Tutorial

How do I buy Bitcoin safely?
The clean first-buy path.

READ13 min · UPDATED
Reviewed against primary sources cited at the bottom of this page.

The complete walkthrough. Account setup, first purchase, auto-DCA, moving to a hardware wallet, and labeling your coins like a pro. ~30 minutes start to finish.

The clean first-buy path: open an account on a regulated exchange (Coinbase, River, Strike), buy with a bank transfer (not a credit card), and withdraw to a hardware wallet once you hold more than ~$500. Start with a small amount to learn the process before committing real money.

  • Exchanges to start: Coinbase (broadest), River (Bitcoin-only, auto-DCA), Strike (low fees, Lightning). All are US-regulated and insured.
  • Buy with bank transfer (ACH), not a credit card. Credit card purchases carry 3–5% fees and possible cash-advance rates.
  • Leave small amounts (<$500) on the exchange while learning. Move to a hardware wallet once you're holding real money.
  • Hardware wallet (Ledger, Trezor, Coldcard): ~$60–$150 one-time cost. Protects against exchange hacks and account freezes.
  • KYC is unavoidable on regulated exchanges. Label your UTXOs by source for future tax and privacy hygiene.
THE SHORT VERSION

Sign up at River.com → verify ID → link bank → buy $20 to learn the interface → turn on recurring buys → after you've accumulated $500+, withdraw to a Coldcard or Trezor. That's it. The rest is optimization.

Step 1: Choose an exchange

This is the account you'll use to convert dollars into Bitcoin. Not all exchanges are built the same, many are general "crypto" casinos pushing 500 shitcoins and trying to get you to trade. You want the opposite: a Bitcoin-only exchange, U.S.-regulated, with a clean path to self-custody.

The three serious options for U.S. beginners:

RECOMMENDED
River[1]
  • Bitcoin-only (no altcoin upsells)
  • Zero fees on recurring buys
  • Native Lightning support
  • Full-reserve business model
  • U.S. based
ALTERNATIVE
Strike[2]
  • Bitcoin-only
  • Very low fees
  • Excellent Lightning
  • Jack Mallers (founder) is a serious Bitcoiner
LAST RESORT
Cash App[3]
  • Easiest UX if you already use it
  • Bitcoin-only (good)
  • Slightly higher fees
  • Not ideal for serious stacks

For a deeper walk-through of wallets, trade-offs, and setup gotchas, see the hardware wallets strategy page.

Avoid: Coinbase, Binance US, Kraken, Gemini, for Bitcoin specifically. They push you toward altcoins and their fees are high on small buys. They're not scams, but they're not the right tool for this job.

A NOTE ON ROBINHOOD

Robinhood Crypto did allow withdrawals to external wallets starting in 2022, so the older claim "you can't withdraw Bitcoin from Robinhood" is out of date ×DON'T TRUST, VERIFYClaim: Robinhood Crypto supports withdrawing Bitcoin to external self-custody wallets.Verify at: Robinhood support: crypto wallets ↗Confirm current availability and limits in your state before transferring meaningful amounts.. The honest reasons to use a dedicated Bitcoin exchange instead:

  • Default is custodial. Until you withdraw, Robinhood holds your keys. Same counterparty-risk profile as any exchange.
  • Trust history. Robinhood halted trading of GameStop and other stocks during the January 2021 volatility. That event made many users question whether they want a broker that has showed it will restrict buying or selling under pressure.
  • Broker-first UX. No Lightning Network support. No detailed UTXO management. For actually using Bitcoin (not just holding price exposure), a Bitcoin-focused exchange is a better fit.

For real Bitcoin with a clean self-custody workflow: use River, Swan, or Strike and withdraw to a hardware wallet. See ETF vs Self-Custody.

Step 2: Create account + verify identity

Go to river.com. Click "Get Started." Enter email, set a password, enable 2FA with an authenticator app (not SMS, SMS 2FA can be SIM-swapped).

You'll hit a KYC wall: upload a driver's license or passport, take a selfie, enter your SSN, confirm your address. Legally required under U.S. anti-money-laundering laws for any regulated exchange. Takes about 5 minutes. Usually approved in under an hour.

If the idea of KYC bothers you on principle (and it reasonably might), you can still use KYC'd buys, just don't leave large amounts on the exchange. The goal is always to move your stack to self-custody, where it's no longer associated with the exchange's KYC records.

Step 3: Link your bank

River uses Plaid. You'll log into your bank's website through an iframe and authorize the connection. Same tech Venmo, Robinhood, and your tax software use. Takes 60 seconds.

ACH transfers are free but take 1 to 3 business days to clear. Wire transfers are instant but cost roughly $15 to $35 . For your first small purchase, stick with ACH.

Step 4: Your first purchase

Tap "Buy Bitcoin." Enter a dollar amount, $20 is plenty to learn the interface. You'll see the current BTC price, the satoshi amount you're getting, and any fees. Tap confirm. Done.

River will show your new balance immediately. Your BTC is technically in River's custody at this point, they're holding the private keys for you. Step 6 fixes that.

Pro tip: The price shown on any exchange is a few percent above the true "spot" price, that's how the exchange makes money. River's spread is lower than most. On small buys (under $100) it doesn't matter much; on large buys it adds up.

THE COST NOBODY COMPARES

The Hidden Cost Nobody Mentions: The Exchange Spread

Most Bitcoin exchange comparisons focus on the transaction fee, the percentage or flat dollar amount charged per purchase. The spread is a separate cost that rarely appears in those comparisons, and on small buys it is often larger than the fee itself.

The Bitcoin market price is the global price at any moment. The exchange spread is the difference between that market price and what the exchange actually charges you. You pay the spread before any transaction fee is added.

WORKED EXAMPLE
Bitcoin market price$102,946
Exchange charges you$103,923
Spread$977 (0.95%)

You pay 0.95% more than the real price, before any advertised transaction fee is added.

Real spreads across exchanges vary widely. Some charge under 0.5 percent. Some charge over 3 percent ×DON'T TRUST, VERIFYClaim: Bitcoin exchange spreads vary from under 0.5% at tight venues to over 3% at retail-focused apps.Verify at: CoinGecko BTC reference price ↗ · mempool.space (protocol view) ↗Compare the price an exchange quotes at the moment of purchase against a neutral reference (CoinGecko or CoinMarketCap). The gap is the spread. Spreads change frequently, so check before buying..

How to check before buying
  1. Open the exchange and view the price at the exact moment of purchase.
  2. In another tab, open coingecko.com/en/coins/bitcoin ↗ or mempool.space ↗.
  3. The difference between the two is your spread. Divide by the reference price to express it as a percentage.
RIVER
Zero fee on recurring buys

River charges no commission on recurring automatic purchases ×DON'T TRUST, VERIFYClaim: River charges no commission on recurring DCA orders.Verify at: river.com/learn/river-fees ↗Fee structures change. Read River's current fee page before relying on this.. The spread still applies and is competitive versus retail-focused apps.

COINBASE
Fee AND spread

Coinbase (consumer product, not Advanced Trade) charges a transaction fee plus a spread ×DON'T TRUST, VERIFYClaim: Coinbase's consumer flow charges a transaction fee and a quoted spread, which can combine to 2 to 4 percent on small purchases.Verify at: help.coinbase.com fee disclosure ↗Coinbase publishes its fee and spread separately. The combined cost on small tickets is routinely higher than Bitcoin-only venues.. On small tickets, combined cost of 2 to 4 percent is common.

THE COMPOUNDING COST

Buying $100 of Bitcoin every month at a 2% spread versus a 0.5% spread costs an extra $1.50 per purchase. Over 10 years, that is $180 of direct extra cost. On top of that, the foregone Bitcoin compounds with whatever the asset does over the same window, so the opportunity cost is larger than the $180 in raw dollars. For DCA investors the per-transaction cost matters more than for lump-sum buyers, because it multiplies across the number of transactions.

HONEST COUNTERPOINT

A higher spread does not make an exchange a scam. Retail apps with wide spreads often offset with better UX, insured custody, easier onboarding, or instant funding. For a beginner making a first $20 buy to learn the flow, the spread cost is tiny in absolute dollars. The calculus changes once purchase sizes grow or recurring buys run for years. The point is not to avoid any exchange with a spread, it is to know the number before you commit a DCA schedule to one.

Step 5: Set up recurring DCA (the important step)

Dollar-cost averaging is what separates people who build wealth from Bitcoin and people who lose money. Instead of trying to time the market, you buy the same dollar amount every week or month forever.

In River: Settings → Recurring Orders → New. Pick an amount (1–5% of your take-home pay is a reasonable starting point), pick a frequency (weekly is best for psychological smoothness), pick an end date of "never." Confirm.

From this point on, Bitcoin accumulation happens while you sleep. No market-timing. No emotional trading. See Dollar-Cost Averaging → for why this beats 90% of hedge funds over 10-year windows.

Step 6: Withdraw to a hardware wallet

Once your stack hits $500 to $1,000, start withdrawing to a hardware wallet. This is the single most important thing you'll do as a Bitcoin holder. Not your keys, not your coins.

PRACTICAL THRESHOLD
When do you need self-custody? Around $1,000.

Once your Bitcoin position exceeds roughly $1,000 in value, the one-time cost of a hardware wallet (around $70 to $150 ×DON'T TRUST, VERIFYClaim: Entry-level hardware wallets retail for roughly $70 to $150.Verify at: coldcard.com ↗ · trezor.io/compare ↗ · foundationdevices.com ↗Prices fluctuate. Check manufacturer sites at time of purchase.) is justified by the counterparty risk you remove. Below that number, keeping Bitcoin on a reputable exchange with strong 2FA is a reasonable starting point. Above that, the risk of exchange failure, hack, or account freeze outweighs the convenience.

This is a practical guideline, not a rule. No regulator sets this threshold. Adjust it for your own situation. If an exchange holding your entire net worth in Bitcoin would ruin you, the threshold is lower. If you are testing a small position for the first time, it is higher.

THE FTX REMINDER

FTX held roughly $8 billion of customer funds when it collapsed in November 2022 ×DON'T TRUST, VERIFYClaim: FTX held approximately $8 billion of customer funds when it collapsed in November 2022.Verify at: DOJ indictment of Samuel Bankman-Fried ↗ · FTX bankruptcy docket (Kroll) ↗Court filings and the DOJ indictment cite a customer shortfall in the multi-billion-dollar range. Specific numbers are in the bankruptcy schedules.. Customers who held Bitcoin on FTX lost access to it. Customers who held Bitcoin in self-custody were unaffected by the collapse.

Not your keys, not your coins. Your keys, your coins.

What to buy :
  • Coldcard Mk4 or Q (approximately $150 to $250)[4] - the gold standard. Fully air-gapped, open-source, Bitcoin-only.
  • Trezor Safe 5 (approximately $150 to $170)[5] - solid alternative, great UX, open-source firmware.
  • Ledger Nano S Plus / X (approximately $80 to $180)[6] - works, but the firmware isn't fully open-source. Ledger's July 2020 e-commerce breach exposed approximately 1 million email addresses and detailed personal information (name, postal address, phone number) for roughly 270,000 customers[7].

Critical rule: only buy directly from the manufacturer's website. Never from Amazon, eBay, or third-party resellers. Hardware wallets can be tampered with in transit. coldcard.com, trezor.io, shop.ledger.com.

Setup (Coldcard example):
  1. Unbox. Check the tamper-evident bag.
  2. Power it on. Follow the on-screen prompts to generate a new wallet.
  3. It will display a 24-word seed phrase. Write it down on the included steel plate (or buy a separate steel backup). Never photograph. Never type into a computer. Never store digitally.
  4. Confirm the words back to the device.
  5. Set a PIN.
Move your Bitcoin:
  1. On your Coldcard, generate a receive address. This is a long string starting with bc1..
  2. In River, tap "Withdraw." Paste the address (or scan a QR). Send $5 first as a test. Never send the full amount without testing.
  3. Wait for confirmation (usually under 30 minutes).
  4. Once you see the test amount on your hardware wallet, send the rest.

For the full sovereignty ladder, multisig, air-gapped signing, passphrases, see The Bitcoin Sovereignty Stack →

Step 7: Label your UTXOs (optional but worth it)

This step is for users who care about privacy and want to avoid accidentally merging their KYC'd coins with non-KYC'd ones later. Skip it for your first month if you want, it's the 201 level.

Download Sparrow Wallet (free, desktop, open-source). Connect your hardware wallet in "watch-only" mode, Sparrow can see your balance and transactions without ever touching your private keys.

In Sparrow, label every UTXO (Unspent Transaction Output) with the source: "River 2026-04 DCA", "Birthday gift from Mom", etc. When you eventually spend or consolidate, Sparrow lets you pick which UTXOs to use. This keeps your privacy hygiene tight. For the full practice, see UTXO Management.

For coin-joining, CoinSwap, and the broader coin-hygiene toolkit, see Advanced Bitcoin Privacy. A lighter introduction is in Bitcoin Privacy.

Mistakes to avoid

Leaving large amounts on the exchange
FTX, Celsius, BlockFi, Mt. Gox. Exchange bankruptcies have cost users billions. If you're not going to move it yourself, keep the balance small.
Photographing your seed phrase
Your phone backs photos up to the cloud. Anyone who breaches your iCloud or Google photos gets your seed. Steel plate or paper only.
Skipping the test transaction
Always send $5 first. Bitcoin transactions are irreversible. A typo in the address means your coins are gone forever.
Buying altcoins on the way
Every dollar in an altcoin is a dollar not stacking Bitcoin. See Bitcoin vs Altcoins →
Panic-selling during drawdowns
Bitcoin has had four drawdowns greater than 75%. It has recovered from every single one. DCA through the dips; you'll thank yourself later.
Common Questions

Quick answers.

KYC data links your identity to your on-chain activity forever, and exchange breaches have leaked this information before. It is a genuine trade-off, not a conspiracy theory. For most people, the convenience of a licensed US exchange outweighs the risk, especially if you promptly withdraw to self-custody.
River holds customer Bitcoin in segregated, fully-reserved cold storage and does not lend it out. In a bankruptcy, segregated customer assets are typically returned to customers rather than lumped into the estate, though recovery can be slow. This is exactly why withdrawing to self-custody matters for larger balances.
A $60 to $150 hardware wallet is worth buying before you need it, not after. Even if you are only holding a few hundred dollars today, setting up the device and practicing with small amounts now builds the skill you will need when the balance is larger. Treat it as tuition, not overkill.
For most beginners, a Trezor Safe or Ledger is the gentler on-ramp because the interface is simpler. Coldcard is Bitcoin-only and more security-hardened, which appeals to larger holders who want air-gapped signing. Start with whichever you will actually use correctly; a Coldcard you misconfigure is worse than a Trezor you operate confidently.
Always send a small test transaction first, typically $10 to $25 worth. Confirm it arrives at the correct wallet address with the expected number of confirmations, then send the rest. The test fee is a small price compared to the cost of pasting the wrong address and losing the full amount.
-> UTXO Management - how to label, consolidate, and spend coins cleanly -> Advanced Bitcoin Privacy - CoinJoin, CoinSwap, and coin hygiene -> Dollar-Cost Averaging - why boring accumulation beats market timing -> The Sovereignty Stack - multisig, passphrases, inheritance
Sources & Citations
  1. River Financial. Fees and product docs - river.com/learn. Published fee schedule - river.com/pricing .
  2. Strike. Fees and product docs - strike.me/fees .
  3. Cash App. Bitcoin fees disclosure - cash.app/help .
  4. Coinkite. Coldcard pricing and docs - coldcard.com; quick-start - coldcard.com/docs/quick.
  5. SatoshiLabs. Trezor Safe 5 product page - trezor.io/trezor-safe-5.
  6. Ledger. Product and pricing - shop.ledger.com.
  7. Ledger. "Addressing the July 2020 e-commerce data breach" - ledger.com/blog/what-happened-addressing-our-community. Approximately 1 million emails and approximately 270,000 detailed PII records exposed.
  8. Sparrow Wallet documentation - sparrowwallet.com/docs.

Last updated 2026-04-14. Not financial advice. Do your own research.

Related reading

RELATED
Real Estate: The Honest Buy vs Rent Math
RELATED
Bitcoin for Beginners: 5 Minutes, 5 Steps
RELATED
Sparrow Wallet: Complete Setup Guide

Subscribe via RSS for new articles.

← PREVIOUS
Should I DCA Into Bitcoin?
NEXT →
The Bitcoin Sovereignty Stack