With Bitcoin, Ethereum, and a host of other cryptocurrencies once again making headlines following an incredibly bullish year, crypto security has never been more important, this guide will teach you how to protect your cryptocurrency with a paper wallet and cold storage.
It’s likely, if you’re reading this guide, you’ve recently decided to buy into this rapidly expanding market, potentially to trade but, most probably, with the intention of holding an amount of a particular currency long term. We’ve prepared it to help readers learn how to safely store their cryptocurrencies themselves, in the true trustless spirit of Satoshi Nakamoto himself/herself/themselves.
The first, and most important lesson in this guide are:
You and you alone are responsible for your cryptocurrencies.
Their security is only your concern.
What is a cryptocurrency wallet?
A cryptocurrency wallet is a digital wallet that you can use to store, send and receive various cryptocurrencies. The wallet doesn’t exactly “store” your money as a real-world wallet does. Instead, it saves your public and private keys which in turn helps you send and receive money.
Let’s think of a real world situation before we understand what public and private keys are. Imagine a vending machine. Can anyone and put their money inside the machine right? But, they can’t take out the money because they don’t have the key, they can only put money in the machine. The only person who can take out the money is the owner of the machine who has the key.
In this example, the vending machine is the public address which anyone uses to send money to you. You are the machine owner, and the key that he is carrying is your private key. Using this private key only you can access your money and do what you please with it.
The public key is the address that anyone can use to send you the money, while the private key is what you will use to send money to anyone else. Remember, ONLY you should know what your private key is, otherwise anyone can use your wallet to send your money to any other addresses.
Under no circumstances should you ever lose your private key. Let’s put this in super simple terms. If you lose your private key, then you are SCREWED (yes, uppercase has been used to emphasize the gravity of the situation). You should use at least two different techniques to save and store your private keys. We will discuss these various techniques a little later in the article.
As of right now, let’s discuss the two methods of storage that you can use to store your cryptos, hot storage, and cold storage.
Hot Storage Vs Cold Storage
Let’s understand the basic distinction between the two with a real-world example. Hot storage is like the wallets that you carry around in your pocket. The Cold storage is somewhat akin to your savings bank account. Keep this distinction in mind as we move forward. If you want to use your currency frequently then you must use hot storage. On the other hand, if you want to store your money for a long time then you must use cold storage.
Hot storage, in simple terms, is when you keep your cryptocurrency in a device which is directly connected to the internet. This connection is what makes a device “hot”.
You should think of exchange wallets, desktop clients, and mobile wallets (any wallet that exists on a device that will ever connect to the internet) as a hot wallet. It’s easy to access funds on a hot wallet, and if you live somewhere that accepts cryptos for micropayments, there’s nothing wrong with using one for day-to-day spending. Think of it like fiat (government issued) currency. You might walk around with a portion of your wealth in a wallet for convenience but the majority you keep secured away. Your hot wallet should behave in the same way as a real-world wallet. You use it to carry a small amount of cash for ease of access. That is all.
While transacting with hot wallets is very simple, there is a huge drawback when it comes to them. They are easily hackable. The whole crypto-space has been gaining a lot of value recently and where there’s value, crime is never far behind. Recent ransomware attacks and previous compromises of large exchanges should be sufficient beacons to newcomers.
Even though you’ll not be storing a great deal of value on your hot wallet, it’s vital that you follow the backup steps within the restoration section of your wallet to avoid losing funds through human error. With your private key, and seed phrase intact, you should be able to restore any wallet painlessly enough.
Pros of hot storage
Quick to access funds.
A wide number of options, and support for different devices.
User-friendly UIs make sending and receiving simple.
Cons of hot storage
Exposed to cybercrime. Sophisticated hackers, ransomware, and other malicious actors are a constant threat.
Damaging the device could destroy the wallet. Without carefully backing up private keys, and seed words you could permanently lose your cryptocurrency investment.
You could still lose/damage/have stolen the restoration details.
Now let’s explore the different kinds of hot storage wallets that you can use.
Online Wallets aka Cloud Wallet
These wallets are the easiest to use among all. The creation is super simple because it’s basically creating your own account on any of the exchange services. Furthermore, you can access this wallet from any server or any device in the world as long as it is connected to the net. Having said that, there is one big problem when it comes to online wallets. Your private key is going to be saved on another server. This is basically like serving up your key to hackers on a silver platter. Do NOT use online wallets to store huge amounts of your money. Store the bare minimum that you need for exchange purposes.
Desktop or mobile wallets are also popular choices for a hot wallet. These represent a much better option in terms of security. Desktop wallets are downloaded and installed on a single PC or laptop and they are only accessible from that one device where it was downloaded. While it is a safer alternative than an online wallet, it can still be very inconvenient because you will not get access to your money unless you are on the device from which you downloaded the wallet. MultiBit and Armory are great examples of desktop wallets.
Mobile wallets are pretty convenient to use because all you need to do is to download an app into your phone. MyCelium is a really popular app(for both Android and iPhone) that people use for their mobile wallets, CoPay is a great option as well.
The real problem with desktop/mobile wallets are the dangers associated with virus attacks. A hacker can easily put Trojans in your system to phish for your details. Apart from that, you can easily lose your cryptos if your desktop or mobile is damaged.
The easiest way of understanding how a multi-signature (multi-sig) wallet works like is by thinking of a safe which needs multiple keys to operate. A multi-signature wallet is great for 2 purposes:
To create more security for your wallet and save yourself from human error.
To create a more democratic wallet which can be used by one or more people.
How does multi-signature wallet save you from human error? Let’s take the example of BitGo, one of the premier multi-sig wallet service providers in the world. They issue 3 private keys. One is held by the company itself, one is held by the user and the third one is a backup that the user can keep for themselves or give to someone trustworthy for safe keeping To do any sort of transaction in a BitGo wallet you will need at least 2/3 keys to operate. So even if you have a hacker behind you, it will super difficult for them to get their hands on 2 private keys. And on top of that, even if you lose your private key for whatever reason, you still have that backup key that you had given to your friend.
Now, how does a multi-signature wallet create a more democratic environment? Imagine that you are working in a company with 10 people and you need 8 approvals in order to make a transaction. Using a software like Electrum you can simply create a custom multi-sig wallet with 10 keys. This way you can make seamless democratic transactions in your company.
Even with all its amazing features, at the end of the day, a multi-signature wallet is still a hot wallet so you must use it economically. The Bitfinex hack (more on it in a bit) happened despite the fact that it had multi-signature security. Plus, at the end of the day, the company whose wallet you are using still has one of the private keys. It completely depends on their ethics as to what they can do or not do to your funds.
Risks of Hot Storage
Different hot wallets carry different security risks. The least secure are undoubtedly those hosted on Exchange sites. Leaving your currency where you bought it might seem like a great idea because “if it starts to crash, I can change it back to dollars quickly”. In reality, all you’re doing by leaving cryptos on an exchange is trusting an unlicensed entity with your money. They hold your private keys, and they ward off daily attacks. In the past, they’ve even succumbed to such threats. Exchanges are a huge target for criminals because they store a lot of value. If you’re day trading, this risk is part of the deal. If you’re holding long-term, you want to avoid it all together.
The Bitfinex hack is a great example of the dangers of hot storage. In early August 2016, the folks at Bitfinex noticed that several of their security measures were being compromised. Before long, over $72 million worth of BTC had been stolen by a hacker. It was so bad that the value of BTC fell 20% within a day:
So what do you do to your cryptocurrency to keep it safe from malicious attacks like this? You use cold storage. Let’s find out what that is all about.
When you keep your currency in a device which is completely offline it’s called cold storage. For those seeking the most secure form of storage, cold wallets are the way to go. These are best suited to long-term holders, who don’t require access to their coins for months, or years at a time.
They aren’t without their own set of risks but if you follow the instructions correctly, and take every precaution possible, these are greatly minimized. Given the amount of attention that cryptocurrency has been receiving over the last few years, it has unfortunately piqued the interest of attackers. In the light of that, it’s a far more secure option to use cold storage as means of storing your money.
San Francisco-based bitcoin wallet and exchange service CoinBase holds up 97% of its coin reserves in hardware and paper wallets. What are hardware and paper wallets? You will get to know about it in a minute. For now, let’s check out the pros and cons of cold storage:
Pros of Cold Storage:
A great place to hold large amounts of coin for a long period of time.
Provides a safety net against hackers and people with malicious intent since it is completely offline.
Cons of Cold Storage
It is still susceptible to external damage, theft and general human carelessness.
It is not ideal for quick and daily transactions.
Setting it up can be a little intimidating for beginners.
Now that we have seen both the pros and cons let’s take a look some cold storage wallets that you can use to store your coins
Hardware wallets are physical devices where you can store your cryptocurrency. They come in a few forms but the most common is the USB stick style typified by the Nano Ledger series. Although many swear by them, hardware wallets are still prone to compromise. Firstly, you’re trusting that the company who made your wallet hasn’t logged all the private keys with a plan to raid wallets in the future. This applies to those bought from the company themselves, but particularly if a hardware wallet has been acquired second hand. Under no circumstances should anyone ever use a pre-owned hardware wallet.
Although loss or damage can spell disaster for the unprepared, hardware wallets can be restored. Therefore, it’s just as important to back up your hardware wallet, as it is your online hot wallets. You should keep restoration details in a safe place that only you, and anyone you plan to leave the money to know about. Remember, your restoration details open the wallet. Think very carefully about who (if anyone) you share them with. It’s also vitally important that you transfer all coins to a new wallet, should something unfortunate happen between you and anyone else who knows your private keys (spouse, etc.)
Without a doubt, the safest way to store any cryptocurrency is using a paper wallet. By following a few pointers below, you can set one up entirely for free. This truly makes you the master of your investment, and if precautions are followed, there’s no possibility of your private keys being known by anyone else. Of course, this means that keeping a record of them is even more important. Losing private keys means you’ll forfeit the entire contents of your paper wallet (but then again, that’s true for every wallet out there.)
What is a paper wallet?
To keep it very simple, paper wallets are an offline cold storage method of saving cryptocurrency. It includes printing out your public and private keys on a piece of paper which you then store and save in a secure place. The keys are printed in the form of QR codes which you can scan in the future for all your transactions. The reason why it is so safe is that it gives complete control to you, the user. You do not need to worry about the well-being of a piece of hardware, nor do you have to worry about hackers or any piece of malware. You just need to take care of a piece of paper.
Do you need a paper wallet?
The answer to this question will largely depend on your circumstances. If you plan to spend the summer day trading a few coins, perhaps you don’t. Alternatively, if you’re in for the long haul, and don’t intend to touch any portion of your stash, then a paper wallet is the most secure option available to you.
Setting up a paper wallet
Paper wallets are formed by using a program to randomly generate a public and private key. The keys will be unique, and the program that generates them is open source. Those with advanced knowledge of coding can check the backend of the program themselves for randomicity in results. What’s more, we’ll be generating our keys offline. This eradicates the exposure to online threats, and deleting the simple program after use will destroy any trace of them.
Don’t worry if it sounds confusing, it’s not. You’ll need no specific knowledge of coding, or encryption. All you do need is a computer, an internet connection, something to record your keys on.
Anyway, let’s create our paper wallet. Follow these steps:
Ensure your computer is entirely free from any form of malicious software. A brand-new computer would be ideal but is often not feasible.
Visit the page WalletGenerator.net.
Download the zip file by clicking here:
Once downloaded open the “index.html” file but before that make sure that your internet is off. This entire process is done to make sure that your wallet is hacker free.
Now it is time to generate your wallet. Keep hovering over the highlighted text and it will generate more characters. Or if you want, you can manually type in random characters. Just keep doing it until the counter goes to “0”.
The moment the count goes to zero your wallet will be generated.
Print the page or make multiple copies of the numbers from it. (Important: Ensure printer is not connected to Wi-Fi at this point).
Delete saved web page. You can now safely reconnect to the internet.
Store your private keys in their long term, private, secure home.
Setting up a paper wallet for Ethereum
Now if you notice the list of cryptocurrencies supported by walletgenerator, you will see that Ethereum is missing from the list. So, what do you need to do to create a paper wallet for Ethereum? It is really easy, just follow these steps:
First, go to MyEtherWallet.com.
Next, click on the help tab.
Scroll down and click on option 5:
Now open the link highlighted here:
After that download this zip file into your computer:
Now open the zip file in your computer and click on the index.html file. Before doing that, switch off your internet so that you are offline.
Now create a new password and generate your wallet, be sure that you are putting in a strong password:
Now you will have to download your keystore file which is basically your wallet file. Be sure to keep a backup of this file. After you are done with that click on “I understand. Continue.”
And there you go, your wallet has been generated. What you see here is your private key. DO NOT share this with anyone.
You should now print your wallet by clicking on the “Print” button. This is what you will get. Notice that you can see both your private and public keys here:
And there you go. That is how you create an Ethereum paper wallet.
Paper wallet risks
While paper wallets substantially decrease the threat of compromise from the virtual world, they aren’t without their own set of risks.
Coercion: There are always going to be people willing to break the law to get at something valuable. Just as crooks tear off in Lamborghinis after raiding a property, so too might they stumble upon your safe. They don’t know what’s in there but presumably, it’s valuable. Anyway, you get where this is going, and the moral of the story is simple: don’t go bragging about your crypto investments. It doesn’t matter if it’s online, or in person, it’s never a clever idea. Don’t make yourself a target.
Fragility: At the end of the day, it is still paper. Paper can be easily damaged or it can get worn out over time. This is why you should always make multiple backups.
Stealing: Since it is written on a piece of paper, anyone who can read it or take a photograph of it can steal your money.
Not immune to disasters: It is just a piece of paper, it is not immune to natural disasters and can easily be destroyed if you have not taken any backups.
Type of printer used: The quality of printer used can also have a detrimental effect. Non-laser printers may cause the ink to run if the paper gets wet.
Human Errors: Humans are prone to mistakes and you can simply forget the location of your paper or accidentally tear it.
Importance of private keys and restoration methods
In the same way that we’ve mentioned restoration details previously, the private key to your paper wallet is its single most important detail. You must guard it with your life. If you lose it, you lose your money. It’s as simple as that. Then you should get it tattooed on your chest, right? Well, no. As well providing you access to your funds when you need them, anyone with the key can also get at them. It must be kept totally secret.
Owing to their importance, it’s wise to store your paper wallet in multiple secure locations. This will help alleviate against certain “acts of God” – think Hurricane, sudden evacuation, or similar. However, the more locations you use to store your keys, the higher the risk of compromise.
Under lock and key
Some prefer to store their private keys in a physical location. A safe is usually favored for this. Only those allowed access to the funds must know the combination (and preferably existence) of your security box. Of course, small home safe deposit boxes are often much less durable than they’re made out to be, and will usually be a target for home invaders. If you have sole access to a high-quality safe, you should use this, otherwise risking a lower end model may be your best option. Either way, only those who have ownership of the coins stored on the paper wallet must know the combination to the lock.
In the (very near) future, self-encrypting, decentralized “cloud” based storage will likely be an option. Its reliability remains to be tested but it could alleviate warranted concerns over storing private keys digitally. Like exchanges, existing cloud-based storage services are hackable, and can fall victim to malicious attacks. Storing your most sensitive documents is usually not recommended. However, it’s possible to encrypt the data yourself and store it online. By encrypting it, you limit the number of people who can view a document in its raw state. Uploading an encrypted version of a private key to the web is a suitable option for some.
Engraving Into Metal
You may also choose to engrave the keys to a metal and keep it safe somewhere. The quality of the metal that you choose will be paramount here because over time a low-quality metal may deteriorate very fast.
It should go without saying that this isn’t ideal. It is possible and incredibly secure (potentially too secure) but the practical barrier of remembering 64 unique characters will discourage the majority. While I am sure there are some who favor this method. It is certainly not recommended.
Things to remember when considering storing private keys
Only those that have access to the funds stored must have access to the private keys.
Most ways of practically recording private keys are potentially lost. Think, fire, theft, water damage. If you can engrave metals yourself and can store it in a high-quality safe, this is ideal.
Multiple safe locations are better than one. Additional locations must not compromise security.
All storage has risks. Minimize them.
Restoring a cold storage wallet
When you want to bring your cryptocurrency back out of cold storage, you need to import the private key into a suitable online wallet. Any wallet which supports importing private keys will work. The process is simple and intuitive for most wallets. The steps we have given below correspond to using the Bitcoin Unlimited wallet.
Open the client and click on “Help”.
Select the Debug Window and click on the Console tab.
Type in the field “importprivkey<private key>” replace <private key> with your private key and the remove quotation marks.
This will import all the data from your paper wallet to your online desktop client. Remember, you are now exposed to all the security risks that exist with hot wallets. It’s not recommended that you keep an amount of crypto in such storage for any more than the minimum time possible. If you’re trading to another crypto, or fiat do some immediately and then store appropriately. If you were using a portion of your balance to make a payment, and want the rest to return to cold storage, it is now recommended that you set up an entirely new paper wallet. Consider your original storage solution compromised.
Setting up a cold wallet is a straightforward way to help alleviate third-party risks associated with most other cryptocurrency storage methods. While no method is entirely free from threat, storing coins offline drastically reduces the chances of losing your investment through digital means – exchange compromise, exchange insolvency, ransomware attacks, other cybercriminal operations. It is still as important as ever to remain vigilant of real-world threats such as loss, theft, or damage of private keys. Always protect your private keys, and ensure to replace them (setup new cold storage) immediately if there is any indication that their privacy may have become compromised.
The best solution is diversification. As the old saying goes, “Do not keep all your eggs in one basket.” Always diversify. Keep a portion of your currency (a major portion), in paper wallets and have lots of backups to ensure that you are not going to get screwed. Keep some in hardware wallets and if you really must, keep a few in a hot wallet as well so that you can do quick transactions. Having said that, make sure that most of your money is in cold storage.
Remember, it is no one else’s responsibility to ensure your crypto investments are kept safe. You are your own master here. Do not take short cuts, and do not underestimate the importance of security. Plenty of people have already been frivolous enough to lose access to their cryptocurrencies through their own fault and others. Minimizing the risks effectively will drastically decrease the chances of you joining this number.