Du kannst auch die deutsche Version dieses Artikels lesen.

Understanding the concept of owning Bitcoin or other cryptocurrencies can be a challenge in the beginning. These are purely digital assets and the ownership is defined by holding a secret — the private key — to access them.

Keeping a digital secret, while still having access to it, is surprisingly hard. For cryptocurrencies this is of special importance. If someone gains unauthorized access to your secret (a long number stored somewhere), all your funds can be gone. In the beginning of Bitcoin, with people storing their private keys on their regular computer, Reddit was full of stories about big losses and hacks.

There are multiple ways to deal with the challenge of securing your funds: one is to outsource the whole security by leaving your funds on an exchange. Having a dedicated computer that never, ever connects to the internet is another. Using a hardware wallet — a little dedicated security device — is the best option for regular users, as it provides secure key management while keeping your funds accessible and usable.

Let’s dive into the various storage options. For many Bitcoin and cryptocurrency users there is a natural progression through the following stages, as they secure more funds and deepen their understanding of how these technologies work.

1. Buy bitcoin and leave them on an exchange

Dealing with exchanges is convenient and the starting point for many users new to the field. Why is it not great to leave your funds there?

If you don’t have the private keys to your bitcoin, you don’t actually control them. The exchange simply has an obligation to give you some bitcoin if you ask them. Exchanges get hacked all the time, they can go out of business or refuse your withdrawal due to some regulatory issues. If you don’t actually control the keys to your bitcoin, all you have is an IOU of a third party.

“Not your keys. Not your coins.”

2. Install a software wallet

The next-best thing you can do is to take control of your bitcoin keys. For that you need a wallet application. Installing a wallet on your computer or mobile phone is ok for a limited amount of funds, much like the money you carry around in your physical cash wallet everyday. But it’s important to understand that the secret keys to your bitcoin are exposed. If a malicious mobile app or a virus on your computer gets access to these keys, all funds can be stolen.

3. Use a hardware wallet

A hardware wallet like the BitBox02 is a dedicated device with a secure screen and has two main goals:

  1. keep your private keys safe from any form of unauthorized access and never expose them to a networked device, and
  2. independently verify and explicitly show on its screen what the wallet is signing.
Verify and sign a transaction on the BitBox02

To interact with the hardware wallet you are still using a wallet application on your computer or mobile phone, but that application does not manage any private keys. It just prepares transactions that are then signed directly on the hardware wallet, or lets you create new receiving addresses that are verified on the hardware wallet. Your private keys never leave the device.

4. Custom setup with dedicated hardware

Most users never get to that stage, which is for experts only, and in our opinion that’s a good thing. Custom setups like the Glacier protocol involve buying separate laptops, removing the networking cards, and installing the wallet software on this laptop that must never be connected to the internet. This is a valid way of securing your keys for advanced users, but setting it up takes a lot of time and is very error-prone. Taking one shortcut or making one mistake can compromise the whole setup. Accessing the funds is cumbersome, so this is mostly an expensive expert option for long-term storage.

Sidenote: paper wallets and pre-generated keys

Although using paper wallets was popular in the early days of Bitcoin, it is no longer considered a safe solution. They are hard to create and print without touching a networked device (insecure), encourage reusing addresses (bad for privacy) and must be spent as a whole in a single transaction (potential for human error). The same goes for professional paper or metal “wallets” that already come with a pre-created private key. These are nice to look at, but should be considered compromised from the start.

For most users, a hardware wallet is simply the safest choice. It comes as an “all-inclusive” package including guides and tutorials, minimizing user errors. Creating a backup of the seed (the one secret number) secures all different digital assets at once. If you lose the hardware wallet, or if it gets damaged, you can restore all assets from your backup on a new device. It also makes it much more secure to use web wallets like MyEtherWallet.

It’s common to use a combination of the above options to store your funds.

  • Install a mobile app on your phone for everyday spending. With Bitcoin, that can even be a Lightning wallet that also supports on-chain transactions.
  • For significant amounts, use a hardware wallet at home for sending or receiving larger sums on a regular basis.
  • For long-term savings, a separate hardware wallet with an additional passphrase, stored somewhere that cannot easily be accessed, adds additional security.

Not every hardware wallet is the same. They protect against different threats and have different trust models. Some products, for example, don’t use hardware specifically designed with security in mind. Others use software that is not open-source, so you need to trust the code of the manufacturer to be secure.

Whatever your choice, it’s important to know what threats are “in scope” or “out of scope” for the hardware wallet of your choice. For the BitBox02, our threat model outlines what we protect your funds against. This information should be available from every other manufacturer as well.

We believe that with the BitBox02, designed to protect against physical access with a secure chip, using only open-source firmware and paired with an intuitive user interface to interact with the device, our users get the best combination of ease-of-use and security.

Don’t own a BitBox yet?

The BitBox02 comes in two editions: the Multi edition that supports multiple crypto assets and can be used as a second-factor authenticator. And the Bitcoin-only edition, which features a radically focused firmware: less code means less attack surface which further improves your security when only storing Bitcoin.

Grab one in our shop!

Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.