Not long ago, South Korean Cryptocurrency exchange Coinrail got hacked and lost $40 million. This is not the first time this has happened, and every time it does, I hear from people outside the crypto world saying, “See, cryptocurrency is not safe. That is why I don’t invest.” For this reason, I want to quickly clarify why these losses have nothing to do with the incredible safety and security that cryptocurrency boasts, and the steps every crypto investor should be taking to keep from undermining that security.
Crypto is not unsafe, but where you put it can be.
So how do people lose their cryptocurrency assets due to hacking and malware? It’s because they don’t store their assets in a safe location.Cryptocurrency isn’t a tangible asset. It is purely digital. In other words, it doesn’t really exist except as a series of transactions in the blockchain on the issuing company. It can only be accessed by the use of the public and private keys issued to each individual customer. It is through these keys, and through these keys only, that cryptocurrency can be accumulated or spent. So where can these keys be found?
They originate in the blockchain, and it is essentially impossible to hack a blockchain. Perhaps someday, through the use of quantum computing, a hack will be possible, but by that time additional safeguards to prevent this will be in place. Not to mention that the blockchain record is widely distributed across thousands of computers. The very architecture of blockchain technology makes hacking impossible.
Most of the private and public key vulnerabilities exist in exchanges, and all the major losses of cryptocurrency to date have been due to the hacking of exchanges, not the blockchain. Exchanges are where fiat currency is traded for cryptocurrency, cryptocurrency is traded for fiat money, and one cryptocurrency is traded for another. They are like middlemen in the cryptocurrency marketplace. Think of exchanging your dollars for yen at the airport. Unfortunately, exchanges do not use the same distributed blockchain technology that protects your assets at their initial source. This is where the major vulnerability lies.
For this reason, it is problematic to leave your cryptocurrency assets in an exchange. This is where your wallet comes in. If you want to play in the cryptocurrency market, you’ll need one. Since cryptocurrency is entirely electronic, your wallet is also digital in nature. It is actually a software program that you must install locally. It doesn’t hold currency or anything tangible like the wallet in your pocket. Instead, it contains the public and private keys that enable you to interact with your cryptocurrency assets. Using your wallet, you can store your cryptocurrency assets, send your cryptocurrency to merchants or friends, receive cryptocurrency from others, and keep track of your current balances.
Every time you receive cryptocurrency from someone, the ownership of that currency is reassigned by the sender to you, using your public key. The private key stored in your wallet is then matched against the public key that was used by the sender. This matching is all done automatically and electronically within the blockchain. If the two keys are found to match, then your wallet’s balance increases appropriately, while the sender’s wallet’s balance decreases by the same amount.
Sounds pretty simple? Well it is. However, there are some nuances that you should definitely be aware of.
First off, many cryptocurrencies require their own unique wallet. They will not accept transactions based on any other currencies. If you intend to work with more than one currency, you will probably need more than one wallet. Even when a cryptocurrency is able to be stored in a variety of wallets, it is generally a good idea to use the wallet that is officially endorsed by that specific cryptocurrency. It’s understandable that for the sake of convenience it might be easier to use a “universal wallet” (one that accepts many types of cryptocurrency), but again, there may be tradeoffs with respect to ease of use and security, and no wallet can accept all cryptocurrency types.
There are five major types of wallets: desktop, mobile, online, hardware, and paper. Each has its advantages and disadvantages, so you should familiarize yourself with each before deciding which type or types will work best for you. Also consider the distinction between “hot wallets” and “cold wallets”. Hot wallets are wallets that are connected to the Internet, while cold wallets are not connected from the Internet. Obviously, a wallet that is not connected to the Internet is going to be more secure. If you frequently use your cryptocurrency as you would use cash, then a hot wallet is going to be more convenient. If you primarily want to hold on to your assets for the long-term, then a cold wallet may be the best choice.
The desktop wallet is the most commonly-used wallet type. You download wallet software directly to your computer, which then connects you directly to your cryptocurrency client. It’s important to understand that this is the ONLY computer that can use that wallet, so you might want to put some thought into which computer you are going to use to store it. It’s probably not a great idea to use your work computer, nor a public computer, nor one at home that’s used by multiple people. While your wallet uses some of the most secure technologies existing, if your computer gets stolen, hacked, infected, or subject to unauthorized access, you could lose the entire contents of your wallet. Forever.
The mobile wallet is downloaded as an app on your mobile phone. The obvious advantage to the mobile wallet is (duh) it’s mobility. You can take it with you anywhere and use it anywhere, which is the epitome of convenience. Mobile wallets are usually simpler and more streamlined than desktop wallets, due to the limited storage space on mobile phones. That may or may not be an advantage depending on the features you need and the level of your sophistication in using your wallet.
Online wallets live in the cloud, so you don’t download any software to a device. You simply access the cloud directly. Keep in mind that data on the cloud lives on servers owned and controlled by third parties. Because of this, the decentralization and democratization inherent within the blockchain is compromised. This makes the contents of your wallet somewhat more vulnerable to hacking and catastrophic failure. However, online wallets have the advantage of being able to be accessed from anywhere and from any device.
Hardware wallets generally make use of portable devices such as USB or thumb drives. When the USB drive is inserted into a computer, you can then access your online client and execute transactions. The wallet’s contents are portable and can be used anywhere and with any computing device that supports them. Because they are then taken offline, they are also significantly more secure than online wallets.
If proper steps are taken to safeguard them, paper wallets are considered to be the most secure of all wallet types, and in some ways the easiest to use. Paper wallets consist of a paper printout of your private and public keys, usually in QR code format. Interestingly, the printout has a certain resemblance to fiat currency, so some may find this reassuring. The printout is generated by a special piece of software that can be easily deleted after the keys have been printed, leaving no trace behind. The printout must, of course, be stored in a highly secure location, as it permits full access to your cryptocurrency assets. But it gives you 100% control over these keys, without having to depend on hardware, or worry about malware and hackers.
Sadly, there are also malware wallets out there, and you need to beware of these. They masquerade as genuine wallets, but they are not, and your cryptocurrency assets will be in jeopardy if you use them. For this reason, it is highly recommended that you only download wallets from highly trusted sources.
It also goes without saying that you should never share your private key or passwords with anyone ever, and never type them in to any program other than your wallet. Your wallet is the only place you’ll ever legitimately need them.
Lastly, it’s important to recognize that if your private key is lost, stolen, or destroyed, the cryptocurrency that it accesses is gone forever and is unrecoverable. This applies to all the types of wallets listed above. It is also true that if your wallet is hacked, you may also lose everything, and you will have little recourse. So putting proper security in place, treating your wallet with care and respect, and operating with your eyes wide open are all essential to a successful experience with cryptocurrency wallets.