Storing bitcoin in a safe location has its challenges. This is because bitcoins aren’t physically “stored” anywhere. As a purely digital entity, it is not as if they are held in bank vaults or stuffed under mattresses. They are accessible through Bitcoin addresses, which require a set of digital keys for entry. So, the question of how to securely store bitcoin comes down to the security of these keys.
Every Bitcoin address has two keys: a “public key” and a “private key.” Bitcoin addresses are derived from public keys, and these Bitcoin addresses are shared. Think of it like sharing your email address with someone: They can send you an email but can’t get into your inbox to read your mail. Similarly, nobody can get into a wallet and take bitcoins from it with a public key; it can only be used to send bitcoins to. Therefore, it is safe to share.
A private key, on the other hand, represents the ability to access bitcoins belonging to a specific Bitcoin address. This is the key that needs to be secured in a safe place.
Before getting deep into the discussion, it is worth noting that people who don’t want to control their private keys don’t have to. While it is highly advised that Bitcoin users maintain control over their keys, there are alternatives that don’t require this.
The most popular of these are cryptocurrency exchanges. By design, most exchanges have wallets built in to allow for deposits and withdrawals of different assets. By depositing bitcoin into an exchange’s wallet, a user is essentially handing over the control of their bitcoins to the exchange as well.
Doing so comes with a certain amount of risk. Well-known exchanges like Binance, Coinbase and Gemini hold on to cryptocurrencies for millions of unique accounts and, due to their sheer size, are widely trusted to hold onto these assets securely. However, over the years, some smalller exchanges have been vulnerable to hacks, while other, less reputable ones, have lost or even stolen user funds.
Keeping your funds on an exchange as a primary storage facility is generally not advised. After all, the principles that led to the creation of Bitcoin itself are based on principles of financial freedom and personal responsibility. Keeping private keys secure in the hands of people who truly own them strikes the same chord as these principles.
Many consider hardware wallets the safest way to protect ownership over bitcoins. These wallets, as implied in the name, take the form of a physical device that protects a user’s keys by encrypting all the information, and grant access to the user via a password or seed phrase.
The most important quality of hardware wallets is the physical protection of your private keys, as opposed to protecting them on the computer. This is what makes them more secure than every other type of wallet. By removing these keys from an internet-connected computer, it is highly unlikely that hackers or a malicious program can steal your private keys. All good hardware wallets generate keys within the wallet to avoid this type of risk.
Paper wallets are a form of physical wallet but lack the “hardware” aspect that secures your private keys. They are, as implied, printed on pieces of paper. Specifically, these types of wallets have a private key, a Bitcoin address and a QR code representing each, printed for easy viewing on paper. This method of keeping bitcoins safe is not generally advised because of the challenge of generating keys securely. If a user wants to create a paper wallet, they would, for example, need to take extra precaution that the computer from which the keys are being generated has not been infected with any viruses.
If you have a copy of your private key on a computer as well as on a piece of paper, the bitcoins associated with the key are only as secure as the weakest link; if the private key is stolen from one location, the access to bitcoins associated with that key are gone in every other instance.
Any wallet that does not come in a physical format can be considered a software wallet (with the exception of brain wallets, but those can be tricky to secure and aren’t generally recommended). Given the nature of software, though, these types of wallets can exist on any computer, as well as on mobile phones. Some software wallets, called “web” wallets, exist as applications accessible by web browser.
Software wallets typically use encryption, as well as other security measures, to protect private keys on a device. They are considered secure if developed in a peer-reviewed and open-source manner, or by a reliable programmer or organization, and all generally serve the same purpose: sending bitcoin from one address to another. Some software wallets provide an advantage over others in the features they offer. Certain wallets, such as Samourai, offer enhanced privacy options.
It is important to note that software wallets, regardless of the device they are on, are not as secure as hardware wallets given their digital nature. The advantage they carry over hardware wallets is the ease of use when sending and signing a bitcoin transaction (to do this with a hardware wallet, a user would need to physically have the wallet in order to do anything). But software wallets are not the first option for keeping bitcoins in a place of storage for an extended period of time, especially in large amounts. When it comes to storing bitcoin, a hardware wallet, which is removed from internet access entirely, is sometimes the preferred method.