Bitcoin Cold Storage Secrets (How Not To Mess It Up)
Вставка
- Опубліковано 18 бер 2022
- Learn how to build your own Bitcoin multi-sig vault:
www.trader.university/courses...
Use the discount code YT99 to get the best price.
Join Trader University Premium:
www.trader.university/join
In this video, I discuss Bitcoin cold storage, and its advantages over hot wallets.
Hardware wallets are the gold standard of Bitcoin cold storage. Single-sig is fine for beginners, but more advanced users will want to learn about how to store their Bitcoin using multi-sig.
Collaborative custody for multi-sig is more user-friendly, but comes with the risk of personal data leaks, like Unchained Capital recently experienced.
The best solution is DIY multi-vendor multi-sig using geographically dispersed hardware wallets.
Recovery seeds are an important way of backing up your Bitcoin cold storage. Be careful never to upload your recovery seed online, as a text string or image, or your Bitcoin could be stolen.
Not investment advice! Consult a financial advisor.
My favorite hardware wallets:
trezor.io/
blockstream.com/jade/
coldcard.com/
BIP 39 word list:
www.blockplate.com/pages/bip-...
How to Buy and Store Bitcoin (The Right Way):
• How to Buy and Store B...
Best Way To Store Large Amounts of Bitcoin (Multi-Sig):
• Best Way To Store Larg...
Collaborative custody with multi-sig:
unchained.com/
keys.casa/
The downside to collaborative custody:
www.coindesk.com/business/202...
I am not being paid or otherwise compensated by any company or cryptocurrency project that I mention in my videos.
My opinion is not for sale. Please do not contact me with any affiliate or advertising deals.
#Bitcoin
#ColdStorage
#HardwareWallets
Disclaimer
Neither Trader University, nor any of its directors, officers, shareholders, personnel, representatives, agents, or independent contractors (collectively, the “Operator Parties”) are licensed financial advisors, registered investment advisors, or registered broker-dealers. None of the Operator Parties are providing investment, financial, legal, or tax advice, and nothing in this video or at www.Trader.University (henceforth, “the Site”) should be construed as such by you. This video and the Site should be used as educational tools only and are not replacements for professional investment advice. There is a high risk in trading.
WARNING: There are a number of scammers who are using my image and
channel name to try to connect with my viewers on WhatsApp and other
platforms to scam them. Just so you know, I will never refer you to
"my personal trader" or try to connect with you personally to sell you
something. I am trying to ban these scammers as quickly as they pop up. You can
always recognize a scammer by clicking on the image and seeing how
many videos he has. All of these guys have zero videos, while I have
hundreds. I also now have a checkmark next to my name, so that you can distinguish the real Trader University from the imposters.
If something major ever happened like say power grids went down or we couldn't access the internet would trading of Bitcoin be impossible since there wouldn't be people mining? Or do we always need mining to be happening for transactions to take place? I would think it would be useful to somehow not be so dependant on the mining process for Bitcoin to survive. I might not know what I'm talking about here because I don't fully understand how it works I don't think.
Do the hardware wallets open up the bitcoin network for you to connect to it???????
Worst pasties ever! Take a drink of water and re record this
Is it just me or is this the most sound practical and I believe… Trust worthy advice regarding this subject??
Yes.
Great video! It covers a lot of must-know information that I've never found in such a compact form. Thank you!
Found this oldie but goodie.
Got the engraving set and bolt and washers coming in the mail.
Thanks Matt.
Great content Matthew. I will be taking your Bitcoin course soon 👍😃💯
So glad you mentioned UnChained Capital in Austin, Texas.
Nice advice! switching to open source .. just ordered the blockstream jade! !! thank you Mat. Brother from another mother!! :) Hope you doin well in these crazy times! thank you for educating us about digital related topics!! this is the future! fiat is dead!! its only good to buy dips! lol cheers!
Security is essential. Thank you for making this video.
In light of current events - self custody is something all bitcoiners and non-bitcoiners need to truly understand.
Yes, 2022 has been like one long infomercial for both Bitcoin and self-custody.
@@Bitcoin_University It's no wonder the amount of BTC on exchanges is so great. Most people simply can't follow the number of instructions sets and associated potential variables that exist in getting from purchase to storage. I suppose you could say that BTC is more of a thinking man's modern gold. You have to work at this to get it right. In some respects it likely has slowed overall adoption. Still, it is vastly easier than Mt Gox days of yore.
Most valuable info as usual. I want to share a thought. Using 12 words instead of 24 in my mind is not nearly as secure. For example, if the dreaded super quantum computer that can figure out peoples seed phrase comes about, a 24 word would be significantly more secure. Not just 2x secure. But a numberx that I can’t even mathematically come up with, but I know it’s big. Perhaps you could explore and address this in a future video.
Thanks Matt!
Informed and thorough explanation, thank you. Best I've heard.
Great video...Thanks!!
You are a star! Thanks so much for putting out so much valuable content.
You amaze me every day. You keep tapping into sources of creativity and knowledge that are always adding value.
Could you please explain the OTC Bitcoin procedures and how these effect the Bitcoin price etc
Many thanks
I discovered this channel in march of 2020 and haven’t missed a video since! All great info. I do have one question though concerning my cold storage. If my hardware wallet is never connected to the internet then how does it always seem to know the current value in fiat terms?
You mean the app or the wallet
After we’ve exhausted your free videos? Jokes on you 😂 - you have SO MANY! :)
thank you ❤
I really appreciate everything you do. Your videos are very informative and extremely helpful. Thank you
Great Summation.
Tnx
Mathew you are a treasure. Thank You for constantly educating a middle aged mom about bitcoin. I have a question do you think the housing market is in a bubble? I am asking because my landlord has asked me if I want to buy his house. I like the house and neighborhood. but am I buying at the top of the market?
I do not think that there is a housing bubble in the US right now. One way to answer your question is to compare your monthly rental cost to the monthly cost of owning the house (mortgage, property taxes, insurance, maintenance). What is probably happening is that the US dollar is failing (losing purchasing power), which makes it look like housing prices are going up. If you buy, make sure you do a comp sales analysis to make sure you are paying current market prices.
best video on the subject
Thank you sir.
This channel is one of my top 3 sources of information on Bitcoin. That is saying a lot these days. Thank you very much sir.
what are the other two i don’t wanna get all my information from one person
@@CrackedJoshua I'll give you 3 more. What Bitcoin Did - (Peter McCormack's show), Saifedean Ammous, and Andreas Antonopolous
@@CrackedJoshua I hope that my own show could also be considered a good source of bitcoin info! 😂👋
@@CrackedJoshua you're right about not getting all info from one source. I find Matthew's relative hate for Ledger annoying because as far as I can tell, using a Ledger is completely safe even tho the source code is not open source. Yes they had a customer data leak that caused phishing attacks. But I dont think Ledger can move your bitcoin even if they turn malevolent. Another example is Saifedean Ammous's take on climate change, which is not his area of expertise. Don't trust any one source. They're all humans with flaws. Think for yourself. ✊
@@safelysnortingbitcoin9923 🙌🏼
Is the S2F model broken? Thanks for the video as always
you can also write down the words in your seed as the position number in the BIP39 list and do a mathematical function to calculate it from several smaller numbers that are easier to remember. Then you only need the word list and your mathematical formula to figure out your see phrase.
This is clever, but remember that increased complexity comes with increased risk as well. If you add too many layers, make sure that you will still be able to figure it out (or your family will) if you end up getting hit on the head really hard (car accident, attack, etc.)
Thanks Matt. @@Bitcoin_University this would only be good if you had see phrases stored elsewhere but wanted to walk across a border without any evidence or hard wallet. definitely not for the faint of heart... nor recommended. If things go downhill any worse than they are i'll resort to more secretive methods of seed storage.
You could use a combination of the BIP39 list and an old-fashioned Caesar cypher and just remember one other single number**. So you have your original seed phrase of 24 words. And you have your single number. Let's say you went with lucky number 7. Then suppose your seed phrase starts with the 8th word in the list, and that word is "elephant" (it isn't, just being illustrative here). Your number is 7, so you look the 8 + 7 = 15th word in the list, see that it is "walrus",. and record that as the first word of your seed phrase. Repeat that process for all 24 words of your seed phrase and you'll have your "adjusted" seed phrase which is just the original adjusted 7 places later BIP39 list.
**though it could be made more complex if desired
The complexity can be ramped up by making your number be 712, and so you adjust your words by 7, 1, and 2 places in the list, then back, to 7, 1, 2, repeat, doing that eight times to cover all 24 in your seed phrase.
Such a great & good video
Thank you Matthew. Useful as always. This gentleman is trying to teach us something functional with every video.
Maybe a future video on your thoughts on air-gapped approaches?
What would safest process be to cash in a small amount of btc from a cold hardware wallet? Would it be from cold wallet o sparrow (for example), then into an exchange to convert o usd? Or is there a better process? Thx.
Is the bitcoin stored in an exchange stored under the seed keys of the exchange?? How safe is this if the internet crashes?
Hi Matthew, does your course include ways for buying btc anonymously WITHOUT paying a huge premium for it?
Thanks
Hello Mr kratter. I've been subscribed for a long time and am a complete BTC believer. However with the FED stating 6 rate hikes this year and likely more next year do you think BTC will perform well or anything for that matter ?
Perhaps this many rate hikes won't actually happen and perhaps something will decouple BTC from FED activity.
Matthew, excellent overview of BTC storage!! One addition I've added to what you've suggested is the use of a passphrase when setting up a wallet. Think of it as either the 13th or 25th word of your seed phrase. It can be anything and you should never store it with your seed phrase. It acts like 2FA, if somebody happen to get your seed phrase they still couldn't access your wallet without the passphrase. Unlike the seed phrase/words, I do keep my passphrase in a password manager. Great video!
You should never store the passphrase with your seed phrase: agreed. But i would never store the passphrase in a password manager on phone or laptop connected to the internet. You must keep it also strict offline as the seed phrase. E.g on a metalplate.
Very important information! Thanks so much for your time and all you share!
Thanks for watching and commenting, Suzanne.
How do we make a fresh receiving address each time we receive BTC?
Do we need to do this for small wallet amounts?
If a person has 1 BTC should they split it up into different wallets with different seeds?
Or should they split it into 10 different address of 0.1 BTC each and one seed?
What if a person has 10 BTC?
Should they store all 10 on one hardware wallet?
Or use 3 different wallets with 3 different seeds of 3/3/4 btc in each?
Everyone talks about what to do in such a general way: memorize your seed when crossing war torn border - got it.
Keep multiple copies of paper in different locations - got it
Use a titanium plate - got it.
But how should the different levels of Btc be stored? Surely 10 BTC storage is different than 0.1 BTC storage?
So back to original question. How do I generate a different address for each transaction?
Wow so much for my Mind body and soul ! To take 😊
I stamped my seed into a small steel plate to make it fire and flood proof. Never know what could happen
Good solution.
Cool, may i ask did you stamp it yourself and if so is there some sort of kit you can buy to do something like that? i would not like to go to a store to have that done.
Hey Matthew,
Appreciate the video, it’s time for me to learn about self custody and cold storage. I live in the uk and find it’s hard to get your hands on any hardware wallets without having to buy off a third party site, which I know you strongly reject. If you or anybody has any advice or tips that would be greatly appreciated!
I'm from UK and bought a trezor straight from their website it was really straight forward 👍
@@Harrybowles1969 thanks! Which Trezor did you buy? Was it easy to use? Did you have any issues with the current being in euro or did your bank just auto convert it?
@@darrynmillward162 I bought a model t as I wanted to be able to store varied cryptos. Im currently just storing bitcoin. If I was to store some cash in one I usually sell out bitcoin to usdt (dollar backed stable coin) which will store also so no need for banks to be involved at all which is good
@@Harrybowles1969 appreciate your help, will get one ordered!
Matt, can you make another video about UTXOs
One of your best videos so far. You should make a “Greatest Hits” or “Crypto Lessons” list and add this video. I’ll definitely be saving it to share for anyone that has questions. Thank you much 🧿🧿🧿
What is the public key on my trezor? When to use?
… And informative… I am encouraged
jade blockstream is good?
This is so good. Practical. Helpful and so well delivered. Thank you sir
Glad that you found it helpful.
Do you recommend using adding the pass phrase to hardware wallet?
Thanks, Matt: Done! All the lectures on the Ultimate BTC course! Cool. Must get my own Node set up.
Can you multi-sig with 2 trezors amd muun wallet? Viable or problematic?
Hi Matt, I unsubscribed here in YT and now following on rumble. Thanks for posting over there!
also don't make the mistake of relaying your backup phrase over skype as it uses transcribing technology to record every word you say
Matthew -- for someone like you who plans to "never sell your bitcoin", would a hot wallet effectively function the same as a cold wallet? I.e., your private keys are never exposed?
So where do the Bitcoin and crypto go? Do they just float in the Blockchain. Waiting to be accessed by us?
It would be nice the whole bitcoin blockchain and proof of work the level of security etc would be visualised in a short animation movie for all the people that are more visually minded because most peoples brain work like that, only IT people +engineers understand software by reading text. Great channel though and keep it up! thank you
is there a way to generate a new backup phrase?
You don't need those companies to do multisig for you. Some wallets have the option to create a multisig wallet - blockstream's Jade is one for sure, and I think Sparrow can do it too
What crypto exchanges do you recommend especially when there is a lot of traffic?
Laminating the paper is good idea.
Matthew, thank you for the video - excellent, as usual. Is it possible that an exchange is a better way to store your private keys? Celsius has a "hodl mode" that prevents movement for 24 hours. Plus, I'm generating some cash flow through Celsius. Even if I have my cold storage in a safe deposit box, I still feel somewhat vulnerable. Would love anyone's thoughts/feedback. Thanks!
Perhaps keep a portion of your bitcoin on the exchange and the rest in your own hardware wallet. Not your keys, not your coins.
If I’m using one type of wallet. Can I transfer it to a different type of wallet? With or without new keys??
I am new to this and its very confusing! Can you have the same recovery seed on your cold wallet as the hot wallet.? For instance can you have the same 12 words that have been set up on blockstreem green when setting up Jade? Its so bloody confusing and i feel this is what turns alot of people off Bitcoin
Can these also hold other crypto’s?
Please make a video on what security people have when governments outlaw crypto and halt online transaction platforms.
So if your cold wallet only stores your keys and it has its own keys that you have to store somewhere, then how is it different than having hot wallet and storing its keys ?
Hi Matt can you make an update BTC loans video?
Celsius is the best. Alex Mashinsky is the lead. He’s been involved with bringing VOIP to the masses. Now he’s bringing MOIP (money over internet protocol). Celsius is the best out of all of them.
@17:00 gutsy to recommend ANY company at this point :)
I’ve got. Trezor and love it but boy the fees sure are steep if you trade inside the wallet. It’s says “total fees 0.14” or something like that but then the actual amount of btc I’m trading is like a hundred bucks short lol. Cheaper to transfer to an exchange and trade then transfer back to wallet I guess
You are def doing something wrong, it shouldn't be more than a few dollars to send money, unless your saying you pay 14 cents in fees.
If you started with Ledger and generated your keys then want to jump over to cold card… should you generate a new phrase and send the coins over to the new wallet since your original wallet phrase was generated with ledger? Or is that an unnecessary step
I have the same question!
Hi Matt would I be able to use my single cold card to generate multiple wallets, store different amounts in each and delete them from the device, only retaining the seed phrase that I could load/delete again as needed?
sure. You could also create a single wallet with different passphrases
What about Electrum wallet?
If you used a third party solution for multi-sig like say that Unchained Capital company,. If something happened to the company like it got taken over by the government would you be able to still gain access without the 3rd wallet? Or would you basically be screwed?
You only need 2/3 signatures - they are not essential for access but there for convenience.
Mathew. In the likely event of CBDC coming to G7 countries in the next few years. Will this render many “stores of value” Gold, diamonds Crypto etc valueless. The reason I ask this is. If all you can spend is thru your CBDC then how can you get your value back from say, holding gold etc. I realise you could do peer to peer “bartering” Just a thought 👍
Trader University: Most ppl don't walk around with more than a couple huindred dollars in their pocket.
Me: *looks away
Ledger uses 24 pharses and Trezor only 12. I prefer Ledger. The Trezor T is too bulky to hide (which is not a usual size like car key sized Ledger).
Ledger has been hacked. Trezor has not. Oh and ledger is closed source and Trezor is open source. I’ll take Trezor all day.
@@dopechannoodles9791 I believe those were noobs or liars who claimed this FUD. I saw their claims and seemed very dodgy. I use both and I don't like Trezor 12 word and bulkyness. My ledgers are hiding somewhere nobody can expect to see because of their size.
Trezor One generates a 24 word recovery seed. I think there is a manual way to get Trezor Model T to generate 24 words as well:
www.reddit.com/r/TREZOR/comments/n2abre/how_to_create_24_word_seed_on_trezor_t/
@@MrCyberamp the aspect of ledger that was hacked was their database of customer info. So while no funds were lost, a bunch of people were doxxed as known hardware wallet owners.
And my trezor one did 24 words out of the box, so maybe you're thinking of an old version?
@@dopechannoodles9791 trezor suffered a serious phishing attack over the past few days.
Hi Matthew. Thank you for your great content. Apologies if you have covered this point in a previous video. To take advantage of the CGT free gain of £12k in the UK, I am considering transfer of a part of my Bitcoin balance on Trezor wallet in future to a separate account (in the same wallet) as gift to my wife. She will have a separate account at an Exchange to transfer to and make the sale to realise hr profit. How would you go about such a transaction please.
Does anybody here use the exodus wallet to store their crypto? Is the exodus wallet considered safe?
I recorded my seed phrase on a cuneiform tablet… lol
At this point I'm even considering steel and parchment 😂
Greetings to you and all of my ancient Sumerian listeners. Go Mesopotamia!
@@eyesofthewolf101 I actually did use steel washers and they’re all on a bolt, secured with a nut. I’m afraid with my luck I’ll lose my memory in a freak accident.
@@69spanks or maybe you'll go nuts
Hahaha, I'll be here all week!
Where do you live?
yo isnt it just bisq for anon?
Question: If the 12 or 24 words are already being used, how does the hardware wallet know to avoid those which are already in existence?
Even if it is a very small chance - how do the millions of hardware keys select a unique set of seed phrase words?
It is only implausible, not absolutely impossible.
Mathematically the possibility for two people generates the same set of private key, is even more unlikely than a person winning the lottery 3 times in a row.
One of the reasons I've bought crypto is to earn interest while I hodl it. Doesn't this eliminate that completely?
if coinbase goes under, will you lose your crypto on Coinbase Wallet as well??? thanks
Is it safe to move bitcoin from one cold wallet to another? ie. from a ledger to a trezor, or would you “recover” the account with a trezor using the ledger passkey?
This is a really good question - I’d like the answer too.
Why not keep some in the ledger and send most to trezor, so you have 2 wallets?
Inside both, there both just BTC addresses. So yes, you just send the btc from one address to the other.
I regret buying a Ledger, but it was the only one hardware wallet at the time that would ship to Brazil.
wah? thats messed up. cold card or cobo wallet? know about those?
It's not that big of a deal, you are fine.
I like ledger why do you regret buying one?
why?
@@dsanxcz3074 Watch the video. Ledger is not open source code. So you are 'relying' on the company to make sure it's secure. Private code is ALWAYS more susceptible to hacks as is proven over and over in traditional banking. Open source code is ALWAYS better because you have thousands of hackers scanning the code for potential back doors.
With that said, I would not rush out to get a new hardware cold wallet. BUT, as you get a large amount of Bitcoin (defined by the eyes of the owner) you might consider backing away from Ledger over time.
Isn't the issue with multi-sig the reliance on the 3rd party for signature? What if the government pressure the 3rd party? You're inviting significant risk back into the chain.
Good to announce to others should an object be held to your head though 👍.
So, I am new to crypto/bit coin. As a Canadian it’s become abundantly clear that we need something untraceable and inaccessible to government overreach. My two big concerns with bitcoin are: 1. What if power/net goes or is taken down? How do I do transactions/access my bitcoin in that situation? 2. How to ensure I can’t by tracked by or tied to my transactions? As a business owner I can’t afford to have the government seize my assets retroactively because I donated to a fundraiser that the gov decides are terrorists due to honking their horns or playing in bouncy castles. Is there a way to have a wallet that will work ‘offline’ and works 100% anonymously? It seems like everything I have looked at online requires me to ‘prove my identity’ to set up a wallet. That kind of defeats the purpose of wanting funds to support the charities I want to support, especially with new legislation coming out in Canada where even relatively small transaction are supposed to be reported to the Gov with details including senders info, reason/purpose of transaction and receivers information. I’m sure this is to make it undesirable to use bitcoin and will ease the adoption of the Central Bank Digital Currency they are developing.
Hey man noticed you didn't get a reply. 1: If the power goes out bitcoin won't work until it comes back on, but once it comes back on it will be fine. Who knows how long Wells Fargo would take to come back online and let you into your account after the lights come back on. 2: The bitcoin blockchain is pretty transparent, so you can barely protect your privacy. Watch the video on this channel about UTXO management, and also look into the coin Monero and the atomic swaps you can do between bitcoin/monero.
Why is market rallying so hard after Fed expected to raise interest rates to 2% by end of year? Is it that rate hikes are bullish for the markets or are the markets calling the Fed’s bluff and think they will begin to cut rates very soon when a recession comes?
These rates will still be well below inflation. As deglobalization progresses, some say the Fed still actually wants super-inflation, in order to shrink the national debt, and that the rate hikes are intended to trail inflation while keeping the markets heading north. What I don't hear much about is the total offshore USD money supply and where these offshore petrodollars are going to go when the big countries are no longer forced to use them and start to trade in other currencies. A 2% rate hike can have a huge effect on the NPV of a fixed annuity, but an emerging technology that could redefine global economics...not so much.
Big og
Matt what mic do you use? I live in a noisy apartment and I want to make some videos on BTC like yours in spanish. But my setup is very basic. Thanks in advance.
Blue Yeti. Sells for something like $120 on Amazon.
@@Bitcoin_University thanks Matt
Which would be best and safest way to export my 24-word seed phrase?
Write it down on a piece of paper without any cameras or electronics around
@@Bitcoin_University I was thinking in the device in which introcuce it. I have a hardware wallet (Ngrave Zero), but the process of scanning the qr codes is so anoying that I am thinking to export my seed to My old Keepkey 😪
I have a question, being that this video is 4 months old, is ledger source code still private? Or have they made it open source? Also what about Arculus, another type of cold wallet are they open source or not?
No and they've had a breach of some type. Do a news search
Does my Recovery Seed of my Trezor cover my ETH, or just my BTC? I use my Trezor for both. Thanks.
I think it covers both, but I'm not sure. Also be careful how ETH hard forks (which happen frequently) will affect this. The deeper you dig into ETH security, the less you will want to own it.
@@Bitcoin_University . . . Thank you!! I’m selling all my ETH when it reaches $3.5K (bought a huge amt. at $1) and trading into BTC (which I bought at $10). Bought the ETH before I knew as much as now, and you’re right, nothing like BTC!
@@dr.e.r.blomgren well done, man!
Are there any network or transaction fees associated with moving crypto to/from cold storage?
There's a network fee to moving your BTC to cold storage.
The issue is, you don’t want to lock your family out of your holdings if something happens
Sir/ how do we contact you if we have questions about your classes …? No email on your website .
With a multisig, aren't you relying on a 3rd party to access your bitcoin? If so, doesn't this defeat the purpose of holding your own keys? I'm not trying to be a wise ass, I'm genuinely curious.
I would also suggest to take your 12 or 24 words and encrypt (codify) them with a code that only you know. So if anyone steal your list of 12 or 24 words.... they cannot actually use them.
I hope you don't suggest you store your pass phrases online? Only physical storage maybe using invisible ink.
To encrypt them you must use phone or laptop, you cannot be sure whether somebody is watching your display. I would store it physically unencrypted e.g. on a metalplate. If you die, at least your family can access it. Encrypted seed words take you with yourself in the grave and metaphorically your coins would be distributed among the other bitcoiners.
You nerds don't even know how to be nerds anymore. Encryption has been around much longer than phones and laptops. F C makes a great point
@@andrewwilson8374 ye, that encryption will be the most efficient. You have now another password which you must secure, or do you hold it in your mind? Good luck...
@@davidhidvegi4417 I have an encryption method I made up with paper and pencil when I was around 10 years old. No laptop, no phone. Just because it wont work for your limited mind doesn't mean it's not a great idea
Any chance you could do a video on the effect of a lot of dcaing and the potential cost of network transactions down the road due to all this utxo’s? I’m totally confused about this and saw some twitter people warning about this.
How do we know that Trezor doesnt have a copy of the words provided to us when creating a new wallet?
Private keys and recovery seed are generated locally on the device and never touch the internet. I will cover this in tomorrow's video.
You say that Ledger is perhaps not as secure due to the closed source software.
Does that mean that someone would have to have my physical Ledger to gain access to the BTC on the Ledger?
Ledger is an excellent hardware wallet and don't let one persons opinion sway you .... most applications are NOT open source, operating systems are but not applications. I prefer Ledger live and Nano X over anything I have seen.
I feel exchanges are not that risky if you are using it to accumulate BTC using limit orders as their security measures are undoubtedly better than the lay person's. But it does come with its own risk...so maybe you never have more than 10-20% on an exchange as you DCA in.
You don't have to worry about someone taking your money from the exchange, you have to worry about the exchange taking your money!
Casa is not KYC, and they hold 1 key just in case you lose one. Also, they don't sign anything for you.