Security of Bitcoin and Cryptocurrency Wallets

The objective of this article is to treat readers as beginner users and provide them Step-by-Step guides on capturing and securing their digital wealth.

A cryptocurrency user should be able to:

• Learn how to buy/sell Bitcoins and other cryptocurrencies through exchanges and Bitcoin ATMs.
• Understand the capabilities of the various kind of e-wallets and be able to choose the best suitable for them. Keeping the funds within an exchange is not secure.
• Use encryption and additional security features.

USAGE STATISTICS

• More than 36 million Bitcoin Wallets have been created compared to 24 million a year ago according to Statista.
• Coinbase announced 13 million users by early 2018.
• More than 7 million active cryptocurrency users. Approximately 5% of Americans hold Bitcoin.
• A lot of data from emerging markets are missing.
• Bitcoin market capitalization is approximately $160B. Have reached $320B a couple of years ago.
• Not all of these funds are participating in transactions.
• Poor user management can lead to loss of passwords, private keys, theft of coins etc.

Bitcoin, as the most popular cryptocurrency, is still lacking adoption compared to traditional finance solutions like:

• Visa - 336 million American users and another 736 million users globally.
• PayPal - 235 million active users
• Mastercard - 35.7 million American users and another 604 million active international users

Bitcoin’s popularity and adoption is not on a high level yet, however the figures imply that this is likely to happen sometime in the future.

CRYPTOCURRENCY EXCHANGES

Even though hundreds cryptocurrency exchanges exist, there are some certain things to look out before joining one:

Fees: Deposit, transaction and withdraw fees vary from exchange to exchange. Some of them favor mainly larger transactions. All these details are available in each exchange’s website.

Cryptocurrencies supported: Choose an exchange which allows you to buy/sell on a variety of cryptocurrencies other than Bitcoin (e.g. Ether, Monero, Zerocoin, Bitcoin Cash etc.)

Reputation: User reviews from people within Bitcoin communities is the best way to find out all you need to know as this group of people is very active and willing to help. Reddit is a very good source.

Verification Requirements: ID and address verification is required by most exchanges in order to deposit and withdraw. Stay away from exchanges which allow you to remain completely anonymous, as they are the most vulnerable to money laundering and scams.

Payment Methods: Choose an exchange which allows you to deposit/withdraw by a variety of ways (e.g. credit card, debit card, wire transfer, PayPal, AstroPay etc.)

Exchange Rate: The exchange rate varies among different exchanges. It is recommended that you have access to 2-3 exchanges if you want to benefit from arbitrage opportunities.

Geographical Restrictions: Make sure you join an exchange which allows you to gain full access and use all the functions available.

CRYPTOCURRENCY ATM'S

Almost 5200 Bitcoin ATM’s exist in 77 countries - https://coinatmradar.com/

One-way BTC ATM: Only fiat money to Bitcoin is supported i.e. a user can only buy Bitcoins/Cryptocurrencies

Two way BTC ATM: Both fiat money to Bitcoin, and Bitcoin to cash transactions can be done i.e. a user can buy and sell Bitcoins/Cryptocurrencies

• Two way Bitcoin ATM’s are becoming popular
• 1%-2% of the transaction costs goes to the manufacturing company
• Price depends mainly on how many cryptocurrencies they support and how many bank notes they can hold (usually vary from $9K to $13K)

WALLETS (ULTRA IMPORTANT)

Avoid storing your cryptocurrencies with an exchange which has proven insecure on the past, even for a limited amount of time, in case you do not wish to actively trade or withdraw these funds. Storing funds in an insecure exchange is similar to storing funds in a bank. It may sound safe but there is some exposure.

Third-party risks include:

• Fraud (your provider may not be trusted)
• Security (numerous attacks in the past)
• Financial health (if you provider fails your wealth may be lost too)

Use a secure-proven exchange only for trading and deposit/withdraw purposes and enable 2-factor authentication from the security settings.

Web Wallets

Least secure choice, after exchanges

Examples: BitGo, Green Address, Circle, Blockchain

Web wallets store your private key(i.e. password) for you on their servers. May come by a mobile application or using your browser on a personal computer

+ Easy access to your coins from any device

+ Third party takes the responsibility of your funds

• You are trusting a company not to steal your funds and disappear
• You are trusting a company to keep your funds safe from attacks

Desktop Wallets - Full Nodes

Software downloaded and installed on a PC or laptop. Full nodes (such as Bitcoin Core). i.e. the whole blockchain is downloaded on your computer

+ Contributing to the maintenance of the decentralized Bitcoin network

+ Full control and protection, especially if private keys are encrypted with strong passphrases and regularly backed up

+ More rewarding for hackers to target central servers to steal many people’s coins than to target each individual’s computer

• A bit vulnerable to Internet attacks, such as spying, malware or computer malfunctions. Do not let anyone steal or hack your computer
• Take days to download and synchronize
• No need for average users – Disk space requirements

Desktop Wallets - Lightweight Client

Software downloaded and installed on a PC or laptop. Desktop wallets can be lightweight (such as Electrum): Refer to full nodes in order to verify transactions

+ Only a part of the Blockchain is downloaded – then connect to full nodes and only receive transactions that are needed for their operations

+ All the advantages of a desktop wallet without the hassle of running a full node

+ Less hard disk space and less bandwidth compared to a full node. Private key is still held on your computer

+ Some can hold a wide range of coins/tokens

• Cannot verify transactions as it does not store a full copy of all transactions. Therefore must trust the third-party servers that they access the Bitcoin network and not a malicious third party which might spy your transactions.
• Still a bit vulnerable to Internet attacks, such as spying, malware or computer malfunctions. Do not let anyone steal or hack your computer

Mobile Wallets

Installed on a mobile device (examples: BRD for iOS and Coinomi for Android) – usually operate as a lightweight client or a web client

+ Portable, easy and comfortable - The smartphone’s camera scans the QR code of the receiver/merchant and transfers the coins.

+ Good for day-to-day transactions

+ If mobile device is lost or stolen the funds are not gone, just like an ordinary physical wallet. Backups are required by most wallets (usually a 12 word mnemonic phrase)

• If the battery is too low, or the device is switched off the payments are affected.
• Do not type your PIN when the device is visible to others.
• Choose secure-proven wallets. 

Paper Wallets

Documents that contain pairs of public and private keys. Must be stored on a safe place, make at least 2 copies.

+ Protection from cyber-attacks or hardware failures. Can be generated offline.

+ Ideal for long term storage of funds and gifts

• Loss, theft, paper destruction e.g. water
• Must be imported to software at some time, unlike hardware wallets
• Must specify the “change” address when spending a part of the funds or else you risk losing the remaining balance, because of the way Bitcoin treats change in transactions. Tip: always check your balances online before storing or destroying a paper wallet.

Hardware Wallets (safest option)

Act as a safe lockbox. Examples: (Trezor, Ledger Nano)

+ Extra security (not connected anywhere and cannot be hacked like a computer)

+ Private keys generated, stored within the device and never leave the device

+ Access wallet content with a PIN. Transactions signed within a PIN protected external device – does not need to be imported to software

+ Backups are required by most wallets.(usually a 12 word mnemonic phrase)

• Less convenient than mobile wallets for day-to-day transactions
• Do not lose both the device and the backup mnemonic phrase
• Buy from original stores

Both novice and experienced users should pay attention on securing their digital wealth. Proper measures of protection require significant investments in time and care.

Important tips:

1. Select an exchange which suits your needs
2. Do not store your long term wealth in an insecure exchange
3. Select one or more types of wallets which suit your needs
4. At least a hardware wallet is essential if you own a significant amount of cryptocurrency funds
5. Encrypt your wallet (Encryption is provided as standard in most wallets and must be used at all times. Encrypting basically means choosing a password that provides access to your funds). NEVER FORGET YOUR PASSWORD
6. Safest Option: Hardware Wallet
7. Browser-based light clients (which can also come in mobile applications) like Metamask which is able to offer decent security and access to a variety of ERC-20 tokens and collectibles.

* The content is part of academic material I have prepared for the free online course "Introduction to Digital Currencies" - https://www.unic.ac.cy/blockchain/