to create a cold wallet without relying on any opaque bitcoin-vendor tools, so that you control the process and can see its security. The tools described below require familiarity with git and bash. I describe how to use it below.

Why? Agency requires reversibility, Principals must control private keys

For fiat currency, there are recourses to undo a transaction in case of error or fraud. A large bank delegates its systems maintenance and their operations to agents it hires. The bank's management knows that if an agent commits wire fraud any transaction can be reversed.

This contrasts with cryptocurrency transactions: an online exchange cannot reverse a transaction or help mediate a dispute. Irreversibility is described as being a most important feature of bitcoin from the start of the Bitcoin seminal aticle by S Nakamoto. Large organisations need reversibility if one of their agent makes a mistake or causes a dispute. Because of this, and contrary to the financial system, security is harder to achieve for Bitcoin exchanges that employ many agents for their operation than for individuals.

When using a commercial wallet hardware key and software, the wallet vendor knows better than the principal how the software creates the private keys and how they are accessed.

Alternatively, a bitcoin wallet can be created with free Unix utilities that are not specific to Bitcoin. Using such tools ensures that you are the only owner of the private key and that no one else is sure how you created the private key. Having a transparent process for wallet key creation is important so that you can evaluate the risks.

Doing this results in the most secure wallet possible, but as you follow your own procedure, you need to test to make sure that money sent to that wallet can be retrieved by you later. It is very easy to lose funds by using the wrong address. I explain the steps I followed to do this and more importantly, to check that it works.

The solution for us humans is to trust steel:

The goal is that your private keys to large funds be written down on a durable medium such as a piece of steel so that they are completely offline and unlikely to be dammaged.

How? Procedure for creating a safe wallet and knowing that it is safe

Cold wallets have a public address that you can share with anyone to receive payments. The private keys are not stored on an online computer. The wallet private keys needs to be imported on an online computer linked to the bitcoin network in order to spend.

The following method can ensure that nobody sees your 12 to 24 generating words and your private key because it does not involve bitcoin specific binaries or tools other than a script. You need to know about git, bash either on Linux or on Windows/Cyygwin. First try it and make sure that it works. Then, if you need extra safety and are worried that someone is logging your clipboard and typing, you need to run it on a fresh Linux distro boot from a USB drive.

start with a sheet of paper and select 24 words, using only the first 4 characters in lowercase for steel wallet compatibility.
Example phrase: echo -n "don't use this" | sha256sum
generate a private key by using sha256sum on these 24 words.
Example output: 6782e7c3203a097a9b4c399d2ce9160e037f13646721dad9ea851ee89ac6716e
on Linux or with Cygwin (requires git, bc, and xxd) use the bitcoin.sh script by Luc Grondin to generate the public address (which you can share with people to receive BTC), and the WIF (Wallet Import Format, aka private wallet key which allows you to spend the bitcoin).
Example:
. bitcoin-bash-tools/bitcoin.sh
newBitcoinKey 0x6782e7c3203a097a9b4c399d2ce9160e037f13646721dad9ea851ee89ac6716e
compressed:
WIF:KzgvWdT3gLBk512EuwUL6XAvqyPjBeQ9C2C3a5hVvvL9AqK8fjfV
Address:1Dt7xMGaAKAyJUyhmGdPdB12Au4PzEabKi
Uncompressed:
WIF:5Jbse5BS5P25KaY6REFMBmSp6CsTn1KPFH8VDw5eNHAKcnsNqvE,
Address:1D5GpSFUrgjaHaTEipDXjENCYWx7NoZdX3
Comparing to blockchain.org and bitaddress.com, it appears that the you need compressed address and WIF.
create 3 wallets that way, you will burn two of them by exposing their private key as you check that they are working
integrity of the algo can be checked with bitaddress you need to pass the compressed WIFof one of the wallet, thereby exposing the private key of the first wallet since passing the private key to a URL can only be done for a test wallet and check that the WIF and address are the same.
wallet balance can be checked using blockchain explorer you need to pass the compressed private key, if the wallet does not exist, blockchain.com will just neglect it. You can send money from blockchain.com or any other online wallet you have to the compressed address of your second wallet.
you can take control of that wallet on blockchain.com once logged in by entering its compressed WIF. Since you are sharing the WIF private key with an online agent, this wallet is not safe for large amounts, but you need to check that you are able to send money from it.
you can use the 3rd wallet and make QR code for receiving using this generic QR code maker or this specific Bitcoin QR code maker. Caveat: Most of the top search results for Bitcoin QR code generators lead to sites that will steal your coins. I tried the most untrustworthy site https://www.bitcoinqrcodemaker.com/, and it created a picture that does not correspond to my address. I trusted that site and I think that I just got scammed of USD10. You need to check such addresses with a QR scanner. A generic QR code maker is more trustworthy, although there is no Bitcoin logo in the middle, you just prefix the compressed address with "bitcoin:" as in bitcoin:1DDJxMNmYLdqYRCrALWTm9D2ZApuAYj1c1
this is still not safe to do on a machine that has been connected to internet for long, because you do not know what happens when you copy paste a string or type something, so it is safer to do all those on a Linux box with no network access if you are going to have a big wallet. The qr code can be generated with
qrencode -o qrcode.png 'Hello World!'
display qrcode.png

update 20221127

Luc Grondin's script has been modified and is very unclear, simplest is to install pip3 install hdwallet, edit the script from_mnemonic.py and set language to english and edit the line specifying LitecoinMainnet to be BitcoinMainnet, and passphrase to something personal but not too easy to guess... This generates a WIF, a seed, and key in P2WPKH which are segwit and cheapest to use.

Some Bitcoin vendors first ask for a lot private information, then accept to take your fiat money and have their app "declare" that you own some bitcoin. Noone knows what they do with their client's private information or who owns the private key to the client's wallets. You would think that they make their clients feel safe by submitting them to rigorous KYC which makes them look like banks.

Such a vendor as blockchain.com seems to be the more reliable type. They have a website and android/ios app. Still, the "blockchain" phone app associated with blockchain.com appears to not read QR codes correctly, no scam there as the first letters all match, whereas bitcoinqrcodemaker was a scam today because many of the first characters are different.

If you need to withdraw a small amount of BTC from a large cold wallet, you will need to prepare a new cold wallet where you can transfer the balance after you put the wallet online.

Operating your node to reduce transaction cost and ensure that you can spend independently

For cold wallet with small amounts, a online vendor like blockchain.com can be relied to import a WIF quickly. For a larger cold wallet where you want to be safest, you need to download the bitcoin core client and download the whole blockchain to import the wallet.

As of Sep 2020, the blockchain is 300Gb and growing 60Gb per year. A 500Gb SSD will serve you until 2023, a 1Tb could serve you until 2031. You need an unmetered internet connection that will serve you this much data.

You could setup a bitcoin node on AWS, but the bitcoin node instance cost USD0.24/hr, which translates into USD2100/yr. At this cost, it is cheaper to try get your own USD100 hardware and add a USD100 SSD disk every 15 years.

Running a full bitcoin node with Tor can be regarded as a civic duty for the honest man of the hacker age. It strengthens both the bitcoin and the Tor network. You do need the full blockchain to import private keys, forget about pruning.

Node Hardware: Raspberry Pi 4 for a solution under USD200

I tried to use win10 PC, it downloaded the first 30% of blockchain within a few hours, then network trafic slowed down to a trickle and that PC with a non SSD drive could not download the blockchain even after 2 month. A friend suggested that I setup a raspberry pi, and downloaded the blockchain over wifi in a week.
Unexpensive kits are easily obtainable. You better take a raspberry 4 4Gb, acryclic case with silent cooler fan and make sure power supply is ok for your country.
To store the blockchain, you need to get a relatively expensive SSD drive from a reputable brand and its USB 3 adapter cable
get a high quality SD card to store the operating system and home account, 16Gb or 32Gb is enough in theory but you may want to go to 64Gb so you can use your raspberry pi for other things as well.
as of May 2022, I enabled a 8Gb swap file following some memory outage and setup the bitcoind as a systemctl process

Node Software Setup and importing the Blockchain

install the raspbian and format the SSD.
it should be noted that raspberry pi have terrible security, so the first thing you do should be to set a password, and if possible, get rid of the pi user. Here is how to improve security on it.
Simplest is to download bitcoin core reference client, and run bitcoin-qt it continuously
to avoid your address being linked to your IP, you might want to check that you can set it up with Tor, as per these instructions, once Tor is working, select in Settings... Options... Use separate SOCKS5 service to reach peers via Tor hidden services.

Once setup: checking you can import private keys, it's dangerous

The WIF can be generated from your passphrase using the same script as above. We describe here how to import the WIF into bitcoin-qt client. This step actually burns your private key, in that the private key is now imported in a wallet.dat file and run by a client that is a known target of hackers.

there is a wiki tutorial here but it is out of date
create a Wallet by going to File, Create Wallet, select do not encrypt wallet and make blank wallet
open the Window... console and type
walletpassphrase "YourLongPassphrase" 600 (if wallet was encypted)
importprivkey yourPrivateKeyInWalletImportFormat "TheLabelThatIWant"
then bitcoin-qt will go through the whole blockchain to find the wallet address. On Raspberry pi 4 with SSD, the import took 4h50 min
you can then send bitcoin to another address to check that it is working.

Your keys? Wallet software creates keys without telling you

Bitcoin core is very good at encrypting thousands of keys into a wallet.dat file. So that you need a fully working node and a bitcoin core with a compatible version to be able to load the wallet into bitcoin core and know the address of your coins.

You could think that creating wallet addresses and importing them into bitcoin core would dispense you from doing wallet backup. But as soon as you spend some of your BTC with bitcoin core, the change is sent to a different address (to improve privacy). This means that the balance appearing on bitcoin core is the aggregation of several wallets and you need to keep track of one pk for each transaction you made.

Many addresses are created at once, so you only need to backup your keys from time to time.

One way to improve on the situation:

create empty wallet, call sethdseed true, "yourwifkey" to make sure the addresses are reproducible from a seed phrase
invoke dumpwallet to see the thousand of addresses and encrypt the resulting file

Still, nothing beats transferring all the balances to wallets whose key you control for long term storage. The alternative is to store the wallet file and its passphrase is good short term, but not as good as improvements are being rolled out in the software. We see people complaining with bitcoin 0.18 that they could not load wallet files from 0.17 or earlier.

You might need to build older version of bitcoin code (running git tag -n and then git checkout tags/v0.21.1; to build the version you want).

Do small tests: you may lose some coin, play with small amounts first

Do small transfers first. I lost my first USD10 transfer, then my second USD5 transfer, then I did USD1 transfers because there is no reason to lose a lot. Tx cost is around 30ct to 66ct today. So it cost me USD18 to learn how to do this, but I could have learnt the same for USD4.

used first google search result the scam website https://www.bitcoinqrcodemaker.com to generate QR and irretrievably lost the USD10 as I see that the QR generated is unrelated to the address I entered.
entered uncompressed address as wallet in blockchain app and irretrievably lost USD5, as blockchain app requires compressed address
seems that if I send USD1 send to a compressed address from bitaddress and declare the private compressed key in blockchain, I see the transaction can access my funds, this validates bitaddress and the QR code it generates
I could also check that compressed WIF and addresses generated by bitcoin.sh can be recomputed by bitaddress.org if I enter the compressed WIF.

Sources:

Minimal way to create bitcoin cold wallet: steemit. Here is the code to go from private sha256 key to the public bitcoin address and wif: grondilu github
Cobo Tablet or CryptoSteel on amazon so that your wallet passphrase is written on something less fragile than paper.
build your full node