One of the first questions everybody asks is how to store bitcoins and keep them safe. This is not a trivial question and the purpose of this article is to explain what it means to own bitcoins, and explain different methods for storing them safely. While I will go through important concepts and many different ways of storing bitcoins, I will also give you a simple recipe in the end of the article for storing your bitcoins safely without having to research all the alternatives, to prevent you from feeling information overload and choice fatigue before you feel comfortable enough to purchase your first bitcoins.
What does it mean to own bitcoins?
A bitcoin wallet in its most basic form is two cryptographic keys (one private and one public key) that are mathematically linked together through public-key cryptography using the Elliptic Curve Digital Signature Algorithm. The private key is needed to spend bitcoins, i.e. authorize the transfer of the bitcoins the key controls. The public key or rather what is known as the bitcoin address is what you have to give out to someone that wants to send bitcoins to you. The bitcoin address is deterministically derived from the public key which in turn is deterministically derived from the private key. You can read more about private keys in this excellent article and on this wiki page, and the technical explanation of how a bitcoin address is derived from a public key can be found here.
Owning bitcoins simply means that you alone have control of a secret private key which is linked to a certain amount of bitcoins (or Unspent Transaction Outputs, UTXOs) in the decentralized public ledger called the blockchain. For someone to be able to send you bitcoins, you need to let them know that a specific bitcoin address belongs to you, meaning that you control the private key to that address and are able to spend the bitcoins you receive to that address. Anyone who wants to send you bitcoins needs to know at least one bitcoin address that is yours, but anyone who knows that a specific bitcoin address belongs to you can also easily look up all the transactions that have been done involving that specific address in the public blockchain using a blockchain explorer such as e.g. www.blockchain.info. For this reason, the best practices to preserve your financial privacy is to always use a new bitcoin address for each transaction. Most modern bitcoin wallet software handles this automatically.
Who do you trust?
One of the fundamental questions you have to ask yourself when it comes to storing your bitcoins is if you want to put the trust and responsibility in yourself, or if you want to entrust your private keys to someone else. In the first case, you are the only one in the world with access to your bitcoins, and nobody can take them from you (unless your are careless with your private keys). It also means that if you lose access to your private keys, then the bitcoins associated with those private keys are gone forever, and no one can get them back. In the second case, you decide to entrust your private keys to somebody else, that you for some reason trust more than yourself. This is then no different from the current banking system, where the money you put in the bank is no longer your money, and the bank only owes you the money. As long as the bank is solvent you can get your money out, and if the bank goes out of business you will lose the money that you essentially borrowed to the bank.This is the same when trusting a third party with your private keys that holds your bitcoins.
You probably heard of the Mtgox crash in the spring of 2014, where a lot of people from all around the world lost bitcoins with a total value of $450 million at the time. That incident was only possible because people didn’t have control over their bitcoins and instead entrusted the company Mtgox to hold the private keys to their bitcoins. In retrospect that was not a wise decision and a very expensive lesson for a lot of people. This was also far from the first time this kind of incident happened (only the biggest) and it will not be the last time since people continue to entrust their money to third parties, even though bitcoin, and decentralized blockchain technology in general, now makes that totally unnecessary and obsolete. There are many available solutions for storing your bitcoins completely under your control which will be presented in this article.
Take control of your money
The beauty of Bitcoin is that it is possible for anyone in the world to have complete control over their own money, without having to trust a bank or other third party. With Bitcoin you can easily hold your money and send your money to anyone in the world, and no third party, e.g. a payment processor company, government, or special interest group can stop your transactions or confiscate your accounts.
There are many ways to store the private keys to your bitcoins. You can store a private key in plain text on a piece of paper, or you can memorize it in your head, or you can store it on some electronic storage device. You can also encrypt a private key, which means that you instead must remember the password, or store the password to decrypt your private key and the encrypted file in separate locations. Storing private keys encrypted is generally more safe provided the encryption used is strong enough.
Storing your bitcoins safely comes down to managing the private keys to your bitcoins in a safe way so that you are the only one in the world that have access to your private keys, but it is also very important to make sure that the bitcoin wallet software you are using can be trusted to generate truly random keys for your bitcoins.
What is a private key?
A bitcoin private key is basically an integer between 1 and approximately 10^77 (2^256, or 256 bits), and this number is put through a mathematical function, called the Elliptic Curve Digital Signature Algorithm using the curve parameters secp256k1 to generate the corresponding public key. A bitcoin adress in turn is generated from the public key by a sequence of steps involving the SHA-256 hash algorithm. For more technical details, read this blog post.
If you could generate all the possible private keys by running all numbers between 1 and approximately 10^77, you could in theory steal everybody’s bitcoin (keeping in mind that the number of atoms in the observable universe is approximately 10^80). So how feasible is that? Fortunately, 10^77 is a very large number, and to generate, and to try all possible private keys with the bitcoin blockchain would take orders of magnitude longer than the age of the universe. However, in order to have secure private keys, you must generate them in a random process! To emphasize how important that is, here is an example of a very bad private key. The private key generated from the integer 1 is 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm, which you will see if you click on the link has received over 4 bitcoins through over 1000 transactions. This is however hopefully the result of many early bitcoin developers using 1 as a private key as a simple school example to understand how Bitcoin and the blockchain functions. Anyone who generates a private key in a non-random way will likely lose the bitcoins they send to that associated address before they can say the word RANDOM! There are likely many computer programs active all the time that are generating and trying private keys in order to steal bitcoins from people who store bitcoins associated with private keys generated through a non-random process. So you must make sure that you only use randomly generated private keys to keep your bitcoins safe from brute force hackers.
What does private keys and bitcoin addresses look like?
Private keys, public keys and bitcoin addresses are just very large numbers. In order to make it easy to read and transcribe private keys and bitcoin addresses without introducing errors they are most commonly represented in a format called Base58Check, as an unambiguous sequence of letters and numbers. Several of the characters serves as a checksum so that if you misspell a bitcoin address that you want to send bitcoins to the transaction will be rejected, and you do not need to worry about losing money due to misspellings. There is only a 1 in 4.3 billion chance that you accidentally type a different valid bitcoin address. Uncompressed private keys in the Base58Check format always starts with the prefix 5, and are 51 characters long (also called Wallet Import Format format, WIF). A bitcoin address always starts with the prefix 1 for normal addresses, and the prefix 3 for multisignature addresses (or actually pay to script hash addresses). A bitcoin address is usually 34 characters long, but 33 characters is not uncommon, and they can be even shorter if the number the Base58Check formatted string represents has many leading zeros, in which case some characters can be omitted while still being a valid bitcoin address.
Always use open source bitcoin software
A bitcoin wallet is simply a set of private and public keys (or bitcoin addresses) handled by a piece of software or stored on some other medium. It is extremely important that you use a good random generator to generate the private keys for your bitcoin wallet. The best way to ensure that is to use reputable open source software available on GitHub. Anyone with enough programming skills can look at the code behind the software to see that the software program does what it is claimed to do, and that there is no backdoor or hidden functions in the code. You can also see the history of every change in every single line of code and who contributed those changes, and if you want to you can propose changes to the code or copy the code and build on it in your own direction. All of the software recommended in this article is open source.
It is very important for your security that you always use software that is open source for generating all your keys, and for storing and handling your bitcoins on your computer, on a hosted server, or on your smartphone.
Now let’s go through some important concepts relating to bitcoin wallets.
If you store your private keys to your bitcoins in a way where they never been on a device connected to the internet, it is called cold storage. This means that you must generate the private keys that you intend to use for cold storage on a device with no access to the internet. For guides on how to do that, follow the links in the paper wallets section further down.
This is the most secure way to store bitcoins and should be the preferred method for any larger amounts of bitcoins that you want to keep as safe as possible. By holding your bitcoins in cold storage, you transfer the problem of securing your bitcoins from a information security problem to a physical security problem, which is usually easier and more intuitive to handle for most people.
You can easily send bitcoins to your wallets in cold storage through their bitcoin addresses, but in order to transfer your bitcoins out of cold storage you have to input the private keys into an internet connected device running a bitcoin software program. Because of the security risk in exposing the private keys to an internet connected device, and the issue with change addresses (that will be explained further down), you should for increased safety, always transfer the entire bitcoin amount that you stored with those private keys (not just a partial amount) to a new bitcoin address for which you hold the private key.
When you store your private keys to your bitcoin wallets on an internet connected device, such as a computer or mobile phone, it is called hot storage. This is a less safe, but also much more convenient way to store bitcoins, since you easily can spend them right away. You should not store more bitcoins than you intend to spend in the near future in hot storage.
Multisignature is a system to require the input of M of N private keys in order to authorize a transaction. The most common variant is to require the input of 2 out of 3 private keys. Multisignature is very useful for securing accounts and for escrow transactions where e.g. the buyer holds one key, the seller one key and a trusted third party holds one key. If both seller and buyer are satisfied they can just sign with their two keys and there is no need to involve the third party. If there is a dispute between buyer and seller, the third party can step in to arbitrate and settle the transaction by signing with the third private key to resolve the issue in favor of either the buyer or the seller. Multisignature support was implemented in the Bitcoin protocol in the end of 2011 as the first standard Bitcoin Improvement Proposal (BIP 0011). The functionality of multisignature transactions is accomplished through a special transaction type called pay to script hash (P2SH) which gives limited ways of programming transactions, and multisignature transactions is the most common application of P2SH.
HD Wallets and Mnemonics
The acronym HD stands for Hierarchical Deterministic, and it is a system that enables all the private keys and bitcoin addresses that you need in your bitcoin wallet to be generated from a single seed key in a deterministic way. This enables you to backup and restore your bitcoin wallet with all your addresses using only the seed key. The functionality for this was introduced in the end of 2012 through bitcoin improvement proposal 0032. Many HD wallets use 12 randomly selected English words as the seed for generating all the addresses you use in your bitcoin wallet. This mnemonic system was created in late 2013 as BIP 0039. Using this system, you only need to keep these 12 words safe in order to restore your bitcoin wallet, and if somebody knows your 12 words they can easily steal the bitcoins you keep in that wallet. HD wallets generally generate a new key-pair automatically for each new transaction, which is very good from a privacy point of view.
To really understand how bitcoin payments work you need to understand change addresses. When you make a bitcoin payment you always send all of the bitcoins associated with the address you use for the payment. If one of your addresses contains 0.2 bitcoins and you want to transfer 0.05 bitcoins, this means that 0.15 bitcoins will be returned to you in change. For privacy reasons, the change should always be returned to a newly generated address that you control instead of one of your previously used addresses. Otherwise it is very easy to link together all the different payments that you have done by analysis of the blockchain. In the worst case scenario you could actually lose bitcoins in different ways if you are unaware of how change addresses work in combination with how the particular software you are using handles change addresses. Here is a very good article about ways of loosing money because of misunderstandings about change addresses. Modern bitcoin HD wallets handles this automatically so you don’t have to worry about it. However, it is good to be aware of this aspect.
Now that some important concepts have been explained, let’s look at specific mediums to store your bitcoins.
Mobile wallets to store bitcoins
There are many good mobile wallet apps available that you can download to your smartphone. Mobile wallets are very convenient for storing small amounts of bitcoins for every day purchases. Mobile wallets are hot wallets since your phone is connected to the internet, which is a less secure way to store bitcoins. For this reason you should only keep small amounts of bitcoins on your phone. Some good alternatives are:
- Mycelium Bitcoin Wallet (Android)
- Airbitz (Android & iPhone)
- Copay (Android & iPhone)
- Breadwallet (Android & iPhone)
Why not download all of them and try them out with small amounts of bitcoins to see which one you prefer? Or perhaps you prefer exploring other alternatives.
Paper wallets to store bitcoins
A paper wallet simply means that you store your secret private key either in plain text or encrypted on a piece of paper. This is a good way to store large amounts of bitcoins safely in cold storage. You should always try out your storage method with a tiny amount of bitcoins before you transfer any larger amounts to make sure that everything works the way you intended and that you can transfer the bitcoins out to another address at a later time. For added security, you can also divide the keys and store them on different papers in different locations so that you need M of N (e.g. 2 of 3 or 5 of 7) of the partial keys in order to transfer the bitcoins out of cold storage. If you want to take this advanced approach you can split the keys using the Shamir’s threshold secret sharing scheme using the open source tools available at PassGuardian. Here are two good sources for creating paper wallets.
This is a good open source tool for generating secure offline bitcoin wallets, but it doesn’t explain best practises of doing so on the web page itself. Here is an excellent guide that walks you through all the steps and pitfalls that you should know about for generating paper wallets so that you end up storing your bitcoins safely.
This is another good option which is open source and based on the above bitaddress.org open source code, and it also explains how you should generate your paper wallets safely offline.
Brain wallet to store bitcoins
A brain wallet refers to when you memorize the private key to a bitcoin wallet in your head. This should be done using a 12-24 randomly generated word mnemonic for the seed to a bitcoin wallet. You should only use this method of storage if you have generated the list of words for the seed in a random fashion and you make sure that you will never forget the words. A good open source tool for this can be found here:
Here you can generate a random 12-24 word mnemonic seed for your secure bitcoin wallet, but do it offline!
Another much (much!) less secure way of generating a brain wallet is for you to choose a passphrase (a string of characters) which is then run through the SHA-256 algorithm to generate a number in a deterministic way which is then used as the bitcoin private key. This way of producing a brain wallet is by definition not a random process and thus it is much easier for a hacker to crack. You should never use this method for producing a brain wallet because humans are terrible at coming up with good passphrases. Look at this slide share by Ryan Castellucci to understand why brain wallets generated by non-random passphrases are a terrible idea.
Here you can listen to an intriguing short, near future, science fiction story about a boy who saves his family’s wealth using a brain wallet that he learnt to remember in the form of a song.
Hosted web wallets to store bitcoins
There are different companies offering hosted bitcoin wallets, where your private keys are stored encrypted on a server, and you use a password and two-factor authentication in order to access your encrypted bitcoin. Using these services you decrypt your private keys in the web browser in order to spend your bitcoins, and you are the only one with access to your private keys. Two good alternatives are:
Hardware wallets to store bitcoins
A hardware wallet is a dedicated device for storing and generating private keys that never can leave the secure environment of the hardware wallet. A hardware wallet, together with an online web wallet, with support for the hardware wallet interface, combines the security of cold storage with the convenience of an online wallet, by handling the signing of the transactions using the dedicated offline hardware wallet device. There are only a few hardware wallets on the market so far, so I will just mention two of the most popular. Buying a hardware wallet is the only time you actually have to pay a little bit of money (~$50-100) for securing your bitcoins, but in return you get the best combination of security and ease of use.
Desktop wallets to store bitcoins
For most people, there is really no need to use a desktop bitcoin wallet. Desktop wallets can be useful for advanced users, corporate users, or Bitcoin developers who need to use advanced features that are only available in desktop wallets. However, you can always try out desktop wallets if you know how to make sure that your computer is free from viruses, trojans and malware that could otherwise steal your bitcoins. One use case for less advanced users can be to have a dedicated computer that you make sure is clean and has no connection to the internet, for generating private keys for your cold storage needs. Some of the most popular bitcoin desktop wallets for Windows, Mac and Linux are:
Here you can find a more complete guide to available bitcoin wallet software
Don’t leave bitcoins on your exchange accounts
Bitcoin currency exchanges such as e.g. Bitfinex, Bitstamp, OKCoin, Kraken, Coinbase, LocalBitcoins etc. are excellent for buying bitcoins, but they should not be used to store your bitcoins, since you do not control the private keys. When you keep bitcoins on your account on an exchange, you are essentially borrowing your bitcoins to the exchange with little recourse if the exchange gets hacked or shut down. Remember Mtgox!
Don’t put all your eggs in one basket
It is strongly advised to divide your bitcoin savings between different storage methods and not put all your eggs in one basket. Storing bitcoins safely is still quite complicated and you can never be 100% sure that the wallet you use is 100% secure, and fool proof, or that the private keys generated through a particular piece of software was truly random and secure. For this reason, you should divide your bitcoin savings between different storage methods.
A simple recipe to store your bitcoins safely
A recommendation if you just want a simple recipe that works well.
For your daily bitcoin spending needs, use:
For larger amounts or long term storage, divide your bitcoin savings between:
I hope you find this guide useful and that you now are better informed and ready to take control over your economic future, and take it out of the hands of the corrupt corporatist banking and political system.