Early on in my journey down the Bitcoin rabbit hole, I realized that self custody was the only way to know for sure if I owned my bitcoin or not. Self custody sounded daunting at that stage, I didn't really know how it worked or what a lot of terms meant. But the way I learn best is through hands on experience.
Fast forward to today and you'll hear companies like PayPal advising their customers that self custody is risky and dangerous. Well, in my opinion, the alternatives to self custody pose much greater threats. Companies like PayPal have a vested interest in separating people from self custody of their bitcoin. After all, PayPal just recently invested $4.2M in the chain analysis firm TRM Labs. TRM Labs by the way, just hired former FinCEN advisor, Ari Redbord, which should make it painfully obvious that companies like PayPal are more interested in government compliance and neutering the true value proposition of Bitcoin than they are interested in looking out for their customer's best interest and harnessing the power of unstoppable transactions.
The less bitcoin people take into self custody, the easier it is to control and dictate how it's used. One of the best parts about Bitcoin is that it is permission-less, I can send or receive it anywhere in the world, anytime, and to any entity I choose, regardless of OFAC lists, banking hours, or transactions limits which are all found in the legacy financial system. When someone else holds your bitcoin for you, then you have to ask them permission to interact with it. If they don't like who you want to send a payment to then they can stop you. Taking bitcoin into self custody ensures that you own "fuck-you-money" not "may-I-money".
Enter ColdCard wallet, it had everything I was looking for in a safe place to self custody my bitcoin.
#10: Tamper evident - Packaging has unique # that you confirm on device. Clear case to see if components have been modified. LED lights confirm flash memory is unaltered.
#9: Time management - Set a delayed start after your PIN is entered, i.g., user must wait 24 hours after correct PIN is entered before access is granted. You can also set it to shut down after a certain idle time like 1 hour.
#8: Secure PIN - PINs can be 12 digits, split into prefix & suffix. The secure element key & prefix create anti-phishing words using HMAC/SHA256 function where the 22 bit HMAC result is converted into two BIP39 English words.
#7: Auxiliary PINs - You can create a decoy wallet that is accessed with a special duress PIN. You can also create a PIN that, when entered, destroys the ColdCard within 50ms. Functionality appears the same to user regardless of PIN used. There are no special warnings.
#6: Custom Seeds - You can literally roll a dice to generate your mnemonic seed phrase. At 2.585 bits per roll, minimum 99 rolls required for 256 bit security.
#5: BIP 174 Support - You can create multi-sig wallets 100% air-gapped by using multiple ColdCards & passing a microSD card between them for the xPUBs. You can also sign a PSBT file on MicroSD, load it into BitcoinCore, & broadcast it from your own node w/o connecting your wallet
#4: BIP 39 Support - Your mnemonic seed is only 24 of 2048 English words. Add a 25th word (passphrase) up to 100 characters in length. Derives your xPRV with a HMAC/SHA512 function for BIP 32 HD wallet address generation.
#3: 100% Air-Gapped - You never have to connect your ColdCard to a computer. You can power it with a wall charger or battery pack and still generate wallet addresses, sign transactions, & update firmware. All offline and with MicroSD card use.
#2: Multiple Address Support - Your ColdCard can generate BIP 43, BIP 44 non-SegWit, BIP 49 SegWit, & BIP 84 Bech32 wallet addresses. You can export 250 addresses at a time in CSV format .txt files onto your MicroSD card. Plus it generates QR codes!
#1: Open Source - You can download the latest firmware .dfu file, verify it with GPG key & sha256 hash, load it on MicroSD card, & don't trust, verify. You can also step through all the code on github.
Bonus: The ATECC608A Chip - Your xPRV is stored here. It has a secure boot feature & was designed to resist advanced aggressive attacks such as: Fault Injection, Timing Analysis, Side Channel Analysis, & Probing. Can store up to 16 keys. Independently bricks itself after 13 tries.
Thanks for reading! I hope you will take some of these features into consideration when trying to decide the best way to self custody your bitcoin.
If you enjoyed this content, leave me a tip here: Donate.
This article is available on Twitter as a thread here.