When it comes to Bitcoin, one of the biggest questions is how to protect them from being stolen or lost. Due to being mostly anonymous and seeing a lot of site hacks in the news, keeping coins in your control is definitely something to be aware of and actively work towards. While not as simple as joining a Web wallet and letting them sit, it’s an important lesson for all – especially if you hold a lot of coins.

The Importance of Private Keys

Private keys are what allow you to sign transactions, proving that you are in ownership of specific coins. The best way to look at this is as being like having a completely clear (but safe) lockbox:

  • The public key is the address you share with people. It lets them see what you hold, but not access anything
  • The private key is what you use to actually open the lockbox

So if someone knows where the coins are stored but they don’t have the key, it does them no good. On the other hand, letting someone have the private key gives them full access to the coins – something you should never do.

Web Wallets – Why They’re Dangerous

Web wallets are dangerous because in most cases, you do not control your own private key. For example, if you’re using Coinbase, Xapo, or Circle as a wallet, you can store your funds there, but they are the ones with the ultimate control, as they are holding your private keys. The same is present when dealing with exchanges, as well as any site that has you send them coins. The importance of understanding this cannot be understated: if they decide to run, have a rogue employee, get hacked, or one of many other scenarios, your coins can be lost in a flash. Not to mention they could, in theory, be confiscated for any reason under the sun.

Mixing Security With Usability

Most wallets you run on your own allow you to export and import either addresses or recovery seeds. These wallets are perfect (Electrum, MultiBit, and Core, to name a few), because not only do you have full access to your private keys (with nobody else having access), but you can export/import the keys between your various systems in order to keep them all in sync. This is especially easy for those that use the seed-based recovery, as that will encompass every address without requiring you to keep importing new keys each time a transaction is sent or new address is generated. But to take it a step further, hardware wallets are the best path.

Hardware wallets, such as the KeepKey or Trezor, give full access to your coins through a built-in repository of private keys, and it signs them away from any system so that even with a keylogger or hack, the keys can’t magically be stolen. And the best part is that both of these use seed-based accounts, so you can import them into various devices, manually generate both private and public keys, etc. It takes some getting used to, but it’s absolutely worth it.

Minimizing Risk Through Frequent Transfers

If you need to use a Web wallet for some reason, whether it’s for exchanging for another coin (or cash), getting coins from a sale, etc., the best plan is to move the coins back to your ownership as soon as possible. For example, toss the coins where you need them to be, do with them what you need, and then move them back – as long as they are out of your own personal wallet, they are out of your control and are essentially a site giving you an IOU for the amount. Furthermore, it is a great idea to run two separate wallets: one for “cold” (funds you rarely touch) and one for “hot” (those you cycle a lot), keeping the hot wallet at a reasonable balance, such that if something does happen to it, it’s not the end of the world. Physical wallets do resolve the need for both cold/hot wallets, but many still use Web wallets as the hot wallet simply because it’s so fast and easy to access via Android, iOS, various computer systems, and the like. Just remember that without the private key, you don’t hold coins – you’re entrusting them into another party. And that’s something that doesn’t hold too well with the concept of a decentralized currency.