It is my understanding that until the Bitcoin community upgrades the encryption, we should not keep coins in an address from which we already have an outgoing transaction.
But my set-up makes it a bit cumbersome, primarily because I buy coins from some licensed exchanges, and they require me to prove ownership by initiating an outgoing transfer from my Trezor wallet address. That means, to withdraw from the exchange, I had to expose my public key.
So I have a few questions
Are Other Addresses Safe?Are Other Addresses Safe?
As in, generated from the same XPUB, but a brand new address. Is it safe to keep my sats there? Or, an outgoing transfer renders the whole XPUB is vulnerable?
Protect Existing SatsProtect Existing Sats
I have a decent fraction of a coin, all concentrated in one address (offered by my Trezor one), which is known to the exchange. So it means those coins are extremely vulnerable. Does Trezor offer any easy way to transfer them to a new address that is mine? I can probably generate another address and copy paste, then transfer the whole stack. But I am kinda scared, if something goes wrong, my whole stack is gone.
Doing Small SpendingsDoing Small Spendings
As I see, each spending will expose at least one public key, which makes the address vulnerable. If so, it just makes the process a bit cumbersome and error prone, although seems like the following can be automated very easily by a software during each spending. That is, for spending any amount, the wallet software should
- Select the UTXOs necessary to cover the amount+fee
- Empty the addresses holding the UTXOs
- Send the specific spending amount to the external destination address
- Put the balance in a newly generated internal address (covered by the same XPUB)
Is my reasoning correct? And is it a feature offered by Trezor or any wallet software? Seems they should, in light of the quantum threat?
But if not, what are you guys suggesting if I spend
First I'd suggest that you find an exchange that doesn't ask that kind of stuff.
The second point would simply be to consolidate those UTXO's into a new address. Use a native segwit address (starts with a bc1q) if you are worried about quantum computers.
Great questions You are absolutely right to be cautious quantum resistance isnot here yet and exposing public keys definitely raises risks. Most good wallets including Trezor do recommend using fresh addresses for each transaction. Auto UTXO management like you described should be standard soon especially with rising quantum concerns. Until then manual UTXO hygiene is still the move.
ALL hardware wallets are total marketing crap. You can hide a 12 words seed in so many places/ways without any bullshit hardware wallet and absolutely nobody will know there is a seed in a text, image etc.
A HW is an invitation to for a wrench attack. If a thug will find you have a HW, definitely will know you have a large stash of BTC with it. But a meaningless family/travel picture will never raise any suspicion.
For example:
Good luck finding them if you can hahahahaha
and btw... QC scaremonger is total bullshit.
Only in unsafe countries and criminal neighbourhoods, where politicians consider kidnapping the rich is part of their class warfare agenda to buy votes.