Custody discipline — cold, warm, hot

The last lesson, the most important one once you've internalised the rest.

Bitcoin survives because it's deflationary, censorship-resistant, and self-custody-ready. The third property is the operational one: it puts the security of your sats squarely on you. There's no help desk. There's no "reset password" flow that bypasses your seed. If you lose your mnemonic, your sats are gone permanently.

The three tiers

Serious Bitcoin holders divide their stack into three tiers:

Cold. The seed phrase is on metal (steel plate), stored geographically separated from any device that has ever connected to the internet. Spending requires a physical operation. Used for the bulk of long-term holdings.

Warm. A hardware wallet (Ledger / Coldcard / Jade), signing transactions but never exporting the seed. Used for monthly-to-quarterly spending. Faster than cold but still requires the device.

Hot. Software wallet (Gopnik). Online keys. Used for daily transactions. Lightning balance fits here.

The discipline: size each tier to its risk profile.

This is a discipline, not a hard rule. The right ratios depend on your spending pattern, your threat model, and your tolerance.

What Gopnik's wallet is, in this hierarchy

Gopnik is a hot wallet with operational discipline. The XRPL mnemonic that drives your BIP-84 Bitcoin address is held in your encrypted vault, decrypted only at sign time, and never persisted in plaintext. That's a good security posture — but it's still hot.

Specifically:

• An attacker who gets your vault password gets your Bitcoin
• A device-side malware attack (keylogger, screen recorder, RAT) potentially compromises sign time
• A phishing attack on your Gopnik account potentially redirects sends

Defence: the wallet's daily-EUR cap (cross-chain) bounds the per-day loss in the worst case. Configure it to a number you'd tolerate losing.

The recovery story

Your 24-word XRPL mnemonic is the recovery key. It can rebuild:

• Your XRPL wallet (the original primary)
• Your EVM addresses (iter-A path)
• Your Solana address (iter-D path)
• Your Bitcoin address (this iter-F path)
• All RGB asset allocations you hold (the rgb-lib wallet is mnemonic-derived)

If you lose access to Gopnik but still have the mnemonic, you can recover everything by importing into Sparrow / Electrum (Bitcoin) + MetaMask (EVM) + Phantom (Solana). Conversely, if you lose the mnemonic, no one — not Gopnik, not Ripple, not Anthropic — can recover your funds.

Best practice:

1. Write the mnemonic on paper at minimum. Steel plate for serious amounts.
2. Test recovery before using the wallet seriously. Restore on a fresh device; confirm balances appear.
3. Store the mnemonic geographically separated from your primary device.
4. Never type the mnemonic anywhere except a known-trusted recovery flow. No screenshots, no cloud drives, no encrypted-disk-on-the-same-device.

Lightning + RGB caveats

Lightning balance is forfeit on mnemonic loss in Gopnik's managed-provider model — the provider needs an account-auth path to attribute the channels to a recovered user. Iter-F+1 wires a "claim my LN channels with a signed message from the recovery flow" path; for now, treat LN balance as un-recoverable without your Gopnik account.

RGB allocations are recoverable from the mnemonic if you have the consignment history. The wallet exports consignments via the audit bundle (same architecture as the agent action log). Save the audit bundle periodically; without it, the rgb-lib state is hard to reconstruct.

What you commit to with this certification

• Bitcoin self-custody is operational discipline, not a checkbox
• Gopnik is a hot wallet; cold / warm tiers live outside the wallet
• The mnemonic is the only path to recovery — written down, geographically separated, never typed online
• Lightning balance is bounded by what you're willing to lose
• RGB allocations need periodic audit-bundle exports for recovery

Congratulations — you've completed Bitcoin 101. The exam follows.