Wallets, Exchanges and How to Safely Store Your Cryptos

in #cryptocurrency7 years ago (edited)

I bought some cryptos, now what?

I have been asked how to safely store crypto-currencies a lot. The consensus on how to do it these days seems to be using an offline wallet and managing your private keys yourself, but doing this securely is a pretty complicated process, and it might not be worth it for you to do so.

I believe that anyone that owns cryptos must understand the basics of how addresses and private keys work, and be able to figure out by themselves what makes the most sense for their use case.

Account credentials: Public Addresses and Private Keys

On a traditional website, your “Account” credentials usually consist of a username and password. Crypto-currencies use cryptographic credentials as accounts. The specifics vary for each crypto, but they always consist of two pieces: the address and the private key.

The address is the equivalent to the username. It is public and you can give it to other people (for example when you want them to send you coins). In Ethereum, your address looks like this: 0x4865cCA5142293F94C0B5C1d63C65f42c9cdd096

The private key, which is equivalent to the password. It is needed to access the cryptos that belong to the address. Never, ever gives this to anyone, as this gives them complete access over your address. This can never be changed, and it is impossible to recover, so if you lose it, you will never be able to use the coins on that address.

It is also interesting to note that the address is not tied with your identity, so you can create as many addresses as you want.
Accounts are specific to one blockchain, so if you want to keep Bitcoins and Ethers, you will need to create one bitcoin address, and one ethereum address.

Exchanges, Online Wallets, Offline Wallets

Let’s start with some definitions:

Exchange: As the name suggests, an Exchange is a website that lets you buy and sell cryptocurrencies. Some exchange only let you exchange cryptos against other cryptos, and some exchanges also support Fiat currencies (USD, EUR,...). There are hundreds of them (Coinbase, Kraken, Poloniex, Bittrex, Hitbtc, Bithumb, ...)
If you want to buy or sell crypto, you need to use an exchange.

Wallet: A wallet is a service that lets you access your address. Cryptos don’t belong to a Wallet, they become to an address. Some wallets only support one crypto, some supports many. They can connect to the blockchain to let you check your balance, receive and send cryptos.

Online Wallet: An online wallet is a website that provides a wallet service. When you sign up, they provide you a username and password and generate an address and private key for you. If you lose your username or password, you can contact them and they will give you a new one. They manage your private keys for you. Exchanges are online wallets as well.

Offline Wallet: An offline wallet is a wallet where you have to manage your own addresses and private keys. If you lose your private key, no one can give it back to you and your coins will be lost.

Online wallets other than exchanges have very little interest, so we won’t talk about them again, and we will refer to Offline Wallets as wallets.

When to Use an Exchange or a Wallet

Pros of an Exchange:

  • You can exchange, buy and sell your cryptos
  • You don’t have to manage your own private keys. If you lose your password they will give you another one.

Cons of an Exchange (or online wallet):

  • You have to trust them not to run away with your money (As you don’t have access to your private key, the only way to access your coins are through them)
  • They can get hacked
  • You don’t have full control over your account. For cryptos like Ethereum, this means:
    • You cannot participate in ICOs from an exchange
    • You most likely won’t benefit from Airdrops
    • For blockchains other than currencies, you cannot actually use the coin in the way it was designed (for example, using dApps on Ethereum)

Exchanges don’t give you full access over your coins, but they are very easy to setup and you don’t have to go through the hassle of managing your own keys. Of course you have to trust them with your money, but so do you with your bank. There is always the risk of them getting hacked, but if you use a serious exchange, they probably have good systems in place to mitigate that, and in the end, what’s most likely? Them getting hacked, or you losing your key?

My personal advice is:
If you want to fully use your coins to take part in ICOs or use Ethereum dApps, you need a wallet.
If you are just planning on holding your coins and have a reasonably small amount (<100k USD), choose a reputable exchange and just keep them there.
If you are holding a large amount of coins, split your coins between multiple addresses, use an offline wallet, and learn how to securely store your private keys.

How to Securely Store Your Private Keys

You decided you want to use an offline wallet. Now you need to learn how to store your private keys securely.

First, instead of storing private keys, I believe it is easier to store BIP39 mnemonic passphrases. You can generate them from most wallets, they are much easier to type and reason about than long hexadecimal keys, and you can derivate many addresses and private keys from them, so you can have many addresses and only store one passphrase.

This is an example of a 12 words mnemonic passphrase: modify bonus autumn canyon year rhythm pair tobacco fence brain wave grab

This phrase is the only thing you need to retrieve all your addresses and private keys.

Do not lose it.
Do not post it on the internet.
Do not show it to someone else.

There are different ways to store it, but here are 2 fundamental principles I think are important to be safe:

  • Do not store it only in one place
    • If you only write it down on a piece of paper and hide it under your bed and your house burns down, it is lost.
    • If you only save it to Google Drive and Google servers go down, it is lost.
  • Do not store the entire phrase in the same place
    • If you store it in Dropbox and Dropbox gets hacked, or someone finds your Dropbox password, it is compromised.
    • If you write it down on a piece of paper and hide it under your bed and a thief breaks in, it is compromised.

To solve both of those problems, what I recommend is to break it into two halves, and store at least 2 copies of those halves in different places.

For example, you create a new Ethereum wallet on Metamask. It gives you the following mnemonic: “modify bonus autumn canyon year rhythm pair tobacco fence brain wave grab”.

Take the first half: modify bonus autumn canyon year rhythm

  • Write it down on a piece of paper, take a picture, and upload it to Google Photos.
  • Write it in a PDF and store it on Dropbox

Take the second half: pair tobacco fence brain wave grab

  • Write it down on a piece of paper and put it in your safe
  • Save it in your password manager.

If someone gets access to one of those places, they only have half of the passphrase and can’t do anything with it.
If you lose access to one of those places, there is still another place where you can access this half of the passphrase. If this happens, you must find a new place to store that half again to restore the redundancy.

Hope that helps!

#crypto #bitcoin #blockchain #ethereum
7 years ago in #cryptocurrency by
$0.00
    4 votes
    Reply 3
    Sort:  
  • Trending
    • [-]
     7 years ago  

    Very useful summary. Thanks loads. Upvoted

    $0.00
      Reply
      [-]
       7 years ago  

      Nice post! I will follow you from now on.

      $0.00
        Reply
        [-]
         6 years ago  

        Congratulations @nbarraille! You received a personal award!

        Happy Birthday! - You are on the Steem blockchain for 2 years!

        You can view your badges on your Steem Board and compare to others on the Steem Ranking

        Vote for @Steemitboard as a witness to get one more award and increased upvotes!
        $0.00
          Reply