Bitcoin Storage: What is the Safest Way to Store Bitcoin Securely?
Did you know that U.S. dollars used to be backed up by physical gold? That’s where the phrase “the gold standard” comes from. Today, however, the U.S relies on fiat currency, dollar bills, and coins not backed up by gold or any other materials. Bitcoin, however, takes it a step further, neither backed up by any physical materials or by the government. In fact, it doesn’t even require a bank and may or may not take a physical form.1
Bitcoin is the first form of cryptocurrency, often abbreviated to BTC or XBT. It’s a decentralized currency powered by cryptography and the network of the individuals who use it. Rather than being backed by gold, it’s supported by a code called blockchain.2 And as a result of the lack of a bank, users need to store Bitcoin themselves, which can get complicated.
Table of Contents
- Where is it Safe to Store Bitcoin?
- How to Secure a Bitcoin Wallet
- Bitcoin Security Facts and Statistics
Where is it Safe to Store Bitcoin?
The Bitcoin organization recommends storing money in two separate wallets:3
- Hot spending wallet: This wallet should store a small or medium amount of Bitcoin for spending and walking-around money. Typically, this wallet is stored digitally on a mobile device.
- Cold savings wallet: In contrast, the cold savings wallet should hold the majority of a user’s Bitcoin, who will use it occasionally to refill the hot wallet. The cold wallet should be stored completely offline, ideally in a fireproof safe at home.
Types of Wallets
You can store Bitcoin in up to four different types of wallets: mobile, desktop, web, and hardware.4 The types of wallets can be either internet-connected, “hot”, or not internet-connected, “cold”. However, no matter what kind of wallet you use, to access your currency, you’ll need a set of private keys. If these keys are lost or stolen, you won’t be able to access your Bitcoin, and that’s true whether you store them physically or digitally. From losing physical items to digital devices malfunctioning and hacking, storing your Bitcoin safely requires thoughtful action.
Digital wallets are either hardware or web-based wallets that can be used on a computer, phone, or even paper. Again, it's best to only keep a small amount of Bitcoin in the digital wallet for spending, while the bulk of the Bitcoin should be stored in cold storage, a safer environment overall. Of course, the digital wallet should be encrypted so no one can access your private keys.
- Pros: Digital wallets are accessible from anywhere in the world, making them a good choice for walking around money or traveling.
- Cons: Like any digital service or product, digital wallets are vulnerable to hacking.
How to find: While you can research different digital wallet companies for their past security breaches and features, an easier method is to use a tool on the Bitcoin organization’s website.5 Essentially, it’s a quiz that will help you find a digital wallet based on your type of operating system, whether you want hardware, and other criteria and features such as:
- Control: This asks whether you want to have total control over your Bitcoin, meaning that you are fully responsible for securing and backing up your currency. Otherwise, you can work through a third-party provider, but that means giving up total control of your wallet.
- Validation: Relatedly, validation means having a third party verify transactions. In a full node digital wallet, no third party is needed.
- Transparency: Transparency measures whether the wallet is open-sourced and tamper-proof.
- Environment: If the wallet is stored on your computer, it should have a strong password, two-factor authentication, or multi-factor authentication. Learn more in our authentication guide.
- Privacy: Do you want to change your IP address? Some wallets rotate addresses and don’t disclose this information to peers on your network. Others allow for the use of Tor as a proxy server if you want to unlink your transactions from your IP address.
- Fees: While some wallets give users the option to control the fees before the transaction, others do not, leading them to sometimes pay more than necessary.
- Bech32: Bech32 is a special address format that not all wallets support; this format is also known as “bc1 addresses”.
- Hardware wallet: If you want a physical wallet, check this box on the Bitcoin organization’s digital wallet quiz.
- Legacy addresses: Rather than starting with bc1 like most modern Bitcoin addresses, legacy addresses start with the numbers one or three and are only available on older wallets or exchanges, typically.
- Lightning: For quicker transactions and lower fees, some users may want to try out the Lightning Network. It’s a new and highly experimental network that lets users transfer Bitcoins without recording the transactions on the blockchain.
- Multisig: If you want to require multiple keys to authorize transactions, you can divide the required signatures into multiple parties.
- SegWit: SegWit reduces fees by using blockchain technology more efficiently, thus saving space.
Offline wallets are “cold storage” that isn’t internet-accessible. However, that doesn’t mean that they’re necessarily physical objects; desktop wallets, for example, are on a computer but are not connected to the internet. Rather, the keys are stored on the physical machine itself.
- Pros: Offline wallets are safer than digital wallets because they’re at significantly less risk of being exposed online, creating the highest level of security possible.
- Cons: If they’re stored on a computer, offline wallets can still be susceptible to Bitcoin-targeting malware, so it’s best to use them with antivirus software that contains protection against malware (see below for more explanation on antivirus software).
Users can choose between three types of offline wallets: hardware, paper, or coin.
Hardware wallets mean that the cryptocurrency is stored on a piece of hardware like a USB stick.
- Pros: With hardware wallets, transactions are completely anonymous, as none of the user’s personally identifiable information is on the hardware. And unlike desktop wallets, hardware wallets are resilient to malware. Finally, even if the user loses their key, they’ll be able to recover their funds using a seed phrase, a 20-word phrase that the user will set up when they create the wallet itself.6 Ideally, the user stores the seed phrase on paper in a locked safe.
- Cons: If the user loses the hardware wallet, then they have no way of recovering the Bitcoin, even with the seed phrase.
- How to find: You can find hardware wallets using the same tool from Bitcoin.org as referenced above.
Although paper wallets may seem like the most straightforward option, they actually require more knowledge of digital currencies than any other option and can be generated online or off.
- Pros: In a minimal amount of space, paper wallets allow for complete anonymity; essentially, they’re a seed phrase written on a piece of paper.
- Cons: Paper can be lost, damaged, or smudged, and ink can fade. Plus, if the user is printing their paper wallet, they have to take into consideration any potential insecurities on their printer’s network. Another issue is address re-usage; if you don’t re-use the same address, then you’ll need to create a new paper wallet for every transaction. But re-using the same address can make it easier to trace the private key signature, so the safest way, creating a new wallet for every transaction, is also the most cumbersome.
- How to find: You can print a paper wallet through services like BitcoinPaperWallet, WalletGenerator, or BitAddress.7
Finally, physical coins will have tamper-proof stickers that cover a certain amount of Bitcoin.
- Pros: Highly secure, physical coins don’t require any internet usage, which removes any possibility of online theft or fraud. Rather, users will have total control over their coins and can store them as they please, not relying on any third parties.
- Cons: Since these coins are physical, users will need to pay more for them than the actual value of the Bitcoin, after taking into account shipping and manufacturing costs. And of course, coins can be stolen.8
- How to find: Users can purchase physical coins through services like KeepKey, Ledger Nano S, or Trezo.
How to Secure a Bitcoin Wallet
Once you’ve selected your wallet or wallets, there are a few best practices that you can take to protect your cryptocurrency.
- Use antivirus software: Any device containing Bitcoin should include antivirus software to detect and eradicate viruses and malware. This will prevent malware from stealing Bitcoin, whether the wallet is connected to the internet or not.
- Backup your wallet: Backup your entire wallet, including its hidden private keys, as early and as often as possible. If your device fails, this could be the only way to recover your currency. It’s best to back up your wallet in multiple locations like CDs, USB sticks, and hard drives; redundancy is key. And, of course, your backup should be encrypted. While eventually, wallets will only need to be backed up once, for the time being, users need to back up their wallets regularly.
- Use a strong password: Whenever possible, it’s important to protect your Bitcoin with passwords. Ideally, the password should be at least 16 characters long and should contain a unique combination of numbers, letters, and punctuation marks. To see if your password is secure, use our secure password checker. You can also generate strong passwords using a password manager. Make sure that your Bitcoin password isn’t used in any other online account.
- Store your password securely: If you lose your password, you’ll have limited or no way of recovering your currency, so it’s important to keep a paper copy of your password in a vault or another safe place. In case that gets lost or stolen, memorize your password or store it in an encrypted password manager.
- Update software: Perform software updates regularly and as soon as they’re available. Software that’s not up to date could be easier for hackers to target.
- Turn on two-factor authentication: Two-factor authentication or 2FA means that in order to enter your Bitcoin account, you’ll also need to enter a passcode sent to another device. Turn on 2FA whenever it’s available, but if possible, have the code sent to a SIM card used only for this purpose as opposed to your phone. As many people use their phones for 2FA, they’re more likely to be hijacked by hackers.
- Create a recovery contact: Find someone you trust and tell them the location of your wallets and passwords. In case something happens to you, they’ll still be able to recover your funds.
- Use a separate email: For the most privacy, use an email address for your Bitcoin account and communications that is just used for Bitcoin. In other words, it shouldn’t be associated with your social media profiles or accounts on PayPal, if you’re going for total anonymity.
- Implement multi-signature: Another option is to require approval from three to five people to allow completed transactions. This means that a single server or controller can’t carry out transactions, greatly reducing the risk of theft.9
- Offline transaction signing: We recommend dividing a single wallet into two computers, one disconnected and one connected to the web. The “cold” wallet includes all of the currency and can sign transactions, while the “hot” wallet can create unsigned transactions only.10 For secure new transactions, follow the following steps:
- Create a new transaction on the web-connected computer.
- Save it on a USB key, or the “cold” wallet.
- Use the offline computer to sign the transaction.
- Keep it to yourself: While it’s okay to say that you’ve invested in Bitcoin, don’t mention exactly how much money you’ve invested or gained; otherwise, you’re making yourself a target for theft.11
- Don’t post on social: Many of us don’t realize how much of our personally identifiable information is available publicly on social media. Not only does this put us at risk of identity theft in general, but it also makes you more vulnerable to Bitcoin theft, so don’t post your email address, home address, or phone number. It’s best to make all of your social media profiles private, as well.
- Secure network: When accessing your Bitcoin via the internet, it’s best to use a secure and private network rather than a public Wi-Fi network. However, if you absolutely need to use a public network, you can either connect to a hotspot or use a VPN to encrypt your web activity and IP address. And for your home network, use antivirus software with network security built-in.
- Avoid scams: Various outlets12 have reported numerous Bitcoin scam phishing emails, many of them promising Bitcoin giveaways. Beware of these scams, and try not to click on any unfamiliar emails, links, or attachments, especially on Twitter. Chances are if it sounds too good to be true, it probably is.
- Check address: Before you send currency to another Bitcoin wallet, make sure that the address is correct, as most transactions are irreversible. Malware can change the currency’s destination in some cases, so it’s always best to double-check.
- Use smaller transactions and different exchanges: Sending over a large exchange of crypto? Bitcoin-users should send the transactions in a bunch of smaller exchanges to make sure that they’re working correctly.13 That way, if they send it to the wrong address, at least they won’t lose the entire value of the exchange.
Bitcoin Security Facts and Statistics
Just how common are Bitcoin theft and fraud? Well, it’s actually becoming less common overall, fortunately. In the first 10 months of 2020, for example, losses for hacks, fraud, and thefts of cryptocurrency were down $1.8 billion from the previous year. In general, cryptocurrency has become more secure, leading to fewer “mass-scale” attacks, says CipherTrace CEO Dave Jevans. That being said, the last two months of 2020 saw a 30 percent increase from all of 2019, with losses from thefts and hacks totaling $468 million.14 So while cryptocurrency becomes more secure in general, thefts and hackings are still possible.
While there’s no dependable data on how many people have lost their Bitcoin passwords and thus, access to their currency, as of June of 2020, 20 percent of all Bitcoin has been lost. By lost, they mean that it hasn’t been moved from its current address in a minimum of five years. So out of the 18.6 million mined Bitcoin, 3.7 million are lost15, although it’s not clear why.
In terms of finances, Bitcoin is one of the only methods of staying “off the grid”, not associating with banks or the government. Of course, with this independence comes responsibility, and storing Bitcoin securely is essential to protecting your funds. With a few simple steps, you can protect your Bitcoin and keep your money safe.