So, you you want to buy some crypto and you're trying to figure out how you should store it. Well, this is the guide for you. I'm going to go through all of the different possible ways you can store crypto and describe the positives and negatives with each. I will also make strong suggestions on what you should do based on my experience in the cryptocurrency world.
- Cryptocurrency Exchange
- PC Software Wallet
- iOS/Android Software Wallet
- Hardware Wallet (Recommended option)
- Paper Wallet
This is by far the easiest way to store your newly purchased crypto of choice. It's also the absolute worst idea in the world. The reason for this is simple, exchanges get hacked all of the time. There are numerous instances of exchanges being hacked in the past and they will continue to get hacked in the future. The biggest exchange of all time several years ago called Mt. Gox was hacked not once but twice. The first time it was hacked the service recovered. The second time it was hacked in 2014, 744,408 BTC was stolen. That is an absurd amount of money to be stolen. After that hack, Mt. Gox went bankrupt and has never recovered. None of their customers have recovered anywhere near their balance that was on the exchange.
Bitfinex is another massive exchange that was hacked only 1 year ago in 2016. I was one of the people caught up in this hack. I had about $10,000 stored on this exchange at the time for trading purposes. I knew the risks but I only had the Ether on there for two weeks. To their credit, Bitfinex issued a token to everyone on the exchange who lost money and promised to buy it back at $1 per token (the full amount required to repatriate each user). I was dubious of these claims so I sold them all to get back what I could, about $3500.
Many other exchanges have also been hacked, such as Bittrex and Bitstamp. A lot of these exchanges will parrot the best security practices, best third party security auditors and so on and so forth. I'm a professional web developer by trade and have been for years and I can tell you this is all fluff to make you trust them. Websites are insanely hard to make secure, developers are too prone to making mistakes.
So the final note on this option is, just don't do it. Read on and pick a proper solution.
PC Software Wallet
This is one of the most common methods of storing crypto for people. This is where you start entering the territory of being in charge of all of your own security. This approach has positives and negatives to be weighed carefully for your circumstances.
A PC that you use on a daily basis is very vulnerable as an attack vector. What I mean by this is that the average user of a PC is very likely to get a virus at some point. Most viruses get onto your computer by social engineering and not by exploits (a complicated topic). By social engineering, I mean someone gets you to actually download a virus and run it to infect your own machine. Various ways this happens are;
- Software piracy
- Dubious social engineering links sent to your email
- Outdated software installed on your machine (such as using Internet Explorer 8 and visiting a malicious website that targets vulnerabilities in this software). Note, it may not be necessary to even be using some outdated software to get exploited, it can happen even when you are not using it in some cases.
- Legitimate software downloads hijacked and replaced with infected versions (such as Transmission torrent client once upon a time)
With this in mind, Windows is far more likely to get viruses than Unix based systems such as macOS and Linux for a variety of reasons. Unix based systems are more secure on average and in addition are a smaller target and thus do not have as many viruses. This does not mean they cannot be infected, it just means they are far less likely to be on average.
The positive of having your crypto stored on your daily machine is that you have very easy access to it if you want to send it somewhere in a hurry.
In general, I do not recommend most users to use this method of storing crypto. If you are a savvy user and insist on using your computer to store crypto. Please consider the following tips:
- Always keep your software up to date (especially your browser)
- Do not pirate software, software cracks are a huge source of infections
- The browser you use should be as secure as possible, these would be Chrome followed by Firefox. Always keep them up to date.
- Avoid installing extensions/addons in your browser, the Chrome web store is littered with malicious extensions.
- Encrypt your hard drive. On Windows this is called Bitlocker and on macOS it's called Filevault. Without an encrypted hard drive, someone who gets at your machine (or just the hard drive) can simply pull all of the data off of it, including your crypto. Do not just rely on an account password, this does not stop anything. You must encrypt the hard drive using the encryption features of the OS.
iOS/Android Software Wallet
Now we're entering more secure areas. Unfortunately, only iOS phones here hold a really strong level of security when it comes to storing your crypto on it. Android simply does not have the level of security that iOS does. iOS will sandbox your apps from each other and encrypts all of your phone's data (as long as you keep it turned on) with a special UID burned into the processor when it's built. This makes recent iPhone devices relatively secure as long as you have a passcode on it.
Android on the other hand does not have as many security features and relies more on the user to be cautious. Apps are not as sandboxed and instead rely on permission systems where it prompts the user to access things on the OS as it tries to access them. This is secure, as long as you are aware of what you are doing and what the app is doing. You can also encrypt Android devices.
With all of this in mind, phones are not the worst place the store your crypto. The major issue with phones compared to a hardware wallet are that there are a ton of other things you are using your phone for which increase the likelihood of getting malware tremendously. Security features of each phone protect against this but they are not bulletproof.
Importantly, if you jailbreak or root your phone then you completely sacrifice all of these security features. If you do this, then please do not store any cryptocurrency on your phone.
The positive of using your phone as a wallet is that you get just as much accessibility to your wallet as your computer (if not more) while actually having a relatively more secure wallet than your PC wallet. While not as good as some other options, this is not a bad way to go as long as you follow these tips;
- Do not jailbreak (iOS) or root (Android) your device
- On Android in particular, be very cautious with the apps you install and the permissions you give them.
- On Android, do not use a second hand phone. If you insist on doing so, ensure that you know how to completely wipe the phone including stuff installed outside of Android (it can be done on a rooted Android phone).
- If you use a second hand iOS device, you should always factory reset it before using it.
- Make sure you use a strong lock on the device and enable a short sleep period for the lockscreen to come up when you're not using the phone.
Don't jump the gun yet and choose this as your method of storage, read on for the best methods.
This is by far the most recommended way for any person in crypto to secure their wallet. A good hardware wallet is virtually impenetrable except due to extreme user error. Hardware wallets like the Ledger Nano S contain tamperproof hardware and special unique encryption keys burned onto the CPU when they are built. The data on the wallet will be encrypted at start time when you set it up with a PIN of your choice. The wallet will also provide a recovery key (usually in the form of 24 words) which can be used to restore your wallet should you lose your hardware wallet or break it.
The power of these wallets comes from the fact that to use them, you plug them into your computer via USB and even on an infected computer, the private keys of your wallet never go over the wire into your computer. This means that even on a computer infected with a virus, it cannot steal the crypto from your hardware wallet when you use it with the computer. These wallets are extremely resistant to user error.
When you want to send some money from your hardware wallet, you simply plug it into your computer, unlock it using your PIN and then with wallet software on the computer you create a transaction. You will then be asked by your hardware wallet to verify this transaction and you physically need to push a button on the hardware wallet to confirm it. Your hardware wallet then signs the transaction itself and sends the signed transaction onto your computer, which then completes the transaction. This entire time, no real information in relation to stealing your wallet is ever transmitted to your computer.
Best hardware wallets
- Ledger Nano S is by far the best wallet. It supports Bitcoin, Ether, Dash and more. It is also updated regularly to support new currencies. Lastly, it's the cheapest wallet at around €69 depending on your VAT. You can buy it from the their official store or from Amazon.
- CoolWallet S CoolWallet is one of the coolest wallets out there. It's the size of a credit card and it fits perfectly in any card wallet. It communicates via an app on your phone over bluetooth. The range of coins it supports is decent - it supports most popular coins.
- SafePal is a wallet that had its developed backed by Binance. SafePal is a completely airgapped wallet because it uses a camera and QR codes to broadcast transactions via an app on your phone. This means it is practically impossible for this device to be hacked remotely, be it via USB or bluetooth etc, because it simply does not communicate via these mediums - it has no connection to the world, other than the camera used to scan the codes.
- Ellipal is a relatively new hardware wallet which works similarly to the aforementioned SafePal wallet. The Ellipal wallet sports a much more complete touchscreen interface than the SafePal wallet but works mostly the same. It is also completely airgapped and works via using QR codes to broadcast the transaction to their mobile app (or other apps that can read them).
There are some other hardware wallets but I have vetted and personally used these wallets, thus, I feel confident in recommending these ones. I do NOT recommend the Trezor wallet anymore. This is due to the fact that the Trezor wallet has been proven fundamentally flawed by Kraken Security Labs. While the odds of someone using this flaw on your Trezor is extremely unlikely, it's still concerning and there are better options out there.
So maybe you don't want to buy a hardware wallet even though for the price you are getting immense levels of security and ease of access to your wallet. Well okay, there is one final option for you that is as secure as a hardware wallet, although not quite as easy to access, setup or use in every day life. With that said, this is a strong option that many people opt to use. This option is particularly good for people who just want to create a wallet to store their crypto of choice, deposit into it once or on a regularly basis but not withdraw from it any time soon. The true HODLER.
A paper wallet is exactly what it sounds like, your wallet existing on a piece of paper (or in some cases engraved into metal like some especially creative people do). The piece of paper will contain your public key which allows people to send crypto to you and a private key, which will allow you to send crypto out of your wallet to other addresses.
I will go into more detail in a fully fledged paper wallet breakdown and tutorial soon. For now, this concludes the entirety of this guide. There are a couple of other methods of storing crypto that exist that I haven't gone into in this guide as it has already gotten quite long. I may delve into other options in other tutorials.
TL;DR: Most people should buy a hardware wallet.