Safely storing your crypto assets involves a different set of challenges than keeping your cash, stocks or bonds secure. Crucially, many crypto assets are not recognized legally by governments in the same way that cash, stocks, bonds or other investments are, and legal remedies for damages and restitution may not be available if your crypto assets are stolen, lost or destroyed. For instance, the FDIC does not insure assets issued by non-bank entities such as crypto exchanges. Therefore, it’s important to learn about the different ways to safeguard your crypto assets.
Wallets and Keys
Two terms that you’ll quickly come across if you purchase crypto assets are wallets and keys.
Wallets are hardware, software or even paper that let you store, access and manage your crypto assets. Because the ledger of ownership of your crypto assets technically resides on the blockchain, your crypto wallet doesn’t actually hold any assets. Rather, crypto wallets validate ownership of your crypto assets and offer the means to receive, store, use or transfer your crypto assets.
With respect to the validation of ownership of your crypto assets, this is where keys come in. They are, quite literally, the keys—a public key and a private key—that work in tandem and enable you to access your crypto assets.
Think of a public key like you would an email address: It identifies the “location” of your wallet, and you use it to receive or send crypto from or to another wallet address. While anyone can send transactions to your public key, you need the matching private key to “unlock” them.
A private key is a secret key—a long alphanumeric code—that represents your personal way to access crypto assets from your wallet. You use your private key to access your crypto assets and approve the transfer of those funds via the public key. Your private key amounts to a password, and it’s an essential component of storing your crypto assets. It’s extremely important to safeguard your private key—lose it, or have it stolen, and you might lose access to your crypto assets.
These days, it’s common for wallets—particularly those that store multiple addresses and types of crypto—to issue what’s known as a “seed phrase.” Think of this as your emergency backup to restore or recover funds, which is why it is sometimes referred to as a “recovery key.” Unlike public and private keys, your seed phrase doesn’t allow you to store or make transactions, but it can help protect your funds. Like your private key, you’ll want to keep it safe, such as in an actual safe or a bank safe deposit box.
Hot or Cold?
To store and transfer crypto and associated keys, you can use a number of different methods including mobile applications, third-party online services and specialized hardware. Remember that we said wallets can be software or hardware? Wallets connected by your phone or computer via software to the web are referred to as hot wallets, while cold wallets are paper or use hardware, such as a hard drive or USB device, that generally aren’t connected to the internet. There are pluses and minus to both.
Hot wallets. Using hot wallets to trade crypto assets is relatively easy, and the storage usually comes at no charge. In addition, hot wallets are convenient: You don't have to memorize your private key, write it down or store it elsewhere since access to these wallets is usually through a traditional password that doesn’t involve keys. Hot wallets offer the means by which you can receive, store, use or transfer your crypto assets and validate ownership of your assets.
That said, hot wallets, like any service connected to the internet, are vulnerable to hackers and malicious code. Hot wallets associated with crypto platforms have been targets of cyberattacks. Also, desktop and mobile app wallets that store keys locally on a device are susceptible to loss, destruction and theft. For example, if you lose your phone that has a mobile app wallet that stores your cryptocurrency keys, you may permanently lose your crypto assets.
Cold wallets. These tend to be better for long-term storage and more difficult for malicious actors to hack because they’re disconnected from the internet. Today’s hardware wallets are often specialized security devices that not only store passwords, tokens and keys, but also offer security features designed to protect this information. There’s a cost for cold wallets in the form of whatever you pay for your storage hardware. A paper wallet is merely a piece of paper on which the cold wallet private keys are recorded. It’s possible to print your keys (i.e., the alphanumeric code) on a piece of paper, but this isn’t recommended. Your funds could fall into the wrong hands or be vulnerable to destruction or accidental loss. Storing your private key or seed phrase in a file connected to the internet (such as Google Drive) also isn’t recommended as hackers routinely look for such devices.
While cold wallets can be kept in a physical safe or bank safe deposit box for added security, they’re vulnerable in other ways. Hardware wallets can break down, suffer functionality defects or get lost or stolen. And hardware wallets aren’t totally immune from sophisticated hacking techniques.
Crypto assets present a new set of challenges when it comes to keeping them safe and secure. Crypto hacks and thefts usually occur when a bad actor gains illegitimate access to a person’s private key. This can happen by imposter ploys, where cybercrooks pretend to be reputable firms, such as businesses or government institutions, to infiltrate your computer. Malware and ransomware are other ways to gain access to your crypto assets: Malware locks a person’s computer when they open a suspicious link or attachment and requires a ransom payment to unlock it. Similarly, phishing attacks release malicious script designed to find seed phrases or private keys stored on a person’s computer.
These kinds of attacks, and more, mean how you protect your private keys determines the security of your assets. Do your research into the type of technology, platform or service you might use to store your keys. Know the pluses and minuses of each storage option—and remember that if reasonable measures aren't taken to properly secure your assets, you may lose some or all of your investment.
Learn more about cryptocurrency and other digital assets.