Bitcoin is one of the oldest and most widely used peer-to-peer payment systems today whose market cap value at the present moment is much more than other cryptocurrencies.
Owing to the extensive popularity, many companies, as well as individuals, have already started integrating Bitcoin as a payment system.
However, there is always a threat looming over the security of digital wallets. Last year we saw multiple ransomware attacks, including WannaCry which attacked several computer systems worldwide using Microsoft Windows and demanded ransom payment in Bitcoin cryptocurrency.
Although the transaction process of Bitcoin is based on blockchain technology, making it extremely difficult to hack the information on cryptocurrency, you still need to meticulously secure your Bitcoin wallet.
Let’s first discuss what a Bitcoin wallet is. A Bitcoin wallet is a digital wallet where Bitcoins are stored.
Obviously, you cannot store your Bitcoins anywhere as they contain a private key or secret number for every Bitcoin address saved in the wallet.
There are different types of Bitcoin wallets, such as a software wallet, online wallet, electronic wallet, hardware wallet or paper wallet.
But, before we can discuss the various methods and techniques used to secure Bitcoin wallets, it‘s important to throw some light on the major security concerns and threats.
- To begin with, you must be aware of common threats, such as duping the users through fake cryptocurrencies, the illicit phishing method, secretly knowing the confidential lock PIN code of your phone, attempting to steal the cryptographic keys, etc.
- The hacker can also hack your Bitcoin wallet by using old password backups. This can be done by creating a recovery program. So, even if the password is changed at frequent intervals, it won’t promise that your wallet is safe.
- There is the Sybil attack where the hacker blocks the transactions from all other users as he tries to control the network with nodes. The users can only connect to blocks that are created by the hacker.
- The 51% attack usually occurs during the initial stages of developing a Bitcoin wallet app when the attacker has more computing power than the developer.
- Other forms of attack include slow down time, vulnerable transactions, Denial-of-Service (DoS) and more.
So, now we know some of the common threats and are aware that even the two way authentication process, the mysterious nature of Bitcoin, and the absence of any third-party are not adequate enough to secure the digital transactions. Let’s look into how you can secure your Bitcoin wallets.
What is a cryptocurrency wallet?
A cryptocurrency wallet is a digital wallet that you can use to store, send and receive various cryptocurrencies. The wallet doesn’t exactly “store” your money as a real-world wallet does. Instead, it saves your public and private keys which in turn helps you send and receive money.
What are public and private keys?
Let’s think of a real world situation before we understand what public and private keys are. Imagine a vending machine.
Can anyone and put their money inside the machine right?
But, they can’t take out the money because they don’t have the key, they can only put money in the machine. The only person who can take out the money is the owner of the machine who has the key.
In this example, the vending machine is the public address which anyone uses to send money to you.
You are the machine owner, and the key that he is carrying is your private key.
Using this private key only you can access your money and do what you please with it.
The public key is the address that anyone can use to send you the money, while the private key is what you will use to send money to anyone else.
Remember, ONLY you should know what your private key is, otherwise anyone can use your wallet to send your money to any other addresses.
Under no circumstances should you ever lose your private key. Let’s put this in super simple terms.
If you lose your private key, then you are SCREWED (yes, uppercase has been used to emphasize the gravity of the situation).
You should use at least two different techniques to save and store your private keys. We will discuss these various techniques a little later in the article.
As of right now, let’s discuss the two methods of storage that you can use to store your cryptos, hot storage, and cold storage.
Hot Storage Vs Cold Storage
Let’s understand the basic distinction between the two with a real-world example.
Hot storage is like the wallets that you carry around in your pocket.
The Cold storage is somewhat akin to your savings bank account.
Keep this distinction in mind as we move forward.
If you want to use your currency frequently then you must use hot storage.
On the other hand, if you want to store your money for a long time then you must use cold storage.
Hot storage, in simple terms, is when you keep your cryptocurrency in a device which is directly connected to the internet. This connection is what makes a device “hot”.
You should think of exchange wallets, desktop clients, and mobile wallets (any wallet that exists on a device that will ever connect to the internet) as a hot wallet.
It’s easy to access funds on a hot wallet, and if you live somewhere that accepts cryptos for micropayments, there’s nothing wrong with using one for day-to-day spending.
Think of it like fiat (government issued) currency. You might walk around with a portion of your wealth in a wallet for convenience but the majority you keep secured away.
Your hot wallet should behave in the same way as a real-world wallet. You use it to carry a small amount of cash for ease of access. That is all.
While transacting with hot wallets is very simple, there is a huge drawback when it comes to them. They are easily hackable.
The whole crypto-space has been gaining a lot of value recently and where there’s value, crime is never far behind. Recent ransomware attacks and previous compromises of large exchanges should be sufficient beacons to newcomers.
Even though you’ll not be storing a great deal of value on your hot wallet, it’s vital that you follow the backup steps within the restoration section of your wallet to avoid losing funds through human error. With your private key, and seed phrase intact, you should be able to restore any wallet painlessly enough.
Pros of hot storage
- Quick to access funds.
- A wide number of options, and support for different devices.
- User-friendly UIs make sending and receiving simple.
Cons of hot storage
- Exposed to cybercrime. Sophisticated hackers, ransomware, and other malicious actors are a constant threat.
- Damaging the device could destroy the wallet. Without carefully backing up private keys, and seed words you could permanently lose your cryptocurrency investment.
- You could still lose/damage/have stolen the restoration details.
Now let’s explore the different kinds of hot storage wallets that you can use.
Online Wallets aka Cloud Wallet
These wallets are the easiest to use among all.
The creation is super simple because it’s basically creating your own account on any of the exchange services.
Furthermore, you can access this wallet from any server or any device in the world as long as it is connected to the net.
Having said that, there is one big problem when it comes to online wallets. Your private key is going to be saved on another server.
This is basically like serving up your key to hackers on a silver platter.
Do NOT use online wallets to store huge amounts of your money. Store the bare minimum that you need for exchange purposes.
Desktop or mobile wallets are also popular choices for a hot wallet.
These represent a much better option in terms of security.
Desktop wallets are downloaded and installed on a single PC or laptop and they are only accessible from that one device where it was downloaded.
While it is a safer alternative than an online wallet, it can still be very inconvenient because you will not get access to your money unless you are on the device from which you downloaded the wallet. MultiBit and Armory are great examples of desktop wallets.
Mobile wallets are pretty convenient to use because all you need to do is to download an app into your phone.
MyCelium is a really popular app(for both Android and iPhone) that people use for their mobile wallets, CoPay is a great option as well.
The real problem with desktop/mobile wallets are the dangers associated with virus attacks.
A hacker can easily put Trojans in your system to phish for your details. Apart from that, you can easily lose your cryptos if your desktop or mobile is damaged.
The easiest way of understanding how a multi-signature (multi-sig) wallet works like is by thinking of a safe which needs multiple keys to operate. A multi-signature wallet is great for 2 purposes:
- To create more security for your wallet and save yourself from human error.
- To create a more democratic wallet which can be used by one or more people.
How does multi-signature wallet save you from human error?
Let’s take the example of BitGo, one of the premier multi-sig wallet service providers in the world.
They issue 3 private keys.
One is held by the company itself, one is held by the user and the third one is a backup that the user can keep for themselves or give to someone trustworthy for safe keeping To do any sort of transaction in a BitGo wallet you will need at least 2/3 keys to operate.
So even if you have a hacker behind you, it will super difficult for them to get their hands on 2 private keys.
And on top of that, even if you lose your private key for whatever reason, you still have that backup key that you had given to your friend.
Now, how does a multi-signature wallet create a more democratic environment?
Imagine that you are working in a company with 10 people and you need 8 approvals in order to make a transaction.
Using a software like Electrum you can simply create a custom multi-sig wallet with 10 keys.
This way you can make seamless democratic transactions in your company.
Even with all its amazing features, at the end of the day, a multi-signature wallet is still a hot wallet so you must use it economically.
The Bitfinex hack (more on it in a bit) happened despite the fact that it had multi-signature security.
Plus, at the end of the day, the company whose wallet you are using still has one of the private keys.
It completely depends on their ethics as to what they can do or not do to your funds.
Risks of Hot Storage
Different hot wallets carry different security risks.
The least secure are undoubtedly those hosted on Exchange sites.
Leaving your currency where you bought it might seem like a great idea because “if it starts to crash, I can change it back to dollars quickly”.
In reality, all you’re doing by leaving cryptos on an exchange is trusting an unlicensed entity with your money.
They hold your private keys, and they ward off daily attacks.
In the past, they’ve even succumbed to such threats.
Exchanges are a huge target for criminals because they store a lot of value.
If you’re day trading, this risk is part of the deal. If you’re holding long-term, you want to avoid it all together.
The Bitfinex hack is a great example of the dangers of hot storage.
In early August 2016, the folks at Bitfinex noticed that several of their security measures were being compromised. Before long, over $72 million worth of BTC had been stolen by a hacker.
It was so bad that the value of BTC fell 20% within a day:
So what do you do to your cryptocurrency to keep it safe from malicious attacks like this? You use cold storage. Let’s find out what that is all about.
When you keep your currency in a device which is completely offline it’s called cold storage.
For those seeking the most secure form of storage, cold wallets are the way to go.
These are best suited to long-term holders, who don’t require access to their coins for months, or years at a time.
They aren’t without their own set of risks but if you follow the instructions correctly, and take every precaution possible, these are greatly minimized.
Given the amount of attention that cryptocurrency has been receiving over the last few years, it has unfortunately piqued the interest of attackers. In the light of that, it’s a far more secure option to use cold storage as means of storing your money.
San Francisco-based bitcoin wallet and exchange service CoinBase holds up 97% of its coin reserves in hardware and paper wallets. What are hardware and paper wallets? You will get to know about it in a minute. For now, let’s check out the pros and cons of cold storage:
Pros of Cold Storage:
- A great place to hold large amounts of coin for a long period of time.
- Provides a safety net against hackers and people with malicious intent since it is completely offline.
Cons of Cold Storage
- It is still susceptible to external damage, theft and general human carelessness.
- It is not ideal for quick and daily transactions.
- Setting it up can be a little intimidating for beginners.
Now that we have seen both the pros and cons let’s take a look some cold storage wallets that you can use to store your coins
Hardware wallets are physical devices where you can store your cryptocurrency.
They come in a few forms but the most common is the USB stick style typified by the Nano Ledger series.
Although many swear by them, hardware wallets are still prone to compromise.
Firstly, you’re trusting that the company who made your wallet hasn’t logged all the private keys with a plan to raid wallets in the future.
This applies to those bought from the company themselves, but particularly if a hardware wallet has been acquired second hand. Under no circumstances should anyone ever use a pre-owned hardware wallet.
Although loss or damage can spell disaster for the unprepared, hardware wallets can be restored.
Therefore, it’s just as important to back up your hardware wallet, as it is your online hot wallets.
You should keep restoration details in a safe place that only you, and anyone you plan to leave the money to know about.
Remember, your restoration details open the wallet.
Think very carefully about who (if anyone) you share them with.
It’s also vitally important that you transfer all coins to a new wallet, should something unfortunate happen between you and anyone else who knows your private keys (spouse, etc.)
Here are some hardware wallets that you can use:
- Ledger Nano S.
Without a doubt, the safest way to store any cryptocurrency is using a paper wallet. By following a few pointers below, you can set one up entirely for free.
This truly makes you the master of your investment, and if precautions are followed, there’s no possibility of your private keys being known by anyone else. Of course, this means that keeping a record of them is even more important. Losing private keys means you’ll forfeit the entire contents of your paper wallet (but then again, that’s true for every wallet out there.)
What is a paper wallet?
To keep it very simple, paper wallets are an offline cold storage method of saving cryptocurrency. It includes printing out your public and private keys on a piece of paper which you then store and save in a secure place. The keys are printed in the form of QR codes which you can scan in the future for all your transactions. The reason why it is so safe is that it gives complete control to you, the user. You do not need to worry about the well-being of a piece of hardware, nor do you have to worry about hackers or any piece of malware. You just need to take care of a piece of paper.
Do you need a paper wallet?
The answer to this question will largely depend on your circumstances. If you plan to spend the summer day trading a few coins, perhaps you don’t. Alternatively, if you’re in for the long haul, and don’t intend to touch any portion of your stash, then a paper wallet is the most secure option available to you.
Setting up a paper wallet
Paper wallets are formed by using a program to randomly generate a public and private key. The keys will be unique, and the program that generates them is open source. Those with advanced knowledge of coding can check the backend of the program themselves for randomicity in results. What’s more, we’ll be generating our keys offline. This eradicates the exposure to online threats, and deleting the simple program after use will destroy any trace of them.
Don’t worry if it sounds confusing, it’s not. You’ll need no specific knowledge of coding, or encryption. All you do need is a computer, an internet connection, something to record your keys on.
Anyway, let’s create our paper wallet. Follow these steps:
- Ensure your computer is entirely free from any form of malicious software. A brand-new computer would be ideal but is often not feasible.
- Visit the page WalletGenerator.net.
- Download the zip file by clicking here:
- Once downloaded open the “index.html” file but before that make sure that your internet is off. This entire process is done to make sure that your wallet is hacker free.
- Now it is time to generate your wallet. Keep hovering over the highlighted text and it will generate more characters. Or if you want, you can manually type in random characters. Just keep doing it until the counter goes to “0”.
- The moment the count goes to zero your wallet will be generated.
- Print the page or make multiple copies of the numbers from it. (Important: Ensure printer is not connected to Wi-Fi at this point).
- Delete saved web page. You can now safely reconnect to the internet.
- Store your private keys in their long term, private, secure home.
Setting up a paper wallet for Ethereum
Now if you notice the list of cryptocurrencies supported by walletgenerator, you will see that Ethereum is missing from the list. So, what do you need to do to create a paper wallet for Ethereum? It is really easy, just follow these steps:
- First, go to MyEtherWallet.com.
- Next, click on the help tab.
- Scroll down and click on option 5:
- Now open the link highlighted here:
- After that download this zip file into your computer:
- Now open the zip file in your computer and click on the index.html file. Before doing that, switch off your internet so that you are offline.
- Now create a new password and generate your wallet, be sure that you are putting in a strong password:
- Now you will have to download your keystore file which is basically your wallet file. Be sure to keep a backup of this file. After you are done with that click on “I understand. Continue.”
- And there you go, your wallet has been generated. What you see here is your private key. DO NOT share this with anyone.
- You should now print your wallet by clicking on the “Print” button. This is what you will get. Notice that you can see both your private and public keys here:
And there you go. That is how you create an Ethereum paper wallet.
Paper wallet risks
While paper wallets substantially decrease the threat of compromise from the virtual world, they aren’t without their own set of risks.
- Coercion: There are always going to be people willing to break the law to get at something valuable. Just as crooks tear off in Lamborghinis after raiding a property, so too might they stumble upon your safe. They don’t know what’s in there but presumably, it’s valuable. Anyway, you get where this is going, and the moral of the story is simple: don’t go bragging about your crypto investments. It doesn’t matter if it’s online, or in person, it’s never a clever idea. Don’t make yourself a target.
- Fragility: At the end of the day, it is still paper. Paper can be easily damaged or it can get worn out over time. This is why you should always make multiple backups.
- Stealing: Since it is written on a piece of paper, anyone who can read it or take a photograph of it can steal your money.
- Not immune to disasters: It is just a piece of paper, it is not immune to natural disasters and can easily be destroyed if you have not taken any backups.
- Type of printer used: The quality of printer used can also have a detrimental effect. Non-laser printers may cause the ink to run if the paper gets wet.
- Human Errors: Humans are prone to mistakes and you can simply forget the location of your paper or accidentally tear it.
Importance of private keys and restoration methods
In the same way that we’ve mentioned restoration details previously, the private key to your paper wallet is its single most important detail.
You must guard it with your life.
If you lose it, you lose your money.
It’s as simple as that.
Then you should get it tattooed on your chest, right?
As well providing you access to your funds when you need them, anyone with the key can also get at them.
It must be kept totally secret.
Owing to their importance, it’s wise to store your paper wallet in multiple secure locations.
This will help alleviate against certain “acts of God” – think Hurricane, sudden evacuation, or similar. However, the more locations you use to store your keys, the higher the risk of compromise.
Under lock and key
Some prefer to store their private keys in a physical location.
A safe is usually favored for this. Only those allowed access to the funds must know the combination (and preferably existence) of your security box.
Of course, small home safe deposit boxes are often much less durable than they’re made out to be, and will usually be a target for home invaders.
If you have sole access to a high-quality safe, you should use this, otherwise risking a lower end model may be your best option. Either way, only those who have ownership of the coins stored on the paper wallet must know the combination to the lock.
In the (very near) future, self-encrypting, decentralized “cloud” based storage will likely be an option.
Its reliability remains to be tested but it could alleviate warranted concerns over storing private keys digitally.
Like exchanges, existing cloud-based storage services are hackable, and can fall victim to malicious attacks.
Storing your most sensitive documents is usually not recommended.
However, it’s possible to encrypt the data yourself and store it online.
By encrypting it, you limit the number of people who can view a document in its raw state. Uploading an encrypted version of a private key to the web is a suitable option for some.
Engraving Into Metal
You may also choose to engrave the keys to a metal and keep it safe somewhere.
The quality of the metal that you choose will be paramount here because over time a low-quality metal may deteriorate very fast.
It should go without saying that this isn’t ideal.
It is possible and incredibly secure (potentially too secure) but the practical barrier of remembering 64 unique characters will discourage the majority.
While I am sure there are some who favor this method. It is certainly not recommended.
Things to remember when considering storing private keys
- Only those that have access to the funds stored must have access to the private keys.
- Most ways of practically recording private keys are potentially lost. Think, fire, theft, water damage. If you can engrave metals yourself and can store it in a high-quality safe, this is ideal.
- Multiple safe locations are better than one. Additional locations must not compromise security.
- All storage has risks. Minimize them.
Restoring a cold storage wallet
When you want to bring your cryptocurrency back out of cold storage, you need to import the private key into a suitable online wallet. Any wallet which supports importing private keys will work. The process is simple and intuitive for most wallets. The steps we have given below correspond to using the Bitcoin Unlimited wallet.
- Open the client and click on “Help”.
- Select the Debug Window and click on the Console tab.
- Type in the field “importprivkey<private key>” replace <private key> with your private key and the remove quotation marks.
- Hit enter.
This will import all the data from your paper wallet to your online desktop client. Remember, you are now exposed to all the security risks that exist with hot wallets. It’s not recommended that you keep an amount of crypto in such storage for any more than the minimum time possible. If you’re trading to another crypto, or fiat do some immediately and then store appropriately. If you were using a portion of your balance to make a payment, and want the rest to return to cold storage, it is now recommended that you set up an entirely new paper wallet. Consider your original storage solution compromised.
Here’s the advice of investors and experts, edited for clarity and style:
Jonathan Levin, co-founder of Chainalysis
1. Before you open up an account on Coinbase [or other exchanges], set up an unique email that you are going to use for that account.
2. Make sure to set a really hard and long password, and you are the only one to access it from a piece of paper that you control.
Dan Romero, VP of operation at Coinbase
1. On Coinbase, turn off SMS-based two-factor authentication and account recovery for your email account. If you move to Google Authenticator but don’t turn off SMS account recovery, a phone port attack can still lead to an email compromise.
2. On Coinbase, setup the Coinbase Vault and two-factor authentication for any sends off-site.
Sean Everett, VP of product management, Coinbase account was hacked by phone porting attack
1. Don’t talk about cryptocurrency publicly, especially on social media.
2. Call your cellphone provider, put every level of security you possibly can, and add a passcode to it. The next level protection is to add a “do not port” SIM card to your account. That can last for a year.
3. Even though Coinbase says it takes security seriously and has system designs to protect customers, it’s not a bank. Don’t trust it as such.
Adam Dachis, digital consultant, Coinbase account was raided by a computer hack
Don’t keep all your cryptocurrency investments in one place. Diversify among exchanges. It’s unlikely you are going to get hacked at the same time through all of them. Especially if you have different emails and passwords for each.
Sanjay Beri, CEO of Netskope, specialize in enforcing security across cloud applications and network.
Keep your cryptocurrency off the internet, in a “cold wallet.”
“Cold wallet” is not a brand, it’s a concept of storing bitcoins offline (not connected to internet) so that it reduces the opportunities for hackers to steal via online techniques.
“Hot wallet” is connected to the internet, for daily transactions. Think about “hot wallet” as a checking account and “cold wallet” as the savings account.
Here is how to create a cheap “cold wallet” on a dedicated computer:
First, download a cold wallet application to a new, secure usb drive.
Then, take a computer, reset it to factory setting, disconnect it from the internet and keep it offline.
Last, load the cold wallet application onto the computer, keep your cryptocurrencies on that clean and offline computer. You can make transactions offline, using the cold wallet application.
Amir Bandeali, CTO and founder of 0x project
1. If you must use a centralized exchange, withdrawal often, store your tokens on a hardware wallet, which is a hardware device, creates transactions without connecting through the internet.
2. If you are trading tokens on ethereum, I recommend looking into decentralized exchanges. The biggest difference between centralized exchanges (like Coinbase, Kraken and Bitfinex) and decentralized exchanges is that decentralized exchanges do not hold users’ funds. No one can ever access your funds other than you. So it can’t be stolen unless your private keys are compromised.