In the Lunar New Year holidays of 2015, the Year of Goat, it’s reported that the cold wallet of BTER, one of China’s largest exchange of Altcoin, was cracked and 7170 bitcoins were stolen by hackers instantly with a heavy loss of more than 10 million RMB. The public can’t help asking how come the bitcoins were stolen even being stored in cold wallet? Bitcoin is still safe enough? The boss of BTER exchange repeatedly claimed in media reports that “passwords have been cracked”. Has cold wallet anything to do with passwords? Or the boss never knew what cold wallet was. As Xu Mingxing, creator of Okcoin, has said, “the key (for bitcoin cold wallet) is never to be connected to network.”
Now, we’d like to give the most basic introduction of cold wallet step by step by graphics as well as ways to create a cold wallet never access to network and conduct a bitcoin transaction offline.
Create Cold Wallet
STEP 1: Find a new computer or an old computer with formatted hard disk. Make sure that the computer cannot access to network. Here we take a computer installed with Ubuntu as an example.
STEP 2: Install Electrum bitcoin wallet. Install Electrum bitcoin wallet offline (take Electrum as an example, other light wallets such as Multibit can also be used). For installation procedures, please refer to article Intro and Tutorial for Bitcoin Light Wallet Electrum: https://www.eastshore.xyz/intro-and-tutorial-for-bitcoin-light-wallet-electrum/
When Electrum first runs, it automatically creates some bitcoin addresses. The “Addresses” window shows all the addresses of the wallet. The private keys and corresponding bitcoin addresses are stored in the wallet of the computer never access to network. In practice, the private keys should never be revealed to anyone.
STEP 3: Get the public key from the menu “Wallet – Information”. Copy the public key and save it to a text file.
Now, we have a computer never access to network which owns one Electrum bitcoin wallet as well as some bitcoin private keys and corresponding bitcoin addresses. That’s so-called “cold wallet”.
Conduct One Offline Transaction
Now we have an offline cold wallet. It’s known as “cold wallet” because it never accesses to online when transaction is conducted. Now, let’s conduct one offline transaction.
STEP 4: Install Electrum wallet on one online computer. This step is relatively easy since it only needs to download and install Electrum wallet on another computer accessible to network.
STEP 5: Create watch only wallet on this online computer. Select “Use a master key” instead of “Create a new seed” on the Keystore interface.
Then, input the public key obtained in STEP 3 and wait for sync between wallet and bitcoin network, the bitcoin balance of the wallet will be displayed.
We can notice that when we enter dumpprivkeys() in the Console, there’s no private key inside the watch-only wallet, which means that even if the wallet is hacked, the hacker can’t steal any bitcoins.
STEP 6: Create transaction in online computer and export it out
How to conduct transaction without private keys? As shown below, the online watch-only wallet can create a transaction, however, it has not been signed by the private key so it cannot be broadcast on the Bitcoin network.
The answer is: watch-only wallet can save this transaction into a .txn file to be signed by the private key installed in the wallet of offline computer. We can save the .txn file in U-disk and insert it to the offline computer with the cold wallet installed. The following steps show how to export unsigned transactions:
- Click “Preview” on the “Send” interface.
- Click “Export” on the transaction details interface.
- Click “Save”.
- Then the unsigned transaction was exported.
STEP 7: Sign transaction with private key in wallet of offline computer and export out the signed transaction.
- Copy text file with unsigned transaction to offline computer.
- navigate to “Tools -> Load transaction – From file” in the Electrum cold wallet, load the unsigned .txn file.
- Click “Sign”.
- After signature, the transaction cannot be broadcast in bitcoin network since the computer is offline, so just save the transaction as .txn file again.
STEP 8: Broadcast the signed transaction in online computer
- Use U-disk to copy the signed .txn file back to online watch-only wallet.
- Load transaction.
- Click the “Broadcast” button.
- Transaction completed.
Now, the bitcoin transaction has been successfully completed in an offline computer with private key. Except for transaction signature, the private key is not involved in the entire process and the so-called “password” will never show up.
Someone may complain that “it’s too complicated”. However, in the world of bitcoin, security always enjoys the priority compared with convenience. Secondly, cold wallets shouldn’t have frequent transactions, otherwise it is not “cold” at all.
It’s only a cold storage solution for large bitcoin of individuals instead of the enterprise-level cold wallet solution such as Bitcoin Exchange and Bitcoin Bank, which is a complex system demanding multi-layer hot and cold wallets with multi-signature technology as well as personnel management.
Series articles on bitcoin wallet at EastShore
- Intro and Tutorial for Bitcoin Core Wallet: https://www.eastshore.xyz/intro-and-tutorial-for-bitcoin-core-wallet/
- Intro and Tutorial for Bitcoin Lightweight Wallet Electrum: https://www.eastshore.xyz/intro-and-tutorial-for-bitcoin-light-wallet-electrum/
- Create Bitcoin Cold Wallet with Electrum: https://www.eastshore.xyz/create-bitcoin-cold-wallet-with-electrum/
- Review for Crypto Hardware Wallet Product KeepKey: https://www.eastshore.xyz/review-for-crypto-hardware-wallet-product-keepkey/