I’ve been getting asked about Bitcoin storage lately, so I thought I’d write a post on the topic. People rightly point out that one of the major obstacles to mainstream adoption of BTC is how difficult it is for the average person to store it safely. It’s actually one of the reasons I believe we are still relatively early in the adoption cycle, as it’s simply a problem waiting to be solved. Or at least made easier.
People have perhaps become all too accustomed to handing their assets over to ‘trusted third parties’ for safekeeping. Looking after your own Bitcoin keys is a degree of responsibility that most people are simply not used to taking on. It’s actually one of the things that fascinates me about the asset class – you have the choice of how much you want to actually be in control of your money. Custodial services are going to become more sophisticated going forward, but there will always be purists who want to manage their own keys.
What keys?
Non-Bitcoin people are probably already confused by the term ‘keys’. Put simply, you do not actually store Bitcoin itself. You store the private cryptographic keys that give you permission to access that Bitcoin. If you do not have access to your own keys, the coins can be taken from you – hence the mantra that forms the title of this post.
This doesn’t necessarily have to be done online. You can simply write your keys down on a piece of paper. If you are lucky enough to have a photographic memory, you can even store them in your head! Most people are going to want to use some kind of wallet, though.
Exchange risk
People generally purchase Bitcoin on an exchange. It’s very tempting to just leave it sitting right there. After all, it’s password protected, and you have set up 2FA. What could go wrong?
Exchanges get hacked. It’s happened many times before, with some of the biggest hacks occurring in Japan. Non-Bitcoin people may even have heard of Mt Gox, which went down back in 2014. It was by no means the last exchange to get hacked, with Coincheck suffering an attack in 2018 and DMM getting hacked more recently. Exchanges may also fail due to fraud and mismanagement, as FTX did in 2022.
Japan is interesting, as the FSA is incredibly strict and requires exchanges to keep enough reserves to cover customers in case of a hack. It’s actually one of the few countries in the world where you stand a reasonable chance of getting your money back in the event of a breach. But do you really want to take the chance?
What about small amounts?
If you only have a small exposure to Bitcoin, buying a cold storage wallet, setting it up and managing it seems like a lot of hassle. I get why people sometimes just leave coins on the exchange. However, everyone has a point where the amount of money becomes too big to stomach a loss, especially from a well-documented risk that you should have known better about taking. It’s really up to you to decide when you have reached that point.
Here’s the thing, though: people tend to think in terms of today’s value. They look at the amount of BTC they have and today’s price and say, “ok, I’m not going to go to the trouble of moving my coins off the exchange for this trivial amount”. What I would encourage people to do is think in terms of potential future value – if you lose your Bitcoin today, it’s gone. If the BTC price rises to $1 million per coin in ten years, how mad are you going to be that you didn’t protect it???
If it’s on the exchange, not your keys, not your cheese. North Korean hackers will never stop trying to get it!
Here are a few things to consider if you have decided it’s time to start looking after your holdings:
Online/offline
The first tradeoff comes with online vs. offline wallets, sometimes also referred to as hot and cold wallets.
It’s pretty simple: if your wallet is on a device that is connected to the internet (hot), it’s very convenient to use, but more susceptible to an attack. That’s why you hear Bitcoiners talk about putting their coins in cold storage. Take the keys offline, and it is much more difficult for a bad actor to get to them.
Custodial/Non-custodial
Once you have decided you want to get your keys offline, your next choice is whether to get a third party to handle it for you or do it yourself.
Of course, custodial services mean trusting someone else to manage your keys. The good ones will do this very well, perhaps better than you can yourself, but they won’t do it for free. You have to be very careful choosing a custodian and making sure that they really have your coins in cold storage and are not, in fact, lending them out to other parties and putting them at risk. Do your homework! If something doesn’t add up, there will be a reason. If a custodian is offering you a high rate of interest on your BTC, for instance, you are going to want to know where that yield is coming from and whether your coins are being put at risk to generate it.
Maybe custodial isn’t the easy route after all – it does require significant due diligence. Even after that, you have to trust the custodian to do what they say they will do.
Non-custodial cold storage
What most Bitcoiners have already figured out is that if you want a job done properly, you should do it yourself! Assuming we are not just writing our keys on paper or memorising them, this means purchasing a hardware wallet.
There are many hardware wallets available. The two best-known are made by Trezor and Ledger. I have used both and prefer Trezor, but it’s just my personal preference.
In terms of how to use these devices, I will try to keep it simple for now: buy one and follow the instructions to set it up! Tech-savvy people will find it easy. If you live in the world and have set up new computers, phones and other devices, it’s not going to be too difficult. Getting your ageing parents to use one might be a stretch…
When you set up your device, you will be guided through the process of generating a seed phrase. Here’s a definition from the Leger website:
You will want to handle your seed phrase properly. It essentially functions as a master key to access your private keys. And, if you lose or damage your hardware wallet, you can use the seed phrase to recover your keys on a new device.
Some basic rules:
- Do not share your seed phrase with anyone
- Do not store it online – this is not an email password that you put in a Google document or in a made-up contact in your address book! If anyone gets access to your seed phrase, they can steal your funds!
- Do not type your seed phrase into anything other than your device, no matter who asks you to do so! If you keep everything safe, you will rarely need to use it at all.
- Beware of emails from Trezor or Ledger saying there is a problem with your device and you need to follow a link, plug it in and enter your seed phrase to protect your funds! These emails are scams and will result in your wallet getting drained – no matter how real they may look, do not click anything!
I know this sounds a little scary, but welcome to taking responsibility for your own money! You also need to be careful accessing hardware provider websites, too – bookmark the link and access from there. These days, people tend to just Google ‘Trezor’ and click the top result – scammers work hard to get fake websites to the top of the rankings to catch people who do this. (This goes for any website, but especially where there is money or your private data at risk)
You should write your seed phrase down and store it somewhere safe. There are numerous devices available that are more sturdy than a piece of paper. I have had my wife walk in on me as I am punching a seed phrase into a metal plate – that wasn’t a simple conversation, but it was easier than explaining that the keys to my crypto ended up in the bin by accident…
Consult the experts
I am probably relatively crypto security savvy. But I am by no means an expert. I highly recommend that you consult the experts if you are going to self-custody your coins. Fortunately, I have just the guy for you!
Jameson Lopp has put together a trove of useful Bitcoin information on his website. He has tested and written up most of the Bitcoin wallets there are and published the information here: Recommended Bitcoin Wallets
He has also tested most of the seed backup devices – to destruction in some cases! His basic conclusion is that the more bells and whistles a backup device has, the more chances you have to mess it up. It’s hard to beat the simplicity of punching the phrase into a piece of metal!
Lopp is Co-founder & Chief Security Officer of Casa Hodl, which offers a range of solutions to help people store their Bitcoin more effectively. I’m not going to try to explain multisig here, but in a nutshell, it is a level of security which requires more than one user to approve a transaction using private keys. As the numbers get bigger, paying for better security begins to make sense.
Anyway, I’m not here to sell Casa’s services; I’m saying that Jameson Lopp has already done most of the research for you and generously published it on his website so you can learn. Check out his site and follow him on X @lopp
My two cents
As you have probably realised, some people possess far greater knowledge on storing Bitcoin and crypto than I do. However, if you want to know how I organise it, I can tell you.
Like with investments, I take a diversified approach. I think it’s important to learn how to take responsibility and self-custody, so I do that. However, I also live in a wooden house in an earthquake-prone country, and I am not entirely confident in looking after all of my Bitcoin. So, I also use Xapo Bank for third-party custody. I have written about them here: Banking your Bitcoin
If you ever decide to open an account with Xapo Bank, please use my referral code (SMM-XAT-EJG) or the referral link in that post. I have an ‘influencer’ deal with them, and I am surely the worst influencer they have ever had!!! It would be nice to actually help them get a customer now and then, and it won’t cost you any more than it would if you went directly to them. I am very comfortable recommending them.
Enjoy the all-time highs and stack safely!
Top image from Freepik
Disclaimer: This should go without saying, but the information contained in this blog is not investment advice, or an incentive to invest, and should not be considered as such. This is for information only.
Discover more from Smart Money Asia
Subscribe to get the latest posts sent to your email.
Smart Money Asia 