💸 Cryptos storage & Transmission 💀 ✅ The safest method ☔

24 min readSep 21, 2022

To safely store my crypto assets (also called coins or tokens), as an individual, I experienced a lot of existing strategies, and never found a satisfying one. But I deducted a smart mix. In 2012 bitcoin was worth $20, now bitcoin is worth circa $20,000. For you who own personally at least 0.1 bitcoin or 1 ether and just hodl it (or apply dollar cost averaging) for the next decades, this tutorial is useful. I will explain how to store your cryptos assets with the following features:

Unique wallet
Multi-accounts (several public addresses) and multi-coins (Bitcoin Blockchain, Ethereum Blockchain…)
Have sole control of your cryptos: non-custodial wallet fully managed by yourself (you can send and receive the amount you decide, without any limits nor KYC forms to fill)
Safety for your funds for the next decades, even if your house burns
Easy daily use: sign transactions and spend your cryptos from all your accounts with a unique 6-digit PIN code which is recoverable if you forget it
Automatically transfer your cryptos to your heirs as soon as you pass away (let’s name them Alice and Bob for our example)
No technical skills required
Not expansive, the budget is $200, and zero recurring fees for the next decades.

If you hurry, you can jump to the second part ✅The full method (2 pages of reading).

❌ 1. Problems with existing methods

If you store your crypto assets in a centralized exchange (CEX) like Binance or banks like Revolut, you always need to comply with the new rules of the platform: new monthly deposit/withdrawal limit, change password, add 2FA, convert an unlisted asset to another asset. Among all these emails you receive monthly, some are fishing scams, and by mistake, you will give your password to a hacker who will connect to your account and steal your funds. Also, you need to store on your side a login/password. Finally, if the company is hacked or terminated, you will lose everything.

As a middle/long-term holder, the safest way is to store your crypto assets in the Blockchain and secure them by a single 24-word recovery phrase, also called BIP39 "mnemonic" or "seed" or "secret phrase” or “recovery phrase”. Words order matters:

1:suffer 2:short 3:hour 4:husband 5:gain 6:cube 7:fossil 8:suspect 9:chief 10:fan 11:market 12:wave 13:meat 14:receive 15:eyebrow 16:useful 17:toward 18:impulse 19:banana 20:wine 21:creek 22:mushroom 23:supply 24:copper

Each word is picked from a 2048-words dictionary. The probability for someone to guess your 24 words is 1 on (2048²³×8) = 1 on 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 .This massive 78-digit number, comparable to the atoms quantity in the universe, ensures an impossible brute-force attack. Why not simply 1 on 2048²⁴? Because the 24th word is a checksum.

6 first accounts for 2 coins (bitcoin and ether), deterministically generated by a unique 24-word mnemonic.

With this secret mnemonic, you immediately own plenty of derived accounts for all Blockchains: Bitcoin, Ethereum, Solana, CosmosHub,… These accounts are pseudonyms on the Blockchain, which means everybody can see balances and transactions, but nobody can know who the owner is. With the entire 24-word mnemonic, you can spend or exchange assets on the Blockchain. If you just lose 3 words, your funds are still visible, but impossible to move. So your cryptos are lost forever, definitely burnt. But how to safely store these so precious 24 words? It exists a lot of hot wallets (online like mobile and desktop apps) or cold wallets (offline like paper and steel). Let’s examine them.

📲 Problem with mobile wallets (Trust Wallet, Unstoppable Wallet…) and with desktop wallets (MetaMask🦊, Keplr…)

These hot wallets are open-source, which means trustable because the whole developers’ community is constantly watching and checking the code. But a malicious keylogger installed on your Android or Windows can easily read your Trust Wallet mobile PIN code or your MetaMask password when you type it and then this keylogger can access your 24 words. Also, both Android and Windows storages are not systematically encrypted, so a brute-force attack on your MetaMask or Trust Wallet files can find your PIN or password.

Have in mind that Apple Operating Systems iOS, iPadOS, and macOS are more secure.

Non-modified iOS (which means native non-jailbroken iOS) is the safest mainstream mobile OS nowadays, because each app is isolated, and there are just very limited bridges between apps. iOS forbids any request from an app to control another app and just authorizes a few accesses to files or photos or broadcasting display with a red alert. Impossible for a keylogger to read keystrokes, read the data belonging to another app, or take screenshots of your 24 words when you display them on Trust Wallet mobile app. Also, the only way to decrypt storage on iOS is a huge key impossible to find by brute-force attack, or a 6-digit PIN available since iOS 9, which erases whole storage after 10 wrong tries. ⚠ I recommend not installing configuration profiles, neither third-party software keyboards, neither unknown calendars links, and neither bridges to unverified apps like TestFlight or AltStore.

Even if a mobile wallet installed on your daily iPhone is a quite good strategy to discover the crypto universe with a small amount of money, some problems subsist:

FaceID/TouchID: easy to scan your face or apply your finger when you sleep.
PIN entry: easy to see your fingers’ movement above your shoulder when you unlock it daily.
iPhone is always connected to the Internet and both your Trust Wallet mobile app and Apple iOS could potentially be remotely hacked if security updates are not quickly applied.
iPhone broken: you lose your seed and your cryptos.
The responsible who is posting wallet app updates of the App Store introduces a hack in the latest update: your seed is sent to the hacker after the next wallet auto-update.

Non-modified macOS is potentially more secure because this OS lets you refuse when a program requests access to monitor the keyboard, to record the screen, to the storage, to Automation and Developer Tools (means controlling others apps) or to the accessibility (means full access). But anyway, on macOS there are a lot of layers of intermediates to trust: the publisher of macOS (Apple), the publisher of Chrome web browser (Google), the publisher of Chrome extension (MetaMask community), and all publishers of installed apps that have access to the keyboard, the screen, or the storage.

Unlike Windows, macOS allows precise control of third-party application rights.

🔥 Problem with a single hardware wallet (Ledger, Trezor...)

Having a Ledger hardware wallet is a good start, but we need more. Indeed, Ledger invites you to write down your 24 words on a paper sheet as a backup in case you accidentally destroy or lose your Ledger hardware. But if a fire occurs in your home, both your Ledger hardware and your paper are gone, so all your cryptos are lost forever. If you put this precious paper in a bank safe, then you give your cryptos to your bank, safer going back to fiat money (dollars or euros). Not your words, not your coins. And not to mention the safe servicing fees.

🔩 Problem with a steel cold wallet

Ok, an engraved steel wallet could resist fire at home. But the first burglar who finds it during your vacations will instantly steal all your cryptos. Storing to the bank safe? Same problem as mentioned above. Ok, you can bury it, but not sure you will remember where it is, and the logistics for just glancing at your 24 words is backbreaking and deal breaking.

Steel cold wallet: the best way to offer your 24 words and your cryptos to the first burglar 🤯

🗄️ Problem with multi-wallets

Currently, most individuals use different wallets to store their crypto, for example:

0.1 bitcoin on MetaMask Chrome ext. with a first mnemonic (24 words)
0.3 ethers on MyEtherWallet mobile with a second mnemonic
540 USDT on Unstoppable Wallet mobile with a third mnemonic.
125 ATOM on Keplr Chrome ext. with a fourth mnemonic.

Ok I agree, if someone steals one mnemonic, he has only access to a fraction of your assets, not all. But in this case, you have to hide and protect not one, but 4 mnemonics with all the security problems listed above. Then a fire or housebreaking happens in your home and all devices and crypto are lost. Another way is to save these 4 mnemonics in a password manager as the MetaMask community recommends. It means you must memorize a complex 12 characters password to access these data. Also, you have to trust 5 publishers: the password manager publisher plus the 4 hot wallet publishers, who can potentially be hacked. Once you stop to pay password manager servicing, you lose your seeds. If a fire occurs in the data center of this password manager, you lose your seeds. Finally, you have no way to transfer your assets once you pass away.

💀 Problem with digital will executor

On top of that, as soon as you passed away, your cryptos will be burnt forever, because nobody knows your passwords or where you’ve buried your steel wallet. Indeed, without all 24 words, nobody can access anymore to your bitcoin, which may be valued at $1M within the next decades. So, some individuals name a digital will executor and give him a detailed plan to access crypto assets. The huge difference between that plan and the current method detailed below is the confidentiality of your 24 words. With a digital executor, your assets are under the control of someone else, who can be hacked, broken into, or disappear. Not your words, not your coins.

✂ Problem with splitting your 24 words

Let’s split your seed by 3 and give 24/3 = 8 words to Alice, 8 words to Bob, and 8 words you keep. So, if Alice loses her 8 words, all your crypto assets are lost: bad idea. Another option, creating redundancy by splitting your 24 words with 3 cards of 16 words like these:

Your card: suffer XXXX hour husband gain XXXX fossil XXXX XXXX XXXX market wave meat receive eyebrow useful XXXX impulse banana wine XXXX XXXX supply copperAlice’s card: XXXX short hour XXXX XXXX cube fossil suspect chief fan market XXXX meat receive eyebrow XXXX toward impulse banana XXXX creek mushroom XXXX XXXXBob’s card: suffer short XXXX husband gain cube XXXX suspect chief fan XXXX wave XXXX XXXX XXXX useful toward XXXX XXXX wine creek mushroom supply copper

In this case, Bob alone can’t access your cryptos, because trying all combinations of 8 remaining words (2048⁸) will take him 3 million years. But Alice and Bob together can for sure (or you with Alice, or you with Bob). Even if you trust them, you don’t want to delegate control of your cryptos as long as you’re alive. Not your words, not your coins. Also this method is poorly scalable when your wealth grows.

✍️ Problem with multi-signatures wallet

It’s possible to set up a multi-sig public address for your bitcoins and ethers. This address is linked to 3 other addresses, and when you want to spend assets from the multi-sig address, 2 persons on 3 are required to sign together at the same time. So, you need crypto fans among your family members, and you will request at least 1 of them each time you want to send/spend any ether, bitcoin, or other cryptos, a headache! Moreover, You still need to handle 24 words for your signature, and the 2 other persons likewise. With such high technical skills required, this way is dedicated to businesses, not to individuals.

⛅ Problem with cloud storage

You can store your mnemonic in cloud storage like GoogleDrive. Basically, if your account is hacked, you lose everything. The smartest method suggested by CryptoFlashFrance is the following:

You store your 24 words in an encrypted file.kdbx with the open-source KeePass application

I personally mention 2 other open-source alternatives to this method: 7-Zip (file.7z) and VeraCrypt (file.hc). Others closed-source options like Word, Excel, PDF, and BitLocker have also a strong AES 256-bit encryption but nobody have access to verify the source code. Also, the latest macOS version of Word/Excel 16.67 doesn’t accept more than 15 characters for the password (while all Windows versions of Word/Excel accept 255 chars since 2016).

You spread the file.kdbx in all your cloud iCloud + OneDrive + GoogleDrive.
Your password used to encrypt with KeePass is hard to memorize because it requires at least 14 random ASCII characters to be secure, so you spread it into a random note hosted in three password managers 1Password + Bitwarden + Dashlane.
To avoid spyware when you read your 24 words, you will use a USB bootable Windows to run KeePass and open your file.kdbx.

This method is interesting, one of the best I have seen so far, especially for IT specialists. The flaws are:

Nothing is checking that you don’t make a mistake when you copy your 24 words from your generator on mobile or Ledger. You just type freely in the KeePass app on your PC, so if a mistake happens during this process, your funds are still not safe.
The intermediates to trust: KeePass is an offline software, so it was not submitted to a lot of hackers to prove its robustness
Also, if the password manager company is hacked, the hacker has both access to your clouds and to your file.kdbx containing your mnemonic.

In case you choose to locally encrypt your 24 words, a password ≥ 14 ASCII characters is recommended.

✅ 2. The full method

You will create your personal “mini-Cloud”, having your cryptos access (Ledger Nano S) cloned in 3 different physical places for redundancy, and PIN-protected. A free Google service offers an online backup for your PIN code and an automatic sending system after your death.

So, you’ll make daily transactions with an online Ledger Nano S which never sends nor displays your 24 words. In emergency cases, you’ll set up a new Ledger Nano S by reading your 24 words on an offline PIN-protected iPhone.

This “mini-Cloud” has zero maintenance and zero monthly fees, which means fewer constraints than centralized services as explained in the first part. So, you will need:

🔑 to define a 6-digit PIN that you will use every day, not easy to guess (not your birth date, nor 000000, nor your usual phone unlock code…)
📱 an old/useless or renewed/refurbished iPhone with at least iOS 13
🔒 three Ledger Nano S Plus ($79 cost each one) or Ledger Nano S
📧 an active Google Account: Gmail or YouTube or Google Drive…
📧 a secondary email address: Gmail or other
👩 Alice (the first family member) living in a separate place
👨 Bob (the second family member) living in another separate place.

📱 Why an old iPhone?

We’ll create a PIN-protected cold wallet. As explained above, the old iPhone is the best balance between high security and affordable cost. We’ll turn the old iPhone into an offline safe, into PIN-protected storage for the 24-word mnemonic. The first function is to safely protect your 24 words. The second function is to display your 24 words in an emergency to input it in a new Ledger Nano S. To push security further, we’ll set the 6-digit PIN to unlock the iPhone (it wipes all data after 10 wrong tries) and the same PIN also to unlock the Unstoppable Wallet application (it delays each new try exponentially after a wrong input). This way, if you’re old iPhone is lying around unlocked, the wallet app remains locked. Also, we’ll disconnect each wireless connectivity to step up security.

❌ First, I recommend an iPhone with supported iOS updates (currently iOS 13 = iPhone 6S). We’ll wipe your old iPhone: Settings > General > Reset on the very bottom > Erase All Content and Settings. Then apply a minimalist setup: enter your 6-digit PIN and don’t log in to Apple ID or iCloud. Update iOS. Open App Store. Download the Unstoppable Wallet app. Apple will require you to sign in with your Apple ID for this download. Then sign out from App Store: Settings > Apple ID on the top > Media & Purchases > Sign Out.
🚨 Then forget all Wi-Fi networks, forget all Bluetooth devices, turn off Wi-Fi, and turn off Bluetooth. Remove the SIM card, delete all eSIMs, and remove all Data Plans in Settings > Cellular/Mobile Data. Turn on Airplane Mode. Because it’s easy for someone around you to unlock your phone when you’re sleeping, go to Settings > FaceID/TouchID & Passcode > Turn off all FaceID/TouchID options. To limit battery drain, go to Settings > Battery > Turn on Low Power Mode. Turn on Erase Data setting at the very bottom of this menu, to erase all data after 10 failed PIN attempts. Finally, to avoid Wallet app auto-updating (in case of a wallet app update would have been hacked), go to Settings > App Store > Turn off App Updates and In-App Content.
🔒 Next open Unstoppable Wallet app > Settings > Security Center > Turn on Passcode > Enter your 6-digit PIN and confirm. Again, no FaceID. Then Settings > Manage Wallets > Create > Select 24 words and leave Passphrase off > Create. Done, your 24 words are created.
👀 Each time you need to read your 24 words as an emergency, you turn on your old iPhone (maybe you need to charge it), and you check that all wireless connections are still disabled. Then run Unstoppable Wallet app > Settings > Manage Wallets > tap the {…} button on the right of Wallet 1> Backup Phrase > Show. Unlock with your PIN, and your 24 words are displayed! And you noticed that your mnemonic remains 100% offline, and is never written on paper nor in a simple text file recoverable. Close the app and don’t forget to clean your fingerprints on the screen after powering off.

Now your 24 words are generated and PIN-protected, we can configure the 3 Ledger Nano S clones. In case your old iPhone is stolen, the potential burglar has a probability of 1/100,000 to unlock it (because he has 10 trials — of a number picked in a range from 000000 to 999999 — before full erasure).

🔒 Why a Ledger Nano S Plus?

Bitcoins, ethers, and other crypto assets are never stored on your Ledger or on any software wallet. Assets are stored on the Blockchain. Ledger only stores your 24 words in an encrypted and PIN-protected chipset and sends “agreements” to the network when you commit a spending transaction. These encrypted agreements derivate from your 24 words, it proves that you own it, but never discloses it. The internal chipset works as a Smart card: reputed impossible to tear down, it never displays your mnemonic, nor sends it to the network, and wipes your 24 words after 3 wrong PIN tries. Two models of Ledger exist.

Ledger Nano X is a Bluetooth version with a Li-ion battery. First, it’s more expensive than the wired Leger Nano S Plus which connects through USB-C. More importantly, within 3–5 years, the deeply discharged battery of Nano X will pluff up or leak, that’s may damage electronic components containing your 24 words. So, I don’t recommend hardware wallets powered by batteries.

Ledger Nano S Plus (or Nano S the previous model) has 1 small display, 2 buttons, and USB-C for power and connection. I trust and recommend this device because it’s minimalist and dedicated to performing two main features: memorizing your 24 words and committing transactions via USB. Being dedicated often means being more secure and reliable.

Ledger Nano S is a PIN-protected device that never discloses your mnemonic but uses it to spend your cryptos.

By default, the Ledger Nano asks for a 4-digit PIN, so a potential burglar will just try three times a 4-digit PIN then Ledger Nano will self-erase. Assuming the burglar knows that your PIN is 6-digit, his probability to find your PIN code is 3/1,000,000 (because he has 3 trials — of a number picked in a range from 000000 to 999999 — before full self-erasure).

First, be sure to order a genuine Ledger from their official website or from their official Amazon store. In case you have a doubt, check these instructions. Then your three Ledger Nano S setup is quite easy, just enter your 6-digit defined PIN, then enter the mnemonic defined with Unstoppable Wallet on your old iPhone. No fear about a potential mistake during the input, Ledger will notify you if any word is wrong because the 24 words contain a checksum (as an IBAN does). Simply repeat this setup on Alice’s Ledger and Bob’s Ledger, then hand them over. Now let’s backup your 6-digit PIN.

📧 Why an active Gmail or Google service?

Google is currently the only BigTech that offers a customizable digital legacy service for free. Once you will pass, nobody will connect to your Gmail or YouTube account anymore, and after 3 months of inactivity, Google will execute the plan you would have chosen. Let’s configure it:

First, open your Google Account in your web browser in Private Mode. Then click Data & privacy > Make a plan for your digital legacy on the very bottom > Start.
Then select the number of months of inactivity (3, 6, 12, or 18) before triggering. Let's select 3 months, then enter your phone number and secondary email address. The 3 months of inactivity are counted on your main Gmail account on which you are currently logged in. But to check if you are still alive, 1 month before the expiration of these 3 months, Google will also write to that phone number and that secondary email defined on this present page. Click Next.
Click Add person > alice@hotmail.com > Next > In the list you can pick some Google services data to share with Alice, otherwise leave them unchecked > Next. Thick Add a personal message checkbox and type the text you want including your PIN, I recommend being less explicit than my example below. Your message has a size limit of 5120 ASCII characters (note that Emoji🙃 or 𝓖𝓵𝔂𝓹𝓱 takes space of 2 to 4 ASCII characters). Then click Save.

Google offers a free legacy service to automatically leave a message to the persons you love after your death. — Google offers a free digital legacy service to automatically transmit a message to the persons you love after your death.

Repeat this last operation for other email addresses of Alice. Repeat also for bob@yahoo.com and all email addresses of Bob. Add also your secondary email address, to receive your PIN yourself in case you can’t sign in to your Gmail. Google offers you to contact up to 10 email recipients.
Finally, click Next > Review plan > Confirm plan. Of course, you can edit this plan when you want as long as you’re alive. Why not write directly your 24 words into this post-mortem message? Because if your message leaks from the Google servers, you lose your funds. On the opposite, writing here your PIN code is secure: even if a hacker steals your PIN, he will never access your Ledgers or iPhone remotely to grab your 24 words.

📆 Daily use

To sign your transactions (spend or exchange your cryptos), you can connect your Ledger Nano S to:

MetaMask Chrome extension for Ethereum or EVM Blockchains (like BNB Smart Chain, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, and Fantom…) You can troubleshoot connection issues here.
Blockstream Green desktop application for Bitcoin
Phantom Chrome extension for Solana Blockchain
Keplr Chrome extension for Cosmos ecosystem Blockchains
Polkadot{.js} Chrome extension for Polkadot ecosystem Blockchains
ParaSwap or 1inch to swap your ethers and obtain USDT, USDC, or BUSD (dollars)
And much more platforms…

Ledger Nano S has high confidentiality when you type your PIN. Instead of typing keys on a Numpad (where key positions can be spotted), you press exclusively Up and Down to select each digit on a small screen. Even if someone attempts to record you with a spy camera, it’s nearly impossible to record your PIN input.

No matter the Ledger-apps, the DApps (Decentralized Applications), the DEXs (Decentralized Exchanges), or the firmware you install in or connect to your Ledger Nano S at home, the two other Ledger clones still contain your 24 words, and this will always be enough to retrieve all your assets when required!

❓ 3. How to retrieve your crypto assets if…

Most probable cases

🤔 A. You lose your Ledger Nano S: just retrieve your 24 words by using your PIN code and the old iPhone. Then read your 24 words and input them into a new Ledger Nano S.

🤔 B. You forget your PIN code: just read it in the Digital legacy option of your Google Account.

🔥 C. Fire/housebreaking happens in Alice’s (or Bob’s) home: just set up a new Ledger Nano S with 24 words that you read on the old iPhone, then send this Ledger to her.

🔥 D. Fire/housebreaking happens in your home, or your old iPhone is broken: set up a new set of [iPhone + 3 Ledger Nano S] with 24 new words and the same PIN code, then take the Ledger Nano S from Alice’s or Bob’s place. With that Ledger and your PIN code, send all crypto to the freshly created wallet addresses. Finally, send 2 new Ledger Nano S to Alice and Bob.

📦 E. Alice (or Bob) lost her Ledger Nano S (during a relocation for example): just follow the C process above.

⛔ F. You lose your Google Account access (typically because you canceled your mobile line, so your 2FA by phone is not working anymore): just wait 3 months, and check your secondary email address. As soon as you receive your PIN code, follow the D process above with a new PIN code.

💀 G. Alice (or Bob) pass: set up a new Ledger Nano S to give Alice’s son, then add his email in the Digital legacy option of your Google Account.

👨🏻‍💻 H. Your Google Account is hacked, and data including your PIN code is compromised: relax, impossible to steal anything without the old iPhone or the Ledgers which contain your 24 words. Just change the 6-digit PIN on the three Ledgers and change it on the old iPhone.

Rarest situations

📉 I. Ledger SAS company is dissolved: no problem, the documentation for developers to connect a Ledger is public. Plenty of independent software like MetaMask Chrome extension, Keplr Chrome extension, Electrum, Blockstream Green desktop wallet, and also DApps like ParaSwap, 1inch, directly connects to your Ledger Nano S without Ledger Live official app. You have a few years to switch to another hardware wallet like Trezor One.

🛑 J. Google stops its digital legacy service: you will have time to find and set up another service. Some companies are already working on alternatives: decentralized Inheriti ($150 cost one time) or Ternoa; centralized Willful ($99 cost one time) or Willing ($69 cost one time).

🐱‍💻 K. A never seen and very improbable security vulnerability is found in all Ledger Nano S hardware, so someone who steals your Ledger Nano S can retrieve your 24 words: in this extreme case, no problem! Your Ledgers are not immediately exposed to hackers, so you have time to update or replace your three Ledger Nano S with another model or by a competitor like Trezor One.

Finally

💀 You pass away: during the 3rd month of inactivity defined on your main Google Account, Google will start to send notifications to your secondary email and your phone number. During this 3rd month, no one will answer. So at the end of the 3rd month, as you planned, both Alice & Bob will automatically receive your PIN code on their email address to access your crypto legacy with their clones of your Ledger Nano S.

🚀 4. Upgrades

This method offers upgrades. While your crypto assets worth grows with increasing cryptos adoption, you can easily step up robustness:

Set up a second digital legacy service as a Google Legacy backup, to store and transmit your PIN like Inheriti
Store a fourth Ledger Nano S clone in a bank safe (not accessible by your bank without your PIN code).

Extend to more family members 4, 5, 6, or 7, as you want.
Splitting your assets into 5 or 10 accounts. You can easily do that, all these accounts will be derived from the same 24-word mnemonic, and you still can validate all transactions of these 10 accounts with your 6-digit PIN. But, in case you would have signed too fast a malicious transaction from a scam website, this website would have been able to steal up to 10% of your assets, not 100%. Of course, you can save these 10 accounts’ public addresses in your favorite CEXs to easily deposit assets.
To avoid any risk of humidity infiltrating your three Ledger Nano S, you may purchase three waterproof cases ($20 cost for each one) and add moisture absorbers inside.

📝 Last notes

📐 This has a few limits. Assuming you’re living with Alice your wife, she has to hide her Ledger Nano S in her parent’s house, not in your place. The first limitation of this method is the sharing of your assets between your heirs, in case a conflict happens between Alice & Bob. This problem will be solved with upcoming digital legacy services. Also if Alice & Bob are not familiar with cryptos, leave them your public addresses in the Google post-mortem message, and tell them to email three professionals to know exactly the total worth of your assets before any action. For the cash-out, they should ask a well-known and insured professional, which will process the cash-out with a video recording of the whole sequence, especially to contest any potential wrong PIN entry on the Ledger Nano S.

🤫 Don’t be talkative, this method is efficient because nobody can guess that ①you have crypto assets, ②you store them by yourself, and ③you’re following this method among many others, like those mentioned in the first part.

To avoid physical attacks, all public crypto holders and influencers, publicly pretend to use multi-signature (which is a headache for daily use) to dissuade attackers. But they actually apply various methods for their business and for their personal storage, especially spreading Ledger Nano S clones in various places to stay agile.

🔑 2FA Security Key. Another benefit of this method is that your Ledger Nano S can be used as a physical FIDO U2F security key (like Yubikey) and its clones too. At the moment, I successfully tested the clones with Google and Dropbox. To better understand, your phone number used as 2FA can change if you’re spammed, if you relocate or if you stop payments. Not the Ledgers that you purchase one time for decades. So if you decide to use your Ledger Nano S as a 2FA for Google or Dropbox, and unluckily, your home burns afterward, you still can access Google or Dropbox with your backed-up Ledger clones previously configured.

Ledger Nano S used as a 2FA *YubiKey* FIDO U2F to sign in to your *Google Account from your web browser.*

🔒 Ledger alternative. Because I experienced Ledger Nano S Plus myself and I received excellent feedback from Ledger Nano S power users about its reliability, I didn’t try the main competitor Trezor One. According to the specs, it offers the same features: PIN-protected access, direct connection to most Dapps or DEXs like ParaSwap, FIDO U2F support, and 25th-word support.

🔮 For the future, I asked Ledger SAS to release a new product to replace the old iPhone I mentioned. I hope they’ll do it. This device will be 100% offline, may have a USB-C connector only for the power supply (no connectivity with the computer nor with the web), and will be used to input, store, encrypt and let you access/read your 24 words. But not to sign transactions as the current Ledger Nano does. Same PIN policy as the current Ledgers, after 3 wrong tries, your 24 words will be erased. So you will be able to directly back up your 24 words into this device, much more securely than on paper, and easier/cheaper than on the old offline iPhone. Next, you’ll just have to distribute clones of this $30 device to your family.

👨‍💻 For advanced/paranoiac users only. At the initial creation of your 24 words (iPhone setup step), you can also define your free customized 25th word (called BIP39 Passphrase or just Passphrase) to generate a different wallet. This 25th word is compatible with Ledger Nano and Unstoppable Wallet. Even if MetaMask or Blockstream Green doesn’t support a 25-word import, your three Ledger Nano S connect transparently to Blockchains, DApps, and DEXs through MetaMask, Blockstream Green, and others. With a such paranoiac setup, you reduce intermediates to trust to nearly zero, because the mnemonic (randomly generated by a program) is completed by your own password. 24 or 25 words, this entire method remains unchanged. Example of 25th word :

1:suffer 2:short 3:hour 4:husband 5:gain 6:cube 7:fossil 8:suspect 9:chief 10:fan 11:market 12:wave 13:meat 14:receive 15:eyebrow 16:useful 17:toward 18:impulse 19:banana 20:wine 21:creek 22:mushroom 23:supply 24:copper 25:This#M3thodIs@wesome!

To define your 25th word, you must use only the 95 ASCII printable characters: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'”`&/?!:;.,~*$=+-[](){}^<>\_#@|%` and Space. I recommend avoiding all ambiguous chars: l(ell) 1(one) I(capital i) O(capital o) 0(zero). Note also that Ledger Nano limits the size to 100 characters while Trezor One restricts it to 50 characters (it’s far enough).
Steps to add a Passphrase: ①First run Unstoppable Wallet > Settings > Manage Wallets > Create > enable the Passphrase option, and type here your max 100-character Passphrase. Select 24 words for the mnemonic then tap Create. ②Next, on Ledger Nano, set a first 4-digit PIN like 0000 and type the first 24 words as explained before. ③Then go to Control Center by keep pressed the 2 buttons > Settings > Security > Passphrase > Set up Passphrase (at the far right) > Attach to PIN. ④Now type your defined 6-digit PIN. ⑤Then type the Passphrase by reading it from Unstoppable Wallet. ⑥Confirm with the first 4-digit PIN 0000 then “✔Passphrase set” is displayed. ⑦Unplug/re-plug the Ledger Nano, and type your defined 6-digit PIN to use it. Because the Passphrase has no checksum verification, you need to confirm that your Passphrase input is the same in Unstoppable Wallet and your three Ledger Nano. So, before sending to Alice and Bob, send specks of MATIC from a CEX to your new EVM public address derived from your 25 words, then send 1/3 of MATIC speck from each Ledger Nano S to the CEX. This way you ensure that the setup is working fine.

Quantity of 24-word and 25-word wallets, compared to atoms in the universe

🔚 To end this article, I would quote Steve Jobs: “Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.” After creating this setup, your crypto assets management becomes simple and secure, this is the price of your financial freedom.