Pocket Change Strategy — Glossary

TERM_DEF // WALLET_SECURITY_PRACTICES / POCKET_CHANGE_STRATEGY

POCKET CHANGE
STRATEGY

Pocket Change Strategy. Keeping only spending-money in a wallet-online-vulnerable/">hot wallet, like cash in a pocket vs. savings in a vault.

This page sits in the Wallet Security & Practices section — Operational habits and architectures that keep keys safe. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.

WHAT_POCKET_CHANGE_STRATEGY_IS

Pocket Change Strategy — at a glance

WALLET SECURITY

Pocket Change Strategy is part of how a self-custodial Bitcoin user keeps their keys safe — and therefore their coins. Keeping only spending-money in a hot wallet, like cash in a pocket vs. savings in a vault. Wallet security is less about the cryptography (already strong) and more about the human operational discipline around storing, backing up, and using the secrets that derive every address.

Why it exists

DESIGN

Bitcoin's security model assumes the user holds their private keys; the protocol does not (and cannot) help if those keys are stolen, lost, or compromised. There is no helpdesk, no reset, no insurance. The practices around wallets — hardware isolation, mnemonic backups, passphrases, multi-sig, geographic distribution — exist because they're the only thing standing between a user's coins and an attacker who gains physical or remote access.

HOW_IT_WORKS

Mechanism

HOW IT WORKS

A modern wallet derives every key from a single seed (BIP-39 mnemonic + optional passphrase → BIP-32 master key → BIP-44/49/84/86 child keys). Security practices focus on protecting that seed: never on a phone camera roll, never on cloud notes, never typed into a website. Hardware wallets keep the seed isolated; multi-sig setups distribute trust; coin-control and address rotation preserve privacy. Each practice closes one or more concrete attack surfaces.

1. Generate the seed inside a trusted, ideally air-gapped device — never let it touch an internet-connected machine in plaintext. 2. Write the seed down on durable physical material (paper, steel plate). Store in a separate physical location from the wallet itself. 3. Optionally add a BIP-39 passphrase (the "25th word") — a memorised secret that, combined with the seed, derives a hidden wallet. 4. Test the backup before depositing real funds — wipe the wallet, restore from the seed, confirm address matches. 5. For larger holdings, set up multi-signature (e.g. 2-of-3) across hardware vendors and physical locations. 6. Maintain operational discipline: rotate receive addresses, separate hot/cold balances, document recovery for heirs.

WORKED_EXAMPLE

A reasonable threat-model-sized wallet setup

EXAMPLE

Spending wallet (≤ 0.05 BTC, daily): mobile hot wallet on a dedicated phone Risk: phone theft → lose contents only, not main holdings Main wallet (0.05–5 BTC, weekly use): single-sig hardware wallet, seed in safe Risk: $5 wrench attack — store small amount visible, mention only this wallet Cold storage (≥ 5 BTC, long horizon): 2-of-3 multi-sig across: • Hardware wallet A at home (Ledger, BIP-39 seed on steel) • Hardware wallet B at parents' home (Coldcard, distinct seed on steel) • Hardware wallet C at lawyer/escrow (BitBox, distinct seed) Recovery requires any 2 of 3 keys; geographic + vendor distribution Risk: only catastrophic correlated failure (e.g. coordinated theft of 2/3) breaks this Inheritance: documented recovery plan in sealed envelope with executor; reference each device location, omit seed phrases.

⚠ NEVER share these. A 12-or-24-word seed phrase, an extended private key (xprv), or a hardware wallet PIN gives full control over every coin those keys protect. No legitimate service will ever ask for them. Anyone asking is attempting theft.

KEY_PROPERTIES

NO RECOVERY

Lose the keys, lose the coins. No platform, foundation, or government can restore access.

AIR-GAP > ENCRYPTION

A seed that never touched an internet device is safer than any encrypted file. Hardware wallets are physical air-gaps.

BACKUP DISCIPLINE

Two backups in two physical locations, written on steel, tested at least once. Anything less is hoping.

THREAT-MODEL-SIZED

A coffee fund needs a phone wallet. A retirement allocation needs 2-of-3 multisig. Match security to value.

COMMON_PITFALLS

Things that catch people out

PITFALLS

Photographing your seed phrase puts it in iCloud/Google Photos within seconds — every wallet drained from a photo backup happened this way.
Plastic-encased paper seeds melt in house fires; steel plates (Cryptosteel, SeedPlate) survive 1,200°C.
Untested backups are imaginary. Erase the wallet and restore from the seed before depositing anything material.
BIP-39 passphrases give plausible deniability but are unrecoverable — forget the passphrase and the funds are gone even with the seed.

RELATED_CONCEPTS

Other terms from Wallet Security & Practices — click any to read its page:

TERMINOLOGY_INDEX

TERMINOLOGY

Pocket Change Strategy

Keeping only spending-money in a hot wallet, like cash in a pocket vs. savings in a vault.

Root of Trust (Security Architecture)

The single point you must trust because everything else derives from it — usually a hardware signer.

Cold Storage (Offline Keys)

Keys stored on devices never connected to the internet, dramatically reducing remote attack surface.

Hot Wallet (Online, Vulnerable)

A wallet whose keys exist on an internet-connected device; convenient but exposed.

Hardware Signing Device

A purpose-built device that holds keys, signs txs internally, and returns signed transactions only.

Tamper-Proof Hardware (Secure Element)

Specialized chips designed to resist physical extraction; used in hardware wallets.

Concentric Circles of Trust

Layered architecture: small hot funds in convenient wallets, large reserves in cold storage.

Estate Planning (Bitcoin Inheritance)

Designs (multisig with timelocks, dead-man switches) that pass funds to heirs without exposing them prematurely.