One of cryptocurrency’s most important advantages is that crypto tokens can be held by a user without any trust in a bank, company, or online service. They belong to you, like cash in your hand. Of course many people choose to trust their crypto to services like exchanges or custodial services – but you always have the option of holding your crypto yourself.
Holding your own crypto ultimately means that you – and only you – control the cryptographic “key” that has the exclusive power to send tokens from your account on the blockchain to somebody else. The common phrase “not your keys, not your crypto” means that if you’re trusting an exchange or other third party with your crypto, they control those keys and ultimately you’re trusting that they’ll do the right thing with your tokens.
Holding your own crypto is typically done with what’s called a “wallet”. People often talk about a wallet “holding tokens”, but really the tokens are always held in an account on the blockchain network. The wallet’s real function is to securely hold the cryptographic key that lets you unlock that account and do things with tokens held there.
So while wallets take many forms, they all share that most important function: holding a key. That key is just a long string of letters and numbers. It’s like a very long password, but it can’t be changed. If a wallet has an account’s key, it can cryptographically “sign” transactions using it, which lets you send tokens to anyone or use your tokens to interact with smart contracts. You’ll sometimes hear terms like “seed phrase”, “mnemonic”, “backup phrase”, or “private key”. Really these are just different ways of defining that key that the wallet must securely hold.
The first form of wallet created alongside blockchain technology was the software wallet. This is a piece of software that helps a user create a key, securely hold it, and use it to conduct transactions. Most blockchains have at least one software wallet option available that lets users easily hold tokens on that network. These might be desktop apps (like Exodus or Electrum), mobile apps (like Mycelium or Argent), or even web browser extensions (like Metamask).
As cryptocurrencies became more and more valuable, being very careful with an account’s key became extremely important. Because it is increasingly common for PCs and mobile phones to be hacked, another option was desired. A new type of wallet was invented: the hardware wallet.
Hardware wallets (like Ledger or Trezor) are essentially miniature PCs that can run very tiny, simple apps that know how to hold the keys for different blockchain networks. They typically must connect to a desktop wallet app, browser extension, or webpage on a PC that provides most of the user functionality – like viewing account balances and creating transactions.
When it comes time to make a transaction, the desktop application creates an “unsigned” transaction (which is not yet valid without the signature) and passes it to the hardware wallet for signature. The hardware wallet shows the tranasction’s contents to the user for approval and signs the transaction using a key that never leaves the device. It then passes the signed transaction back to the desktop application which can then submit it to the blockchain but has no ability to modify its contents post-signature.
This makes it nearly impossible for someone else to steal and use that key – unless of course they steal the hardware wallet device from you and discover your PIN to unlock it!
(Hardware wallets are also highly attractive targets for attack since they are virtually guaranteed to protect valuable tokens; always make sure you buy your hardware wallet from somewhere you can trust to provide a genuine device.)
Using a hardware wallet, however, isn’t the only way to securely protect your keys and your crypto. While hardware wallets make it easy, careful use of a software wallet can also be very safe. I’ll mostly talk about the use of desktop software wallets, since these are the most common and flexible – and much less likely to be accidentally lost!
It’s best to think of the software wallet as part of a system that includes the wallet software, the computer it runs on, and how you backup the key the wallet holds. This means that in order to trust that system, you need to be able to...
The first step is to make sure that you can trust the wallet software itself. Because this software creates your key and must have access to it, a malicious wallet could easily steal your crypto.
The most common mistake here is downloading the wallet from a website you think is genuine, but is actually serving a malicious copy. Ways to avoid this include:
And of course never trust wallet software that is not recommended by the blockchain’s creators, or otherwise is not well known. Good software wallets are open source, so that the community may ensure that it has no secret backdoors or openings for attack.
Second, and perhaps most importantly, the computer the software wallet runs on must be secure. Many pieces of virus software or malware can infect desktop PCs and can be used to grab your keys without your knowledge. This can happen in many ways, such as:
There are three layers to maximizing the security of your computer for use of a software wallet.
Protect the PC itself. Encrypt your computer’s hard drive with a strong password in case it is lost or stolen (this is a built-in feature of most OSes these days). Don’t back up your computer to a cloud service like iCloud. Never interact with your software wallet in a public place where you might be observed by people or cameras.
Prevent viruses and malware from getting onto your PC. The best way to do this is called “air-gapping”, meaning that you only connect the computer to the internet when required to use the wallet – otherwise turn off WiFi and disconnect the ethernet entirely. Typically this is done with a dedicated computer used only for your crypto wallets. Next best is to minimize the use of web pages, cloud services, browser extensions, and downloaded programs that may be vectors for malware. And if you must use your general PC for your software wallet, consider using reputable anti-virus software (be careful and do your research - some anti-virus can actually open new vulnerabilities) and always be careful about the links you click and software you download.
Minimize the opportunities for malware to grab your keys. If you must view your seed phrase, mnemonic, or private key – do so for as little time as possible. Avoid copying them to your clipboard, and certainly never paste them into a notepad or a file that you save on your computer. Don’t use your crypto wallet while running many other pieces of software. And be especially careful when first creating your account (and its key) in the software wallet when it can more easily be captured.
The first two parts of your software wallet system are the most important, but this one is easy to do badly. Holding your own key doesn’t just mean that you must protect it, it means you have to back it up. If you lose your key, your account and its tokens will forever be out of your reach.
Most software wallets provide a method of backing up your key so that you can recover it if something happens to the computer or the wallet software. Sometimes this is in the form of a seed phrase, backup phrase, or mnemonic that you are encouraged to write down and can type in later to recover your account. Sometimes you can create a backup file that you can import to recover your account. Sometimes it’s simply showing you the private key itself.
The important thing to remember here is that the backup provides access to your account and tokens just as much as the software wallet itself. So you must ensure that nobody else can possibly get their hands on it. There are many ways to do this, and only you can decide which best suits your needs.
Some good examples of backing up:
Some bad ways of backing up:
While hardware wallets are a great tool for good crypto security, securely-used software wallets still provide a good option that can offer more powerful features, offer options for smaller blockchains, and avoid a single point of failure of a hardware device. Just make sure you understand how to create a system where you can trust the wallet software, trust the computer, and trust the backup.
A concrete example of a strong software wallet system?
A system like this can give you confidence in holding and using the widest possible range of cryptocurrencies – and at the same time you’ll be learning good practices protecting your general PC from an increasingly dangerous digital world of invasive viruses and ransomware.