Bitcoin is the world’s first decentralized online currency. Since its release in 2009, its price has ballooned from a few pennies to tens of thousands of dollars. Today around 100 million people are actively using bitcoin. But still more people are hesitant about switching to a digital currency.
It makes sense, as we’ve lived our entire lives using paper money and relying on banks. Even if bitcoin is a good investment, how can we store it safely? First, we must understand the different aspects of Bitcoin ( or BTC) security. It’s called ‘crypto’ currency for a reason.
As Bitcoin allows you to be your own bank, it is up to you to know how to keep your bitcoin safe. That is about securing your passwords, (or private keys) somewhere no-one else can access them. Both a piece of paper in a safe, or an encrypted app on an encrypted phone, can work well. But they aren’t the only best practice solutions.
You’ve no doubt heard a lot of people scammed out of their bitcoin. You’ve even heard about people who lose the bitcoin they bought ten years ago, unable to recover their millions of dollars. The safety and security risks to your digital currency are real, but you can take multiple steps to mitigate them. Luckily for you, it’s not rocket science or rocket surgery. It’s just blockchain tech.
Blockchain Security Basics
What prevents someone from making and selling fake Bitcoin? What prevents someone from using the same Bitcoin to make two different purchases?
Bitcoin made it easy for us to prevent fraud by using a blockchain. Imagine going to dinner with a group of friends. I’ve found that there’s an accountant within every group. After they pay the table’s bill, they keep track of how much each person owes in their phone. This is their transactional ledger which gets updated as people pay them back.
But what if your friend, the accountant, decides they want to fudge the numbers? They manipulate some of the Bitcoin transactions to make it look like they are owed more money. Since they are the only ones with a copy of this ledger, it will be very difficult to detect this fraud.
Herein lies the genius of blockchain. Transactions within the ledger, the blocks, are decentralized. In this dinner scenario, it means that everyone has a ledger on their phone. They can compare and contrast the series of transactions to reach a consensus. Here, it’s much harder for the accountant in the group to defraud their friends, as everyone has a Bitcoin wallet. In the Bitcoin network, This means to hack or defraud any transaction, you need to own and operate more than half of the Bitcoin network.
What Do You Do After You Buy Bitcoin?
Though hacking the blockchain is difficult, your Bitcoin can more easily be stolen or lost. Usually, people will buy their Bitcoin on an exchange, a place where they can buy it with fiat currency (e.g. Canadian dollars). After buying your Bitcoins, you can access them on a crypto exchange like coinbase. Easy eh?
Exchanges are one of the least secure places to store your cryptocurrency. If you don’t buy a lot of Bitcoin in a single transaction, you face a conundrum. There are transaction costs associated with sending Bitcoin to your Bitcoin wallet. It could cost as much as 50 USD. My first time exploring Bitcoin, I didn’t buy a lot. Then, when I transferred it to my wallet, most of it was lost in transaction fees.
But if a cryptocurrency exchange has poor security, passwords and usernames can be leaked. If you reuse passwords and usernames, hackers can reuse these leaked credentials, stealing more of your bitcoin and maybe your identity. This would allow a malicious third party to siphon off your hard-earned Bitcoin. While these attacks are rare, they do happen.
Another issue is that the exchange has control of your cryptocurrency. In the early days of the space, the founder of a prominent Canadian exchange QuadricaCX defrauded its users and appears even to have faked his own death. Because of these potential scams, it is highly recommended to move your crypto from the exchange to a digital wallet that you have control of.
Let’s get a little bit technical. Cryptography is what makes cryptocurrency secure. What gives you ownership are specific cryptographic keys (passwords). The public key is like a Bitcoin address, it lets you receive cryptocurrency when you buy it or if someone sends it to you. But an exchange also holds the private key. This private key allows someone to prove ownership and access the digital currency.
When you move your bitcoin or your Ethereum to a good, secure, wallet, you alone have control over the private key – the company behind the wallet cannot access it.
Thus, you will be the only one who can steal your cryptocurrency.
The most common type of wallet is a hot wallet, otherwise known as an online Bitcoin wallet. It’s called hot because the device can potentially connect to the internet. You access these wallets online or through a mobile phone application. To steal your Bitcoin, or other digital currency, from your phone or laptop, someone would need to hack your phone or laptop. That is a good reason to have a long password to access either device.
Some wallets are more secure than others. We consider them secure because their code is open-source. A bunch of people have looked through the code to make sure there’s nothing nefarious. However, some wallets don’t allow you to retain direct control over your private keys.
For Bitcoin, some of the most reputable wallets include Exodus and Edge. They are reputable because both allow you to retain control of the private keys and both use two factor authentication. If you want extra security, set up another laptop or phone to use exclusively as your Bitcoin wallet. You can even buy phones that are designed to be a crypto wallet.
When you set up this bitcoin wallet, it will give you a series of recovery phrases just in case you lose your private key. They can be up to 12 unconnected words in a row. In case you ever lose your password, you can use these phrases to recover your cryptocurrency. But if you lose the recovery phrase, you may never recover the crypto. We’d suggest moving to another wallet whose recovery phrase you do know.
It may be wise to print these 12 words out in order and store them in a bank safety deposit box, not your hard drive, if you have a lot of Bitcoin. You usually receive up to 12-24 different seed phrases with your wallet that you can use for recovery at a later time. If your computer breaks or is damaged, you can download the wallet software on a new device, input the phrases and regain access to your account.
Here are some general tips for laptop and phone security:
- Use a password manager and different usernames and passwords for each account
- Use a VPN connection
- Use a browser that natively blocks ads and trackers (i.e. Brave or Tor)
- Use 2-factor authentication
Most exchanges in the US only allow a customer to buy bitcoins with wire transfers of a credit card. If you are in Canada, you can use a simple e-transfer to cheaply purchase bitcoin, seriously reducing fees and increasing convenience.
Cold storage wallets
If you want to buy more Bitcoin, you’re going to want to step up your security. Sure hot wallets are safe, but your phone and laptop are hackable. Someone can more easily steal your private key if it is online. Cold storage wallets (or offline wallets) are like fancy, expensive USBs, and they are offline. This hardware lets you securely store Bitcoin and other cryptocurrencies offline. They also come with recovery keywords that you will need to print out and store securely. Buying a home safe might be a good idea for that? You could even put a painting in front of it.
The most popular brands of hardware wallets are the Ledger and Trezor wallets. Due to their price, they might not always make sense for storing your Bitcoin. If you only buy $1000 worth of bitcoin, should you really get a $150 wallet to store them?
Other considerations for storing Bitcoin
Security makes things a little bit less convenient for us. The extra steps involved in protecting your private key with some cold storage and hot storage can make it hard to quickly access our Bitcoin wallets. This is a tradeoff that you should probably consider when choosing your storage. If you use Bitcoin for several reasons, it makes sense to have multiple wallets.
If you intend to set aside some of your Bitcoin as a speculative asset, use a cold wallet. A lower amount of Bitcoin can be spread across different hot wallets to reduce the risk. It also makes it easier to use for smaller transactions.
If a single wallet is lost or hacked, you’ll still have the rest of your Bitcoin in cold storage. Investors with tens of thousands of dollars in Bitcoin use cold wallets for long-term storage. For people trading Bitcoin for another cryptocurrency, it makes more sense to use a hot wallet (or even bitcoin exchanges). It makes it easier to move your Bitcoin around fast.
Bitcoin vs Fiat Safety
Many of the same precautions we take for our Fiat money (e.g. American Dollars) apply to cryptocurrency. Don’t share usernames, public or private keys, and passphrases and change them if your data is in a suspected data breach or leak. While your bank account is insured, often your crypto cold storage isn’t. So you need to take extra care with your Bitcoin and other digital currency.
If you keep your cryptocurrency in a wallet on your phone, you could lose access to your digital currency if your phone is stolen or lost. This is why it’s important to set up 2-factor authorization and safely store your recovery phrases. A 2FA code along with your password, would let you regain control of your assets. We emphasize that recovery or seed phrases should be stored securely and secretly. Perhaps in a safety deposit box, not on a plain text file on your laptop or in a sticky note in your sock drawer.
Remember no bank is helping you keep your Bitcoin secure. In a decentralized system, you alone are in charge of your security and your bitcoin.
While 2021 is still early days for cryptocurrency, new insurance companies are beginning to crop up. In the future, you might be able to fully insure the cryptocurrency on your wallet or mobile device. However, there are few places that offer policies at the moment. If you have a lot riding on Bitcoin and cryptocurrency, it may be wise to look those few places up and ask them about insurance.
The other issue you run into is that anyone who knows how to connect your personal identity to your bitcoin wallet can see how much Bitcoin you have. Whereas a random person cannot simply look up someone else’s bank account balance.
Your public address is a string of letters and numbers that identifies its network location. With this address, the amount of money in each address is visible on the blockchain, as is every other single transaction. Based on the patterns in transactions, someone could figure out who the wallet belongs to. Thieves could potentially target people with a lot of cryptocurrencies stored at one address or wallet.
In general, there are extra risks in holding Bitcoin. You and you alone control the security of this asset. The amount of money in any wallet is searchable online. If you’re clever, you can even use the data in the blockchain to figure out who owns a particular wallet.
You can mitigate most of these risks to your digital currency by taking appropriate precautions.
The Security Rundown
Like going to the dentist, ensuring your devices are secured can be a painful experience. We want to make it as easy as possible for you to keep your Bitcoin safe and secure, so the process is more like brushing your teeth. Without further ado, here are the keys to security hygiene.
Like flossing, there are unpleasantries that we often avoid in security hygiene. You don’t need to follow every single step, but the more precautions you take the safer your Bitcoin wallet will be.
General Wallet and Password Hygiene
- Stay informed about different security threats.
- Use Have I Been Pwned to check if any of your usernames or passwords are leaked or breached.
- Use a password manager to store unique passwords for all your online accounts. I use Bitwarden as it is one of the best-rated managers combining ease-of-use with security.
- Use a privacy-oriented browser like Brave, along with a VPN to secure your internet connection.
- DO NOT store your Bitcoin on an exchange long-term.
- Don’t store all your Bitcoin in one wallet, phone or laptop.
- Keep your security phrases stored in a safe place. In a future of decentralized digital currency, banks can provide safety deposit boxes.
- If you have a lot of Bitcoin, keep most of it in cold storage.
- Don’t brag about how much Bitcoin you have.
Bitcoin Wallet Hygiene
- Don’t give other people access to your wallet or phone.
- Use a trusted wallet with a good track record.
- Make sure you have the latest version of your wallet installed.
- Pick a wallet that doesn’t require a connection to the internet. You can still use a phone for this.
When you become familiar with these steps, this process will be as easy as brushing your teeth.
Recommendations (June 2021)
Our pick for best Bitcoin wallets:
- Exodus (phone / desktop)
They combine convenience, security and also provide online support. In the case of Exodus, it also offers live support 24/7.
Bitcoin isn’t your grandma’s digital currency. At least not yet. It’s online, decentralized and you are responsible for keeping it secure. It all seems like a tall order at first, but understanding a few best practices means you can secure your Bitcoin wallet and rest assured that your holdings are safe. Use hot storage and cold storage as needed. But above all, remember to follow proper Bitcoin hygiene to keep your investment and trading safe and secure.