Rung 1 · Single-sig

Single-signature hardware wallet

One device, one seed, one backup. The simplest self-custody that isn’t negligent.

Best for
Most newcomers · modest stack relative to net worth
Rough cost
$79–$250
Complexity
Lowest — one device, one backup

What this is

One hardware wallet holds a single seed. The device signs transactions; you confirm on its own screen and buttons. Your seed is backed up once or twice on metal, stored somewhere secure. That’s the whole setup — and for most people starting out, it’s the right one.

This is the simplest form of self-custody that isn’t outright negligent. There’s a single mental model to learn, and it isn’t hard.

What it’s good at

What it’s not good at

The single point of failure

Everything rests on that one seed backup: it must never be lost and never be seen. Any single event that breaks one of those — a fire that takes an untested backup, a photo of the words, a nosy visitor — can take everything. The rungs above exist to remove exactly this weakness, at the cost of complexity.

Who should use it

Holders whose stack is modest relative to their net worth; anyone in their first year of self-custody; anyone whose main concern is exchange risk rather than a targeted physical attacker. The near-universal pattern across custody experts is small balance on single-sig for convenience; large balance on multisig for security.

Leaping straight to a five-key setup adds complexity you’re not yet equipped to manage — and that complexity is a larger threat, at this scale, than the ones it defends against.

How to set it up

  1. 1

    Buy a hardware wallet direct from the maker

    Order from the manufacturer or an authorised reseller — never a marketplace listing that could be tampered with, and ideally not shipped to your main home. Check the tamper-evident packaging when it arrives.

  2. 2

    Generate a brand-new seed on the device

    Let the device create the seed itself. Never accept a pre-set seed, a “card” with words already on it, or one an app generated. If a device arrives pre-initialised, stop and wipe it.

  3. 3

    Write the seed words down — on paper first

    The device shows you 12 or 24 words. Copy them by hand, in order. Do not photograph them, type them into anything, or store them in a password manager or cloud note.

  4. 4

    Move the backup to metal

    Paper survives neither fire nor flood. Transfer the words to a steel backup so an ordinary house fire can’t erase your savings. Store it somewhere private and secure.

  5. 5

    Set a device PIN

    The PIN stops a thief who physically grabs the device from using it. It does not protect the seed itself — anyone with your seed words needs no PIN — which is why the backup is the thing that must never be seen.

  6. 6

    Test the backup before funding

    Wipe the device and restore it from only your written/metal backup, then send a tiny amount. If it comes back, your backup works. Only then move real money.

The step nobody should skip

Testing the backup (step 6) is what separates a real setup from a hope. Most catastrophic losses trace back to a backup that was never tested — a metal plate stamped wrong, a missing word, a seed that never actually restored. Test with pocket change before you trust it with savings.

Planning for inheritance

Single-sig is the easiest setup to pass on — and the easiest to pass on badly. Your heirs need two things: to find the backup, and to know what it is and what to do with it. A metal plate in a safe means nothing to someone who doesn’t know it’s the key to your Bitcoin. Write a plain-language instruction, stored with your estate documents, that a non-technical heir could follow. Findability — not cryptography — is the number-one way inherited Bitcoin is lost.

When to climb

Move up the ladder when a real reason appears, not for the feeling of more security:

Until one of those is genuinely true, a well-managed single-sig setup is not a compromise — it’s the correct answer.

Last verified: July 15, 2026