“If you control the keys, it’s your bitcoin. If you don’t control the keys it’s not your bitcoin. Your keys – your bitcoin. Not your keys – not your bitcoin.” Tech entrepreneur and Bitcoin advocate Andreas Antonopoulos uttered these words to impress upon bitcoin users the serious consequences of a poor encryption key management plan.
There are a growing number of services within the Bitcoin ecospace which offer – by default – online wallets that allow users to conveniently store their bitcoins and access the funds from anywhere at any time. Millions of individual investors around the globe store bitcoin online, in wallets provided by their cryptocurrency exchange, for example. Institutional investors are being wooed with offerings of custodial services that promise to ease the burden of holding bitcoin, and making it more attractive to use the cryptocurrency. Some crypto users may find the price of these conveniences to be more than they are willing to pay – given that the tradeoff is complete surrender of the encryption keys that control the bitcoin. On the Bitcoin network, ownership of bitcoin is conferred to the person who controls the key. Who owns your bitcoin?
Since a significant amount of control is relinquished to the custodian of your key, any decision to hand over such control should be given consideration that reflects the gravity of the arrangement. While Bitcoin provides the ability for owners of the cryptocurrency to maintain complete control over their digital currency, there are times when handing the keys over to a trusted third party may be practical. An institutional investor may feel that they do not have the expertise or infrastructure for managing large amounts of bitcoin. An individual investor, may feel that the amount of their investment is negligible – or that they need to secure their bitcoin with an exchange wallet where they can have access for active trading.
What could possibly go wrong?
When you secure your bitcoin in someone else’s wallet:
- You lose the ability to prevent unauthorized withdrawal of your funds.
- You risk losing your funds to a cyber attack on a custodian who exercises lax security protocols.
- You are at the complete mercy of the custodian when the blockchain forks (this can translate into substantial financial loss, and the loss of strategic decision-making).
If someone else controls your bitcoin and the arrangement lacks a very compelling argument – backed by a risk management plan, then the time to act is now.
Securing your bitcoin
It is not uncommon to find third party custodians advertising that they hold about 90% of their bitcoin in cold storage. It is a leading practice to secure bitcoin that is not regularly accessed, or that represents a material value to you – in cold storage. While your bitcoin – all of it – is stored in the highly-secure blockchain, your wallet stores encryption keys that allow you to access your bitcoin in the blockchain. Wallets come in two general configurations – hot or cold storage. Hot wallets are stored on devices that can be accessed by the internet; on a laptop, on a smartphone, or in the cloud – for example. These storage locations are susceptible to cyber attacks where the keys can be stolen, therefore it would be imprudent to store what you consider to be material wealth in these wallets. Cold storage wallets on the other hand are typically USB connected devices (there are also paper and brain wallets) that store keys which cannot be accessed externally. Popular cold storage devices include Ledger, KeepKey, and Trezor (please conduct your own research to determine the solution that best suits your needs). Cold storage is the most secure way to store your bitcoin. The more popular cold storage solutions allow you to perform transactions directly from the device such as: making purchases, transferring funds, and even exchanging one cryptocurrency for another using integrated services such as ShapeShift or Changelly.
Regardless of the wallet that you choose to use, do not forget to backup your keys. When you first install a wallet app or setup a cold storage wallet, you will be prompted to write down several words. Do not skip this step. These words are used to recreate your keys in the unlikely event that your device crashes or is stolen. If you no longer have access to your wallet, simply install a new wallet or acquire a new cold storage device – and enter the words that make up your recovery phrase; your keys will be regenerated, and your bitcoin will be accessible. Now it might seem easy enough to simply take a screen shot, or to store your recovery phrase in a digital file (even an encrypted one), but let me explain why you should kick this one old school and commit it to pen and paper only. With Bitcoin, you become your own bank. Your encryption keys are the keys to your vault. The device on which you save your recovery phrase may be compromised at the time or at a future date. Moreover, social engineering can lead to a compromise when you access your phrase. So write it down twice, and securely store the pieces of paper in separate locations. Now, you own your bitcoin.