Bitcoin is on another rollercoaster ride. Over the past few months, the cryptocurrency’s value spiked from $3,000 to over $13,000; at this writing, it stands near $10,000.
Such circumstances encourage people to buy bitcoins in hope of coming out ahead. But Bitcoin’s rising price also draws malicious hackers who see an opportunity to steal the funds of unwary users who don’t know the basics of Bitcoin security.
If you’re new to Bitcoin, these tips will help you protect your digital fortune.
The easiest way to get started with Bitcoin and other popular cryptocurrencies is to sign up with an online wallet such as Coinbase or Binance. Online wallets hide many of Bitcoin’s technical challenges, such as handling private keys and addresses, so they’re an attractive option for people who are less tech-savvy or new to Bitcoin. Signing up for most online wallets takes no more than a few minutes, and accessing your account requires only a browser, username, and password.
Online wallets, however, are not the safest place to store your cryptocurrencies. Anyone with your email and password can access and steal your coins, and bad actors can accomplish this with something as simple as a phishing email. Also, unlike with traditional payment systems, recovering lost bitcoins is virtually impossible.
Here are a few best practices that can improve your wallet’s security:
Most online wallets support some form of two-factor or multi-factor authentication. Enabling 2FA links your account to a phone, mobile app, or physical dongle. If a malicious hacker obtains your username and password, they’ll still need to have that extra factor to access your account.
Most sites support several forms of two-factor authentication, but not all 2FA methods are equally secure. If you rely on SMS passcodes to secure your account, crafty hackers will be able to hijack your phone number and intercept your 2FA passcode. If you’re associating a phone number with your account, it would be best to use a separate, secret SIM card.
Most of us have a primary account for our daily communications—but we use the same email address for our Facebook, Twitter, and PayPal accounts. We share it with friends, family members, and coworkers. They might share it with other people, and eventually, a malicious hacker might obtain it. If your online wallet is tied to this email, the hacker has one of two important pieces of information needed to access your wallet. Use a separate email address for your online wallet—one you don’t use for any other purpose. This minimizes the chance of your account being discovered by a cybercriminal.
Every Bitcoin wallet has one or more “addresses” where it stores its cryptocurrency. Bitcoin addresses are long, unique strings of alphanumeric characters, and each address has a pair of private and public encryption keys. When other users want to send bitcoins to your address, they use your public key. When you want to spend your bitcoins, you use the private key to sign your transaction. The private key proves you have ownership of the bitcoins stored in a specific address. Therefore, the key to securing bitcoins is to keep your private key in a safe place.
By using an online wallet, you’re effectively letting the service provider secure your private keys for you. That’s why it’s so easy to use online wallets. But it also makes online exchanges an attractive target for hackers. Although these companies do their best to protect user accounts, they get breached pretty often.
An alternative to online Bitcoin exchanges is offline wallets, which give you full control of your private keys and will protect you against mass data breaches at Bitcoin exchanges. The trade-off is they’re more difficult to set up and use, and they require more technical knowledge. Offline wallets come in different flavors:
Software wallets are applications you can install on your computer, portable memory drive, or mobile device. A wallet app, such as Electrum, stores private keys on your device and uses them to sign Bitcoin transactions whenever you want to make a payment. If you want complete security with a software wallet, you must install it on a computer that isn’t connected to the internet and transfer signed transactions to an internet-connected computer. The process is more difficult but also more secure.
Hardware wallets are physical devices that generate and store cryptocurrency key pairs. They usually come with an associated app you must install on your computer or your mobile device. When you want to send bitcoins to someone, you have to connect the hardware wallet to your computer or pair it with your phone via Bluetooth. Every transaction is signed on the hardware wallet with the approval of the user. Hardware wallets are very secure because the private keys never leave the device; Trezor and Ledger are two popular options.
Paper wallets are Bitcoin key pairs printed as QR codes on paper. You can create paper wallets at one of several websites such as bitcoinpaperwallet.com. To receive money in your paper wallet, scan the public key with any Bitcoin wallet app and send it to the payer. To send bitcoins from your paper wallet, scan your private key to sign your transaction.
Paper wallets are “cold storage,” which means they’re good for securely storing bitcoins but not very handy for making day-to-day payments. Paper wallets are secure because they have no digital component and they can’t be stolen or hacked remotely. But you must destroy the digital copy of the wallet after you print it, to make sure no one else replicates it.
Using an offline wallet doesn’t mean your bitcoins are absolutely secure. If you leave your private keys in an unsecured place, the wrong person might chance upon them. Also, you might accidentally destroy your keys, which will also result in losing your funds without recourse. For instance, if you lose or destroy your hardware or paper wallet or forget your security PIN, your bitcoins will be lost forever.
Online or offline wallet? The choice is up to you. But choose wisely, and make sure you keep your bitcoins safe.