Du kannst auch die deutsche Version dieses Artikels lesen.
You just set up your Bitcoin or crypto wallet, and chances are that you had to create a backup. You either used a BitBox02 hardware wallet and stored it directly on the microSD card that comes with it, or or you wrote it down in the form of English words on paper. Creating a backup is important because it helps recover your wallet in case it gets lost, deleted, damaged or stolen.
This article explains how Bitcoin and cryptocurrency wallet backups work and how you can avoid the five most common mistakes.
Mistake #1: Not making a backup
If your laptop gets stolen, you lose your hardware wallet or wipe your mobile phone, all your funds in this wallet are gone forever. This can easily be prevented by making a backup. Still, you’d be surprised how many people don’t have a proper backup securing their funds.
Hardware wallets usually safekeep larger amounts, and it’s a good thing that they force you to go through a backup process. But especially for beginners, writing down all these recovery words can be quite stressful because it’s not really clear what these words are all about.
Many mobile wallets force you to write down the recovery words as well, and we think that’s a bit of a mixed bag: if you just want to quickly set up a wallet, maybe even in a crowded place like a meetup, you might just rush through the process and forget about the napkin you used to note down the words.
This is why the BitBox02 automatically creates a wallet backup on the microSD card: you don’t need to worry about any recovery words, and you’re done in seconds. Of course, you can still write down the recovery words later (and we even have a professional, ageing-resistant backup card with lamination for that), but you don’t need to.
Main takeaway: Having a proper backup of your wallet is important. Take the time to do it. When in doubt, make a new one. Seriously.
Mistake #2: Thinking you need to update a backup after each transaction (but probably don’t)
But how does a backup work? Can you create a wallet backup and be done with it, or do you need to update it from time to time?
Modern wallets use a bit of magic and are called “hierarchical deterministic” wallets. This sounds complicated, but - at least from a user’s perspective - it really isn’t.
Everything starts with a single secret, your master secret or seed. From that seed, all future addresses can be derived for multiple accounts and coins. Each address has its own private/public key, but that’s all automated. That is the hierarchical part.
To learn more about the specifics of key derivation, check out Learn me a bitcoin.
Let’s assume you lost your wallet and need to restore all your funds from your backup. That means you do not create a new seed but import the one from your backup. The wallet is now able to derive the whole hierarchy of coins, accounts, and addresses again, all from that single secret, like the first time. This process is “deterministic” because it results in the exact same addresses every time.
Your coins and transactions are not stored in the wallet but are part of the blockchain. Your wallet can simply fetch all transactions and address balances again, and display your full financial history.
Main takeaway: This is why you don’t need to update your backup. Create it properly once, and you’re all set for the future.
Mistake #3: Entering your wallet backup on a computer or mobile phone
Your backup contains your master secret. Anyone who knows that secret has full control over all your coins in your wallet. And not only anyone, but also any software program running in the background on your computer or mobile phone could potentially snoop on you and send your recovery words directly to a remote attacker. There is known malware in the wild that monitors the clipboard, so this is not only a theoretical concern.
This is why you should never enter your recovery words on a computer, or store it in digital form. That includes taking a picture with your mobile phone, using a photocopy machine (most have internal storage that keeps copies) or save it to cloud storage.
When you need to recover, for a mobile wallet of course you need to enter the recovery words again. That’s ok, as such a wallet should not contain your life savings anyway. But don’t use the clipboard, instead type the words manually directly in the app.
For significant amounts, use a hardware wallet like the BitBox02. Hardware wallets allow you to recover your backup directly on the device, either using the microSD card on the BitBox02, or by entering the 24 recovery words without them ever touching your computer.
Main takeaway: To stay safe, never let your backup touch your computer. If possible, use a hardware wallet for recovery. For significant amounts, only use a software wallet to restore if you absolutely have to, and enter the backup directly in the wallet.
Mistake #4: Not securing your backup properly
Your funds are properly secured by a hardware wallet like the BitBox02, created by engineers that never take off their paranoid tinfoil hat? That’s great!
But don’t forget about your backup. While your private keys to control your coins are heavily protected inside the hardware wallet, a standard backup allows anyone to take over your coins on a different wallet. It’s safe to say that the physical security of your backup is more important than that of your hardware wallet.
Depending on how much money there is in your wallet, choose an appropriate location for your backup:
- a locked drawer
- a personal safe at home
- a safety deposit box
To make sure that nobody gained undetected access to your backup, storing it in a Tamper-evident security bag is recommended. You still need to keep your backup it safe, and separate from the hardware wallet, but you can check anytime that it has not been accessed.
Main takeaway: The appropriate storage location depends on the funds secured. The total value can increase very quickly, so it's good to err on the safe side.
Mistake #5: Not verifying the integrity of your backup from time to time
Your backup is stored somewhere safe. And you know you don’t need to update it as it also covers all future transactions in your wallet. All good?
It’s best practice to revisit your backup from time to time. With the BitBox02, you can safely put the microSD card directly into the hardware wallet and verify the integrity of your backup in the BitBoxApp.
With a handwritten recovery word backup, there’s no easy check to verify if it still works (because you shouldn’t put it on any networked device). The main thing here is to make sure that you can still find it, and that nobody accessed it.
Main takeaway: Checking in on your backup once or twice a year is good practice and gives you the assurance that you can recover your hard-earned money any time.
Bitcoin backups are a bit confusing at first, but if you know what you are actually backing up, and how sensitive that secret information is, then you can easily avoid the 5 mistakes described here.
We will cover more advanced topics in a follow-up article, like securing your backup with an additional passphrase, or splitting your backups into multiple parts.
BitBox backup solutions
With the BitBox02 hardware wallet you have everything you need to properly secure your funds. But how can you improve the security of your backup? We have thought of a few additional options depending on your specific needs.
You can find more details on our Backup solutions page.
Check out our online store, we ship worldwide!
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.