written by @thevladcostea
UTXO management, also referred to as “coin control”, is wrongly labelled as a “power user” feature. In reality, the concept is as simple as keeping amounts of money in different pockets of your jeans – when you choose to make a purchase, you take the money out from whichever pocket contains the necessary funds.
In this analogy, UTXOs (Unspent Transaction Outputs) are dollar bills in your pockets. Each receiving address in your wallet is a separate pocket. Your total wallet balance would be the sum of the money in ALL your pockets. If you want to increase your privacy and security, you can utilize many pockets and perhaps even remove money from the pants entirely for safekeeping elsewhere.
Sounds simple and straightforward, right? Yet in spite of this easily understandable breakdown between Bitcoin UTXOs, addresses and wallets, the vast majority of wallet developers and exchanges choose to not enable “coin control” for their users. Often, a policy of “one user, one single receiving address” applies. This limitation simplifies the use of Bitcoin and makes up for a more basic user interface. In practical terms, however, it’s akin to owning a pair of jeans with only one pocket, forcing you to pull out (and show off to the merchant/anyone who cares to look) all your cash every time you make a purchase.
Even the few wallets which allow you to generate a new receiving address for each transaction are selective in implementing UTXO control. In the case of Bitcoin Core, which is the reference client of the protocol, “Coin Control” must be enabled from the settings menu by picking the “Wallet” tab and ticking the “Enable coin control features” box.
Unless you take this extra step, then the wallet will manage UTXOs for you. So if you make a payment of 0.03 BTC and you have two UTXOs of 0.1 and 0.05 BTC respectively, then your wallet will automatically select one without informing you which. Back to the pants analogy, it's like closing your eyes and fishing around for bills in a few pockets, then slapping down whatever you happen to grab on the table.
Once you've transacted this way, anyone can check the transaction on a blockchain explorer and be privy to your data.
Why Does Any Of This Matter?
Automation may seem reasonable and fair for newbies, but in the context of a public blockchain which records all transactions and reveals every operation to the rest of the world, you have plenty of reasons to be cautious about your privacy. If a third party is able to know how many coins you own, then the data may leak and attract unwanted attention from malicious actors.
Don't Make Yourself A Target
Now let’s get back to the practical example of pockets in your jeans. Let’s say that you have $10,000 in your left-front pocket and $20 in your back pocket. When you go to the corner store to buy a carton of milk that’s worth $3, do you think it’s a good idea to take out money from the pocket which holds $10,000? Should the clerk and everyone waiting in line behind you see what a large amount you’re holding? Doesn’t this put a target on your back and challenge thieves to try to take the money away from you? And wouldn’t this scenario be completely eliminated if you only opened the back pocket where you’re holding $20?
In the Bitcoin space, you should never tell anyone how much BTC you own. Due to the irreversible nature of transactions, each time you reveal your holdings you also issue an open challenge to anyone who can hack, extort, or social engineer your private key. After all, there’s a reason why seasoned bitcoiners never talk about their stash and seem to act in a rather self-sufficient way. It’s mostly newcomers who brag about how many bitcoins they own, and this kind of attitude tends to fade over time.
So what about wallets that don’t grant you control over your UTXOs? In this instance, every transaction you are unwittingly revealing part or all of your holdings to outside observers. Furthermore, if you don't connect to your own node, wallet operators can see EXACTLY how many coins you own. This information may be precious to other third parties such as blockchain analysis companies that try to break Bitcoin’s privacy and fungibility. There cherry on top? If you also sign up to any services with an e-mail address while not practicing coin control/coinjoins, there is enough data to link your coins to your identity.
To avoid this, you should use a wallet which puts you in control of your funds. Examples include (with added links to instructions on how to manage UTXOs):
– Bitcoin Core on Windows, MacOS, and Linux
– Electrum on Windows, MacOS, Linux, and Android
– Wasabi Wallet on Windows, MacOS, and Linux
– Samourai Wallet on Android
If you have any feedback on this or any other topic, please feel free to reach out to us at any time at email@example.com or @BTSEcom on Twitter. We always love to hear from our amazing BTSE community.