One of the hallmark qualities of cryptocurrency is its virtuality. Unlike most other forms of currency, crypto has no physical embodiment. You can’t get it as paper, coin, bar of gold or fancy bead. There’s no token that needs to be locked up in a bank vault or buried beneath a mattress.
But like anything valuable, cryptocurrency needs to be protected. It exists as a natively digital entity that requires an internet connection for any transaction — and that connectedness makes it vulnerable to hacking. In fact, despite its ethereal nature, it’s at least as susceptible to plunder as cash or gold. And with cryptocurrency, these violations are likely to come remotely.
Exchanges’ default wallets are risky
Many newcomers buy cryptocurrency from an exchange, such as Coinbase or BitFlyer, and leave their holdings in those sites’ “custodial” wallets. But like any other online entity, the exchanges are vulnerable to hacking — and as the crossroads for many billions of dollars of transactions every day, they make for particularly attractive targets. The cautionary tales of Mt. Gox, which in 2014; in December 2017; and show the risks associated with leaving your coins in an exchange’s online wallet.
Cold storage vs. hot wallets
Conventional wisdom dictates that if you’ve got more virtual currency than you’d be comfortable carrying around on your person, or you intend to hold it as a long-term investment, you should keep it in “cold storage.” This could be a computer that’s disconnected from the internet or a specialized USB drive called a hardware wallet. (We’ll take a look at how those work in a future explainer.)
Dedicating a computer to store your cryptocurrency or shelling out for a hardware wallet isn’t an option for everyone, however. Well known devices such as the Trezor and Ledger cost between $75 and $100 and, by design, add complexity and a few extra steps to every transaction. Software wallets, by contrast, are usually free and easily accessed though, ultimately, less secure.
Three kinds of software wallets
A cryptocurrency wallet’s primary function is to store the public and private keys you need to conduct a transaction on the blockchain. Many also offer features such as integrated currency swapping. There are three main kinds of software wallets — desktop, online and mobile — and each offers a different combination of convenience and security.
Desktop wallets are software you install on your computer. They give you lots of control over your assets but, if connected to the internet, remain vulnerable. A malware infection, the remote takeover of your computer or — even if you’re not online — a hard-drive failure could be a catastrophe.
Online wallets are hosted on a website. This makes them convenient because they’re accessible from any internet-connected device. The downside: Your private keys are (theoretically) known to the website owner and, from a technical perspective, there’s not much to stop them from simply taking your coins.
Mobile app wallets are optimized for— that is, paying for stuff with bitcoin or another cryptocurrency. But because your encryption keys are stored on your phone, you lose your coins if you lose your device. You thought it was a bummer to leave your phone in a taxi? Imagine how bad it will be if it has thousands of dollars of cryptocurrency locked on it.
Whether you choose a hardware, software or paper wallet to manage your passwords and private keys, there are a handful of things you can do to keep your stash safer. These include:
- Be super careful with any online service — any device connected to the internet is vulnerable
- Encrypt your wallet with a strong password
- Make regular backups and store them in multiple locations
- Use multisignature security, which helps maintain control of your coins even if one of your devices is compromised
- Generate, write down and hide your wallet’s mnemonic seed — a group of words you can use to restore your wallet in the event of a hardware failure
Some software wallet options
We’ll take a high-level view of some well known software wallets to provide an overview of the different features and tradeoffs to consider.
Note: There are many wallet options available, and we have not comprehensively tested any of these. As such, we cannot recommend any of them. As with everything related to cryptocurrency, you are advised to do your own research before making any decisions. Caveat emptor!
A versatile online wallet, Jaxx can be installed on a computer (Windows, Mac or Linux), added as an extension to the Chrome web browser, or downloaded as an app on an Android or Apple phone or tablet. In addition to helping you store dozens of cryptocurrencies, Jaxx’s support for the ShapeShift API makes it easy to swap coins — say, Litecoin for Ether — right inside the wallet. ShapeShift’s exchange rates aren’t always as low as what you’ll find on major exchanges and they do charge a transaction fee (or “miner fee”), which was about 40 cents on the Bitcoin to Ether transaction we priced out. Jaxx offers novices an easy pathway into alt-coins that aren’t yet supported by Coinbase or Bittrex.
Super simple to install and use, MetaMask is a specialist, supporting only ERC20 tokens — that is, any cryptocurrency built on the Ethereum platform. The good news: there are about 50,000 or so tokens (and projects) built on Ethereum, accounting for roughly 90 percent of the total cryptocurrency market cap, which was more than $200 billion at the time of writing, according to CoinMarketCap.com.
MetaMask can be used to send, receive and store Ethereum tokens and private keys. All of the data is encrypted and stored locally, making it difficult for the developers or anyone else to steal your keys or coins remotely. And, in addition to its storage and transactional capabilities, the MetaMask extension connects most web browsers (Chrome, Firefox, Opera and the growing universe of decentralized applications, also known as dApps, being built on the Ethereum platform.) with
Learn more: metamask.io
The Exodus software wallet is a good entry-level wallet for cryptocurrency newcomers. It’s known for responsive customer support, copious user documentation and a refined design and interface. It accommodates dozens of coins (here’s a full list) and was the first wallet to support Shapeshift. There’s no mobile app yet, however, and Exodus doesn’t offer two-factor authentication or multisignature addressing, which gives you the power to require approval from multiple devices before finalizing a transaction. This could give security-minded coin owners pause.
Learn more: exodus.io
One of the first mobile wallets, Mycelium has since established a solid reputation as a secure and user-friendly way to store bitcoin (and, so far, only bitcoin). Like any credible wallet, it lets you generate a set of 12 “seed words” that will help you restore the wallet if you lose access to your private keys. There’s no desktop interface, but it can be used in tandem with a cold storage solution, managing your accounts on a hardware device like a Trezor or Ledger. (The company also produces a USB key that generates paper wallets; plug it into your printer and out comes a paper wallet without any need for a computer.)
Instead of using ShapeShifter, Mycelium runs its own reputation-based exchange platform, which helps coordinate bitcoin trades between buyers and sellers. Transactions incur a fee that ranges from about 70 cents to $8 depending on the priority you set — that is, how quickly you want it to be confirmed and added to the blockchain.
Learn more: wallet.mycelium.com
Remember: Do your own research before installing or using any of these wallet technologies — or trading or investing in any cryptocurrency.
: A quick and dirty introduction to trading cryptocurrency.
: How can this possibly be a legitimate way to raise money?