There’s a high chance that you might be storing your cryptocurrencies the wrong way — i know because my friends and I were doing the same all-this-time — though all we had was only 0.00085 $btc. lol.
Okay, you saw the 2020 crypto rally, and wanted to jump in — the next thing you found yourself was searching how-to-invest-in-bitcoin (right? we all been there!)
You google searched, did due diligence, found an authentic exchange, created a new account, selected the crypto, transacted fiat and BOOM, done!
Now you hodling the crypto! you’re in.
At least, that’s what we did.
* few moments later * came to know that our country (India) was considering to ban crypto. lol 😭
But we knew the basics (recommend reading my previous essay: blockchain — beginner notes), and were confident that once registered on the chain no one can mutate your data (transaction history). Meaning, even if our country banned the crypto for the next 20 years, we would still be hodling our coins — ON THE CHAIN!
But were shocked to find that our records were never on the chain! (you can check the blockchain records on any blockchain explorer like: blockchain dot com explorer, etherscan.io, etc.) My guess is that the exchange must be hoarding it on our behalf (custodial wallet) — which completely defeats satoshi’s motto.
Lesson: NOT YOUR KEYS, NOT YOUR COINS!
Wallets can be primarily classified as custodial and non-custodial wallets.
If someone (3rd-party) holds it for you, that’s custodial — they have all the power. Non-custodial means you own the complete responsibility of your wallet. (more on this ahead)
Before getting into the technicalities of the wallets, first let’s visit few basic concepts.
When we say wallet, and keeping coins in our wallet, we don’t mean keeping the actual coins in the wallet. They always stay on the blockchain! (versus the physical wallet in your pocket in which you actually carry the fiat coins and notes).
So what you actually keep in your crypto wallet is your keys! The keys that you need to access your coins on the blockchain. (recommend understanding blockchain first)
Basically, when dealing with the crypto we use a study discipline known as cryptography — which employs mathematical models to secure our information. One such concept known as asymmetric encryption is used to secure our transactions over the internet when dealing with the blockchains.
In asymmetric encryption, we produce a pair of non-identical keys which are linked to each other — known as a private key and a public key.
Public key is generated using the corresponding private key. But a private key cannot be produced using the public key (obviously, which is what we want).
Private keys in the context of blockchain assets prove ownership of assets associated with a particular wallet address and allow you to access and spend the assets in that address.
These wallet addresses (also known as public addresses) are produced using the public keys.
the process: private key → public key → public address (wallet address)
(a private key is used to produce a public key, and a public key is used to produce a public address aka. wallet address)
So whoever owns the private key owns the crypto assets associated with that particular wallet address.
Whenever you setup a non-custodial wallet you are (indirectly) provided the public and private keys. What you are directly provided is the seed phrase. Also known as mnemonic phrase.
This type of wallet which provides you a seed phrase is an HD (hierarchical deterministic) wallet. Nowadays, most wallets are HD wallets.
Now let’s understand the seed phrase on a high level.
Example of a seed phrase (below):
“abandon ability able about above absent absorb abstract absurd abuse access accident”
Other names for seed phrase: mnemonic phrase, seed words, backup seed, recovery phrase, etc.
- It is an ordered sequence of 12 or 24 words chosen from a list of 2048 words
- It is a human-readable representation of a big random number, each seed phrase is unique
- It is used to derive your private keys, hence should be kept a secret
- It is used to recover your wallet in case of any problem
- Whoever owns the seed phrase owns all the private keys, and the linked crypto assets
- Do not lose it — once lost cannot be reproduced
Technicalities of HD wallet (BIP-39, BIP-32, BIP-44)
BIP-39: Implementation for the mnemonic code words
It is a two part process.
PART 1: generate a seed phrase
During this phase your seed phrase is generated using a random number and some cryptography.
random number → (computation)→ mnemonic code words [seed phrase]
PART 2: generate a BIP-39 seed
During this phase, your seed phrase (in combination with an optional passphrase) is converted into a 512-bit long number called BIP-39 seed. This BIP-39 seed is then later used to produce your private and public keys.
mnemonic code + (optional passphrase)→ (computation) → BIP-39 seed
note: seed phrase is different from the BIP-39 seed (512-bit)
BIP-32: The essence of HD wallets
It is a system for deriving a tree of keypairs from a single seed. The seed generated in the previous step is used to produce a Master Private and Public Key. These master keys are then further used to produce child private and public keys (used for different purposes like various coin-types and accounts)
PART 1: Derive Master keys
BIP-39 seed → (computation) → Master Private and Public Key
Part 2: Derive Child keys
Parent Private & Public Key → (computation) → child private & public key
Further the child private keys can produce grand child private keys and so on.
This iteration literally allows producing millions of key-pairs!!
This was an oversimplified explanation, highly recommend watching this awesome video for details.
BIP-44: Defines specific logical hierarchy for HD wallets
It is used to determine which addresses are currently in use out of the million possibilities. It uses a derivation path to do so.
derivation path looks like this: m/44'/60'/0'/0/0
m / purpose’ / coin_type’ / account’ / change / address_index
For more details check here.
Derivation path is super important for the recovery of your wallet in case your wallet provider goes out of business.
What role does your wallet password play?
Your wallet password encrypts your seed phrase and the private keys. This encrypted data is then stored on the available storage system like disk/usb/server/etc. (explained ahead).
This is symmetric encryption where there’s only one key — your password!
Types of wallet and the risks associated
The real wallet where you actually store your keys can be of two types: hardware and software.
- Special device: Created for the sole purpose of key management. It is a dedicated secure hardware which stores user’s private keys and is protected by a pin. Used to provide isolation between the keys and the (hackable) computer or smartphone. Safest.
- Paper wallet: This is actually just a paper with private keys written or printed on it. Paper is the safest option against hacks in the internet world but possesses other threats. Doubt anybody uses it.
Two types: depending on where the data is being stored
A. software running on a computer or mobile or browser
- These software store your encrypted data locally.
- Mobile apps are safer than computer apps (as modern mobiles do have a dedicated memory slot to store sensitive information)
- On computer apps the data is being stored on the disk — moderately risky (unix-based OS are a safer option than windows)
- Some wallets run as a browser plugin and store data locally along with the other browser data. Least safe compared to the above options.
- Threats: keyloggers/malware/viruses/remote access to your device
B. web/online/exchange wallet
- Your (encrypted) data is stored on a 3rd party server. Most risky.
- You are generally asked to login via. username and password
- Sometimes you may not even own your coins :p (you know the slogan!)
- Risks: exchange hacks, phising, vendor defaults/scams
Hot vs Cold Storage
Another terminology that you may come across — Hot wallets and Cold wallets. This is nothing but a classification based on the frequency of use (how often you use the wallet)
- Hot: most used, highly connected to internet [software wallets usually]
- Cold: less used, not often connected to internet [mostly hardware]
Backing up your wallet means securely protecting your 12 or 24 words (secret) seed phrase. Never save your seed phrase anywhere digital. Everything digital is prone to hacks.
Remember: Stolen seed phrase means stolen wallet. Lost seed phrase means lost wallet!
- Paper recovery: Write your seed phrase on a paper and store it in a safe locked place. Protect it from water, fire, and other threats
- Metal engraving: There are special tools available in market that let you engrave your seed phrase on a metal, so you can keep it somewhere safe for years.
- Be vigilant while dealing with your Private Keys
- Use strong unique passwords everywhere
- Don’t use cracked torrent versions of software. Use Legit OS and apps
- Don’t visit untrusted URLs
- Use 2FA wherever possible (Authenticator app — not sms or email 2FA)
- Use password manager — in combination with your brain 🙋
- Use VPN, firewall and network level safety protocols
- Use legit (paid or open-source) anti-virus, anti-malware, etc. solutions
- Use encryption whenever needed
- Don’t keep all your eggs in one basket — diversify wallets, funds, and everything you own!
For those starting out new:
- You can signup for an exchange (custodial) wallet. Buy the crypto using your fiat money, then transfer it in your non-custodial wallet. [keep in mind for every transaction you have to pay a little gas fee to the network for computation]
- For non-custodial wallet the safest option is a hardware wallet but since they are costly, you can go with a software wallet (mobile, desktop, or browser which stores data locally). And once you have sufficient funds, move on to the hardware wallets.
(I haven’t mentioned the name of any wallet provider as the industry is fast moving, and the preferred ones of today can be dethroned in a year or two. But with the above-mentioned information, I’m sure you’ll figure out which one is the best for you.)