How should I store my bitcoin?

  • Very easy to use, your parents can probably do it.
  • In theory, you (or your heirs) can eventually recover your funds even if you lose everything (email, password, 2FA device, 2FA seed, etc).
  • Some exchanges have various licenses and trusts that might come with more stringent security, auditing, and reserve requirements. However, keep in mind those regulations also come with KYC and other privacy/control restrictions that may negatively effect you.
  • Fully trusted, there’s no way to know if they’re even solvent now! Customers were still depositing to Mt Gox for a very long time not knowing that they were insolvent. Coinbase/Gemini seems to be run and backed by competent people, but if $1BN disappeared due to loss/theft, even in the best circumstances they wouldn’t be able to make users whole. Note that Xapo customers can check their own balances on the public blockchain, so they have a decent guarantee of their solvency.
  • Even if they are solvent today, they could easily take/lose all your funds tomorrow. The incentives for a retirement attack are massive, especially since it’s hard for law enforcement to tell the difference between internal and external theft.
  • They may or may not let you keep coins on other forks of bitcoin, and they probably won’t let you claim air-dropped coins (see Stellar and Byteball for recent examples).
  • You don’t actually have bitcoin, just an IOU to redeem some bitcoin in the future. They have their own policies and procedures, and you could get frozen out of your funds with little recourse.
  • They require a lot of private information about you that makes them a target for privacy breaches like the recent 140+ MM US citizens whose records Equifax failed to secure.
  • Open source, with key generation and transaction signing taking place client-side.
  • Standard BIP 32/39/44 implementation. Here’s a script I wrote to recover your breadwallet funds even if they go out of business or your phone dies.
  • Easy to backup just your seed once and then transact nearly infinite times (with a new address for each transaction)
  • Simple UI that your parents could probably use
  • Simple Payment Verification (SPV) clients are great for scale as they validate block headers and your transactions only. Block header disk usage grows at just ~5 MB/year, which is trivial to store. Proof-of-inclusion on a Merkle Tree is very fast with O(log(n)) verification time.
  • While not easy, owning your own keys means that you have the ability to not lose coins on other forks as well as sign messages to claim airdropped coins (advanced users only).
  • Mobile, easy to take your money with you and spend it on the go.
  • SPV clients verify only block headers (which include Proof of Work) and cannot validate that every BTC transaction follows the consensus rules. Because of this, there are some theoretical attacks against them as well as some difficulty being sure you’re on the right chain during a contentious chain split. Since you control your own private keys, the best course of action during times of uncertainty is to just stop transacting and wait until a solution is announced.
  • Mobile phones are more secure than general purpose computers, but are still targets for malware.
  • It’s hard to verify that the software you’re running is actually what’s on the github repository.
  • Managing updates is a security risk. If auto-updating is turned on, you’re one malicious upload to the app store away from running software that steals your private keys. (Of course there are benefits to running the latest software as well).
  • Some loss of privacy using SPV. While breadwallet has no centralized account (so no email address, password, etc), it would be possible for an attacker to run an SPV server and use that to try and figure out which addresses are linked. You can prevent this by running your own SPV server, but that is much more complicated.
  • Requires buying a dedicated mobile device, though you could use your existing day-to-day mobile phone (for smaller amounts). If you’re going to spend money on a dedicated mobile device, you’re probably better off just buying a hardware wallet!
  • Hardware wallets are purpose-built to do just one thing, so they’re better in many subtle ways (less ambiguous about updates, more likely to use a secure element, and able to design hardware custom to the UX).
  • Hardware wallets have full support for more advanced configurations (third party integrations, signing messages, segwit, multiple/deniable passwords, etc).
  • While better than a mobile phone, it’s still hard to verify that the software you’re running is actually what’s on the github repository.
  • Hardware wallets cost money (around $50–$150), but at this level of holdings you can afford it.
  • The electrum client that signs the transactions can fetch transactions from your internet connected computer (which has a watching only address), validate the data, and send back signed transactions all via QR code. The airgap is maintained, with the ability to validate the data at each step in case the online computer is compromised.
  • You can be confident you’re running the software you think you are. Feel free to build from source!
  • You want a dedicated machine to run this on, so you’ll have to buy that. An old laptop works great, so you may already have one lying around. Tails requires a 64 bit x86 processor and only 2GB RAM. It is recommended to boot via a live DVD and not a USB drive, and a webcam is needed if you want to use QR codes for your airgap (recommended).
  • Best in class security. This version has the most contributors and reviewers auditing the code.
  • Full feature completeness. Not only can it support anything bitcoin can do, but it is the first to support new features.
  • Standard implementation. Whatever bitcoin core adopts is very likely to be the best practice that others follow.
  • Not easy to use. Command line skills will likely be needed.
  • While it does have a GUI, this is not the focus and you will have to be careful to avoid any pitfalls.
  • Requires downloading (and validating) the whole blockchain, which is currently ~150 GB.
  • Requires dedicated hardware that may cost in the hundreds of dollars.
source
  • Unknown custodial/trusted web wallets. They have all the negatives of centralized services without the reputation to mitigate those risks.
  • Web wallets, even when they do client-side key generation and transaction signing. It’s too hard to verify that the javascript running is what’s on their github page. You’re just one malicious javascript pageload away from a script that steals your private keys. Use software that you download onto your phone/computer manually, and that you are in control of for updates.
  • Any wallet that is not deterministic (deterministic wallets derive nearly infinite addresses from a single seed). Exhausting all the addresses in your keypool can cause your backups to become worthless, and this isn’t a process you should be manually managing. Most deterministic wallets these days will be HD wallets that follow BIP 32 (and perhaps BIPs 39 & 44), but this is not the only acceptable format.
  • Any wallet that doesn’t dynamically adjust fees based on market conditions.
  • Any setup that only has one copy of your private key material. Hard drives fail and buildings can burn/flood. You need multiple backups.
  • Storing unencrypted private key material. If anyone finds this, you are done.
  • The protocol is inflexible and doesn’t scale. It works great for 2-of-3, but if something is important you need to be able to lose more than 2 keys and still recover your funds. After all, imagine 2 of the keys are with 2 loved ones who are in the same car crash. That’s why I like 6-of-11, you can even have great geographic diversity and spread across many families.
  • It’s complicated. Don’t do this unless you’re an expert, you’re more likely to screw up.
  • Are you using deterministic k values (see RFC6979)? The lazy test is to see if signing the same message/TX twice results in the exact same signature. Of course this is no way to guarantee a correct implementation.
  • When generating keys/seeds, are you including user-supplied entropy to protect against a compromised random number generator (or a freshly booted VM without much entropy)?
  • Are you handling change address properly? Address re-use is a bad practice for many reasons. Also, a deterministic wallet will help you avoid backup failures once you exhaust your keypool. Following BIPs 32, 39, and 44 is a good best practice.
  • Are you sure your transaction fee math is accurate? There is no hard-coded fee field in bitcoin transactions, the implicit fee is just all the inputs less all the outputs. You don’t want to accidentally include a massive fee, like this transaction that paid a 291 BTC fee!
  • Is your fee estimation robust? Stalled transactions and 10x overpaid fees won’t explicitly lose your funds, but they can be a huge pain. In extreme cases, accounting mistakes can cause someone to accidentally pay the same invoice twice (not a double-spend).
  • Do you have an RBF/CPFP solution ready for transactions that have stalled? You don’t want to have to write one on the fly.

https://www.michaelflaxman.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Crypto businesses call on EU to rein in regulation

Crypto businesses call on EU to rein in regulation

OKEx — It’s Time to Pay the Piper

Community Interview with IOST Candidate Node: Decentralized Exchange: DDEX

ICOs: Everything You Need To Know About Initial Coin Offerings

Showcase Talent On Singh App & Get Rewards- New Era Of Social Media

Singh Coin Singh The App Earn Rewards

Polkadot Ecosystem Weekly Digest. Oct 4 — Oct 10

CEX vs DEX: how does Uniswap work?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Flaxman

Michael Flaxman

https://www.michaelflaxman.com

More from Medium

Crypto Is Becoming Something That It Tried To Eliminate

What is Bitcoin and how does it work?

American Cannabis: My High Risk High Reward Play —  Part I

Beginner’s Guide to Bitcoin and other cryptocurrencies: 5 Must-Know Tips and Tricks