edgecase
Author: StJohn Piano
This page is subject to change at any time. It is not signed by its author or by Edgecase Datafeed.
1608 words - 374 lines - 10 pages





Introduction


Storing bitcoin securely takes a lot of time and effort.

Edgecase recommends that you start off with small steps. Practice each step until you know it well.

Each person should choose the level of security that they're happy with. It's not obligatory to use the most secure option - this may cost you so much that it's not worth it. Also, you may find it best to use a secure option for long-term storage and a convenient one for handling small payments.

This page lists various storage approaches, starting from "most convenient" and ending with "most secure".

If you want to know why it is worth considering how to store bitcoin, please see the following page:
Why to buy and store bitcoin

If you do not own any bitcoin, and wish to acquire some, please see the following page:
How to buy bitcoin






Contents


- Introduction
- Contents
- The problems of storing bitcoin
- Cryptocurrency exchange
- Storage service
- Smartphone wallet
- Desktop wallet
- Hardware wallet
- Offline computer






The problems of storing bitcoin


Here is an example Bitcoin private key:
15e7e195332b0aa8a684dc3be1f29dd04daa0a5434c11a8b9e6ad180df076ae4


It's easier to read when divided up into groups of four characters.
15e7 e195 332b 0aa8
a684 dc3b e1f2 9dd0
4daa 0a54 34c1 1a8b
9e6a d180 df07 6ae4


A private key controls the bitcoin stored in an address.

Example Bitcoin address:
14gLgyVBiK7i7gtPLLYcVCAKfBuj1rL9JT


Bitcoin transactions move bitcoin between addresses. The private key is used to digitally sign transactions. Without the correct signature(s), the transaction is invalid and won't be processed.

Anyone who knows the private key can steal the bitcoin that it controls.

A photograph of a private key is as good as the private key itself (notably, this is not the case with gold). If you store bitcoin yourself, you must take into account the fact that it could be stolen using a camera.

The essential problems of storing bitcoin are:
- 1) "How to secretly generate a private key?"
- 2) "How and where to store the private key securely?"
- 3) "How to safely sign transactions while keeping the private key protected?"

Private keys should be as difficult as possible for an adversary to guess. They should be generated using a good source of random noise.

These problems are never going to go away. Someone has to think about how to handle them. You can of course pay a service to think about them for you - but be careful which service you trust.





Cryptocurrency exchange


Most people buy bitcoin using an online cryptocurrency exchange. Exchanges will usually provide a storage service for their customers.

This is the easiest, most convenient way to store bitcoin. It is also the least secure.

Risks:
- The exchange is hacked and goes bankrupt.
- Some exchange personnel steal the stored cryptocurrency.
- The exchange is run incompetently and goes bankrupt.
- The local government targets the exchange.
- A hacker gains access to your account. (Sometimes the attack can be quite sophisticated e.g. a SIM swap attack on your phone account in order to get through the exchange's two-factor authentication.)

In all these scenarios, you lose your bitcoin.

Note: What you hold in this case is not actually bitcoin. It is instead a "promise to pay you bitcoin, if and when you ask for it in the future".

Recommended reading:
Storing bitcoin with other people

The Other services page should list an active exchange service.






Storage service


Some services offer only storage, without any exchange service. This allows them to prioritise security. Usually you will only be able to access your stored bitcoin after a significant delay and lots of different identity checks.

You will also have to pay a subscription of some kind. An exchange service makes its money through facilitating trading activity - this means that they can offer storage as a gift to their customers. However, if a company provides storage as its primary service, it must charge for it.

A storage service has the same set of risks as those listed for the cryptocurrency exchange above, but these risks are generally smaller.

Recommended reading:
The structure of a Bitcoin bank






Smartphone wallet


There are various wallet apps that can be installed on a smartphone. You can use one of these to store bitcoin on your phone.

The Bitcoin private key(s) are generated and stored on the phone.

Risks:
- You lose your seed key / password.
- Phone is lost / damaged / stolen.
- Phone is hacked.
- Supply chain attack: The pipeline that transports updates to the app is hacked and a malicious update is installed on your phone.
- Incompetent update: The wallet app may make an update that breaks the app, leading it to make bad mistakes (such as sending bitcoin to an incorrect address).

In all these scenarios, you lose your bitcoin.

Notes:
- Here, you actually do hold the bitcoin yourself. The problem is that you're using a tool that can be accessed / modified by other people.
- Increasingly, smartphone wallets ensure that you back up your seed phrase by asking you to enter a random word from the phrase before you can do anything.
- Usually, you personally only know the seed phrase, not the bitcoin keys themselves. New keys are generated from the seed phrase when necessary. The seed phrase can be used on another device to re-generate your keys.






Desktop wallet


From a security point of view, these are almost the same as smartphone wallets - the set of risks is similar.

Edgecase offers a rather inconvenient Desktop storage toolset. It insists that you directly manage your keys and transactions (and software updates) yourself, rather than relying on automated management. It's a good choice if you want to understand Bitcoin properly.

Please see this page for details:
How to store bitcoin on a laptop






Hardware wallet


A hardware wallet is a small dedicated computer that performs Bitcoin-related operations.

Often, these look rather like USB flash drives, although they're actually computers in their own right. They have a USB plug, and you plug them into a USB port on an online computer. When you want to generate an address or make a transaction, you use an app on the online computer to download necessary information about the Bitcoin blockchain and send it across the USB connection to the hardware wallet. The hardware wallet performs the necessary operations and sends back the result (e.g. a signed transaction).

The hardware wallet is connected electronically to an online computer, so it is possible to attack it remotely via this connection. This is however very difficult, so hackers will generally go for easier targets (like trying to crack accounts at exchanges).

Risks:
- Low possibility of remote attack.
- Possibility that the company that designed it built in some sort of backdoor access.
- House burglars will increasingly understand that hardware wallets are valuable, and will be able to identity and steal the most recognisable ones.

Note: Usually, you personally only know the seed phrase, not the bitcoin keys themselves. New keys are generated from the seed phrase when necessary. The seed phrase can be used on another device to re-generate your keys.






Offline computer


This is the most expensive approach, but also the most secure. You permanently dedicate an entire computer to Bitcoin-related operations, and never use it for anything else.

Steps:
- Set up an offline computer. It should be difficult for other people to recognise or access. Think about how you could store it safely.
- Acquire Bitcoin software that you trust and install it on the offline computer. Keep a backup copy of the software.
- Generate private keys on the offline computer.
- Use a flash drive to transfer the necessary details for a new transaction from an online computer to the offline computer.
- Sign new transactions on the offline computer.
- Use a flash drive to transfer the signed transactions back to an online computer for broadcast.

You should make multiple backup copies of the Bitcoin private keys. Examples: Written on paper, engraved into metal, or as files on a dedicated backup flash drive. Suggestion: Consider deleting the key(s) from the offline computer after every operation, and typing them in again when you need them.

Recommended reading:
Effective offline storage of Bitcoin

Risks:
- Flash drives are a (relatively small) security risk. It is possible to avoid using them by manually typing information in and out of the offline computer. This is very time-consuming and error-prone, but for a major Bitcoin bank this may be a good choice.
-- Using a flash drive or CD to install the Bitcoin software in the first place when setting up the offline computer is probably an unavoidable risk.
- Certain communication chips can be activated remotely, even when they are set to "off". Ideally, the offline computer should not have any wireless communication capability (i.e. no WiFi or Bluetooth chip installed).

It is difficult to be certain that a private key no longer exists on a computer (e.g. in some temporary archival section of the filesystem), so if you have to dispose of an offline computer used for Bitcoin operations, you should destroy it completely.

Edgecase has developed a Bitcoin storage toolset specifically for use on offline computers. It requires a rather higher degree of skill and focus from its user than most storage software does, but it will definitely help you to gain a solid understanding of Bitcoin.

Please see this page for details:
How to store bitcoin offline