Cold Storage is considered one of the most secure storage methods for Bitcoin. With cold storage, the private keys are stored offline and never come into direct contact with the Internet. This prevents unauthorized access to the Bitcoin through hacker attacks or viruses or malware in the system. Bitcoin cold storage is therefore particularly suitable for storing larger amounts that you want to secure for a longer period of time and do not want to move.
Hardware wallets such as Bitbox, Ledger, Trezor, oder Coldcard are a very user-friendly option for creating a cold storage. Private keys are stored exclusively on the hardware wallet and used to sign transactions. However, it is also possible to create a secure Bitcoin cold storage without using a hardware wallet using the open-source software Electrum.
For this, the following is required:
- 1x offline PC (alternatively via Tails).
- 1x PC or cell phone with internet connection (online system)
- 1x USB stick
- 1x pen and paper
- (1x Seedor Starter Set - for a standard back-up 😊)
1. Setup of the offline system
As an offline system, you can use a PC that is used exclusively offline or set up a temporary live operating system using the TAILS software.
Option 1: Offline PC
First, the latest version of Electrum must be installed on the offline system. You can download the program using your online PC here, transfer the installation file to your offline PC using a USB stick and install it there. To verify the authenticity of the software, you can optionally verify the signature of the installation file with Kleopatra.
Option 2: Live-Betriebssystem in Tails
If you want to be absolutely sure that your offline PC is not infected by a keylogger or trojan that spies on you when you create the wallet, we recommend using a live operating system, such as TAILS. You can copy the live operating system to a USB stick and boot it from any computer. Detailed instructions for the TAILS installation can be found here. After booting you should make sure that network connections are disabled.
Bitcoin Electrum Wallet
On TAILS, Electrum is pre-installed by default, so you don't need to do any manual installation here.
2. Create Electrum standard wallet in offline system
The first step is to create a new wallet with Electrum on your offline system. To do this, open the program and create a new standard wallet. You can give the wallet any name you want, then press "Next" and select the option "Standard wallet".
In the next step, we opt for the option to create a "New Seed".
This seed allows an exchange to be fully recovered, which also means that only this information is sufficient to move or just steal all the deposited bitcoin of this exchange on the blockchain.
Electrum generates a seed of 12 words from a list of 2048 english words. The order of the words is crucial; this means that if you know the correct words of your seed without knowing their position, it is almost impossible to put them back in the correct order. With only 12 words there are half a billion possible combinations, with 24 words, as it is common with hardware wallets like Trezor, Ledger and Bitbox02, there are already 6.2*10^23 possible combinations. That's why it's so important to pay attention to the seed order, or rather to assign each seed word with its number, as we have provided for our Seedor.
(The shown words in this screenshot are of course not to be used in any case, because this seed is no longer secret).
3. Create Recovery Seed Back-Up
In the next step, you will need to write down the twelve seed words on a piece of paper with a pencil, as prompted by Electrum. To avoid a transfer error from the temporary paper back-up to the final back-up solution, we recommend that you perform the final back-up at this point (e.g. in the Seedor Safe) and perform the entry of the twelve seed words in Electrum required in the next step on the basis of the final back-up. This way you can be sure that you have an absolutely correct and permanent back-up of your recovery seed.
Optionally, for increased security, you can expand the twelve words generated by Electrum with words of your own choice. To do this, click on "Options" and check "Extend the seed with selected words".
After clicking "Next", you can enter the seed extension in the next window (if a back-up with the seedor is planned, you should only use letters (A-Z) and numbers (0-9) here). You will then add these selected words in the appropriate order to the first 12 words of your temporary and final back-up.
Finally, in the next Electrum window, you will be prompted to enter the 12 words of the seed for verification. (If you have expanded the seed to more than twelve words, select this option to also type in the words you chose in the next window).
If Electrum now opens a wallet, you have done everything correctly and your Cold Storage has been successfully created.
4. Creating a watch-only wallet
Using the "Master Public Key" stored in your wallet, you can create a Watch-Only wallet. The watch-only wallet is, as the name suggests, a "read-only wallet" that allows you to view your funds and generate addresses to receive Bitcoin. Sending Bitcoin is not possible with the Watch-Only-Wallet alone. It is therefore advisable to store the Watch-Only-Wallet on the online system (PC or cell phone) in order to conveniently receive Bitcoin and view the "account balance". For permanent use, it is recommended to set up a password to avoid unwanted viewing of the "account balance".
To create the watch-only wallet, the first step is to export the master public key in the still open wallet in the offline system. To do this, click on the first menu item "Information" in the "Wallet" tab. There you will find the Master Public Key.
In the next step you can copy the displayed Public Master Key and save it in a text document. Make sure that there are no errors during the copying process and that the string is copied in full length.
Now you can close Electrum on your offline system and delete the wallet file stored on the hard disk (when using TAILS, the wallet file does not need to be deleted, as the system is automatically reset after removing the USB stick).
You can now transfer the text document with the stored public master key to your online PC using a USB stick and create a watch-only wallet there.
To do this, install the latest version of Electrum on your online PC. After the installation, click on "Standard Exchange" again, select the option "Use Master Key" and copy the exported Public Master Key from your text file into the window.
Now the Watch-Only-Wallet opens, with which you can comfortably generate Bitcoin addresses for receiving Bitcoin and view your funds without fear that someone will gain access to your Bitcoin or Private Keys.
5. Bitcoin transfer from the exchange to the watch-only wallet
After the watch-only wallet has been created, it is now time to withdraw the freshly acquired Bitcoin from the exchange and transfer them to your cold storage. To do this, select the "Receive" tab on your online PC in Electrum and click on "New Address".
You can then copy the address displayed on the right of the window to the clipboard (or alternatively display it as a QR code) and then enter it as the address for withdrawing bitcoin from the exchange from which you want to withdraw your bitcoin. Before you initiate the transaction, we recommend that you double-check that the address displayed in your watch-only wallet matches the address copied to the exchange.
After triggering the transaction, you will then see the receipt of the bitcoin under the "Transactions" tab after a short time.
Congratulations. These Bitcoin are really yours now and no one can take them away from you. Your keys. Your coins.