If there is a need to store large amounts of cryptocurrency, there is nothing better than cold storage. Cold storage involves physically accessing the information medium so as to protect it from any attempted access via the Internet.
These five methods dramatically reduce the risk of theft:
paper wallets encrypted paper wallets transaction signing offline (no internet connection) fragmented secret keys multi-signature wallets hardware wallets
If you use the above methods, you should not worry about hacking attacks. Rather, you should worry about classic robbers, and even then, well versed in bitcoin technology. Most of the above methods are good for long-term and secure storage of large amounts of cryptocurrency. However, if you have a large bitcoin fortune, consider hiring a personal cryptocurrency security expert who can audit the storage methods you use.
Note: all experiments with the above methods should be conducted ONLY with a small amount of bitcoins you have. Once you have mastered the suggested techniques, you can operate with larger amounts.
The whole range of proposed methods is available at bitaddress.org, which, by the way, can be downloaded and run offline for better security.
After the home page loads, the site will ask you to move your cursor or type a random set of characters into a special field. This increases randomness in bitcoin address generation. It is very difficult to generate a random sequence of numbers with software methods because a program is always some sort of algorithm whose results can be calculated to some degree making them predictable. For applications outside the financial sphere, say, for generating handings in a card game like kosza, this is not critical, but for storing large amounts of money high quality randomness is very important.
A paper wallet is probably one of the simplest and most popular methods of cold storage. Creating such a wallet involves generating a bitcoin address and a secret key offline, and writing them down on any medium not accessible from the Internet. For example, you can write down a pair of keys on a piece of paper, which you then put in your own safe deposit box or bank vault. By doing so, you can send bitcoins to that address without any problem, where they will be perfectly safe. When you decide to spend bitcoins from that address you will only need to import your secret key into the wallet software you are using. After this operation, your vault will go from cold to hot.
If you need to spend only a part of the accumulated funds and keep the remainder in the cold wallet, then after importing the secret key into the hot wallet, you should immediately send the remainder to the newly created cold wallet (your old wallet has already been exposed to the network, and therefore may be compromised).
Note: Alternatively, you can spend some of your funds from cold storage by applying a method called offline transaction signing. We’ll talk about it a little later.
As long as you keep your secret key in a safe place, the paper-based storage method is fine for storing large amounts of bitcoins for any length of time. However, consider risks such as flooding and fire. Also, do not scan, photograph, or flaunt your secret key on paper, or your storage could be compromised. The security of your bitcoins is only as good as the least secure method of storing your secret key. Consider, for example, that some copying machines store in memory every document they copy. The safest way to duplicate a paper wallet is to simply write it down by hand.
Encrypted paper wallets
The encrypted paper wallet method improves the security of the method described above. Essentially, instead of writing down the secret key on a piece of paper, you write down an encrypted version of it. The only way to decrypt it is to know the password. This creates an additional barrier to hackers.
Hundreds of different encryption schemes can be used to implement this method. The most common is BIP38 encryption.
Creating such a wallet consists of two steps:
1. Go to bitaddress.org and move the mouse over the screen until enough random data is generated.
2. Select a password and generate a bitcoin address with a secret key.
Your secret key will start with the number 6 instead of the usual five for standard secret keys.
Note: Passwords used to encrypt data should always be long enough: if they are shorter than 40 characters, they are relatively easy to crack. Based on this, such passwords are also called passphrases.
IMPORTANT: Loss of a passphrase leads to complete loss of access to your bitcoins.
Thus, the best solution is to write down your passphrase and keep it separate from your paper wallet. As with a regular paper wallet, it is wise to make copies of encrypted wallets for protection in case of theft, fire, or flooding. Additional security measures are never unnecessary. In case your encrypted wallet is stolen, you will be able to use another copy before the intruder even breaks it open (if he/she succeeds).
Transaction Signing Offline
The offline transaction signing method is an entry-level security that is suitable for bitcoin businesses or serious users who regularly encounter large volumes of bitcoins being processed. This method requires two computers and is much more advanced than simply using paper wallets. A hot wallet is installed on one computer. This is where we will not be transferring secret keys. When you form a transaction the wallet will ask you to perform an additional authorization step using a second computer which will hold your secret keys and will not be connected to the Internet. The second computer must also have a digitally signed wallet installed where you copy the created transaction. There you create a file containing the digitally signed transaction, which you then copy back to the computer connected to the Internet:
A computer connected to the Internet is never in contact with secret keys. Signing a transaction offline is similar to a scheme where you have a financial administrator with no authority to sign checks, which is signed by another trusted person or you personally. While this method is highly secure and can be used to store large amounts of cryptocurrency, making a large number of daily transactions can be quite cumbersome. One potential risk here is the loss of secret keys on an offline computer, and hence you should have copies of them. Another risk is the possibility that your secret keys could be compromised if the offline computer is stolen or confiscated.
The advantage of the offline transaction signing method is that there is no need to transform your cold storage into hot storage. The main amount of your savings will always be in your cold vault, even if you make spending from that address.
You can use the Electrum wallet functionality to sign offline transactions. Another highly recommended wallet for implementing the above method is Armory Bitcoin Client, which is open-source and developed with maximum security in mind. Armory offers many advanced security features. If you are serious about secure bitcoin storage and are an advanced bitcoiner, you should take a good look at this software.
Fragmented secret keys and multi-signature addresses
Fragmented secret keys and multi-signature addresses involve fragmenting the information needed to spend bitcoins and storing it in disparate geographic locations. Both of these methods have very high levels of security. Large bitcoin businesses (bitcoin exchanges, hedge funds, retailers, etc.) should use them. Let’s break down both of these methods in more detail:
Fragmented secret keys
Using a cryptographic trick known as secret splitting, a secret bitcoin key is split into many fragments. A certain number of them (m-necessary fragments out of n-existing ones) are needed to recover the key. For example, a secret key can be split into 5 fragments, but 3 fragments out of 5 are needed to fully recover the key. None of the fragments by themselves contain any meaningful information about the key as a whole. This strategy is very useful for highly secure bitcoin storage, since the participating companies can store each fragment in a separate secure location. If one of the fragments is damaged or compromised, the storage remains secure. In addition, other fragments can be used to move bitcoins to a new address. Several different cryptographic protocols are used to implement this method in practice. The most popular is Shamir’s scheme, whose original implementations can be easily found on the Internet.
A hardware wallet is a relatively new method of storing bitcoins. It is a small electronic device that fits easily in a pocket and stores secret keys in a way that they cannot be removed. A hardware wallet operates similarly to the offline computer described earlier. However, it is certainly more convenient because you can plug it into a computer connected to the Internet.
Your bitcoins are not at risk in doing so, even if the computer itself is infected with a virus. When you send bitcoins through your wallet program, the transaction is signed using a hardware wallet, which is usually implemented with the click of a button. The hardware wallet uses a secret key stored on it to sign the transaction, which is then sent to a computer connected to the Internet. An example of a hardware wallet is Trezor.
This method is almost as easy and convenient as using a regular hot wallet. It is much more secure because your secret keys will not be exposed to the Internet in any way. Your bitcoins, in this case, are always in cold storage. One of the disadvantages is that you will need to pay a lot of money for the device itself. Another disadvantage is the possibility of losing the device, which may also lead to loss of your funds (although, hardware wallets allow you to restore access to the address using a pre-recorded phrase). While hardware wallets are a great combination of convenience and security, you may not want to rely solely on this method: there is no data yet on the durability of the device
buy without cvv