Blockchain Security: An Overview of Cryptocurrency Wallets
A stumbling block for many who want to venture into cryptocurrency is how to safely manage their digital assets.
For the majority of new users, these assets are held on the exchanges on which they were purchased. For those who have more substantial money held in these assets, more secure storage solutions quickly become important.
Enthusiasts of blockchain technology and crypto-assets widely hold decentralization as a tenet of these systems; it is built into the majority of blockchain ecosystems, and cryptocurrency wallets play an important role in both security and decentralization.
Developers are chasing a certain holy trinity: security, scalability, and decentralization.
Security is provided by consensus protocols, such as the current “proof-of-work”, and soon to be “proof-of-stake” consensus mechanisms that provide safety to transactions on the Ethereum network (Check out our post to learn more!)
Scalability is achieved through meeting the demand for speed and volume of transactions without the system becoming congested, slow, and more expensive to use.
Security is simply the prevention of errors, theft, hacks, and the general integrity of the system and its sensitive information.
Founder of Ethereum, Vitalik Buterin, noted its very difficult to have all three.
Speaking at the BeyondBlock Conference in Taipei late last year on the challenges of scalability facing the Ethereum and Bitcoin blockchains he said:
“If you want only security and decentralization, then you just go for existing blockchains…The other thing you can do is you can go for decentralization and scalability at the cost of safety.”
Check out this GitHub wiki to delve deeper into the trilemma, and proposed solutions.
What’s wrong with storing on exchanges?
For small amounts held, or for trading purposes, there’s nothing inherently wrong with storing your assets on exchanges. However, part of the revolutionary aspect of cryptocurrency is the idea that you own and control your assets without the need for intermediaries and the risks, and barriers, that they pose. By storing your assets on an exchange, you don’t control the private key. This means you don’t have full control over your assets. If an exchange has its security bypassed (hacked), you may lose all of your assets. This has happened before – The famous Mt.Gox.
Now, we’re not pushing some pitchforking, Libertarian ideology. We’re more concerned, and hopeful, about financial inclusion and the potential of blockchain tech to help the millions of unbanked people in the world.
You store your assets on-exchange at your own risk. For all you nerds, Blockgeeks has a in-depth write up of high-profile hacks that have occurred, and examines their technical failures.
The basics of private wallets
For many, the technical challenges to storage solutions can be overwhelming. Metrics is here to help!
For starters, there are different wallets designed for different cryptocurrencies. We’ll stick to the most popular cryptocurrencies, and help you navigate the murky waters.
Ether, and the ERC-20 tokens that run on Ethereum’s blockchain, require different wallets than Bitcoin, Litecoin, or Ripple. You can’t send ether to a bitcoin wallet, and vice versa. If you try, the transaction simply won’t validate; or, funky things can happen and you could lose your funds. Read here for a more detailed explanation.
Crypto wallets are much different than your traditional, leather black-hole of credit cards, free-sandwich punch cards, and receipts you meant to send your accountant. Rather than storing anything, physical or digital, they are more a means to access the network, akin to a PIN code.
Let’s think of a wallet as a set of keys for a safe with two doors.
Your ‘public key’ is the one you give out those who want to give you money. They can use the key to open only one side of the safe, and leave some sweet, digital cash for you. Once it’s in, only you can take it out using your ‘private key’. This key is for you only, and it is the only one that can open the other door, and transfer or spend your funds.
The private key to a wallet is all one needs to take control of the funds in that wallet. With decentralization comes responsibility. There is no bank that will help you with fraud, or company that will freeze your account. Your wallet is only secure if you have strict control over your private key. If you lose your private key, you lose your access to those funds.
In reality, these keys are a long string of alphanumeric text complex enough to satisfy even the ever-increasing, painstakingly frustrating requirements for passwords these days. They are designed to provide security against a brute-force attack, at least until quantum computing comes along.
Types of cryptocurrency wallets
There are three types of cryptocurrency wallets (outside of exchanges) available for users. They all have their pros and cons. We’ve listed them in the order of what we believe to be the most secure, to the least secure.
These are cryptographically secure physical USB devices. Upon setup, they generate and store your private keys within the hardware of the device, making it able to transact through your computer without worry of malware accessing your private keys. Best of all, you can use it store the keys to multiple cryptocurrencies!
Even if you were to lose your hardware wallet, it is PIN protected, and can be disabled if too many failed PINs are attempted. Best of all, upon setting a up a hardware wallet, a string of seed words are produced as a back up. You can get a new device, and using the seed words, access that same private key and carry on.
These seed words should not be stored online, and kept separate from your device. Think of them like a bearer-bond and keep them in a fireproof safe, if you want to get James Bond with it.
These devices are far superior for both security and ease of use, and that’s why we, at Metrics, use them for our private and corporate crypto-assets.
Paper wallets are aptly named. It is basically a document containing your keys. They are simple at a glance, but strict precautions should be taken to ensure their security.
This line of caution is quickly apparent when going to MyEtherWallet (MEW), a free, open-source Ethereum wallet generator. The website now forces you to click through detailed information on its safe use, and for good reason. Click through the prompts for a good read on paper wallets.
MEW and Bitaddress are two popular options for ether and bitcoin, respectively. Basically, you can quickly generate a unique set of keys, record and store those keys, and use them to transact on those blockchains. The downside is, if you’ve done this properly, you’ll have to read the text of your private key and enter it manually to transact, opening yourself up to potentially costly typos.
The recommended way to generate and store a paper wallet is to do so while offline. You can download the static web page, and use the site while not connected to the internet. Ideally, you would use a device that has never been connected to the internet. This way, any compromise to your network or device cannot be used by malicious internet bandits to steal your information.
Paper wallets can be very secure and useful if used correctly, but are sometimes too advanced for new users to operate. Be careful.
These are digital files you can create on MEW and other online wallet providers and software. They can be stored locally on your computer or mobile device, or accessed online from any device.
The issue with software wallets is that they are most at risk to loss, hacks, and theft.
With “desktop wallets” stored on your computer or laptop, you have a certain degree of control, but are vulnerable to any threats posed by information stored on a connected device.
If you’ve heard the term ‘cold storage’, this refers to an offline computer with software that stores your private keys. This might sound secure, but you don’t want to end up like this guy if you lose your hard drive.
Mobile wallets are convenient and you can carry them with you, but have the same risks as desktop wallets.
You can use online software wallets, and while they may be more user friendly and accessible from any device, you give up control of your private keys to the service provider.
We’d go into more detail, but we’re not a big fan of going this route. It is the least secure wallet option.
When it comes to controlling your crypto-assets, security is your responsibility. While there are free and useful, albeit less secure wallet options out there, we recommend investing in a hardware wallet.
Knowledge is power in this quickly evolving space, so we wish our fellow fintech geeks well in their journey, and hope this was helpful.