Note: this article, highly edited for their audience, originally appeared on MoneyWeb Crypto titled: “Why Leaving your Bitcoin on an Exchange is like Leaving Money Under Your Mattress”
Here it is in it’s original form, before it was edited by their team for their audience:
Discussing Bitcoin Security & Storing Your Wealth
Sometimes when we think of Bitcoin, we think of it as an additional product in the financial world.
Unfortunately, this could not be further from the truth. In fact, one of the reasons Governments and Financial Institutions have been so weary of opening their arms to this technology is their inability to actually control it.
It’s all about Control
Bitcoin was created specifically to remove the role of external governance and to create a decentralized, autonomous organization. The creation of Bitcoin delivered control of the asset directly to us, the consumer.
Of course, this sounds wonderful – if we are willing to accept all the responsibility and risk of taking self-custody of our wealth. It’s tantamount to withdrawing all your cash and piling it under your mattress – except now our investment is tied into immutable computer code which has its own complex management systems to discover.
No Institutional Protection
With traditional money, the bank secures the balance, a broker oversees our investment portfolios and I store my high-value assets in a safe or secure location. Bitcoin has none of these regulated role-players with their respective oversight bodies. In finance, these custodians are established to keep our money safe – and mostly do just that.
Custody is one of the topics often neglected when we first start exploring Bitcoin. When I first risk a few hundred rand on this new asset class, it’s not worth spending too much time on understanding the security aspects.
What happens all too often is that we get swept off in a bull run or start adding to an online Crypto Exchange account without considering the risks involved once our investment becomes a larger portion of our wealth.
Time to Level Up
Discovering the intricacies and elements of Bitcoin security can be incredibly rewarding in the long run, should you decide to stay invested in this still-emerging digital asset. It is estimated that up to 3.7 million bitcoin (around R2.4 trillion) are already lost due to poor knowledge (or implementation) of how Bitcoin security works.
There are different levels of security, and increasing costs involved in the more advanced options. It makes sense to select an option that delivers an appropriate level of risk for the size of the investment. In many cases, the first level is where most of us find ourselves – and an upgrade is simple enough. Let’s explore the gradients of Bitcoin Security options available to Bitcoin users today.
Getting Started: Custodial Wallets
When we’re just getting started most of us will simply leave our Bitcoin on the exchange or platform we used to purchase it. This leaves our Bitcoin in the complete control of the company running that exchange. Most exchanges will include a limit of liability for hacks or loss in their terms of use.
One of the greatest risks with outsourcing the custody of your bitcoin is that you have very little recourse should the exchange close down (or the “Investment Manager” simply disappear).
Remember, these exchanges are generally not regulated or insured by any Reserve Bank. Each year there are multiple exchanges around the world who close, leaving their clients as creditors with significant losses.
Entry Level Self Custody
The first level of actually taking ownership of our bitcoin is the entry point where we first discover some of the complexities of bitcoin security.
With a software wallet we’ll have our first encounter with a real Bitcoin Wallet. This will be secured by a Seed Phrase (also sometimes called a back-up phrase). This is a series of 12 or 24 words which are presented when we open a new wallet on an application such as “Blue Wallet” or “Green Wallet”, found among many others on the App Store or Google Play Store.
This Seed Phrase is the backup which connects our wallet with the Bitcoin Blockchain – and it will allow us to restore our wallet if we lose our login details or phone. It’s also the most important element in bitcoin security and will allow anyone to empty the newly created wallet if they have all the words in the correct order.
Without a Seed Phrase, I don’t actually have custody of my Bitcoin.
The “Seed” needs to be securely kept, offline where nobody can access it. Best practice is to never store it digitally or enter it into a computer or phone at any point. Taking a picture of it puts the whole wallet at risk, and transferring it to a printer could allow someone to clear out the wallet.
Anyone with access to the Seed Phrase can spend your Bitcoin – in fact many users of software wallets have been tricked into giving up their Seed Phrase by people “helping them” to perform simple functions in their accounts or sending off a screenshot revealing the Seed.
Once the self custody wallet is set up, a receive address will be generated and we are now able to move our Bitcoin from the exchange account into the new wallet itself.
Hardware Wallets – the next level:
A hardware wallet is the next step in self-custody. These deliver a physical level of security where one must confirm the intended Bitcoin spend on the hardware wallet itself. In addition, incoming funds are received without interacting with the device, which makes it a perfect way to build a long-term investment portfolio with limited risk.
Hardware wallets will, of course, also issue a Seed Phrase, which is vital to keep securely. As the device is generally not connected to the internet or, in some cases even connected to a computer, the risks of a software wallet – computer or phone theft or a virus allowing access to the Bitcoin application – is eliminated.
The weak point will always be the storage and initial saving of the Seed or an attack where you are forced to unlock the device. We must remember that anyone getting hold of the Seed Phrase can spend the bitcoin balance, even without the physical hardware wallet device.
Hardware Wallet 2.0 – an easy upgrade:
A more recent development and largely overlooked feature available on most hardware wallets is the ability to create a 25th word “Passphrase”. This gives us the full security of the Hardware wallet delivered by the 24 word Seed but allows us to create effectively hidden additional wallets secured by a specific (strong) password.
The challenge is to ensure we secure the Seed and the Passphrase(s) separately. It’s also advisable to note that if the Passphrase is lost, the additional wallet will not be recoverable. This level of security must be implemented with care and with some planning to ensure your Estate can find these wallets if needs be!
The one superior advantage of the Passphrase option is that the final word or phrase can be stored online or in plain sight – as it is completely useless without the 24 word Seed or physical device.
MultiSig Hardware Wallets
The ultimate long-term bitcoin security setup is fairly technical, but is well suited to corporate structures and legacy planning. This is the Multi-Signature Hardware Wallet and is accomplished by combining multiple hardware wallets using specialist software.
When using wallets from different manufacturers, this method eliminates the “single point of failure”. I.e. even if one wallet Seed is compromised – the new “synced wallet” will not be at risk. In addition, the setup ensures that a transaction is created by one wallet device and is then transferred to the other synced device to be signed before being sent to the Blockchain.
In effect, it’s like Business Banking for Bitcoin. One person creates the transaction and sends it to another signatory to confirm or release the payment.
Not the best Implementation
Multisig Wallets can be set up with any number of devices and an equal or lower number of required signatories. In a personal use-case I may set up a “2 of 2 Multisig” wallet which uses two Hardware wallets and requires both to sign transactions.
In this system I can keep one wallet at home and another at my office. When I want to spend Bitcoin I need to create the transaction on one device and send it to the other. Then when I am with the second device, I can simply approve the transaction.
The Fort Knox of Bitcoin Security
Multisig wallets give an obvious security when the wallets are separated by distance and outside of the control of any one individual. They can be set up as a “2 of 3” or “3 of 5” arrangement – where multiple parties must approve the transaction.
Where this becomes particularly beneficial is as an example in a 2 of 3 setup, when one of the three wallet holders is unavailable – the other two can still spend the balance from the wallet. Imagine you issue a wallet to your bitcoin custodian, your lawyer and keep one yourself.
In this case, in the event that you pass away – your lawyer and Bitcoin custodian can follow the instructions in your Last Will and Testament and transfer the balance of your wallet according to your wishes.
In another case, should one party lose a wallet or Seed – the other two parties can replace your wallet with a new one on the Multisig setup.
Store Your Seed Carefully
Whatever option you select to keep your Bitcoin safe, it is never advisable to transmit or pass on your Seed Phrase (or the Private Key that it represents). While some people advise on separating Seeds into parts and then multiple locations, this actually creates additional risk should multiple parts go missing.
It is also important to ensure that you check at regular intervals that your Seed security solutions have not been compromised. I’ve helped many people to set up MultiSig solutions and far too many leave this last part to chance.
With all of the complexity of MultiSig wallets, you need to keep your Seed Phrases, Hardware Wallets, CryptoSteel Backups and the setup instruction documents safely and distributed in the correct manner.
No matter how you move forward, make sure you have your Seed Phrase – and perhaps more importantly – that no one else does!
