This article talks about Bitcoin, but it can apply to most other cryptos out there.
The price of Bitcoin recently hit the $10K mark. It’s likely that a non-negligible number of crypto holders realized they are now in possession of a small fortune. Some of them might have also realized they don’t have complete confidence in the security of their precious stash. Which is natural, because securing your bitcoins is nothing like securing that gold you keep in your safe, or that cash your bank keeps for for you in digital form. There’s a myriad of exchanges, online wallets, mobile wallets, hardware wallets, paper wallets, brain wallets… what? How are you supposed to know whether your money is secure? Spoiler: it probably isn’t.
Of course, security is always a tradeoff with convenience, and there is a distinction to be made between wallets for every day use and wallets for long term storage. Some risks are worth taking if they give us serious convenience benefits. Still, it’s always important to realize the risks and how to estimate them.
Independent of the way you use Bitcoin, somewhere down the line, ownership of bitcoins always boils down to one simple thing: the knowledge of the private key.
The blockchain, maintained by the Bitcoin network, stores information about Bitcoin addresses which have funds to spend. The people who know the private keys to those addresses can sign transactions from those addresses and the transaction will be accepted by the Bitcoin network, no questions asked. If a person as much as looks at and remembers the key, they essentially become full fledged owners of the address and can empty it straight away.
There’s no “suspicious activity” check - there’s no central authority to stop someone from clearing out your wallet. There’s no asking for 2 factor authentication codes — all information kept by the Bitcoin network is public by design, so the seeds necessary for checking the codes would have to be kept publicly too, which would defeat their purpose. Once the bad guy knows your private key, your money’s gone, and, by design, nothing can bring it back.
Even if you’re not paranoid about security, if there is one thing you should be paranoid about, is that no one ever sees your cryptocurrency private key. Not even yourself, preferably.
With this in mind, let’s review the available Bitcoin wallet types. They are all ways to store and use your private key, and they have advantages and disadvantages. But mostly disadvantages.
This is the most natural way to store your private key — generate an address and private key, write it down, and put it somewhere hidden and safe. Alternatively, generate 24 words corresponding to your private key and train yourself to remember them, eliminating the need to keep a written record anywhere. Generally, it’s about securely storing the key as a physical item, be it on paper, engraved in metal, encrypted on a USB stick, or in your head.
This is great for safekeeping, as the only way an attacker can get your key is to have have physical access or coerce you into giving it away. However, cold storage also means you can’t actually use it — to send some money anywhere, you need to take out your key and input it using your keyboard into your computer or phone, a complex Internet connected machine running hundreds of processes at any given time. Even a simple keylogger can trivially retrieve your key. You most likely don’t have any malware on your computer, but would you really want to bet all your money on it every time you use it?
Desktop and mobile wallets are programs which generate and store keys, and sign transactions using the keys. The advantage of this is that when key is generated, there is no need to transfer it anywhere else (save for writing down a backup which you would only use in an emergency) — it stays on the device so that the wallet app can always use it. Especially on modern mobiles which are designed from ground up with security in mind and offer separation of privileges for different apps, this is not a very bad way to store the key. On the other hand, it’s still an extremely complex computer that you carry around with you everywhere, exposing it to all kinds of different threats. It’s not an optimal way.
Another approach to take is to delegate the risk to professionals who take care of security of Bitcoin wallets full time — online exchanges and online wallets. Those services will internally maintain a pool of Bitcoin addresses and their private keys, and instead give you a regular web account with access to a portion of funds in the pool. This has advantages of typical web security — the online service can provide “Forgotten password”, two-factor authentication, location-based “suspicious activity” checks.
But what really happens is you effectively transfer ownership of your bitcoins to the online service, because they control the private key, and you don’t. You have to accept that when there’s an outage, you no longer have the ability to make transactions. Even worse situations can happen if the service goes bankrupt. And since it’s so easy to claim bitcoins for yourself once you get your hands on private keys, and services can’t store them in an encrypted form because they need them to actually make transfers, they are a huge target for hackers. It usually only takes one mistake for a complete breach.
It already happened, and more than once.
This leaves us with hardware wallets. Hardware wallets are small USB devices designed for one purpose only: generating your private key, and signing the transactions you supply to it with said key. They do not need to connect to the internet or share the key in any way — it is never exposed to the outside world. They have most of the advantages of a paper wallet while solving its main drawback, the need to transfer the key to a computer to be able to use it. The hardware wallet is able to sign the transaction by itself.
Because a well designed hardware wallet works exclusively offline and never exposes the private key, it’s the only truly secure option.
What if I don’t have a hardware wallet?
Hardware wallets are the best, but they don’t come cheap, and especially with the current crypto frenzy, the manufacturers can’t catch up with the demand. Sometimes, you have to choose from other options, if only temporarily.
There are some additional lines of defense to be deployed for different types of wallets. Some online services work with multi-signature wallets, which require a signature from both you and the service for the transaction to go through. Another approach is to have recovery seeds of the private key distributed in several places, to not keep all eggs in one basket. When using a paper wallet, you could also avoid using it in an Internet-connected machine by creating and signing a transaction on an always-offline computer, and then trasfer it to an online one on a USB stick.
There’s one thing common to all those solutions: they try to make getting the private key harder by piling up additional layers of defense. But true security mindset does not deal in incremental, ad hoc fortifications. Instead, it requires eliminating underlying assumptions, and whole classes of problems with them.
Until now, we assumed that the private key is a treasure to be protected at all costs. But this is only true if we keep the money in one wallet all the time. What if after we use a private key for transaction, we automatically consider the private key burned and transfer the remaining money to a new wallet?
In Bitcoin, you generally spend all the money you have in every transaction, and a typical transaction has two outputs: one part of the money going out to your chosen recipient’s wallet, and the rest back to your own one. But instead of returning it to the previously used wallet, we could insted direct it to a freshly generated address, for which the key was not exposed anywhere yet. Using this feature, we don’t need to pay any additional transaction fees for a bigger transaction with more outputs, because there’s always two already. Sadly, specifying multiple different outputs is not a feature of most wallet software, but you can do it in Bitcoin Core.
This results in the following approach:
- Generate a wallet and send your bitcoins to it
- When you want to make a transaction, generate a second wallet
- Send some money to your recipient and the rest to your new wallet, preferably in the same transaction
- Store the new, unused private key in a safe location
You probably want to hold on to old private keys in case someone sends money to one of your old addresses, but you should consider them burned otherwise. Having two copies in separate locations is also always a good precaution, as once a key is lost, it’s lost forever, and the bitcoins with it.
I believe this is the only real way to protect your private key other than using a hardware wallet. I had no need to use it in practice myself, but if you don’t use a hardware wallet, I think this solution is really worth a shot.