Skip to main content

Cryptocurrency Security 101 and the Risk of Exchanges

With cryptocurrencies easier to buy than ever before, new holders must be cautious of how they secure their investment.

Maybe you’ve just recently opened an account on CoinBase or purchased bitcoin via a local exchange. Perhaps you’ve dabbled in altcoin trading – maybe even turned a profit for yourself. Great! But somewhere along your crypto journey, you came across the adage:

Don’t store your coins on an exchange.

It’s sound advice. Whether it’s a fiat exchange like CoinBase or a trading platform like Bittrex, another entity having control over your private keys introduces counterparty risk to your investment. You are effectively trusting your exchange to secure your coins for you, a serious risk in the cryptocurrency sphere.

The exchange is hacked? Sorry, but your account has just taken a 50% haircut.

Unscrupulous exchange operators decide to run off with investor’s money? You’ve lost everything.

Servers “down for maintenance” for weeks at a time? We apologize, but access to your cryptocurrencies have been limited.

New users to bitcoin may find these scenarios far-fetched, but all of the above have happened in the short history of cryptocurrencies. While many users are familiar with the infamous Mt.GOX scandal of some years ago, those who’ve recently discovered cryptos may be surprised to learn that there have been several such incidents, including:

In all of these instances, users lost money. In some instances, users lost everything. We hope we’re getting across how imperative it is that new crypto holders take security seriously; while bitcoin and its altcoin brethren have become almost as easy to use as PayPal, they are decidedly different from PayPal in that you (and only you) are ultimately responsible for securing your investments. There are no bailouts in bitcoin! (Though occasionally, there are Class Action lawsuits.)

This is never a screen you want to see.

In the remainder of this article, we’re going to discuss the three most popular ways to store coins off exchange and weigh the pros and cons of each method.

Hardware Wallets

A quality hardware wallet is undeniably the easiest method to store and spend cryptocurrencies. There are a few models available, from the Ledger Nano S to the one that started it all, the Trezor. We at CryptoHero are users of Trezor and recommend it wholeheartedly.


Save $5 on TREZOR, Ledger, and KeepKey


What makes hardware wallets so special? Well, the magic takes place on a small single board computer. Your private keys are generated on this pocket-sized offline machine, ensuring your keys are created away from prying eyes. Furthermore, the hardware wallet signs all future transactions from the device itself, meaning your password doesn’t have to be exposed to the Internet even when spending coins! Most hardware wallets are also BIP39 compatible, which makes restoring your wallet a breeze. Security and fungibility all in one device – what’s not to love?

Trezor, the hardware wallet that started it all

Unfortunately, hardware wallets are somewhat expensive, with the best ones starting around $100. Many are also tied to proprietary wallet software; while this can be a pro for new users, those seeking extra control over their coins will have to install additional libraries to interface hardware wallets with light clients like Electrum.

Pros:

  • User-friendly to beginners
  • Provides psychological security of a “physical” device
  • Ultimate blend of security and spendability
  • Can be used with multiple wallet front-ends across many Operating Systems

Cons:

  • Can be expensive
  • Some proprietary wallet software leaves room for improvement
  • Retailers can go out of stock for months at a time

Paper Wallets

Paper wallets are a tried and true method of cold storage and have been around since the early days of Bitcoin. Unlike hardware wallets, they’re also highly affordable: They cost as much as the paper they’re printed on! That’s because a paper wallet is simply a public address and a private key printed on a piece of paper:

Example of a bitcoin paper wallet

The public address is used to load the wallet and can accept as many transactions as you can receive. The private key, then, is used for signing transactions and is kept secret until spending. When generated on an offline, uncompromised machine, paper wallets are one of the most secure methods of coin storage. They also have the unique property of being spendable offline and off the blockchain – simply hand them from one person to another! Backing them up is similarly easy – simply copy the private key and store it in a separate location.

However, paper wallets are not without their drawbacks. There is no way to partially spend a paper wallet – you must import the entire amount to a software wallet in order to make on-chain transactions. Furthermore, once the private key from your paper wallet has been imported into a software wallet, it’s no longer safe to use the original paper wallet. In fact, best security practices would dictate that after importing your paper wallet to a software wallet, you then transfer your bitcoin on-chain to a new wallet with a completely different set of public and private keys.

For these reasons, paper wallets can be tricky for new users. But they’re a very effective way to store coins offline for buy-and-hold investors and more experienced users. They also make great gifts!

Pros:

  • Virtually free!
  • Ultra secure if properly created
  • Can be exchanged physically
  • True cold storage

Cons:

  • Difficult to spend
  • Can’t be re-used after private key is swept

Wallet Applications

Wallet apps take many forms – some run as full desktop applications, others on Android and iOS, still more are web apps that give the end user control of their private keys. Some are full nodes, which require downloading the entire blockchain. Others are light wallets, which maintain control over private keys but rely on another server to host the blockchain on your behalf. For many altcoins, a full node running on a desktop-class OS is your only choice for holding coins off-exchange. Larger coins such as Ethereum and BTC offer far more flexibility.

Of course, there’s also the consideration of source code – is it open or closed? Are you willing to sacrifice features for a beautiful UI and multi-coin management, or do you prefer a more full-featured client with a “down to business” interface?

Not all wallets are created equal, either. In fact, some can be just as insecure as the exchanges you’re trying to avoid, as was demonstrated by the high-profile theft of $400,000 from Jaxx, a multi-coin, cross-OS light wallet earlier this year. Light clients are also dependent on another company/entity hosting the blockchain for you, which can cause downtime and limited access to your coins.

As you may have surmised, the entire topic of non-exchange wallet apps is so broad that entire articles could be devoted to discussing it. We at CryptoHero plan to do just that in the future, as we’ve had fantastic experiences with some wallets and abysmal ones with others – but for now, we’ll leave you with this:

  1. Wallet applications are only as secure as the device and operating system they run on (i.e., storing coins on Windows is a bad idea.)
  2. Wallet applications should ideally only be used as “hot wallets” (spending wallets) and not for long-term coin storage.
  3. The best desktop light wallet client for Bitcoin is Electrum. Subjective? Yes. True? We think so! Hard to beat a time-tested, open-source, full-featured product!

Thanks for joining us for this introductory post! We hope you learned something (or better yet, will pass along this article with the aim of teaching others). Our next article will detail how to create your very own encrypted USB drive for cheap, spendable storage, so stay tuned!  

Leave a Reply

Your email address will not be published. Required fields are marked *