This three-part series will show you how to store your BitCoin long-term securely, with examples of several cold storage methods.
Marquee Mark – 2 September 2019
What is cold storage?
Cold storage is a way to store BitCoins in an offline wallet where the private keys to that wallet are never exposed to the Internet in any way. In other words, you create your private keys on an offline device that won’t ever connect to the Internet.
To spend the coins, bring the private key to an online device, such as a smartphone, or an unsigned transaction signed on an offline device and then copied to the online device. The transport between the online and offline devices can be a USB drive, a QR code scan, or simply typing in the information (though that last option is unwieldy).
Why use cold storage?
If you have somehow managed to acquire and retain a large number of coins, it is not good security practice to keep the coins on an online device. Hackers are getting clever recently with many different types of attack, which makes the stealing of your coins from an online device much more likely than on an offline machine. Offline devices are not immune to attack; there is no such thing as 100% security, but the chances are orders of magnitude lower.
Different attack types
A keylogger is malicious software on your machine, usually installed by a virus or trojan, that logs and transmits all keystrokes to the attacker. There have been many instances of this happening, search bitcointalk.org for some sad stories.
Fake wireless access points have been created to get access to people’s information, although I’m not aware of this attack being used to steal BitCoin. As a general principle, always use a VPN (virtual private network) when on public Wi-Fi.
Whenever you expose your private key or seed phrase, always do it in a room you know that:
- Has no CCTV cameras watching
- Is away from a window
- Is shielded from people watching
Someone with a telephoto lens could photograph your screen and steal your BitCoin. It’s a minimal risk, but with cold storage, we’re not taking any chances.
If you ever copy your seed phrase to the clipboard, there are viruses out there, that will transmit the contents of the clipboard to the attacker. This includes screenshots.
This is more common than you would imagine. This is the psychological manipulation of people into performing actions or divulging confidential information such as passphrases or seed words. Techniques include “vishing”, “phishing”, impersonation, “pretexting”, “water holing”, “baiting” and more.
Do not ever leave your coins on an exchange for longer than necessary. If you need to exchange one cryptocurrency for another, or between BitCoin and fiat currencies, once the transaction has completed, remove your funds. Don’t leave them there for an extended period. Most of the major exchanges have been hacked at some stage, some catastrophically, including Mt.Gox, Poloniex, Bitfinex, Bitfloor, BTC-e, Bitstamp, etc.
Evolution of cold storage
These were popular in the early days of BitCoin. I do not recommend them because there are many downsides to them. In order to be private in BitCoin, addresses should not be reused. BitCoin is not anonymous; it is private, which means that if you do not reuse addresses, it is difficult for people to know how many BitCoins you own. Paper wallets are single addresses where the public and private key are generated for each wallet. This means that they should only be used once, which also makes them extremely impractical to use. Do not ever send all your BitCoins to a single address. There are several security concerns too:
- The private key must be generated offline.
- If the wallet is printed out, printers have memories and can store images for a long time after printing. Some printers even have hard drives that persist information after power off.
The idea behind a brain wallet is that the private key is never written down or stored anywhere except your brain. This allows you to “carry” your BitCoin literally anywhere and be able to reconstruct the private key on a phone or computer at a later time.
No matter how good you think your memory is, if you forget your passphrase for a brain wallet or method to calculate it, you will lose your BitCoins. See Dr. Craig Wright’s excellent article on brain wallets.
I did a thought experiment and demonstrated how to create a brain wallet with the phrase “Who is John Galt?” in this video.
Since 2015 or so, hardware wallets have become popular because they offer security and convenience. The idea is that the private keys are not able to leave the hardware device and therefore cannot be compromised. When you want to spend coins, the unsigned transaction is sent from your computer to the hardware wallet, which signs the transaction with your private key, sends it back to your computer which then broadcasts it to the network.
All the major providers of hardware wallets have been hostile to BitCoin SV, so I have stopped using them, but they do remain popular.
This is my preferred way to store BitCoins for the long term. Dr Wright has a straightforward solution to this and is pretty secure and good enough for some people, described here.
In a nutshell, Dr Wright is recommending a SIM-less phone that is never used for web browsing or other apps but only used for BitCoin and switched off when not in use.
I have taken a more paranoid approach and decided to never allow my cold storage private keys access to the Internet. It’s not as convenient as Dr Wright’s solution but not arduous. I will describe the process in detail in Part 2 of this series.
Coming up next in Part 2: I describe how a second phone is very secure and detail the steps to set it up.