A couple months ago my friend Amanda was asking about the best ways to store bitcoins to avoid getting them stolen. I figured I would extend my Bitcoin ELI5 series with this post and detail a number of best practices that you can use to avoid this fate. If you are a beginner, it may be helpful to first familiarize yourself with the cryptography used in Bitcoin by reading the previous installment Part 3 – Cryptography or at least the second half on public-key cryptography.
For those who are unfamiliar with the inner workings of Bitcoin you should note that there aren’t actually any bitcoins stored in your wallet. A bitcoin is really nothing more than a balance recorded in a publically shared ledger. Transactions are orders to the Bitcoin network to transfer some of your balance from your bitcoin address to someone else’s. The way you prove to the network that you own the bitcoins associated with a particular address is by signing your transactions with the private key that matches that address. Here’s what they look like:
Bitcoin Address: 12CbHSwuMVxbwdGzCZaiLnXgxFBj3YE2ax Private Key: L32qYhUt93qg7MWUSYCUaPKS9qeaKEZquV566Qfh7wZfqqmvZZum
Without the private key, you can’t spend your bitcoins. It is this private key (or keys if you use more than one address) that is stored in your wallet. Needless to say, if your keys are lost or stolen, your bitcoins are gone forever. Hence, why you need to take precautions to prevent that from happening.
Hot Wallet vs. Cold Storage
In Bitcoin parlance a “hot wallet” is a wallet that is connected to the internet, while “cold storage” refers to wallets that are kept offline. The distinction is important because wallets that are connected to the internet are susceptible to being hacked and having the keys stolen. We’re going to talk about some steps you can take to prevent your hot wallet from being hacked, but it’s not possible to completely eliminate this risk. Cold storage, on the other hand, if done correctly eliminates the possibility that your wallet can be hacked.
As a general rule, you should treat your hot wallet very much like the real wallet that you carry around with you. You wouldn’t go walking down the street with thousands of dollars of cash in your pocket. To do so would just be asking to get mugged. Instead you might carry one or two hundred dollars tops. Certainly nothing more than you can afford to lose if you did get mugged. Hot wallets are the same way. Given the potential for theft, you don’t want to keep any more than a couple hundred dollars worth of bitcoins in a hot wallet. If you own more than that, the rest should be kept in cold storage and only removed when you actually need to spend the bitcoins. It may sound like I’m just offering up a suggestion here, but if you don’t want your bitcoins stolen, this practice should not be considered optional.
Securing Your Hot Wallet
There are three different types of wallets — software wallets, web based wallets, and mobile wallets. We’ll skip discussion of mobile wallets since they are a bit more experimental and I wouldn’t expect you to keep that many bitcoins on your phone anyway. Software wallets install on your computer and store your keys on your hard drive. For example, the windows version of the reference client, Bitcoin-Qt, stores the keys in a wallet.dat file located in the C:\Users\YourUserName\AppData\Roaming\Bitcoin directory. Any hacker attempting to steal your keys will be looking for this file. We should note that, by default, this file in unencrypted. All it takes is for a hacker to copy this file and they have your keys. Wallets will typically let you encrypt this file to protect it. In Bitcoin-Qt you can encrypt it from the settings menu.
When encrypting your wallet make sure you use a strong password. As you hopefully know, a brute force attack becomes exponentially more difficult as the length of your password increases. Random passwords of 12 or more characters should take hundreds of thousands of years to brute force. Some people make the mistake of picking a long word then changing some of the letters to symbols in an attempt to create a password they can remember. For example: @r3V0LuTi0n#. The problem with these type of passwords is that there are algorithms out there that will pick a word from the dictionary and check 10,000 combinations of that word per second. So while you think you’ve got a strong password, it can be broken pretty easily. There’s no substitute for plain old random characters: 8t$e2%?U(qHr3t!
Unfortunately, even encrypting your wallet file isn’t going to completely protect you. If your computer gets infected with malware that logs your keystrokes, an attacker could get the password to your wallet and steal your bitcoins. If someone is capable of hacking into your computer and stealing the wallet.dat file, he’s also likely to be able to get your password. Installing anti-virus software and keeping it up to date can help, but it isn’t foolproof.
Another option you have is to use a web based wallet such as Blockchain.info. These wallets works similarly to a software wallet except the keys are stored on a web server rather than on your hard drive. Like a software wallet, the keys are encrypted and can only be decrypted with your password.
An additional security feature that web based wallets will frequently offer is two-factor authentication. The two most popular two-factor services are Yubikey and Google Authenticator. Yubikey requires a USB drive to use while Google Authenticator requires that you download an app on your phone. Setting up a wallet with two-factor authentication is extremely easy. It may take a minute at most. Once enabled, you will be required to sign in with both your password and the two-factor validation code. You can see what Google Authenticator looks like on the right. It refreshes the validation code every 30 seconds making it impossible to brute force. If you have two factor enabled, an attacker will not only need your password, but also your cell phone or yubikey USB drive to steal your bitcoins.
While web based wallets will offer two-factor authentication as an optional service, it is NOT optional if you don’t want to get your bitcoins stolen. The history of bitcoin is replete with people who thought they didn’t need two-factor only to lose hundreds of bitcoins. Don’t be one of them — use two-factor authentication.
Blockchain.info also allows you to enter a second password that will be used for making transactions (separate from the password used to log in). This password is entered using your mouse and an on-screen keyboard to avoid keyloggers. Again, never pass up an opportunity to increase the security of your wallet. It will be worth it even it is less convenient.
You can tell you’re using the extension because the Blockchain logo at the top of the page will have the Chrome logo next to it. If you don’t see the Chrome logo, don’t sign in! You really should never be logging in to your web wallet through the internet, only through the browser extension. Doing otherwise is unnecessarily putting your bitcoins at risk. On a final note, always backup your hot wallet. If your hard drive crashes or the server where your keys are stored goes down, you’ll lose your bitcoins. Most software wallets will have an option in the menu to backup your keys or you could simply copy the wallet.dat file to a flash drive, the cloud, or another computer. Web based wallets will give you an option to download a backup or have one emailed to you.
Now we’re going to talk about how to securely create a cold storage wallet. Keep in mind it isn’t as simple as generating a new Bitcoin address, copying the private key to a flash drive, then deleting the key off your computer. If you do this while connected to the internet, someone could steal your keys in the window between when you generated the keys and when you deleted them from your computer. There are better options for doing this securely.
UPDATE: Here’s a video tutorial I made on how to create a cold storage wallet.
Option 1: This is the preferred method for creating a cold storage wallet. You will need a second computer that you are committed to keeping offline permanently. An old computer or laptop that you don’t use anymore will work provided that it isn’t liable to crash on you.
- Install the Bitcoin software on this computer.
- Unplug it from the internet or disable your WiFi connection. Be sure that you NEVER reconnect it after this point.
- Generate a new Bitcoin address and private key. With Bitcoin-Qt you can just delete the wallet.dat file and it will create a new one when you restart the software.
- Copy these keys to flash drives in case your computer crashes. Keep the flash drives in separate locations. You might want to hide one in your floorboards or put one in a safe deposit box.
- Send bitcoins from your hot wallet to the address you just generated.
By creating a cold storage address this way, you can guarantee that your private keys will never touch the internet, thus making it impossible for your keys to be stolen. That is, unless someone physically accesses your computer or flash drives. But that is why you encrypt them after all.
I’ve had a few newbies ask how you can generate a new key pair while offline. How do you know that the bitcoin address you generate isn’t already taken? The answer is there are so many possible bitcoin addresses that the probability you will generate an address that is in use by someone else (or vise versa) is remote. Put it another way, if you were generating bitcoin addresses non-stop every day, the Sun would turn into a red giant and engulf the Earth before you would stumbled across an address already in use.
Option 2: If you don’t have a second computer, there is another way of creating a cold storage wallet, but keep in mind this option doesn’t 100% guarantee that your keys won’t be stolen the way option 1 does.
- Disconnect from the internet and turn off your modem.
- Open the Bitcoin software and generate a new bitcoin address.
- Copy your wallet.dat file to a flash drive (or multiple flash drives)
- Delete the wallet file from your computer.
- Restart to clear your memory of any data that may be stored by malware.
- Reconnect to the internet and send bitcoins from your hot wallet to the new cold storage address.
While I’m not an expert on malware, I’m going to assume that it is possible for malware to copy your private keys (after you generate them offline) to your hard disk and upload them once you reconnect to the internet. I haven’t heard of this happening, but I suppose the possibility is still there.
It is possible to mitigate this risk if you want to go through the trouble of booting into another OS. If you are unaware, you can boot into temporary operating system directly from a DVD or USB drive without actually installing the OS on your computer. Doing so will isolate your work environment from any malware that you might already have on your computer. In my opinion, the best OS to use for this purpose is the Linux based Tails operating system. Tails is specially configured to not use your computer’s hard disk, only the memory. That means if you accidentally download malware while using tails, it will be erased when you reboot into your normal OS. This should prevent malware from copying your keys and broadcasting them when you finally reconnect to the internet. It may sound like booting into another OS is difficult, but it really isn’t. The Tails website has easy to follow instructions. It really amounts to little more than downloading an .iso file, burning it to a DVD, then rebooting with this DVD in your drive. It’s that simple.
I should probably also mention that Coinbase runs free hosted wallet service. They keep approximately 90% of the bitcoins their customers store with them in cold storage (safe deposit boxes to be exact) and about 10% in a hot wallet so they can spend them at their convenience. If you’re not comfortable making a cold storage wallet yourself, you might want to consider outsourcing it to them. Considering their livelihood is on the line if they fail to keep your bitcoins safe, I would say they are pretty secure. The only problem would be if the U.S. government decided to raid Coinbase, you would lose all your bitcoins. That wouldn’t happen if you store them yourself.
Instead of (or in addition to) keeping your cold storage private keys on a hard drive or flash drive, you can print them onto a piece of paper. You could do this by using either options 1 or 2 from above. There are several websites that offer paper wallet generators. Blockchain.info, Bitcoinpaperwallet.com, and Bitaddress.org among others.
The only reason you actually need to store a private key somewhere is because it’s so difficult to memorize it. If you could memorize it, then you wouldn’t need to worry about your computer being hacked. Enter brain wallets. A brian wallet is a bitcoin wallet that is generated deterministically from an easily memorizable passphrase. For example:
Passphrase: Man made it to the moon,, and decided it stinked like yellow cheeeese. Private Key: 5JhmqDih2bTprJLZJYwUgnsAiHNbU8DReuBFMKCq5nPAmj1PeYQ Bitcoin Address: 1CeU9ugjwfsnzrhqjKy1HUBzXCCXVC76m1
So long as you can remember the passphrase, you can always generate the corresponding private key and bitcoin address at a time of your choosing. This would especially useful for people trying to smuggle bitcoins across international borders. You wouldn’t need to try to create a hidden partition on your hard drive or hide a flash drive on you somewhere. You could simply store your bitcoins in your head and clear customs with no problem.
Keep in mind, if you are generating a brain wallet, your passphrase needs to be much longer and much more random than a typical password. Possibly a random sentence containing over ten words and a few unique spellings and avoid using sentences or quotes found in published literature. Also, considering adding a salt to the end of your passphrase to increase the security:
Man made it to the moon,, and decided it stinked like yellow cheeeesea4uMj92Hnlx.
Like paper wallets, there are websites you can use to generate a brainwallet: Blockchain.info, Brainwallet.org, Bitaddress.org. Just like before, you want to use options 1 or 2 for creating the brainwallet offline and either use the browser extension or download the source code from github when running the script.
Removing Bitcoins From Cold Storage
If you are trying to remove bitcoins from cold storage, you must spend the entire amount. There have been plenty of people have tried spending only part of their cold storage balance only to lose everything. To understand why this is the case, you have to understand how bitcoin transactions work. When you go to spend bitcoins, you have to prove you own the amount that you are trying to spend. Your wallet does this by pointing to a transaction in the blockchain where you received this amount bitcoins or more. This amount is considered to be the transaction “input”. As per the protocol, transaction inputs and outputs must be equal. So lets say you want to spend three bitcoins. Your wallet might use a prior transaction where you received 10 bitcoins as the input. Since outputs must equal inputs, your wallet will send three bitcoins to the destination and seven bitcoins back to yourself as “change”. Many wallets, including Bitcoin-Qt, will generate a brand new bitcoin address for the change rather than send the change back to the original address. This is considered to be an anonymity feature.
If you import your private key into your hot wallet from cold storage and make a transaction for less than the full balance, your wallet will send the change to a newly generated change address. If you assume the balance is still in your original cold storage address and proceed to delete the new wallet file, you will be deleting the keys to the change address leaving your original cold storage address with a balance of zero.
So to eliminate this possibility, always spend the entire balance from your cold storage address. If you want to keep some funds in cold storage, go through the steps for creating a new cold storage address and send the balance there. It may be more convenient to create multiple cold storage addresses, each with a balance of 5 BTC, say, rather than a single address with a balance of 100 BTC. That way you would only have to remove 5 BTC from cold storage when you want to spend it, rather than the full balance.
Instead of going through the hassle of completely removing funds from cold storage every time you want to make a transaction, there is an advanced feature that allows you to make transactions directly from cold storage. If you use a second computer for cold storage like described in option 1 above, this is how you would do it:
- Create an unsigned transaction sending bitcoins from your cold storage address to the destination.
- Transfer the unsigned transaction to the cold storage computer via a flash drive.
- Have the cold storage client sign the transaction using your private key.
- Transfer the signed transaction back to the online computer and broadcast it.
Doing it this way, you can make a transaction without exposing your private keys to the internet, eliminating the possibility of theft. Currently, the bitcoin wallet Armory is the only wallet with this feature.
Finally, we’ll wrap up with a new technology that should be hitting the market very soon — hardware wallets. As you can gather from our discussion thus far, the most secure way to use bitcoin is to use a second computer for cold storage and offline transactions. The problem is that most people don’t have a second computer available and even if they do, it takes some technical skill to set it up properly.
A hardware wallet essentially serves as your second computer. Your bitcoin address and private key are generated entirely on the device and never come in contact with the internet. When you want to make a transaction, the hardware wallet signs the transaction and sends it over a USB cable to your computer for broadcast. The image on the right is of the Trezor hardware wallet which is scheduled to start shipping in either October or November. Butterflylabs is apparently also working on a hardware wallet, but I’ll believe that when I see it. They are notorious for over-promising and under-delivering.
Ok that’s it for now. Stay safe.