I've found one very important practice is to regularly, on a schedule, sign a transaction from important wallets. It could be weekly, monthly, quarterly. Just gather yourself to go through the process of preparing a consolidation TX within the same wallet and sign it. No need to broadcast it.

This ensures that:

• You actually check the balance periodically.
• You verify keys, HWWs, documents, backups, etc. are still in place.
• You make sure that all the details are fresh on your mind. This is probably the most important reason to me. In my opinion, people underestimate how, despite how deeply familiarized you might be with your setup, time erases everything from your brain. I've seen people not touch a cold wallet for two years and then have a real hard time making it work again despite having designed the setup very carefully and thoughtfully at the start. Making a TX every now and then prevents this brain rot.

@DarthCoin, regarding your idea on rotating UTXOs, I don't think it's a good idea in general. I understand the motivation is similar to the one in general IT security for key rotation.

I personally believe your setup should allow you to be confident nobody has ever managed to take a look at your keys. If your current setup makes you wonder if someone has looked at your keys successfully and you can't tell... I think you need to improve it.

If you have any suspicion at all that they might be compromised, I do believe you should rotate ASAP.

Why do you still keep that legacy wallet? Ask yourself.

Well, I can think of one reason, even if you truly don't intend to use that wallet anymore: someone in the future could send sats to the old wallet. If that happens and you don't have the private keys, you'll pull your hair out.

Do you use an extracted xpub from the cold wallet or simply fully open your wallet?

Absolutely. Nothing but air gapped hardware wallet for savings. For smaller stacks, I use a ColdCard that I plug directly into my computer.

How often do you check the balance of a cold wallet using the xpub extracted prior?

Whenever I open Sparrow wallet, it queries my node and updates all address balances and UTXOs.

Are you keeping all the time a "watch-only" wallet in specific apps, to deposit or just check the balance? Or are you import the xpub only to check or deposit?

I only use Sparrow wallet as my client software and that checks my xPub with my own node. I use this to receive as well as send.

Do you periodically rotate your UTXOs? What do I mean by that?

No new wallets. I hodl in the same wallet after I generated my own seed phrase on an air gapped signing device.

Whenever I find an old wallet with a balance, I move to the native SegWit address format.

Why do you still keep that legacy wallet? Ask yourself.

Because I have not moved some sats in a long time. I will move them eventually but not until I am ready to dig those addresses up out of the ground.

why do you keep all your stash in just one giant wallet?

I don't. I decentralize my risk. I have long-term savings, short-term savings, and some sats for sending mostly to do experiments.

I use burner wallets to "erase" my wallet after I spend all the sats in it. It helps to fragment any potential address clusters over a long time. In the event that even an empty wallet is compromised, the transaction history may be worth a lot more to a CA attacker than the bitcoin itself so I use a lot of short-term wallets to keep things lite and never link too many UTXOs.

In a perfect world, I would CoinJoin every sat I receive then send it to lightning or savings but that isn't always practical with fees and coordinators being shut down.

These questions, from my point of view, are aimed at those who have large stashes thinking about the convenience of having good practices, and for those of us who don't even have a place to fall dead, thinking about how to have good practices in the future and how to help others to have good practices.

In my case, I have learned that we should have several wallets, those for holding, caching and spending, that is Lightning.

In the holding wallet, they have advised me that never everything should be in the same place, a single attack leaves you without funds.

The use of cold wallets to some degree simplifies the issue of custody outside the network, but there is the issue of the HWW software.

I like the use of Just Look, it is not so complicated, I do not need great technical knowledge and very low costs, because if I have a mobile phone and a computer, I have the issue resolved. Also, with the WO wallet I already check the balance of the wallet that is offline and I have the deposit addresses, so there is no need to touch the internet with the private key.

As for moving from one address to another, I have to learn about its usefulness.

It is very important to have UTXOs of different sizes and to identify those that have CEX marks and those that I obtained from P2P.

1. I use an xpub I exported from my wallet, Green in my case. But I plan to switch since there is no taproot support (at least last time I checked) and I would like to try Multisig with taproot.
2. Maybe quarterly, just to check if it is still there.
3. Indeed the watch-only wallet for me is for deposit and sometimes check the balance.
4. I don't rotate my utxos periodically with the purpose to save in fees but rather to try a new wallet. Next time I will do it is to switch to Liana, to try their multisig which looks nice and is taproot compatible. In my case I had a legacy wallet once but it was a mistake, I didn't know what I was doing hahaha. I am not convinced however by the creation of multiple wallets with big amounts, in my opinion just one is fine. Although in my case I actually have one with a big amount but it is for Lightning, so to spend in the long run. This is the one with less security so to speak.

These are all great questions. Could you please tell me which wallet to start with for a little stack say 5 million sats.

Thank you Darth. At how much stack do you think a stacker should start using cold storage?

What's the advantage of moving funds to new wallets? I figure if the wallet is hacked, the balance is gone in a flash.

every 2 years. I'd have 2+ million USD in bitcoin had I rotated.

I only do air-gapped transactions.

I export my xpub to mobile apps (Nunchuck, BlueWallet) for balance checking, and sign transactions through my cold wallet.

I periodically combine my small UTXOs to consolidate them into a single UTXO.

I never leave my sats on a CEX for more than a second.

move from legacy or standard segwit to taproot type of addresses

Taproot is not for cold wallet, but for "less amount" activites only.

Exposed public key is not good idea for cold wallet nowadays... Better safe than sorry, 100%

Darth, l have a question for you. Do you think it is more important to hold btc, or to use it?

I feel this is aimed especially at me.... I have to do more research, l know l am behind the times.

deleted by author