If you’re going to hold cryptocurrency as an investment or as a saving device, you need to understand how to keep it safe. Owning cryptocurrencies means taking risks that don’t exist with traditional assets. There’s no government insurance program to refund your money if the exchange that holds your assets goes under.
For certain asset storage types, a lost password is unrecoverable and you can permanently lose access to your funds. Further, digital assets are vulnerable to hacking. It’s essential to understand your storage options and how safe each one is.
A hot wallet, or online wallet, stores your cryptocurrency on an internet-connected source. That source could be a wallet with an online exchange where you buy and sell crypto. Coinbase, GDAX, Binance, Circle Invest or Kraken are all exchange-based hot wallets. It could also be a software wallet such as Mycelium, Exodus or Jaxx that is located on your computer, tablet or smartphone. (For more, see: Explaining the Crypto in Cryptocurrency.)
But if your device is lost, hacked, stolen, or if its hard drive fails, your cryptocurrency could be gone forever. The exchange itself is vulnerable to hacking. And without the Federal Deposit Insurance Corporation (FDIC) oversight of traditional banks, exchange operators or employees could potentially defraud account holders.
This risk isn’t just hypothetical. The Mt. Gox exchange had $460 million worth of bitcoin stolen by hackers in 2014. In June 2018, Bithumb was the victim of a $30 million theft. Other high-profile examples of hacked exchanges include the DAO, Bitfinex, and NiceHash. Hot wallets are attractive targets since they hold so much value.
In the uncertain regulatory environment of cryptocurrency, governments can potentially shut down crypto exchanges. In sum, using a hot wallet is akin to keeping your money in a bank that has no FDIC insurance.
Given the risks of keeping your cryptocurrency in a hot wallet, why would anyone use this storage method? They’re easy to use and provide convenient access to your crypto, which make them useful for conducting transactions. Like a physical wallet, you can just reach in and pull out cash to make a purchase. But also like a physical wallet, they are vulnerable to theft.
A good rule of thumb is to keep only as much in your hot wallet as in your physical wallet. If that’s too little to be useful, keep no more than one week’s worth of pay in your hot wallet.
Cold storage refers to keeping your cryptocurrency offline, an option that trades convenience for security. Types of cold storage include USB drives, hardware wallets (which are like a special purpose USB drive), and paper wallets. Hardware wallets are considered the most secure form of cold storage because they store private keys within the device and even the user can’t see them. You only plug them into your computer’s USB port when you need to move your crypto.
The most popular hardware wallets are the Trezor, Ledger Nano S and KeepKey. While they’re highly secure, they do have drawbacks. One is that no single device works with all coins and tokens. Another is that they cost around $100 each, and you’ll want to buy more than one. Having multiple hardware wallets limits the amount of cryptocurrency you risk losing access to if you forget your PIN or seed phrase. It also helps to preserve your privacy. If you use the same wallet all the time, it’s pretty easy for someone to connect all your transactions to you. (For more, see: How Bitcoin Works.)
Your PIN or seed phrase is the only way to access your cryptocurrency once you’ve moved it to a hardware wallet. If you lose them, your money will be extremely difficult, if not impossible, to recover.
Paper wallets are literally just pieces of paper with both the public and private keys for your cryptocurrency printed on them, possibly accompanied by a QR code. They’re obviously vulnerable to loss, theft and destruction by water, fire, your dog, or your child.
You can generate a paper wallet with a free web service such as bitcoinpaperwallet.com, which also generates bitcoin cash, litecoin and dogecoin wallets, and MyEtherWallet for ether paper wallets. You can also create a paper wallet with a computer that has never been connected to the internet or with an old device that has been wiped and never connected to the internet since.
You’ll need to follow specific security protocols to keep your paper wallet and your crypto safe. Paper wallets can be more high tech and secure than they sound. For example, they can be printed in a way that keeps them safe from prying eyes and you can add tamper-evident holographic stickers to them. Be aware that when you create a paper wallet, you are entirely responsible for not losing your private key and password. The software that helps you create the paper wallet does not keep copies of this information for you. If they did, paper wallets would not be a form of cold storage and much less secure.
In short, cold storage or paper wallets are where you want to keep the bulk of your crypto. Cold or paper storage is like a savings account with one caveat. No one can help you regain access to it if you lose your PIN and seed phrase.
Best Practices for Securing Cryptocurrency
To keep your cryptocurrency safe, you should never give anyone your private key. Some argue that following this rule means not storing any crypto in an online wallet such as Binance, since online wallets store users’ private keys. For online wallets, always enable two-factor authentication.
Never store a digital image of your paper wallet on your smartphone or computer. If you do, you’re losing the benefits of cold storage and effectively creating a hot wallet.
Be careful when sending cryptocurrency to others. Since transactions are irreversible and it can be easy to err in copying an address, send a small, test transaction first before moving the rest of your assets.
Bookmark your financial institution’s website to make sure you always visit the correct site. Spoofed versions are essentially phishing schemes designed to gather login information. You shouldn’t click on links from other sites or in emails that appear to come from your financial institution so you don’t fall victim to a phishing attack. With cryptocurrency, following these guidelines becomes even more important because there is no way to recover stolen crypto funds.
Make a backup of your seed phrase and PIN that you do not store online on your hard drive, in the cloud or on any internet-connected device. You may want to keep a copy in a safe deposit box at the bank. Your seed phrase, a group of 12, 18, or 24 random words, allows you to recover your cryptocurrency even if your hardware wallet is lost, stolen, or damaged or if you forget your PIN. Finally, use a strong password to encrypt your wallet and use multisignature security to help keep your coins safe. (For more from this author, see: Cypherpunks and the Creation of Cryptocurrency.)
Disclaimer: The information in this article is for informational and educational purposes only. Investing in ICOs, cryptocurrencies or tokens is highly speculative, and the market is largely unregulated. Anyone considering it should be prepared to lose their entire investment.