This article is part of a series on the emerging world of digital assets. Additional articles explore Initial Coin Offerings, digital tokens, the virtual currency regulatory landscape and tips to avoid fraud and scams in this area.
For many of us, certain concepts about how cryptocurrencies work and serve as a means for exchange or investment can be difficult to grasp. One of these concepts is how digital assets are stored and managed. As you might expect, it is quite different from the way you currently manage traditional cash or investments. Here are a few things to keep in mind when it comes to crypto storage and security.
Do your research into the
type of technology, platform,
or service you use to store
Two Types of Keys
First, it is important to remember that your cryptocurrency is represented by a public key and a private key. Think of a public key like you would an email address—this identifies cryptocurrencies you receive and you can use it to send or transfer cryptocurrencies to another individual. A private key is the secret key—an alphanumeric code—that represents your personal way, such as a password, to access your cryptocurrency. Managing your private key is an essential component of storing your cryptocurrencies.
New Security Challenges
To store and transfer cryptocurrency, and its associated private keys, you can use a number of different methods including mobile applications, third-party online services, specialized hardware—even printing your keys (i.e. the alphanumeric code) on a piece of paper. However, because cryptocurrency is, in essence, a piece of computer code, it is vulnerable to hackers, destruction or accidental loss.
Keeping cryptocurrencies safe involves a different set of challenges than keeping your cash assets, stocks or bonds secure. And crucially, because many cryptocurrencies are not recognized legally in the same way that cash assets are recognized by governments, the same safety nets, such as FDIC coverage for bank assets and legal remedies for damages and restitution, may not be available if your cryptocurrencies are stolen, lost or destroyed. Therefore, it is important to learn about the different ways to store cryptocurrencies.
Cold Storage Versus Hot Storage
There are two general methods for storing cryptocurrencies, often referred to as "cold" storage and "hot" storage.
Cold Storage refers to holding your private keys in an environment that is not connected to the Internet. Examples include storing keys on disconnected hard drives, printing or writing them on a piece of paper or storing them on USB drives. You can also use a "hardware wallet," a type of device similar to a USB drive that lets you store your private keys.
While these storage methods tend to prevent your cryptocurrencies from being hacked by a malicious actor, they are vulnerable in other ways. Hardware, such as hard drives and USB devices, can break down, be lost or suffer functionality defects. Paper can be destroyed or burned, and hardware wallets are not immune from hacking. Finally, thieves can steal hardware, paper and other physical means of storage.
Hot storage uses services connected to the Internet to store cryptocurrency keys. While there are a number of hot storage options available, most are described as a cryptocurrency "wallets." Cryptocurrency wallets (different from the hardware wallet discussed above) refer to types of software that can be installed on any Internet-connected device that store your public and private crypto keys. Cryptocurrency wallets include:
- Desktop wallets: Desktop wallets are software that can be downloaded to your PC or laptop that allow you to store your private keys on that computer.
- Mobile app wallets: Mobile app wallets are apps that let you store your keys on your mobile device. Many mobile app wallets allow you to use your cryptocurrencies for small retail transactions with certain businesses.
- Online wallets: Online wallets are a type of software that lets you store and access your keys from any Internet-connected device. In this case, your private keys are stored remotely on third-party servers owned by the provider of the online wallet. You create a username and password just as you would for a traditional online bank account and then you are able to use the software easily. Online wallets are commonly associated with cryptocurrency exchanges, which are entities that facilitate the trading of fiat currency for cryptocurrencies.
Cryptocurrency wallets are convenient because you don't have to memorize your private key, write it down or store it elsewhere. However, a downside of wallets is that they, like any service connected to the Internet, are vulnerable to hackers and malicious code. Desktop and mobile app wallets that store keys locally on a device are susceptible to loss, destruction and theft. For example, if you lose your phone that has a mobile app wallet that stores your cryptocurrency keys, you may permanently lose your investment.
Online wallets that are associated with cryptocurrency exchanges are vulnerable to a number of different risks. Cryptocurrency exchanges that provide online wallets are common targets of cyberattacks. In addition, these exchanges do not work the same way as a registered securities exchange–meaning that your investment might be trading on an exchange that is not subject to regulatory oversight and could be more susceptible to fraud and theft. Moreover, there are many scammers and bad actors looking to lure unsuspecting investors into storing their public and private keys with fake exchanges. Many scammers also pose as fake tech support staff for legitimate cryptocurrency exchanges. Therefore, it is important to scrutinize an institution before using its online wallet service.
Cryptocurrencies present a new set of challenges when it comes to keeping your assets safe and secure. Do your research into the type of technology, platform, or service you use to store your cryptocurrencies. Know the pluses and minuses of each storage option—and remember that if measures aren't taken to properly secure and store your assets, you may lose some or all of your investment.
Subscribe to FINRA's Investor Insights newsletter for more information about saving and investing.