Bitcoin buyers must practice 'cold storage' for security

If you bought bitcoin recently during the mad rush, you now need to familiarize yourself with the concept of “cold storage.”

Since bitcoins are a digital asset that you can’t touch or hold physically, owning bitcoins really only means that you have access to the coins. You access your coins using multiple keys, which are strings of numbers and letters.

Let’s say you bought bitcoin on Coinbase, the most mainstream website for buying bitcoin. If you bought bitcoin there and then did nothing else, you are allowing Coinbase to be the custodian of your coins. Your coins are on a wallet that lives on Coinbase, and the funds are instantly accessible to you when you log in. But that also means they’re more vulnerable to a hack.

If someone gets into your Coinbase account and gets access to your phone, they can take your coins, and you’re powerless to stop it. Bitcoin theft is a major problem: in 2016, $28 million in losses due to cryptocurrency crime were reported to the FBI, triple the amount in 2015.

The safest way to store your coins is through “cold storage”: keeping the access keys somewhere offline, not accessible to the Internet in any way. (In other words, not “hot.”)

Cold storage by Coinbase and other exchanges

Coinbase can do its own cold storage of your coins, if you ask it to. When you create a wallet on Coinbase, it gives you the option to “vault” the wallet. If you do so, the funds are not as instantly accessible to you on the site to sell or transfer, but they are safer—Coinbase is keeping your keys somewhere offline using its own chosen method.

In fact, Coinbase says it stores 98% of customer funds, using paper backups of the keys that are “distributed geographically to safe deposit boxes.” Sound elaborate? It is, because it has to be in order to protect the coins from thieves.

A screenshot from Coinbase when you create a new wallet
A screenshot from Coinbase when you create a new wallet

When the bitcoin exchange Bitfinex fell victim to a hack one year ago worth $65 million in bitcoin at the time, it happened because Bitfinex, which had originally been using cold storage for customer keys, had switched its security system to “segregated multi-sig” (multi-signature), where keys are divided up among multiple owners to mitigate risk. The wallets were protected by an outside security provider, BitGo. When hackers sent coins off of Bitfinex, BitGo auto-approved the withdrawal.

But the purest form of cold storage is writing down the keys on a piece of paper somewhere safe, and doing it yourself, rather than trusting Coinbase to do it.

Paper wallets, hardware wallets

Yes, there is an obvious irony to the notion that the safest way to protect your digital asset is using plain dead-tree paper.