One of the biggest misconceptions that newbies to cryptocurrencies often carry around with them is believing that their coins are “100% safe and secure” if they keep it on a trusted exchange like Coinbase or Gdax or on an online wallet on a website or app on their phone.
Nothing could be further from the truth.
When your bitcoins are on an exchange or online wallet created by someone else, you don’t really “own” your coins. The exchange or whoever created the software housing your wallet is the true owner of your coins and you are trusting that they won’t steal them, spend them, or do anything else with them. If a popular exchange were to suddenly lock your account for no reason, and you have thousands of dollars worth of cryptocurrency stored in “your” wallet, good luck fighting it, ESPECIALLY if they’re based overseas and aren’t subject to regulation the way Coinbase is.
Many people have had to find that out the hard way and suffered painful losses as a result. The online exchanges and wallets can be useful for temporary storage, transferring money, and making short term trades, but they should never EVER be considered a permanent means of storing your crypto for safekeeping.
The reason why is because all crypto wallets come built in with 2 parts – a public key and a private key.
A public key is the address that you use to send money to the wallet. Think of it like the account number on a bank account. Anyone can use it to send money to that particular address but they cannot withdraw money using just the public key.
The private key on the other hand is another code that is used specifically to withdraw the funds from the wallet. Think of it like the pin on your debit card. If you’ve been using exchanges or online wallets to store your money up until now, you may have never even heard of private keys… and for good reason.
When you sign up to create a wallet on an exchange or an application connected to the Internet, they give you your public key but they never show you your private keys or make any mention of it. Why?
Because they keep the private keys to themselves, thereby giving them the exclusive privilege of making withdrawals from YOUR wallet.
The way it works is when you transfer money to an exchange, you’re actually transferring the money straight into their own private account. The exchange in turn credits you for X amount of dollars. When you open up Coinbase and it says you have 2.3449 bitcoins sitting in your wallet, its not actually your money. Rather, Coinbase has 2.3449 bitcoins sitting in THEIR private wallet and they are crediting you the ability to to request a withdrawal up to however much you’ve already deposited in THEIR wallet.
The underlying problem with all of this is, because its THEIR wallet if any controversy were to occur, they can essentially tell you to get lost and screw you out of your money that you so generously donated to their wallet. This isn’t meant to be a knock on Coinbase. I’m just using them as an example. Personally, I think they’re quite reliable but I’m not going to entrust them with all my eggs 24/7 and use them like a bank account. This is true for literally every single Internet based exchange and company that allows you to create a wallet and store cryptocurrency in it.
The only way you can really sleep at night with 100% assurance that your money is safe regardless of whether you’re naughty or nice is by storing it in a “cold storage” wallet where YOU control your private keys, rather than blindly outsourcing control to a third party.
“Cold storage wallet? Whats that? And how do I go about controlling my own private keys.”
Don’t worry, I’ll break it down for you in layman’s terms and show you how to do properly step by step.
First, let’s quickly review the 2 different types of wallets as it applies to cryptocurrency.
What makes a wallet “hot“ is that its connected to the Internet at all times. The vast majority of wallets out there fall under this category from convenient apps on your phone to wallets you create online on an exchange. They are by far the #1 choice for most people for one simple reason – convenience.
Its very convenient to store your wallet on an app or exchange connected to the Internet because you can send coins in a heartbeat. They’re very convenient, you can access them very easily, and send and transfer money with the minimal amount of fuss.
Their biggest problem lies in security. When you use a hot wallet provided by a third party, they have absolute control of your private keys. If they choose to, they can extract your money without your permission at any time and there’s absolutely nothing you can do about it.
Does that mean that hot wallets are inherently evil and you should never use them? No.
I myself have numerous hot wallets in the form of apps on my phone and my Coinbase/GDAX account. I use them semi-regularly when I want to send or trade money.
If you’re going to create and use a hot wallet for any reason, either through a phone app or an exchange, follow these guidelines and you’ll be golden.
1. Only create hot wallets with reputable organizations that you consider trustworthy.
If they have a physical headquarters in the US, that would be ideal. Avoid trusting large sums of money to anonymous companies and apps who you know nothing about and don’t have a base in the U.S
Coinbase is a regulated financial institution that has a base in San Francisco, California. They do their banking with the bank of San Francisco and they are subject to U.S. financial laws. As such is the case, the probability that they are going to scam you or run off your money is significantly lower than some anonymous exchange based overseas in Europe that isn’t bound to any financial institution.
They have an incentive not to run away with your money because it would be very easy to sue them. As such is the case, I don’t have any problems transferring large amounts of money into my accounts their for brief periods of time.
2. Use them for a specific purpose. Do NOT treat them as banks.
Even though Coinbase has a high trust factor, that doesn’t mean you should use it as a bank and leave all your coins there 24/7. What if your account gets frozen and it takes weeks to resolve the issue? What if their servers go down for maintenance and you need your money now?
Their hot wallets are extremely useful for sending money out quickly and for trading it on their exchange. Its fine to keep some money there 24/7 for day to day activities, but by no means should this be the entirety of your bankroll. After you’ve finalized your position on a trade or bought some coins off their exchange, transfer the bulk of it out to a safe location that YOU have exclusive and total control over – namely, a cold wallet.
A cold wallet is an offline wallet where the owner has complete control over the private keys.
Meaning nobody, under any circumstances, can retrieve money from it unless they have direct access to the private keys of the cold wallet. Because a deep cold wallet is offline and not connected to the Internet, it cannot be spent at a moment’s notice. It must first be either connected to the Internet or the coins must be extracted from it onto a hot wallet.
At the cost of the convenience of being able to instantly send money, cold wallets make up for it in their far superior security as they are completely impossible to be hacked into or stolen without direct physical access.
The downside – Cold wallets rely on physical access, meaning it is up to the responsibility of the owner to keep their cold wallet and their private keys safe from harm. If a cold wallet is damaged or destroyed, the funds could potentially be lost forever if the owner has not taken certain precautions.
There are two primary types of cold wallets that you as an end user should concern yourself with – paper wallets and hardware wallets.
Let’s start with the simpler one first.
A paper wallet, as the name implies, is wallet with a randomly generated public and private key that is unique to the individual and is printed out on a piece of paper, complete with a QR scan code and a string for the public and private keys.
These bad boys are very convenient because they are super cheap and super easy to create, while being very secure at the same time, if created properly. If you’ve read reports online of people getting their paper wallets hacked into, its because they failed to create it properly. Do it the way I lay it out for you, and you can have 10,000% assurance that your wallet is safe and secure.
Your paper wallet consists of two main components – your public key along with its respective QR code and your private key with its respective QR code.
Your public key and the associated QR is what you want to make freely available to anyone you wish to receive payments from. Your private key and the associated QR is something you want to keep under absolute secrecy under lock and file because if someone has access to it, they can withdraw the funds from your wallet at any time.
It’s important to note that if you print out a single copy of your paper wallet and the private key section becomes torn or damaged, your funds are irreversibly lost FOREVER and there is nothing you can do to ever get them back. So don’t be a dummy and print out a single copy.
Be smart and print out multiple copies and keep them stashed in several safe locations so you can’t possibly lose it. Or better yet, if you have an old phone or ipod or camera that is not connected to the Internet, you can take a picture of your private keys and keep them digitally. Just like the physical paper copy of your private keys, it is your responsibility to keep any digital records of your paper wallet free from prying eyes.
The only way to be 100% sure it can’t be hacked into is to only store it on digital mediums that are 100% isolated and cut off from the Internet.
How to retrieve your funds from a paper wallet
Unlike a hot wallet or digital cold storage hard wallet (more on that later), you cannot simply spend funds from a paper wallet. Once any amount of crypto is stored on a paper wallet, the only way to retrieve the funds is to “sweep” it. What this basically means is you scan the QR code of your private keys on the paper wallet and transfer 100% of the money from the paper wallet into your hot wallet, often located on an app on your phone. Unfortunately, it isn’t possible to retrieve a fraction of the funds. Once you sweep your paper wallet, 100% of the funds will be transferred off it at once.
Here’s a step by step tutorial on how to securely setup a paper wallet:
Step 1: Go to walletgenerator.net and download the zip file of the paper wallet generator. Alternatively, it can be downloaded directly from here directly from Github.
Step 2: Unzip the folder, disconnect your Internet, and launch the application. Your keys will be randomly generated by moving your mouse across the screen.
Step 3: Print out multiple copies of your paper wallet. If you have an offline hardware device like an old phone or ipod that you don’t use to connect to the Internet, it would be wise to take some pictures of your public and private keys so you have a convenient digital copy of them.
You may be thinking,
“Wow the fact that I have to sweep all my funds at once and carry it around on a piece of paper is really inconvenient! There’s got to be a better way to securely store my crypto in cold storage!”
Well you’re absolutely right. Personally, I’m not a big fan of the paper wallet for this very reason. But its arguably the most secure form of storage out there and its 100% free. If you’re willing to shell out some money for a superior, much more convenient form of cold storage, I highly suggest you invest in a hardware wallet.
A hardware wallet is a form of cold storage that has all the security of a paper wallet minus the paper and with added convenience. They come in the form of plug and play flash drives that can be plugged into your computer and you can view, send, and receive as much or as little money as you want all from the convenience of your computer screen. In addition to that, hardware wallets are capable of storing just about every popular form of cryptocurrency under the sun, from Bitcoin to Ethereum to Litecoin to Dash to ZCash to 100 other ones, whereas a paper wallet can only store a single type of currency.
Personally, I find it much more convenient to have a flash drive that I can plug into computer thats capable of storing a wide variety of currencies, complete with logs, and the ability to send and receive as much or as little as I want at a moments notice. Another added benefit that hardware wallets have over paper wallets is you don’t have to “sweep” all the funds to an external hot wallet in order to use your money. You can send and receive your money 100% through the use of your device.
There are a few reputable hardware wallets out there on the market right now that work well, but I’m partial to the Ledger brand wallets in particular. They’re small, extremely convenient, and discreet. They have a few different types of products available on their website. The one that I am partial to and recommend is the Ledger Nano S, pictured above. If you want something with a larger interface that you can use like a tablet and you don’t mind that you can’t fit it in your pocket, they have a product available called the Ledger Blue. Functionally, they both do the exact same thing.
What if somebody steals my ledger? Can they access all my money?
No they cannot because it is password protected with a pin. Unless they also have access to a pin, your funds are safe. In fact, all your money can even be retrieved (read on to discover how)
What if I lose my Ledger? Is all my money lost forever?
Not if you set it up correctly. This is another added benefit over paper wallets. We’ve already established that if the private key QR of your paper wallet gets destroyed and you have no backups, your funds are irreversibly lost FOREVER in cryptocurrency limbo.
On the other hand, if your Ledger wallet gets lost, stolen, or damaged, it is possible to recover 100% of your funds. When you buy the device and set it up, it generates 24 random words that constitute a unique key for your device. In the blockchain, this combination of words can be traced to a seed and all subsequent transactions you make are an offshoot of this seed. If your device is lost, as long as you have a copy of those 24 words, you can buy another Ledger device, input the words, and 100% of your funds can be recovered tracing your transactions on the blockchain from your original seed.
Costs nothing to make, can create an infinite number of them
Unhackable form of cold storage (as long as you do a good job of keeping your private keys hidden)
You have to create a generate a different paper wallet for each type of cryptocurrency you wish to store.
You can’t hold multiple accounts of the same coin or different coins on the same paper wallet
To retrieve your funds, the wallet must be “sweeped” and 100% of the funds will be extracted in one go
No safeguard against theft if someone steals your private keys
If you lose it with no backup copies, your money is gone forever
Hardware Wallets (like Ledger Nano S)
Unhackable form of cold storage
Can store multiple cryptocurrencies in the same device
Can create multiple wallets for the same type of cryptocurrency on the same device
Can deposit, withdraw, or transfer as much or as little as you want without need for “sweeping”
Can control the speed at which your transactions go through (different speeds have different processing fee rates)
Can retrieve funds even if device is lost, stolen, or damaged
Costs money (depending on which model you get, the price ranges from $80 – $300).