Sovereign Scorecard

Your Bitcoin is held by a third party (like Coinbase, Kraken, or Binance). You don't control the private keys - the exchange does. If the exchange gets hacked, goes bankrupt, or freezes your account, you could lose access to your funds.

A wallet app on your phone or computer that's connected to the internet. You control the keys, but since it's online, it's more vulnerable to hackers and malware. Good for small amounts you spend regularly.

A dedicated physical device that stores your private keys offline (cold storage). Your keys never touch the internet, making it extremely secure. Required to physically press buttons on the device to approve transactions.

Requires multiple keys (e.g., 2-of-3 or 3-of-5) to authorize a transaction. Even if one key is compromised or lost, your Bitcoin remains safe. The gold standard for securing significant amounts.

Without a backup of your 12 or 24-word seed phrase, if your wallet device is lost, stolen, or breaks, your Bitcoin is gone forever. There is no recovery option without the seed phrase.

Storing your seed phrase in a text file, notes app, email, or cloud storage. While convenient, this is highly vulnerable - your computer can be hacked, cloud accounts can be breached, and photos can sync to compromised services.

Writing your seed phrase on paper and storing it securely. Better than digital, but paper can be destroyed by fire, water, or fade over time. Consider laminating and storing in multiple secure locations.

Stamping or engraving your seed phrase onto stainless steel or titanium plates. Survives fire (up to 1500°C), floods, and decades of storage. The most durable backup method available.

Using only a password to protect your account. If your password is leaked in a data breach or guessed, attackers have full access to your account and can steal your funds immediately.

Receiving a code via text message. Better than nothing, but vulnerable to SIM swap attacks where criminals convince your phone carrier to transfer your number to their SIM card, intercepting all your codes.

Apps that generate time-based codes (TOTP) on your phone. Much more secure than SMS since codes are generated locally and can't be intercepted. Make sure to back up your authenticator seeds.

A physical USB or NFC device that you must physically plug in or tap to authenticate. Phishing-resistant because it cryptographically verifies the website is legitimate. The most secure 2FA method available.

Using the same password across multiple sites. When any one site is breached (which happens constantly), attackers automatically try your credentials on crypto exchanges and financial sites.

Using different passwords for each site but trying to remember them all. Better than reusing, but leads to weak passwords or writing them down insecurely. A password manager is strongly recommended.

Software that generates and securely stores unique, strong passwords for every account. You only need to remember one master password. Most security experts consider this essential for everyone.

You rely on third-party servers to verify your transactions and check your balance. This means trusting that they're showing you accurate information and not tracking your activity. Works, but isn't sovereign.

You understand the importance and are considering setting one up. Modern node solutions have made this much easier than before - many are plug-and-play devices or simple software installations.

You verify every transaction and block yourself, trusting no third party. You're contributing to Bitcoin's decentralization and security. Your wallet connects directly to your node for maximum privacy.

All your transactions are fully traceable on the public blockchain. Chain analysis companies can link your purchases, income, and holdings. This data is sold to governments and corporations.

Using a fresh receiving address for each transaction. This is basic privacy hygiene that prevents casual observers from tracking all your transactions. Most modern wallets do this automatically.

Hiding your IP address when broadcasting transactions or checking balances. Prevents your internet provider and network observers from knowing you use Bitcoin. Tor is stronger than VPN for this purpose.

A technique where multiple users combine their transactions, making it difficult to trace which inputs correspond to which outputs. Breaks the chain of transaction history for improved on-chain privacy.

You don't discuss your Bitcoin holdings with anyone. This is the strongest operational security (OPSEC) position, eliminating social engineering and physical attack vectors entirely.

Only your spouse or immediate family knows. This is reasonable for inheritance planning purposes, but ensure they understand the importance of discretion and have the knowledge to access funds if needed.

Friends or acquaintances know you hold Bitcoin. Information spreads - friends tell other friends, and social dynamics change if they perceive you as wealthy. This increases your attack surface.

You've posted about your holdings on social media, at work, or in public forums. This makes you a potential target for sophisticated phishing, social engineering, SIM swap attacks, and even physical threats.

If something happens to you, your Bitcoin could be lost forever. Unlike bank accounts, there's no institution to recover Bitcoin - if no one knows your keys, the coins are gone permanently.

You've told someone about your Bitcoin verbally but haven't documented anything. People forget details, especially under stress. Written documentation with clear steps is essential for heirs to actually recover funds.

You have written instructions, potentially with a lawyer or in a secure location, explaining how to access your Bitcoin. This may include seed phrase locations, wallet instructions, and step-by-step recovery procedures.