Problem: Bitcoin goes up and you're not ready

If you're into bitcoin, you should be securing the bag. If it's on an exchange, sell it back to them and get non-KYC sats. Either in person from a friend or via HodlHodl, Peach (mobile), RoboSats (lightning), or Bisq (advanced) Then you'll want to receive those sats into a wallet. Preferably using an offline phone or a hardware wallet. But beginners usually opt for an online (hot) software wallet. And for most people a software wallet is going to be fine. Just remember that as the price of Bitcoin goes up, you could be in the uncomfortable position of holding more money than you meant to on a hot (exposed to the internet) wallet on your phone.

Software Wallet Apps

Blue Wallet (iOS and Android), Phoenix (Lightning), or Samourai Wallet (Android + Privacy focused)

Phone

Invest in a second phone like a de-googled Pixel phone flashed with Calyx OS or Graphene OS that never touches the internet. Then use Sentinel on your online phone as a "watch-only" wallet. A watch-only wallet doesn't have the private key but can be used to view balances and compose transactions. Signing happens elsewhere and is then ported back to the watch-only wallet for broadcasting.

Dedicated Bitcoin Devices

Or if you're feeling frisky, get yourself a dedicated signing device to hold your private keys (aka, hardware wallet) like the one Foundation sells called Passport.
Pair this with a watch-only wallet like Envoy (mobile via VPN or TOR) for a smooth experience or Sparrow Wallet (desktop + TOR) if you want a bit more granular detail for every transaction crafted.

Seed Words (Private Key)

Don't forget that regardless of whether you're using a software wallet or a hardware wallet, you'll need to back up 12-24 seed words that should be backed up on paper or steel (unless you use Envoy which supports encrypted microSD backups).

Bitcoin Node

Now if you really want to secure your bitcoin, but also protect your privacy, then you can invest in your own Bitcoin node, e.g., Tanto, and always run things over the TOR network.
This is because you're always using someone's node if you don't use your own, so you're trusting them to tell you that what you're receiving is actually Bitcoin (AKA it follows the rules of the network). You're also revealing information about yourself such as your xPUBs, the list of all your wallet addresses. This can be used to link all the Bitcoin going in your wallet as belonging to the same owner. This is arguable step last on the journey to being a self-sovereign Bitcoin holder.

Final thought

Last step in terms of opsec (operational security) is to STOP telling everyone you meet that you own Bitcoin (guilty unfortunately). It's hard sometimes because you get drawn into conversations about the world and are tempted to evangelize. But be as vague as possible. Remember, Bank of America isn't holding your money anymore, YOU are. So if anyone gets a hankering for your funds, they know right where to find you.
The links were broken in the article due to a difference in markdown flavors.
reply
If it's on an exchange, sell it back to them and get non-KYC sats.
Selling creates a taxable event in the U.S and many jurisdictions.
reply
Yes, and? Better to have that taxable event and then move everything out to a non-KYC stack... Rather than Uncle Sam knowing you own Bitcoin... Besides, your comment proves my point of why buying peer-to-peer is superior. No more taxable events...
reply
My comment was purely informational. A consideration to factor when taking the action you recommend.
reply
reply
Good guide, bookmarking! One small note: Looks like all of the links other than Envoy simply link back to this post?
reply
@expatriotic this time your links contain tab: in front like this for some reason:
[Phoenix](tab:https://phoenix.acinq.co/)
šŸ‘€
you can go to #461631/edit to see the raw version of a post
21 sats \ 1 reply \ @Taft 12 Mar
Great guide! Is there any problem using an online (hot) software wallet (non-custodial) since you own your keys?
Do you think an offline hardware wallet is a better choice?
reply
Phone's apps are sandboxed, there are few cases (if any) of a wallet being compromised on the phone from the internet... Not the case with much less secure computers...
If you're running Samourai Wallet, no need for a hardware wallet imo... A spare phone can be kept offline and sentinel can be run hot from your primary device. Many ways to skin the cat.
reply
Nice and simple guide! This is the way. Thanks
reply
I saw the title and thought this was going to be a CTV post. lol
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.