Bitcoin best practices

Beware of scammers!

First rule. . . as much as I hate to say it, the bitcoin industry is full of scammers! At least in the low end of the market. Bitcoin transactions cannot be reversed which makes bitcoin attractive from a scammer's point of view. So if someone is selling you a high priced item like a car or something and he wants you forward bitcoins first, he's probably scamming you. Basically, anything that feels weird, don't do.

Also, watch out for "scamcoins". Onecoin or Bitclub comes to mind, but there are others. These perpetrators try to get you to "invest" in their worthless currency while giving you little in return. So if if it feels like someone is using "sales tactics" to peddle a coin you never heard of, beware. Basically, beware of advice from someone that makes money off of that advice.

"Consensus" agreements on reddit are usually pretty good about identifying "scamcoins". Reddit is pretty good source that I like to use.

If you're new to bitcoin, buy them from these 2 well-known services

  1. Coinbase - it's the "PayPal" of bitcoin. It's a well known, highly regulated company with a decent wallet app that insures your holdings from hacking and theft.
  2. "Bitcoin ATMs" - Find the ATM that's closest to you with the best fee. It will usually be in in a relatively safe convenience store or public place. And it's a machine, so you know you won't get ripped off.

If you do choose to buy bitcoins from a local dealer, pay close attention to the length of a person's track record

Some people choose to use or Paxful to buy bitcoins for privacy reasons. If you do, choose the dealer that's been there the longest with a good satisfaction score. Optimize for safety on this option because of all the damn scammers in the business. Charlie Munger said it best: Stay away from garages on big highways. Such mechanics know they'll never see you again. Go to a neighborhood garage, where word-of-mouth serves as advertising.

Promises are irrelevant. Track records are mega-important. And you can carry this heuristic into life. If someone making lots of promises but has a long history of idiocy, ignore him. You will occasionally be wrong occasionally with this heuristic, but in the long run you'll be better off.

Choose your bitcoin wallet app wisely

I wrote a mini-article describing the pros and cons of this. But the short answer is is to choose the Coinbase app if you are new and Mycellium or Electrum if you desire privacy. Be sure to backup properly with the mycellium/electrum option!

Keep good backups

Most crypto-currency apps make you backup your bitcoin keys, usually by writing a long list of words on a piece of paper ("horse battery cart staple. . ."). This list of words is called a "seed".


  1. Keep the backup private - if someone steals that piece of paper (the seed) they can steal your bitcoins.
  2. The unencrypted seed is meant to stay OFF the internet. Don't email it to yourself, don't take a picture of it with your cell phone, don't put it in your dropbox. At least, in unencrypted form. Also, keep the seed in a safe or some other such place and make sure no one has physical access to this location.

Remember, bitcoin isn't a credit card. If someone goes on a shopping spree with your bitcoins, there is no one can reverse the charge. Once they're gone, they're gone.

If you have a lot of bitcoins, seriously, get a Trezor

A trezor is a bitcoin "safe" designed to store your bitcoins offline. This makes them impervious to hack attacks. The private keys never leave the trezor, so they stay private even if your computer gets hacked through a virus. The only "hack" is to physically steal the damn thing. Anyone using crypto-currencies as a long term investment should get one, and they're only $99. Trezor's can store not only bitcoins, but a variety of other crypto-currencies such as ethereum, dash, zcash, and any other ethereum-based tokens that support the ERC-20 token standard. So you can store any of the DAOs that are the rage these days (golem, augur, aragaon, etc).

Use good password security

The palest ink is better than the best memory - Chinese Proverb
Most people choose hard-to-remember, but easily guessable passwords (for a computer anyway):
xkcd password strength

Diceware is a pretty good system for creating strong passwords that are hard to hack. The "tldr" is that you should combine 5 or more non-related words ("horse cart battery staple. . .") together. This is very much like the words in a "seed" file. Then create a silly sentence with it in your head. This is very random, very safe, easier to remember, and hard to hack.

Remember, you're still likely to forget a password for 5 or more words, especially if you don't use it everyday. So write it down on a piece of paper and put it somewhere safe, away from prying eyes. A bank safe deposit box is a good option. Dropbox and emails are a big no-no because it's prone to getting hacked or viewed by someone else.

Use 2-factor authentication when you can

2-factor authentication is a system where need your password and a code on your cell phone to login to your account. It's a bit of hassle, but it is much harder for to hack. Wikipedia has a good description of how 2-factor works.

Side note: It might be a good idea to put 2-factor authentication on your email system as well, while you're at it. Hackers are sometimes able to hack bitcoins when they have the target's email system.