Metal Bitcoin Seed Storage Stress Test

Storing wealth with private keys has changed the game when it comes to financial sovereignty. On one hand, they make it easy to store and transport. On the other hand, they make it easy to lose. Since private keys are just data, there are many ways to store a wallet seed — you’re only really limited by your creativity.

Recent example of someone creating their own cold storage solution: https://www.reddit.com/r/Bitcoin/comments/8oikd5/cold_storage_idea/

When you’re designing a cold storage solution, there are many potential loss vectors you should factor into your design. Here’s a high level overview:

Loss Via Destruction / Degradation

In terms of protection against fire, melting point is a consideration.

As we can see in the below video, aluminum isn’t great because it could melt in a house fire, copper is decent, but brass is best. Not shown in this video is stainless steel which has an even higher melting point.

But fire is not the only consideration. What about corrosion resistance? Events such as flooding or just long term humidity could make it impossible to read the characters on your backup.

Stainless steel seems to be the best readily-available metal for this application, but what might we expect in the future? Metallic glass / amorphous metals are actually more durable and resistant to corrosion than your standard crystalline metals.

Finally, you should also think about crush resistance — what if a fire or other disaster results in your backup being crushed under the weight of tons of debris?

Loss Via Physical Attack

You’ll want to physically secure against someone finding your seed phrase. If your phrase is an unencrypted seed for a single signature wallet, then an attacker finding it is a catastrophic loss scenario. You can mitigate this attack by either securing your data with an additional passphrase as described in BIP38 or BIP39 or you can “shard” your metal backups. That is, split your data into N different parts and put one part on a different metal device that you store in a unique physical location. For redundancy you’ll want these pieces of data to overlap a bit so that losing a device won’t prevent you from recovering all of the data you need.

Other Loss Vectors

Storing a single private key is not as safe as storing a 12 or 24 word HD seed. This is due to a potential loss scenario if you don’t sweep the entire wallet and much of the value goes to a change address for which you don’t save the private key.

The common advice for wallet users is to never store your wallet seeds in a digital form. This is sound advice because the average user would be prone to either accidentally putting the digital file online where it could get compromised, or they may get malware on their computer that steals it, or they may simply not back up their device data and one day it dies or they throw it away without realizing that they should have backed up the data.

Essentially, ignorance and laziness are vectors worth considering — you are probably your own worst enemy unless you are well versed with and strict about maintaining top notch IT best practices. Don’t end up like James:

Popular Retail Cold Storage Devices

Billfodl: Stainless steel device that comes with prefabricated letters. Makes some pretty strong security claims.

Cryptosteel: Stainless steel device that comes with prefabricated letters. Claims to be fireproof up to 2,100°F. The Billfodl uses the same design.

Crypto Key Stack: Black anodized stainless steel plates offer fire protection up to 2,200°F — twice the average temperature of a house fire. Also claims to be waterproof and rustproof. Comes with its own engraver.

ColdTi: Claims to be fireproof, waterproof, timeproof, tamper resistant, very high melting point, extreme durability.

Bitkee: Claims ~3000°F melting point, corrosion resistant. Composed of grade 2 Titanium, ASTM B265, Rockwell B 65, 40K psi. “A bitkee is durable, fireproof, waterproof, corrosion resistant, and invulnerable to software and hardware crashes.”

I will note that when ordering the Bitkee the order email ended up in my spam folder. I ended up having to ping them manually to finalize the order.

There are a number of other products that I didn’t end up testing:

Bitcoin Firesafe: I filled out the contact form to inquire about purchasing one but never heard back.

CryptoHex: given the unique nature of this product I was really interested to try it, but it’s a Kickstarter that hasn’t started shipping yet. I reached out via email and received a reply back promising to ship a device for testing, but due to problems with customs did not receive it in time to test.

Cryo Card: seems to be permanently out of stock.

Blockplate: also permanently out of stock.

SeedSteel: Unfortunately I didn’t learn about it until after the tests were over.

The HODL wallet: Looks like yet another rebranded Cryptosteel; didn’t see the need to test 3 of the same wallet design.

You can also follow instructions at Bulletproof Bitcoin to build your own solution and save a few bucks. I decided I was more interested in the products that are being marketed as being specifically for storing crypto asset keys.

Creating the Wallets

Billfodl: Very easy to set up, just requires a flathead screwdriver to unlock and start sliding in the laser engraved stainless steel letters. It took me a few minutes to figure out how to actually unlock the gate in order to slide in the letters since there were no instructions provided.

Cryptosteel: Exact same as Billfodl, just requires a flathead screwdriver to unlock and start sliding in the pre-stamped metal pieces. I will note that the steel letters are not quite as nice as those provided with the Billfodl. This is because they are stamped on each side which results in the steel pieces being slightly curved; some of them are sufficiently curved as to be more difficult to slide into the slots of the wallet. The Billfodl letters are laser engraved rather than stamped, thus the pieces are completely flat. This is the only noticeable difference between the two products.

Crypto Key Stack: You can either engrave or stamp your seeds onto these stainless steel cards. Engraving was pretty easy, though the granularity of the engraver leaves a bit to be desired — it would be easy to screw up a letter in a way that makes it ambiguous to read, such as a B versus an 8 or 1 versus l.

Engraving (top) versus stamping (bottom)

Stamping was the most difficult of all the processes. I bought this stamp set and this steel block as a workbench on Amazon. The metal stamping rods were slippery and smelled of oil, so I wiped them down. Even after this it was difficult to hold onto them because I have pretty sweaty hands. I started off by using a rubber mallet with the hope that it would be easier to control, less painful on my ears, and less likely to injure my other hand if I missed. Unfortunately, the rubber mallet absorbed a lot of the energy and I was left with fairly light stamps and a bunch of tiny rubber pieces on the table.

Switching to a real hammer was aurally painful, but did the job a whole lot better. I quickly learned that the best method was to line everything up and make a single swift strike so as to avoid double stamping, which you can see examples of above.

I’d also note that these stamps would have an improved user experience if they had the letter printed on the head of the stamp so that you were 100% sure you had the orientation right before you begin hammering. I ended up stamping a few letters with the wrong rotation, and of course there was no fixing those mistakes.

ColdTi: I felt like the space was cramped. I know you only need the first 4 letters of a word but I feel safer if you can write the whole word. Also, reading the etched letters was harder than on the Crypto Key Stack because there was no contrast against the background. Stamping seems to be the way to go here.

ColdTI, stamped (left) and etched (right)

Bitkee: No setup required because it came with the keys already laser engraved on the metal. Crisp and clean! One thing worth noting is that you should only use their service to create BIP38 or BIP39 encrypted backups. That is, private key data that requires a password (that you don’t give to Bitkee) to access. Otherwise, Bitkee becomes a trusted third party and you’re hoping that they don’t keep your private keys and steal your money at some point in time in the future.

Stress Test: Heat

I purchased a butane torch on Amazon that is capable of achieving 2,500° F. It’s important to note that the average house fire temperature is around 1,100° F, so this test is stressing the wallets at double the strength of the most common threat.

Billfodl: Unfortunately the heat managed to warp the tray enough to loosen the letters and a bunch of them fell out. While the device itself remained intact, I have to consider this a catastrophic failure.

Cryptosteel: Held up quite well and almost all of the letters stayed in their slots. Perhaps this is the trade-off to be made for better heat resistance — it’s more difficult to get the letters into the slots but as a result it’s also less likely that they’ll fall out under stress. Nevertheless, some letters did fall out and I also consider this to be a catastrophic failure due to data loss.

ColdTi: The screw to which I was applying the flame actually melted and could no longer be turned. I opened it via the other screw to discover that the engraved words were completely lost at the point of heat application. Stamped words were still visible. So that’s a catastrophic failure for engraved seeds on the ColdTi. More reason to only use stamping with this product.

ColdTI screw failure under heat
ColdTI heat failure

Crypto Key Stack: The screw near the heat deformed slightly and was very hard to unscrew, but I managed to loosen it with pliers. I really don’t like how small the heads on the screws are; I think products like this should use pretty heavy duty hardware.

It’s hard to see due to the angle but the stamps are also quite visible.

Bitkee: Held up to heat extremely well. Only noticeable difference was some additional coloration on the metal.

After being exposed to 20+ minutes of 2,500° F heat:

Stress Test: Corrosion

Corrosion is a process that normally occurs over months and years of exposure to the elements, but I didn’t have that much time to devote to this test. It turns out there are several ways to accelerate corrosion.

I began by scraping all of the wallets with sandpaper to try to etch them and remote any protective coatings.

Then I dumped them into a bucket of muriatic acid for half an hour. I also threw in a bunch of pre-1982 high copper content pennies because I read that copper would accelerate the process. I immediately saw a bunch of bubbling occurring and knew that something was corroding.

Once the bubbling calmed down and the acid became clear again it was obvious what had corroded — the screws holding the ColdTi together had completely dissolved!

ColdTI with dissolved screws

Then I pulled the wallets out, washed and dried them, and coated them with a spray of salt and hydrogen peroxide. This resulted in some rust forming but it wasn’t nearly as impressive as the results from the acid.

Stress Test: Crushing

After asking around to see if anyone had access to a streamroller or heavy equipment capable of exerting a lot of force, I was fortunate to find someone who had access to the Duke Physics department’s machine shop. There they have a hydraulic press capable of creating 20 tons of force.

Unsurprisingly it turns out that none of these devices are so strong that they can withstand 20 tons of force without deforming. But for the purpose of these tests we’re not interested in the deformation so much as whether or not it leads to data loss.

Billfodl & Cryptosteel: These devices were the most resistant to crushing in terms of the overall device. However, they are not nearly as robust when it comes to handling deformation of the device without suffering from data loss. Once again, the rail-based design of these devices results in them suffering from data loss more easily, because even slight deformation results in letters falling out of their slots. By the time I pried them back open, pretty much all of the letters had fallen out.

Crypto Key Stack: Performed admirably under pressure, and after prying the layers back apart I was still able to read all of the data off them.

ColdTi: Deformed but did not result in additional data loss compared to the heat test failure.

Bitkee: Deformed but didn’t lose any data readability.

Results & Rankings

This is not a rigorous scientific rating system, but rather just my subjective ratings based upon how well the devices performed relative to each other and to my own expectations.

Bitkee and Crypto Key Stack are the clear winners in my opinion. I had high hopes for Crypto Key Stack from the start but Bitkee surprised me, mainly because I expected that having the data exposed on an exterior surface would make it more likely to be destroyed by various stresses. I underestimated the robustness of the laser etching.

The Optimal Solution

It’s pretty clear that none of the available storage devices are perfect. If I were to design a metal storage device, I’d buy 3" sections of these 3" diameter grade 2 titanium rods and going around the curved side I’d etch the data multiple times with a diamond engraver, with a laser engraver, and with a stamp. This would provide an incredible level of robustness and redundancy while being quite simple.

However, I’ve never actually used physical devices like this for my own needs. My personal solution is fully digitized because I can achieve the highest level of security and redundancy with cryptographic tools. The downside is that it takes a lot of technical sophistication and effort to achieve. I’ll go into more details about that in a future post.

Long term I expect that having to maintain recovery seeds is beyond the ability / interest of the average person. I hope that seedless wallet recovery becomes a standard; here are a few thoughts I gave on the subject at a recent conference: