Run your own node over Tor.
Have a multi-sig wallet. I prefer a 3 of 5, which is a nice balance of spreading the risk across multiple devices, and flexibility in bequeathment planning.
Have a bespoke air-gapped multisig wallet on Electrum. Have a dummy wallet as well.
Memorise your seeds, and don’t advertise how much bitcoin you have, and even better, don’t advertise you know anything about Bitcoin.
Computer #1 — Have an air-gapped Raspberry Pi Zero (no wifi, no bluetooth, never connected to internet or USB devices previously exposed to internet devices). You don’t need a hardware wallet. Keep only two of your seeds on this device — seed 1 and seed 2.
Computer #2 — Have an internet computer in a different location, which has seed 3 only. This receives signed transactions and broadcasts it to your own node. (This computer could also host the node as well)
When spending, communicate using QR codes between computers. Avoid using USB-drive transmission of data. Sometimes this is not possible because when the transaction size is large (it can get large with multisig UTXOs), the QR code gets too big and becomes unreadable. In this case, have another computer (Computer #3) which receives the USB data, and send it via email to Computer #2 to avoid it touching the USB drive. (Don’t worry, transactions are public data).
Never make a USB drive touch both Computer #1 and Computer #2, because if there is any malicious code on the USB, it has access to 3 seeds.
Run your own node
Why? See here
How? I may make my own article one day, but RaspiBlitz is excellent and you can follow their instructions here
Or MyNode is also excellent and has Samourai Whirlpool included. Instructions here
Set up a Raspberry Pi Zero (air-gapped) running latest version of Electrum Desktop Wallet.
Create your wallet.
Generate seed phrases SAFELY. (How-to soon)
Memorise your seeds. How to memorise your Bitcoin seed phrase here
Simple single signature wallet instructions here
Multisignature wallet instructions here
It’s best to read both articles, even if you are only interested in a multisignature wallet.
Record down the Zpubs on a cloud service like Microsoft OneNote and encrypt the file. (xpubs are for single signature legacy HD wallets. Xpubs with a capital ‘X’ are the multisignature variety. y and Y pubs are for 3 address types, and z and Z pubs are for native segwit wallets that have addresses starting with bc1"
Connect your wallet to your own node (Instructions soon, I promise)
Test your wallet and spend once from it.
Only then should you store Bitcoin in this wallet.
Plan bequethment (Instructions coming soon)
I would love to hear your feedback, and how your project went. Send nodes — email@example.com
Twitter DMs open @parman_the