At the core of cryptocurrencies is the idea of self-sovereignty – the notion that users can act as their own bank. Secure your funds properly, and they’ll be harder to reach than even the most well-guarded bank vaults. Fail to do so, and you run the risk of someone remotely emptying your digital wallet.
Learning how to properly secure your digital coins is a vital step as you journey down the cryptocurrency rabbit hole. In this guide, we’ll discuss some of the techniques for doing so.
What is a private key?
A private key, like a real key, unlocks your cryptocurrency for you to spend. It’s just a really big number – so large that it would be impossible for anyone to guess. If you flip a coin 256 times and write down “1” for heads, “0” for tails, you’ll end up with a private key. Here’s one we’ve just generated. It’s encoded in hexadecimal (using numbers 0-9 and characters a-f) for a more compact representation:
If you look that number up on Google, you’ll see the only occurrence is in this article (unless it’s been subsequently copied elsewhere). That should give you an idea of how truly random the number is – the odds of anyone having ever seen it before are astronomically low.
That example still doesn’t do it justice. The number of possible private keys is close to the number of atoms in the known universe. In a nutshell, this is a vital security principle in cryptocurrencies like Bitcoin and Ethereum. Your coins are safe because they’re hidden in a brain-meltingly large range.
If you’ve received funds before, you’ll be familiar with public addresses, which are also strings of random-looking numbers. Those are obtained by doing some cryptographic magic on your private key to get a public key, which is hashed to get the public address.
We won’t get into depth on how this is done in this article. All you need to know is that, while it’s easy to generate a public address with the private key, doing the reverse is all but impossible today. That’s why you can safely list your public address on blogs, social media, etc. No one can spend the funds sent to it without the corresponding private key.
If you lose your private key, you lose access to your funds. If someone else learns your key, they can spend those funds. As a result, keeping your private key away from prying eyes is of paramount importance.
You should note that wallets today rarely have just one private key – they’re hierarchical deterministic (HD) wallets, meaning they can hold billions of different keys. All you need to know is a seed phrase, a collection of human-readable words that can be used to generate those keys. It may resemble the following:
strike sadness boss daring voice connect holiday vintage quantum pony stable genuine
Unless you deliberately choose to use only one private key, you’ll probably be asked to back up a seed phrase when you create a new wallet. When we discuss key storage later, the term keys will be used to describe both private keys and seeds.
What we described above – with the private/public key pair – is public-key cryptography. This also allows us to make use of digital signatures, which prove that messages came from specific individuals. When you make cryptocurrency transactions, you combine your private key with a message to produce a digital signature. You can’t discover the private key by looking at a signature, so, as a public address, it’s safe to share.
A neat feature of digital signatures is that anyone can compare a public key with the signature to determine if the key’s owner signed the message. When you spend your cryptocurrency, you typically provide a signed message saying something along the lines of “I pay X coins to Y address.”
This way, you can prove that you have the right to spend certain coins. The message you broadcast (your transaction) is added to the blockchain, and everyone can check whether it’s valid. All this without revealing your private key.
Hot Wallets VS. Cold Wallets
A hot wallet is any cryptocurrency wallet that connects to the Internet (e.g., smartphone and desktop wallets). Hot wallets tend to provide the most seamless user experience. They are very convenient when it comes to sending, receiving, or trading cryptocurrencies and tokens. But this convenience often comes at the cost of security.
Hot wallets are inherently vulnerable because of their Internet connectivity. Though private keys aren’t broadcast at any point, there’s a possibility that your online device can be infected and remotely accessed by malicious actors.
This isn’t to say that hot wallets are completely insecure – they’re just less secure than cold wallets. Hot wallets are superior on the usability front, and thus are the generally-preferred option for holding smaller balances.
To eliminate the significant online attack vector, many opt instead to keep their keys offline at all times. They do so with cold wallets. Unlike hot wallets, cold wallets don’t connect to the Internet.
What’s The Best Storage Option?
Unfortunately, there’s no one-size-fits-all answer to that question. The answer largely depends on your risk profile and how you use your cryptocurrency.
For instance, an active swing trader will have different requirements from a long-term HODLer. Or, if you run an institution that handles large amounts, you’d probably want a multi-signature setup, where multiple users need to agree before funds can be transferred.
For regular users, it’s a good idea to keep the funds you’re not using in cold storage. Hardware wallets are the most straightforward options – but make sure you test them out with small amounts to get comfortable first. You’ll also want to keep your keys backed up elsewhere, in case the device itself is lost or fails. Make sure that your backup is offline – some write their seed phrase down on a piece of paper and store it in a safe, while others stamp it into fire-proof metal.
Online wallets are great for small amounts that you’re using to buy goods and services. If your cold storage is like a savings account, your mobile wallet is like the physical wallet that you carry around. Ideally, it should be an amount that, if lost, would not cause you serious financial issues.
For lending, staking, and trading, custodial solutions are your best bet. Before putting your funds to use, though, you should come up with a plan for how much you’re allocating (e.g., with a position sizing strategy). Remember that digital currency is highly volatile, so you should never invest more than you can afford to lose.
When it comes to cryptocurrency storage, the blockchain industry today provides many interesting options. Each alternative comes with its own benefits and drawbacks, so it’s important to understand the trade-offs. This way, you can get more comfortable using a combination of hot and cold wallets, according to your needs.