Blockchain Security: an Overview of Cryptocurrency Wallets
A stumbling block for many who want to venture into cryptocurrency is how to safely manage their digital assets.
For the majority of new users, these assets are held on the exchanges on which they were purchased. For those who have more substantial money held in these assets, more secure storage solutions quickly become important.
Enthusiasts of blockchain technology and crypto-assets widely hold decentralization as a tenet of these systems; it is built into the majority of blockchain ecosystems, and cryptocurrency wallets play an important role in both security and decentralization.
The Trilemma
Developers are chasing a certain holy trinity: security, scalability, and decentralization.
Security
Security is simply the prevention of errors, theft, hacks, and the general integrity of the system and its sensitive information.
Scalability
Scalability is achieved through meeting the demand for speed and volume of transactions without the system becoming congested, slow, and more expensive to use.
Decentralization
Decentralized is provided by consensus protocols such as the current “proof-of-work" and “proof-of-stake” consensus mechanisms that provide safety to transactions, and ensures that no one individual or organization is in control of it. It acts as a safeguard against control or censorship of blockchain by any one entity or entities acting in concert.
Founder of Ethereum, Vitalik Buterin, noted its very difficult to have all three. Speaking at the BeyondBlock Conference in Taipei late last year on the challenges of scalability facing the Ethereum and Bitcoin blockchains he said: “If you want only security and decentralization, then you just go for existing blockchains…The other thing you can do is you can go for decentralization and scalability at the cost of safety.”
What’s wrong with storing on exchanges?
For small amounts held, or for trading purposes, there’s nothing inherently wrong with storing your assets on exchanges. However, part of the revolutionary aspect of cryptocurrency is the idea that you own and control your assets without the need for intermediaries and the risks, and barriers, that they pose. By storing your assets on an exchange, you don’t control the private key. This means you don’t have full control over your assets. If an exchange has its security bypassed (hacked), you may lose all of your assets. This has happened before – The famous Mt.Gox.
Now, we’re not pushing some pitchforking, Libertarian ideology. We’re more concerned, and hopeful, about financial inclusion and the potential of blockchain tech to help the millions of unbanked people in the world.
You store your assets on-exchange at your own risk. For all you nerds, Blockgeeks has a in-depth write up of high-profile hacks that have occurred, and examines their technical failures.
The basics of private wallets
For many, the technical challenges to storage solutions can be overwhelming. Metrics is here to help!
For starters, there are different wallets designed for different cryptocurrencies. We’ll stick to the most popular cryptocurrencies, and help you navigate the murky waters.
Ether, and the ERC-20 tokens that run on Ethereum’s blockchain, require different wallets than Bitcoin, Litecoin, or Ripple. You can’t send ether to a bitcoin wallet, and vice versa. If you try, the transaction simply won’t validate; or, funky things can happen and you could lose your funds. Read here for a more detailed explanation.
Crypto wallets are much different than your traditional, leather black-hole of credit cards, free-sandwich punch cards, and receipts you meant to send your accountant. Rather than storing anything, physical or digital, they are more a means to access the network, akin to a PIN code.
Public vs. Private Keys
Let’s think of a wallet as a set of keys for a safe with two doors.
Your ‘public key’ is the one you give out those who want to give you money. They can use the key to open only one side of the safe, and leave some sweet, digital cash for you. Once it’s in, only you can take it out using your ‘private key’. This key is for you only, and it is the only one that can open the other door, and transfer or spend your funds.
The private key to a wallet is all one needs to take control of the funds in that wallet. With decentralization comes responsibility. There is no bank that will help you with fraud, or company that will freeze your account. Your wallet is only secure if you have strict control over your private key. If you lose your private key, you lose your access to those funds.
In reality, these keys are a long string of alphanumeric text complex enough to satisfy even the ever-increasing, painstakingly frustrating requirements for passwords these days. They are designed to provide security against a brute-force attack, at least until quantum computing comes along.
Types of cryptocurrency wallets
There are three types of cryptocurrency wallets (outside of exchanges) available for users. They all have their pros and cons. We’ve listed them in the order of what we believe to be the most secure, to the least secure.
Hardware wallets
These are cryptographically secure physical USB devices. Upon setup, they generate and store your private keys within the hardware of the device, making it able to transact through your computer without worry of malware accessing your private keys. Best of all, you can use it store the keys to multiple cryptocurrencies!
Even if you were to lose your hardware wallet, it is PIN protected, and can be disabled if too many failed PINs are attempted. Best of all, upon setting a up a hardware wallet, a string of seed words are produced as a back up. You can get a new device, and using the seed words, access that same private key and carry on.
These seed words should not be stored online, and kept separate from your device. Think of them like a bearer-bond and keep them in a fireproof safe, if you want to get James Bond with it.
Ledger and Trezor are the leading companies producing hardware wallets.
These devices are far superior for both security and ease of use, and that’s why we, at Metrics, use them for our private and corporate crypto-assets.
Paper wallets
Paper wallets are aptly named. It is basically a document containing your keys. They are simple at a glance, but strict precautions should be taken to ensure their security.
This line of caution is quickly apparent when going to MyEtherWallet (MEW), a free, open-source Ethereum wallet generator. The website now forces you to click through detailed information on its safe use, and for good reason. Click through the prompts for a good read on paper wallets.
MEW and Bitaddress are two popular options for ether and bitcoin, respectively. Basically, you can quickly generate a unique set of keys, record and store those keys, and use them to transact on those blockchains. The downside is, if you’ve done this properly, you’ll have to read the text of your private key and enter it manually to transact, opening yourself up to potentially costly typos.
The recommended way to generate and store a paper wallet is to do so while offline. You can download the static web page, and use the site while not connected to the internet. Ideally, you would use a device that has never been connected to the internet. This way, any compromise to your network or device cannot be used by malicious internet bandits to steal your information.
Paper wallets can be very secure and useful if used correctly, but are sometimes too advanced for new users to operate. Be careful.
Software wallets
These are digital files you can create on MEW and other online wallet providers and software. They can be stored locally on your computer or mobile device, or accessed online from any device.
The issue with software wallets is that they are most at risk to loss, hacks, and theft.
With “desktop wallets” stored on your computer or laptop, you have a certain degree of control, but are vulnerable to any threats posed by information stored on a connected device.
If you’ve heard the term ‘cold storage’, this refers to an offline computer with software that stores your private keys. This might sound secure, but you don’t want to end up like this guy if you lose your hard drive.
Mobile wallets are convenient and you can carry them with you, but have the same risks as desktop wallets.
You can use online software wallets, and while they may be more user friendly and accessible from any device, you give up control of your private keys to the service provider.
We’d go into more detail, but we’re not a big fan of going this route. It is the least secure wallet option.
The Bottom line
When it comes to controlling your crypto-assets, security is your responsibility. While there are free and useful, albeit less secure wallet options out there, we recommend investing in a hardware wallet.
Knowledge is power in this quickly evolving space, so we wish our fellow fintech geeks well in their journey, and hope this was helpful.
Disclaimer: This commentary is provided for general informational purposes only and does not constitute financial, investment, tax, legal or accounting advice, nor does it constitute solicitation to buy or sell any securities referred to. Any tax information published on this blog is based on the facts provided to us and on current tax law (including judicial and administrative interpretation) during the time of publication. Tax law can change (at times on a retroactive basis) and these changes may result in additional taxes, interest, or penalties. Practice due diligence and if in doubt, speak with a member of our team.