Wallets for dummies — how to protect your crypto
If you want to own cryptocurrencies you need a wallet. But you are responsible for selecting the correct one and for keeping your crypto funds safe. So, it’s important to learn enough to make the right choices.
Perhaps the most worrying thing about owning a cryptocurrency is that you can so easily lose it all.
If you have it in the wrong type of wallet or have entrusted the keys to your wallet to the wrong person, or you have forgotten what the key is to your wallet — you can wave goodbye to the contents!
Luckily, you are in control of all of these things — provided you are armed with some basic knowledge. So, here’s a dummies guide to selecting the correct wallet to store your crypto.
A quick disclaimer: We’ve given some examples of wallets, but this is not an endorsement. Names are given simply to provide some context and to help to understand.
The basics: wallets, keys and recovery codes
1. Wallets
A wallet is your interface with the cryptocurrency system. If you want to own, store, send or receive cryptocurrencies, you must have a wallet.
Technically, you can’t store cryptocurrencies. They don’t exist in physical form. They are just records of transactions to an address on a blockchain. So, a wallet doesn’t actually store the currency.
A wallet is an app or a website or a device that stores the public and private keys that will allow you to access the address on the blockchain and sign for transactions.
2. Public and private keys
Keys are like secret codes that give you access to your crypto funds. They can be generated from wallet software and come in pairs — public and private.
The public key will generate an address or several addresses for your wallet. Addresses are like post box numbers, provided either as long alpha-numeric strings or a QR code. You can let people have this address to make deposits into one of the addresses. You will need the matching private key to gain access to the funds. This key is like your proof of ownership of the funds.
This means that whoever has or knows the private key can access the funds. It also means that if you lose or forget the private key you will never be able to access the funds. They will be locked up in that address forever.
There is a lot of speculation about how many Bitcoins have been lost. According to Chainalysis this is at least 2.3 million. Of this number, 2.1 million is based on wallets that have been in existence since before 2014 and that have shown no activity since the start of 2014. This is probably not surprising, as the Bitcoin price was very low, and people might not have taken warnings to look after their keys seriously enough. An additional 0.2 million is based on anecdotal evidence from active users who have reported losing their keys or misdirecting funds.
There is a sad story about an early Bitcoin miner named James Howells who mined 7,500 BTC in one week in 2009 when the price of Bitcoin was below $1 and there were very few miners in action. When the price reached $100 in 2013, he realized that he had accidentally thrown away the thumb drive with his private keys — and along with it access to what could be described as a gold mine!
3. Recovery codes
The recovery code or “recovery seed” is used if you want to regenerate your wallet.
You would need this if, for example, you lost your PC, your phone or the USB on which you had stored your wallet. It is a number of random words that is generated when you first set up the wallet.
James Howells may have had a chance if he had kept his recovery code in a separate place.
4. Lessons to be learned
The benefit of cryptocurrencies is that you are in control of your own funds. It is also the biggest risk.
So, back-up, back-up, back-up and keep all codes in safe places, preferably in several safe places.
Where to get a wallet
You can download wallets from the websites of dedicated wallet developers or from Google Play or the App Store. Or you might have a wallet linked to an exchange or an ICO that you are supporting.
It’s important to remember that a wallet is only as good as the developer behind it. The big hack of 120,000 BTC from the Bitfinex exchange in 2016 was the result of a vulnerability in the multi-signature wallet.
And, unfortunately, there are very smart thieves out there trying to take your crypto.
To counter the risk
· Try to use wallets from reputable companies
· Use a wallet where the keys are encrypted (BitGo is a good example)
· Phishing and cloned sites are common methods used and they can be very difficult to spot. Be alert.
· Never do any crypto trading over a public wifi connection.
· Be careful of authentication by SMS that can be intercepted.
· Be careful of add-ons and other downloads.
· If possible, use a separate browser, in incognito mode, or use a separate dedicated PC or phone for any crypto operations.
· Always run anti-malware to clean your computer of bugs. You can use programmes like Bitdefender or MalwareBytes.
Types of wallets — understanding the terminology
This is where many people get confused. These are some of the types of wallets available:
· Hot wallet
· Cold wallet
· Centralized wallet
· Decentralized wallet
· Online wallet
· Web wallet
· Software wallet
· Hardware wallet
· Paper wallet
· Multi-sig wallet
· Single- or multi-currency wallet
1. Single- or multi-currency wallets
Single- or multi-currency refers to whether the wallet can handle just one cryptocurrency (eg bitcoin) or several.\
You can decide which you need when you first acquire your wallet.
2. Hot and cold wallets
Hot and cold refers to where the private keys were created and where they are stored.
· Hot means it’s connected to the internet.
· Cold means it’s not connected to the internet or can be disconnected.
· Hot also means a risk of compromise, theft, hacking.
· Cold means more secure.
· “Deep cold” means that the device for the generation and storage of keys has never been connected to the internet.
The general recommendation is that you should never keep large amounts in hot wallets for any length of time. You can move funds to hot wallets for immediate transactions or if you want to have funds available for quick trades. Hot wallets are for speed and convenience.
For large amounts and for funds that you are wanting to save, always use a cold wallet.
3. Centralized and decentralized wallets
Centralized and decentralized refers to who holds the private keys to your wallet.
· Centralized, also called hosted web services, is where you will have a web wallet or an online wallet. A third party stores your crypto and also holds your private keys. Your funds are numbers on their centralized database.
Examples: Most crypto exchanges, Coinbase, Blockchain.info
· Decentralized is where only you have access to your private keys. You can do person-to-person transactions with anyone, anywhere, without permission.
Examples: There are many forms, including software, hardware and paper
wallets. We’ll talk about these later.
· Centralized usually means hot and comes with a risk that the third party can be hacked and all of their funds (including yours) stolen. The third party itself may be the thief that vanishes with your funds.
Centralized wallets are convenient, easy to use, accessible from anywhere and allow for instant transactions. But they are the least secure option.
To counter the risk
· Choose a reputable provider. In fact, it is preferable to have several providers so that you can spread your risk.
· Use centralized wallets only for small amounts and frequent transactions
· Set up 2-factor authentication (2FA). This requires 2 steps for a transaction. It usually involves something you know (eg username and password) together with something you have (eg enter a code on your phone) or with something you are (eg a biometric like a thumbprint)
· Use a multi-signature protocol. This means that more than one person and more than one key must authorize the transaction.
A centralized wallet is not where you store your life savings!
4. Software, hardware and paper wallets
Software, hardware and paper wallets refer to how and where the app is installed.
Software wallet: The application is run on the cloud and you can access it from any device with an internet connection. Alternatively, it is installed onto a computer, mobile phone or tablet, and is accessible only from that device. Whenever the device is connected to the internet, the wallet is “hot”.
Examples: Bitcoin Core, MyEtherWallet, Electrum, Mycelium, Jaxx
Hardware wallet: The application is installed on a USB-type device. All activity and the private keys are on the dongle, offline and not on your computer. So is mostly “cold”. It is plugged into a computer only to make online transactions.
Examples: Trezor, Ledger
Paper wallet: You might simply have written down your public and private keys on a piece of paper. Or you might have used special software that generates and prints keys, without being connected to the internet. A paper wallet is always cold, and therefore should be the most secure. It’s not secure, however, if you leave it lying around for others to see, or if you lose it. And it’s absolutely useless to have a paper wallet and then also save your keys somewhere on a computer that will connect to the internet!
Paper and hardware wallets can’t be hacked, so they are most secure. You might need a bit of technical know-how to install and use them. Most important, however, is that for both software and hardware options, you must take responsibility.
To counter the risk:
· Make sure you have updated the latest security enhancements for your computer, mobile and wallet software.
· Add as many security layers as you can (2FA, multi-sig, etc)
· Keep all devices in a safe place
· A piece of paper may seem trivial, but not if it holds the keys to your wealth. Make several copies if necessary and keep them all in safe places.
· One paper copy should be laminated and locked away in a safe deposit box. (Remember to add a reference to it in your will, unless you want your family’s inheritance to die with you!)
At the end of the day — you are responsible for your wallets
We might complain about banks. But if we lose funds out of our bank accounts — sometimes even because of our own stupidity — the authorities can often help us to recover it.
If you lose your wallet keys or give them away in a phishing event, or if your device is stolen or crashes and you haven’t saved your recovery code — bid farewell to your funds. There’s no-one who will come to your aid.
So, the recommendation is that you understand how wallets work, select the most appropriate one for your purpose and then back-up, back-up, back-up — in as many ways and in as many safe places as possible!
