Chapter 6
How to store crypto assets in a secure way and what are the best practices? We explain you in this chapter everything you need to know about crypto storage.
10 minutes|Pascal Hügli|Published 2021-09-24|Updated 2024-06-13
As we have learned in the previous chapter, storing crypto assets is all about handling private keys and secret phrases. Whoever gets access to one is able to control all the funds associated with that very secret phrase. Therefore, storing crypto assets effectively means storing their secret phrase and we explain you in this chapter how to do it properly.
For many new crypto holders, leaving their coins on the crypto exchange where they bought them is easy and therefore a popular option. With an exchange, crypto assets can be bought as well as kept in a single place, which is the account opened there.
However, although that account is under your name, the ultimate controller of this account and its content is the crypto exchange itself. Since the account is running on the exchange's self-hosted architecture, they wield sole control over it. As an account holder, you are not in control of the private keys to your crypto assets, which means that you do not effectively control your coins. You are only entitled to them.
This is also evidenced by the fact that with a crypto exchange, you never get to see a private key or a secret phrase associated with your account. The private keys to your crypto assets are kept by the exchange, they store them for you.
Although major exchanges have upped their game when it comes to storage security, they still represent a massive honey pot of crypto assets that are very attractive for attackers. As the saying goes, there are only two types of exchanges: The ones that have already been hacked and the ones that have not yet been hacked.
By keeping coins on an exchange, an element of trust in a third-party institution is reintroduced back from the trustless design of cryptocurrencies.
As an account holder, you have to trust the exchange that they have their act together and keep your funds safe enough. In a sense, this is not really that different from the traditional banking system. Money is stored at banks and people trust their bank with safe-keeping their money, with a key difference being government guarantees - but that is another topic. Keeping crypto assets on an exchange therefore comes with what is called a counter-party risk, which you need to understand and take into account when deciding how to store your crypto.
Another concerning issue with crypto exchanges is their regular outages. Typically, when access to a crypto exchange is most demanded (in times of market stress or even outright market crashes) you will find that more than one crypto exchange is down, making it impossible for you to deposit or withdraw funds. This becomes particularly challenging if you operate leverage and need to meet a looming margin call, as one of the recent examples showed with millions of dollars in damage. These regular crypto exchange outages lasting sometimes several hours are quite disturbing and cast a bad light on the industry. If traditional banks would do the same and suddenly suspended transfers and withdrawals, there would likely be instant riots in the streets.
In the end, whether to store crypto assets on an exchange always boils down to how much one trusts a particular exchange as well as a proper benefit-risk assessment by weighing security and convenience. For a trader needing quick and swift access to the markets at all times, storing a bigger amount of crypto assets on an exchange might be a necessity. In order to avoid having to trust one entity only, a trader can also have his coins spread over multiple crypto exchanges. This way, trust can be diversified and is not based on one single counter-party. A long-term holder though (aka "hodler") might be much better off not storing coins on a crypto exchange and keeping them in self-custody.
Always remember that when you don't get a private key or secret phrase when using an app or service, you can deduce that you are not the actual owner of your crypto.
When interacting with a crypto exchange, this is most likely the case: you are using the exchange via your account, giving you no direct control over your funds.
By owning your own secret phrase, you can effectively take self-custody of your crypto assets. Taking matter into your own hands is usually done through what is a called a non-custodial wallet software, like Bridge Wallet. Non-custodial apps let you see and manage the secret phrase associated with your crypto assets.
A wallet is basically an interface to interact with the blockchain directly. When you start using one, it should quickly draw your attention to the importance of your secret phrase. As wallet apps follow best practices and remind you of making a proper backup of your secret phrase, you should not disregard such messages and actually do your backup. If you haven't read it yet, check the previous chapter for more info on how to do this properly.
By controlling your crypto assets through a wallet, you don't have an account with any third-party provider but you are fully independent. What you have instead of an account is a set of addresses on the blockchain that is controlled by you through the corresponding secret phrase that the wallet app helps you store.
Whenever you use a wallet to send or receive crypto, all you are doing in reality is to use the digital signature scheme explained in the previous chapter to sign transactions directly onto the blockchain.
Storing the secret phrase of your crypto assets on your own personal wallet gives you the guarantee that you are the sole owner and controller of your crypto assets. Choosing self-custody is an expression and act of self-sovereignty, which is at the heart of why cryptocurrencies were created in the first place.
In self-custody, your funds are not at the whim of any third party. Your sole counter-party is the blockchain itself, with which you are interacting directly. After all, this is what cryptocurrencies are really about: new digital tools to help you own your money independently from anybody but the technology itself.
But with great freedom comes great responsibility. Because you are the sole master of your secret phrase, one mistake in the process of handling your self-custody can potentially be devastating. The biggest risk to self-custody is you. Nobody can help you restore your crypto assets if your secret phrase gets lost, and with it your ability to access your funds.
Fortunately, today's various wallets make it ever easier for you to handle and store crypto assets by yourself. By continuously innovating, self-custody tools and applications strive to eliminate any possibilities where you could go wrong. This makes self-custody solutions increasingly easy, convenient and safe to use.
When it comes to crypto storage, there are basically two different types: hot and cold storage. They each differ in the way secret phrases are stored and how exposed the crypto assets are to outside users.
Hot storage means that the storage solutions in question are devices connected to the internet (phones, computers, etc.). Because of this online connection, the funds stored in a hot storage setup are considered to be at a greater risk, since potential attackers have more attack vectors to try to steal the secret phrases from hot storage solutions.
With cold storage, a secret phrase never gets in contact with the internet and is kept on an offline device. As a result of being offline, cold storage provides a better protection from hackers. Cold storage solutions usually exist on USB flash drives or can exist as so-called paper wallets.
Hot storage | Cold storage |
---|---|
Mobile wallets (Bridge Wallet, Trust Wallet) | Hardware wallets (Ledger, Trezor, BitBox) |
Web wallets (MetaMask, MEW, MyCrypto) | Paper wallets |
Desktop wallets (Atomic, Exodus, Mycelium) | Brain wallets |
The difference between all these types of hot and cold wallets will be explained in the next chapter.
In the early days of cryptocurrencies, cold storage usually came in the form of paper wallets (a public-private key pair written on a piece of paper), while hot storage was implemented into web and desktop wallets.
As such, crypto assets that resided in cold storage on a paper wallet were secure, but they were not conveniently usable and tradable as this setup required several steps in order to "activate" one's crypto. Due to this fact, the following dichotomy emerged: hot storage was said to be convenient but rather unsafe as opposed to cold storage that was regarded as safe but rather unhandy.
As a good rule of thumb, you should always store the bulk of your crypto assets in cold storage and only leave non-critical amounts in hot storage.
You can compare it with cash: don't leave more crypto in a hot wallet than you would leave cash in your physical wallet, and leave the rest in a cold wallet just like you leave the bulk of your money at the bank.
With innovation in crypto storage progressing fast, the distinction between hot and cold storage is getting blurred. Today, there are devices that store coins cold but don't really require you to make any compromises in terms of convenience, while hot wallets have gotten more robust by integrating many security features. With greater and greater development when it comes to crypto storage solutions, that hot/cold storage classification will make less sense from a practical perspective and probably remain a good mental framework to understand basic concepts within the field of crypto asset storage.
Wether you use a hot or cold storage solution, you need to have a proper backup for your secret phrase in case your software or hardware device breaks. Phones, computers and USB sticks can all get damaged, making it impossible for you to retrieve your wallet. By having a proper backup, your wallet can be restored on a new device and your crypto assets can be accessed again.
You should either write your secret phrase down on a piece of paper and store it somewhere safe (waterproof and fireproof if possible), or you could even use more durable supports like metallic plates, where you can engrave your seed words. You can buy such products online from manufacturers like Ledger, Trezor or BitBox.
The greatest danger of self-custody is to expose your secret phrase. Never show your secret phrase to anyone asking for it under any circumstance, without exception.
More and more people unknowingly leak their seed words and give hackers access to their crypto through elaborate phishing techniques. For example, exact copies of popular web apps have been created with slightly different URLs. When you connect to it, an altered code drains your wallet of its content. Because of this, when using a wallet through an internet browser (via MetaMask or WalletConnect), you always want to make sure that you are on the correct URL. The best way is simply to bookmark an URL that you know is the correct one.
There is nothing as frustrating as sending crypto to a wrong address. This might happen for different reasons, but whenever you are about to make a blockchain transaction you should always double-check the network and the receiving address.
Really, do it now! You can back up your secret phrase in Bridge Wallet by going in the app's settings and then choose "Backup secret phrase".
About the author
Pascal is a moderator, debater and lecturer at the Zurich University of Applied Sciences in Business Administration (HWZ). He advises the bank Maerki Baumann in a mandate as Crypto Investment Manager. As an analyst for the German-language newsletter Insight DeFi, he aims to inform the general public competently and concisely about the events and opportunities of the new decentralized world of Bitcoin and Co. He is also the author of the book Ignore at your own risk: The new decentralized world of Bitcoin and blockchain.
Subscribe to our newsletter and get the next chapters delivered straight to your mailbox.
Subscribe