vault-2383965_1280

Pretty Secure Cold Storage – Part 1

This three-part series will show you how to store your BitCoin long-term securely, with examples of several cold storage methods.

-

What is cold storage?

Cold storage is a way to store BitCoins in an offline wallet where the private keys to that wallet are never exposed to the Internet in any way. In other words, you create your private keys on an offline device that won’t ever connect to the Internet.

BitCoin cold storage

To spend the coins, bring the private key to an online device, such as a smartphone, or an unsigned transaction signed on an offline device and then copied to the online device. The transport between the online and offline devices can be a USB drive, a QR code scan, or simply typing in the information (though that last option is unwieldy).

Why use cold storage?

If you have somehow managed to acquire and retain a large number of coins, it is not good security practice to keep the coins on an online device. Hackers are getting clever recently with many different types of attack, which makes the stealing of your coins from an online device much more likely than on an offline machine. Offline devices are not immune to attack; there is no such thing as 100% security, but the chances are orders of magnitude lower.

Different attack types

Keylogger

A keylogger is malicious software on your machine, usually installed by a virus or trojan, that logs and transmits all keystrokes to the attacker. There have been many instances of this happening, search bitcointalk.org for some sad stories.

Public Wi-Fi

Fake wireless access points have been created to get access to people’s information, although I’m not aware of this attack being used to steal BitCoin. As a general principle, always use a VPN (virtual private network) when on public Wi-Fi.

Eavesdropping

Whenever you expose your private key or seed phrase, always do it in a room you know that:

  1. Has no CCTV cameras watching
  2. Is away from a window
  3. Is shielded from people watching

Someone with a telephoto lens could photograph your screen and steal your BitCoin. It’s a minimal risk, but with cold storage, we’re not taking any chances.

Edward Snowden typing in a password

Clipboard jacking

If you ever copy your seed phrase to the clipboard, there are viruses out there, that will transmit the contents of the clipboard to the attacker. This includes screenshots.

Social engineering

This is more common than you would imagine. This is the psychological manipulation of people into performing actions or divulging confidential information such as passphrases or seed words. Techniques include “vishing”, “phishing”, impersonation, “pretexting”, “water holing”, “baiting” and more.

Exchange hacks

Do not ever leave your coins on an exchange for longer than necessary. If you need to exchange one cryptocurrency for another, or between BitCoin and fiat currencies, once the transaction has completed, remove your funds. Don’t leave them there for an extended period. Most of the major exchanges have been hacked at some stage, some catastrophically, including Mt.Gox, Poloniex, Bitfinex, Bitfloor, BTC-e, Bitstamp, etc.

Evolution of cold storage

Paper wallets

These were popular in the early days of BitCoin. I do not recommend them because there are many downsides to them. In order to be private in BitCoin, addresses should not be reused. BitCoin is not anonymous; it is private, which means that if you do not reuse addresses, it is difficult for people to know how many BitCoins you own. Paper wallets are single addresses where the public and private key are generated for each wallet. This means that they should only be used once, which also makes them extremely impractical to use. Do not ever send all your BitCoins to a single address. There are several security concerns too:

  • The private key must be generated offline.
  • If the wallet is printed out, printers have memories and can store images for a long time after printing. Some printers even have hard drives that persist information after power off.

Brain wallets

The idea behind a brain wallet is that the private key is never written down or stored anywhere except your brain. This allows you to “carry” your BitCoin literally anywhere and be able to reconstruct the private key on a phone or computer at a later time.

An example of a single-address brain wallet with a derived, hashed passphrase

No matter how good you think your memory is, if you forget your passphrase for a brain wallet or method to calculate it, you will lose your BitCoins. See Dr. Craig Wright’s excellent article on brain wallets.

I did a thought experiment and demonstrated how to create a brain wallet with the phrase “Who is John Galt?” in this video.

Hardware devices

Since 2015 or so, hardware wallets have become popular because they offer security and convenience. The idea is that the private keys are not able to leave the hardware device and therefore cannot be compromised. When you want to spend coins, the unsigned transaction is sent from your computer to the hardware wallet, which signs the transaction with your private key, sends it back to your computer which then broadcasts it to the network.


Ledger Nano S hardware wallet

All the major providers of hardware wallets have been hostile to BitCoin SV, so I have stopped using them, but they do remain popular.

Second phones

This is my preferred way to store BitCoins for the long term. Dr Wright has a straightforward solution to this and is pretty secure and good enough for some people, described here.

In a nutshell, Dr Wright is recommending a SIM-less phone that is never used for web browsing or other apps but only used for BitCoin and switched off when not in use.

I have taken a more paranoid approach and decided to never allow my cold storage private keys access to the Internet. It’s not as convenient as Dr Wright’s solution but not arduous. I will describe the process in detail in Part 2 of this series.

Part 2

Coming up next in Part 2: I describe how a second phone is very secure and detail the steps to set it up.

Click the author’s picture below to tip and learn more

Please follow and like us:
brain walletsexchangeshackskeyloggerspaper walletssecurity

2 Comments Pretty Secure Cold Storage – Part 1

  1. Pretty Secure Cold Storage - Part 2 - MetaNet ID

    […] three-part series shows how to store BitCoins long-term securely. In Part 1 we discussed what cold storage is, why use it and the different options available. In this article, […]

  2. Pretty Secure Cold Storage – Part 3

    […] three-part series shows how to store BitCoins long-term, securely. In Part 1 we discussed what cold storage is, why use it and the different options available, in Part 2 we […]

Leave a Reply

Your email address will not be published. Required fields are marked *