A cryptocurrency wallet is simply an app, website, or device that manages cryptocurrency’s private keys for you.
Private keys are simply secret codes that allow one to spend cryptocurrency. Therefore, in reality, it’s not cryptocurrencies that need to be stored and secured but the private keys that provide access to them. And since cryptocurrency coins do not physically exist, a public ledger exists to record their virtual amount and location. The wallet address wherein such coins are stored can only be accessed with the corresponding private key.
Securing your cryptocurrencies properly is critically important. As such, we will review the many options available for securely storing private keys as well as where copies of private keys exist.
The term “paper wallet” typically refers to a physical document used to store one’s keys offline. Likewise, a paper key is a single key written on paper and often used multiple times like a wallet (although this is strongly discouraged). Investors generally prefer paper wallets because, when made correctly, they secure a digital version of the key and do not exist anywhere else. However, if the physical paper upon which the key is written is destroyed, lost or stolen, there’s little chance of recovering the coins at that address. In order to avoid this, multiple copies of the key are usually printed and stored in different locations (much like safety deposit box keys).
Keeping all the keys in one location endangers them, particularly if a natural disaster like a flood or a fire occurs. Ultimately, in order to access one’s coins, the key must be imported into a software wallet. It’s important to note that a user’s key in its raw text form can be used to open any (and all future) wallets for a particular cryptocurrency (if it supports importing private keys).
Before generating paper keys (or performing any crypto-related activity), make sure your PC is free of malware. Software that contains keyloggers or RATs (Remote Access Trojans) can copy or otherwise steal your private key. They can even gain remote access to your computer. Therefore, it is recommended that a user open a paper wallet generator, disconnect their PC from the internet, and begin generating a few keys (selecting one of them to send your coins to). This ensures that the key generating software/website isn’t able to record and/or steal your private keys, in case it is compromised at the time.
After the key is generated and printed (or recorded on a Cryptosteel card), coins can be sent to the public address that accompanies it. Please make sure to keep the key and any backups safe and out of sight. And aside from malicious individuals, be sure to keep such paper backups outside the reach of uninterested/unknowing individuals as well (no one wants to be the guy whose grandmother threw away thousands of dollars of BTC stored on a paper wallet, simply because she didn’t know what it was). XTRABYTES has an official paper wallet generator here.
Hardware wallets are physical electronic devices built solely to secure cryptocurrencies. In order to spend cryptocurrencies, a hardware wallet must be connected to one’s computer, phone, or tablet. Wallet users confirm their transactions with wallet buttons and safeguard their account using a PIN code.
Hardware wallets are highly recommended if you’re serious about security and require a device that is both convenient and reliable (note though that some security issues remain). They are the best option for the casual investor as well, particularly those who work on computers prone to getting malware. That’s because hardware wallets keep private keys offline and thus secure from vulnerable, internet-connected devices (even if its plugged into a malware-infected computer). In addition, crypto fans should not purchase a used hardware wallet, as they may have been tampered with.
What happens if the hard wallet malfunctions or gets stolen, lost, or damaged? Well, when you start your wallet for the first time and create a new address, you will be asked to create a secret backup code or a seed, consisting of 24 words (with the option to include a self-selected 25th word for added security). By combining these words in the correct order, a wallet user can restore their private key. They will also be able to transfer their wallet balance onto a new hardware wallet (or a wallet that supports importing a seed). However, anyone else with access to this secret code will be able to as well. Consequently, users should safely retain their seed – particularly after every hard wallet software update (when its needed to restore a wallet).
Remember, your private key is safe even in a hardware wallet infected with malware (since your secret code words are written on a piece of paper). Its worth noting that this creates the same critical point of failure that exists with paper wallets, namely a physically destructible object serving as the only backup available. In order to guarantee maximum security, wallet users should take the exact same security steps that they take with paper wallets. Doing so ensures that several backups safely exist and can be easily retrieved.
A »hot« wallet describes any wallet that is semi-connected to the internet and thus potentially accessible to hackers. Typically, these are either software wallets one can download and install on their computer or internet-based providers of wallet services (like MyEtherWallet or Metamask)
Keep in mind, however, once a hacker has your private key, it no longer matters whether your wallet is connected to the internet or not (and even a hardware wallet will not save you). If you suspect a private key has been compromised, move all your funds away from the corresponding address and no longer use it. By doing otherwise, you’re potentially allowing the hacker to steal any future funds available at that address!
These aforementioned services do not store your private keys on their servers. Instead, they typically write them down on paper and hand them to the user. Or they store them on your secure computer. The only way a hacker can access your MEW or Metamask account without your private key is by obtaining your password, either by brute-forcing or phishing it from you.
When a software wallet has been installed on your computer, the private key is stored within it (or to be more exact, inside the wallet.dat file). Is important to back up your software wallet so that you have access to it in the future. Since not all wallets are able to import .dat files (and dat files are obvious targets for cryptocurrency theft), a private key can be exported from the wallet in plain text, written down upon a piece of paper, and deleted from one’s computer for safety purposes. Of course, that again leaves you with the same issues that paper wallets and hard wallet seeds present above.
What is the most secure way to store your keys then?
In reality, digitally storing private keys on one’s computer is perfectly safe if appropriate precautions are taken. Consider the hoops a hacker must take to retrieve them:
First, an attacker must obtain physical or remote access to a computer in order to obtain the private keys stored within it. To prevent physical access, private key owners should password-protect their computer and encrypt their wallet. In order to prevent keylogging and remote access to a computer, an antivirus program can be installed beforehand. When using such a program, be careful about which sites you visit and what software you download. Some individuals even go so far as to retain a separate computer for their cryptocurrency needs. If you are uncertain as to whether your PC is infected or not, make sure to check so beforehand and in the future.
By encrypting your wallet and protecting it with a password, you’re preventing anyone with remote access to your desktop from accessing it. However, these safeguards do not protect other files (like a .txt listing a private key, although an encrypted wallet.dat should be safe). In order to remain secure, one should encrypt the text of the private key itself and place it into an encrypted ZIP file. This will make it safe even if someone accesses your computer. Indeed, a PC can be rendered as safe as a hardware wallet. However, if it breaks or is stolen we are faced with the same problems again. So, what can be done?
The private key or the seed remains the main point of vulnerability, no matter what wallet you use. To ensure that you never lose access to your hard-earned money, always have multiple backups of your private key in different forms and locations. Another very popular backup storage solution is placing your encrypted ZIP file onto an encrypted USB stick, or several sticks across different locations.
A second option involves copying your paper wallet or hardware seed onto a secure computer, encrypting it as a ZIP file, and then placing it onto an encrypted USB stick. A third option is to upload the encrypted ZIP file onto a cloud service that you trust and can secure with an additional two-factor authentication. And as a fourth option, you could also print your existing private key from a software or hardware wallet onto a sheet of paper and store it somewhere safe. However, keep in mind that every copy of the private key is another access point for a would-be attacker.
In summary, you could have an encrypted wallet installed on a safe PC, an encrypted backup on a USB stick, and a paper version in a safety deposit box. Or you can have a hardware wallet with the seed on a USB stick and a copy stored on paper. There is no one best solution. It’s best to use whatever mix you trust and are comfortable with. No matter which wallet choice you select, remember:
Your cryptocurrencies are only safe if the private key was generated securely, remains a secret, and, most importantly, is controlled only by YOU!
So to avoid theft, scams, and any other loss of funds, follow these three basic principles:
- Generate your private keys in a secure, offline environment
- Create backups of your private keys and store them safely
- Encrypt wallets and files to provide additional security