Understanding the concept of owning Bitcoin or other cryptocurrencies can be a challenge in the beginning. These are purely digital assets and the ownership is defined by holding a secret — the private key — to access them. For most people a hardware wallet is the best option.
Keeping a digital secret, while still having access to it, is surprisingly hard. For cryptocurrencies, this is of special importance. If someone gains unauthorized access to your secret (a long number stored somewhere), all funds can be gone. At the beginning of Bitcoin, with people storing their private keys on their regular computer, Reddit was full of stories about big losses and hacks.
Options for storing cryptocurrencies
There are multiple ways to deal with the challenge of securing your funds: one is to outsource the whole security by leaving your funds on an exchange. Having a dedicated computer that never, ever connects to the internet is another. Using a hardware wallet — a little dedicated security device — is the best option for regular users, as it provides secure key management while keeping your funds accessible and usable.
Let’s dive into the various storage options. For many Bitcoin and cryptocurrency users, there is a natural progression through the following stages, as they secure more funds and deepen their understanding of how these technologies work.
Buy bitcoin and leave them on an exchange
Dealing with exchanges is convenient and the starting point for many users new to the field. Why is it not great to leave a lot of funds there? If one does not have the private keys to his bitcoin, he doesn’t actually control them. The exchange simply has an obligation to give him some bitcoin if asked. Exchanges get hacked all the time, they can go out of business or refuse withdrawals due to some regulatory issues.
A well-known saying in the Bitcoin community:
This means as much as “Only if one controls the private key himself, he really owns his Bitcoin.” Without a private key, all one has is an IOU.
Install a software wallet
The next best thing one can do is to take control of his bitcoin keys. For that one needs a wallet application. Installing a wallet on one’s computer or mobile phone is ok for a limited amount of funds, much like the money one carries around in his physical cash wallet every day. But it’s important to understand that the secret keys to one’s bitcoin are exposed. If a malicious mobile app or a virus on one’s computer gets access to these keys, all funds can be stolen.
Using a hardware wallet
A hardware wallet is a dedicated device with a secure screen and has two main goals:
- Keeping the private keys safe from any form of unauthorized access and never expose them to a networked device, and
- Independently verifying and explicitly showing on its screen what the wallet is signing.
To interact with the hardware wallet one is still using a wallet application on a computer or mobile phone, but that application does not manage any private keys. It just prepares transactions that are then signed directly on the hardware wallet or lets one create new receiving addresses that are verified on the hardware wallet. The private keys never leave the device.
Custom setup with dedicated hardware
Most users never get to that stage, which is for experts only, and in our opinion, that’s a good thing. Custom setups like the Glacier protocol involve buying separate laptops, removing the networking cards, and installing the wallet software on this laptop that must never be connected to the internet. This is a valid way of securing one’s keys for advanced users, but setting it up takes a lot of time and is very error-prone. Taking one shortcut or making one mistake can compromise the whole setup. Accessing the funds is cumbersome, so this is mostly an expensive expert option for long-term storage.
Paper wallets and pre-generated keys
Although using paper wallets was popular in the early days of Bitcoin, it is no longer considered a safe solution. They are hard to create and print without touching a networked device (insecure), encourage reusing addresses (bad for privacy) and must be spent as a whole in a single transaction (potential for human error). The same goes for professional paper or metal “wallets” that already come with a pre-created private key. These are nice to look at, but should be considered compromised from the start.
A combination of different options
It’s common to use a combination of the above options to store one’s funds.
- Installing a mobile app on the phone for everyday spending. With Bitcoin, that can even be a Lightning wallet that also supports on-chain transactions.
- For significant amounts, using a hardware wallet at home for sending or receiving larger sums on a regular basis.
- For long-term savings, a separate hardware wallet with an additional passphrase, stored somewhere that cannot easily be accessed, adds additional security.
Not every hardware wallet is the same. They protect against different threats and have different trust models. Some products, for example, don’t use hardware specifically designed with security in mind. Others use software that is not open-source, so you need to trust the code of the manufacturer to be secure.
For most users, a hardware wallet is simply the safest choice. It comes as an “all-inclusive” package including guides and tutorials, minimizing user errors. Creating a backup of the seed (the one secret number) secures all different digital assets at once. If one loses the hardware wallet, or if it gets damaged, it’s possible to restore all assets from a backup on a new device. It also makes it much more secure to use web wallets like MyEtherWallet.
*Originally posted at CVJ.CH