Bulletproof Crypto Cold Storage via Ledger & Blockplate

I know crypto custody can be a complex affair but I forget how much so until I find myself explaining it to someone. So I hope this fresh off my lips tutorial clears up some of the confusion and maybe even helps others upgrade their crypto defences.

We’re going to create multiple wallets controlled by the same mnemonic phrase but accessed via different passwords all within the same hardware device. In doing so we can keep our crypto safe even if our private keys have been compromised.

We will further backup the keys on a fire, corrosion and smash proof metal sheet called a blockplate so even if your house burns down your crypto is still safe.

This is not going to be all rainbows and unicorns. Most articles on this subject gloss over the pitfalls and neglect the advanced features. They make everything sound easy but we’re not there yet. The complexities that we need to deal with at least for now are the penalties we accept as early adopters.

The key to all this is understanding how the BIP-39 standard works. We can then use most hardware wallets as they all should implement this standard.

BIP-39 comes with a predefined list of 2048 words. 24* randomly chosen words from this list are converted to a binary seed which is used to generate a deterministic wallet.

A deterministic wallet is a system of deriving keys from a single starting point known as a seed. In short if you have the 24 word phrase you can generate your keys.

You won’t actually have to do any of this of course, your hardware wallet will randomly generate the 24 words for you, all you have to do is back that up ideally on a blockplate as described later.

In case you’re wondering, here’s what all this guff looks like:

arm crunch brave apart enroll lemon street  tissue street crater advance page priority museum chicken west penalty plug practice gaze pipe adult news correct [optional password]

25c10f4e2f6662fe9c8bcbe4db3c2ddf9f1bb881f76c7d01465f6a9dc22b0aa391d09d45cc452ae1350ca04911828014d28685ba1054ba781482d219327971f3

xprv9zCyMSdk61h8SzqyD56ciw1oypZsLg4u1z6mVivMQTK5ZGBax27JhULMDTy25YpE7ie2MTfZKGseH6oJWtfAfoT98fTUu8vBnQWtBjw39RA

xpub6DCKkxAdvPFRfUvSK6dd64xYXrQMk8nkPD2NJ7Kxxnr4S4WjVZRZFGeq4jty9ddoQKRTyPJxmAZY75cLMsoZQF4LzWVEjEyMLQLP65gVAwt

* Note you can also use 12, 15, 18 or 21 words for your mnemonic.

The next part to understand is how passwords work in BIP-39. A password is added to the 24 word phrase before it is turned into the binary seed. If you don’t provide a password the default will be an empty string, essentially nothing. Here’s the magic though, every password generates a valid seed, meaning you can create what is effectively infinite different wallets from the same 24 word phrase by just strapping a different password onto it.

This is a great way to ensure plausible deniability. One good technique is to store a small amount of crypto on the default wallet, the one with the empty password, and the rest on a number of password protected wallets. If someone is coercing you to open your wallet or has your private keys then they can only gain access to the default wallet. The small prize should be enough to convince them they have succeeded and move on.

I’d like to tell you that hardware wallets are easy to use, but I won’t. There are a lot of cavities, software update and space constraints, but they’re getting better.

Firstly, only buy direct from the supplier. That’s the only way you can be sure your hardware wallet hasn’t been tampered with. This is definitely a thing so be careful.

Secondly hardware wallets don’t support every coin. And some coins will have different levels of support due to their architectures. For example while you can keep Monero keys on your ledger you have to view them using the Monero wallet instead of in the ledger software where you can view most other coins.

This does raise an important point that should be clarified about crypto in general. Crypto wallets don’t hold crypto. They hold keys that allow the bearer the ability to spend the crypto controlled by those keys. So “wallet” in my opinion is a bad metaphor and contributes to the confusion people have around how crypto works.

In order to view your balance on a hardware wallet you need to install an app on the wallet or connect your ledger to a desktop wallet in Moneros case. This app installation process in my opinion is another poor metaphor and leads to a lot of confusion and stress. Because of the limited space available on these wallets you will find that you sometimes have to delete some apps to make space for others. Understandably this makes people think they will lose their crypto if they delete the app that’s used to display it but this is not the case, you can add and delete apps as you like and your keys will not be removed.

This brings me to my last gripe about hardware wallets, you have no way of knowing what keys are stored on the wallet. You simply have to remember. So if you have dozens of different cryptocurrencies sitting on a wallet make sure you remember which ones you own and which wallet their on.

I’m not going to list the basic setup steps here, you should always go to the source. Thankfully most documentation is pretty good. Here’s ledgers setup guide.

My goal for this article it to help you understand the features and pitfalls, and to make you aware of what you should be looking for in the hardware providers documents. Here’s ledgers advance password setup guide. This is how you create multiple hidden wallets on your hardware like we talked about earlier.

There is some good news about all the complexity surrounding these wallets. Even if your firmware update fails and you can’t access your hardware wallet anymore your crypto is still safe as long as you have your 24 word phrase. Support is pretty good and so you should be able to rectify the problem. All else fails you can just use the 24 words to generate a new wallet either on a new hardware wallet or a desktop wallet like Exodus if you’re in a rush.

There are many different types of metal cryptocurrency seed storage available these days. The photo above is the Blockplate version 2.0. We’re talking about Blockplate today as it came out on top in this very thorough stress test by Jameson Lopp.

There is one last thing you need to understand about BIP-39 mnemonics before I can explain how the blockplate works. You actually only need the first 4 characters of each word. They are completely unique in the set of 2048 words.

The Blockplate has a table with columns and rows deeply etched onto it. 6 main groups of 4 smaller columns and 26 rows, one for each letter of the alphabet. I think you see where we’re going with this.

Each plate stores up to 12 words (6 words on each side). They come in double packs which includes 2 plates for a total of 24 words. You will need to buy an automatic centre punch to permanently store your key onto the plate.

The last thing you may want to consider is how to store your additional passwords. Ideally in your head, but if you’re not comfortable with that there are metal storage solutions for that too just please make sure you keep the mnemonic phrase and the password backups in separate physical locations.

If you enjoyed this article or at least found it somewhat informative please comment, follow me on Twitter for updates or if you enjoy trading or investing in crypto then checkout BinaryOverdose.com where you can do a deep dive into the crypto market to find the best projects to invest in.

(Disclaimer: The Authors is the Founder at BinaryOverdose)