Bitcoin popularity is spreading, and I am receiving more and more questions about not only how to purchase bitcoin, but also how to store it for the long term. There is no perfect solution, so lets look at the current options and their pros and cons.
Any discussion about storing cryptocurrency should include hardware wallets. This is the safest means to use, and if you can’t make it through this entire article, please just go buy a hardware wallet.
I have previously compared hardware and software wallets, so if you want more details on the differences, then please refer to that article.
Hardware wallets represents the best method of storage, and should be used as the comparison for anything else. While they are good, they are not perfect…
As a quick primer, hardware wallets use a secure enclave to store your key. This secure enclave functions like that on recent phones, such as the Apple iPhone and Samsung Galaxy phones. It is a dedicated microprocessor that holds the secret key and limits the communication to other areas of the system.
Most hardware wallets have two microprocessors. One to store and manage the secret key, and the other to provide regular system function, control buttons, display, etc. When the general system requests access to the secret key, it sends the full request (
TX 1 BTC to XYZ). Instead of sharing the private key, it uses a cryptographic algorithm and returns a ‘transiitonal key’ to enable to action. This is how your private key always remains private.
Yes and no. They do what they say they do and nothing else (hopefully), but they do have some pretty servere drawbacks that are often overlooked.
Long term storage requires an adequate backup and disaster recovery plan. The hardware wallet could be lost, stolen, broken, faulty, etc. Or, perhaps your toddler presses enough buttons to wipe the device…
How do you recover? Well, hardware wallets rely on the old-school method of ‘writing the secret key down’. While this could be a long list of letters and numbers, most hardware wallets provide you with 12 to 24 words to store. They recommend you write this down on paper and store it securely.
The storage of these words is now your most vulnerable point. Should any one else access these words, they will have full access to your wallet. They don’t need the hardware, they dont need your pin, or wallet password or any other security settings you may have implemented. Disclosure of these words is a complete and total disclosure of your wallet.
You NEED to store these words, but you need to do it in a safe manner. You could engrave these onto metal plates and bury them in your back yard. Or circle the words in your favourite book. Perhaps you’ll share segments of the words with different friends… Whatever method you choose you need to test the recovery process regulary. Have the metal plates erroded or disintigrated? Did you throw the book away when you moved house? Has one of your friends lost their segment of the words, or no longer talking to you?
All of a sudden, you realise that the physical hardware wallet is not the weakest point. Perhaps you now have to factor in the costs of renting multiple bank deposit boxes and engraving the seed words onto multiple metal plates and storing in multiple banks.
This is something that is never said, but often done… Perhaps you store your cryptocurrency on an exchange!
This is a dangerous idea, but perhaps not as dangerous as it used to be. There are a handful of audited (ISO27001, PCI-DSS, SOX, etc) exchanges that have demonstrated a baseline security posture to be entrusted to store your cryptocurrencies. Some even offer custodial insurance in the event of a breach to their security systems.
All of these exchanges offer top tier user security. Bot protection with Captcha, TLSv1.2+, Password complexity, 2FA, SMS/Email verification, etc. Providing you have responsibily enabled these protections, the likelihood of a breach to your user account is extremely low.
Finally, while you are storing your cryptocurrencies here, you are also able to trade and/or earn interest on your balance. Many reputable exchanges are offering 10%+ interest rates, dwarfing the 1% offered by your bank!
But what happens if there is an issue? There are numerous stories on twitter and reddit of exchanges abandening their customers and locking their cryptocoins. Exchnages are also required to work with law enforcement, who may confescate financial assets with due cause.
Also, in the event of a largr scale breach at the exchange, they may not have the insurance coverage to cover all losess. Exchanges are an attractive target for hackers, given the centralised storage of users crypto assets.
There is also the option of a self hosted crypto wallet. This could be a secure and isolated computing device (such as a Raspberry Pi) hosting a copy of the native cryptocurrency blockchain. Using a dedicated device such as these minimised the opportunity for hackers to gain access to the device. Native blockchain apps allow for the encryption of the
wallet.dat file. Even if the device was stolen, the person would need to know your wallet password too.
With our enterprise security hats on again, lets look at what is involved to keep a system secure. First, you’ll need to ensure that system and application updates are applied regulary. This means connecting the device to the internet and downloading and installing updates frequently.
Anytime it is connected to the internet is an opportunity for a breach.
Next problem is the reliability of the device itself. You may be using an SD card, SSD, MMC or USB HDD. These are all prone to failures, especially given they are often portable consumer grade devices. You will still require a backup of the
wallet.dat file and the appropriate storage of that backup. Compared to backing up the hardware wallet seed phrase, this needs to remain digital. There are further pros and cons of digitally backing up your
wallet.dat file compared to a seed phrase.
As you can see, there is no perfect solution here. Each option has a number of pros and cons and will depend on what you individual threat scenario is.
In some instances, there may be more benefits in storing your crypto on an exchange and earning interest or trading options. This would require significant investigation into the exchnage, their security practices and insurance policies.
Hardware wallets will always be a good options too… you just need to think about the storage of your seed phrase.
Self-hosted wallets may suit other use cases, but will require a technical understanding and additional maintenance… Perhaps not the best for someone new to crypto.
What I will conclude with is you should NEVER store your crypto on your regular computer. It is extremely hard to maintain a secure environnment on the device you access regularaly. Just don’t do it. Understand the risks and consider the three scenarios I have provided above.