Thinking about buying cryptocurrency or NFTs? Know that the burden of safeguarding those assets falls on you. To safely store your tokens, you’re going to need to manage wallets.
Unlike physical wallets that hold physical cash, crypto assets live not in your crypto wallet but on the blockchain. Your wallet simply holds a set of private keys that grant access to your assets. As such, it’s essential that you safeguard your wallet’s information. There are different types of wallet set-ups that accomplish this in different ways.
But all wallets have one thing in common: they contain a set of private keys. There is usually some provision for those private keys to be recovered in emergency situations.
Public keys, private keys, seed phrases, and passphrases
Keys come in pairs of public and private keys. The public key is what you give out to people who want to send you assets, much like giving out your bank account details. The private key allows you to access and move your crypto, and should never be shared. Your private key is more like the password to your bank account, which you would never give out or leave lying around where thieves could find it.
If you genuinely lose your private key, you’ve lost access to your assets. One level of recovery is provided by securely storing the seed phrase that was generated when you set up your wallet. This would be either a 12, 18, or 24-word phrase that enables your private key to be restored.
You should never store your seed phrase on any device connected to the internet in any form, but in a secure, offline location. Many users write their seed phrase on a piece of paper, but note that paper is easily damaged, erased, or dissolved.
Some people engrave their seed phrases on commercially available steel or titanium plates for better durability. For additional security, some split up their seed phrase and store parts of it in several different places.
Optionally, you can append a passphrase to your seed phrase for extra security. Some like this additional protection, while others prefer to leave the passphrase blank. Note that electing to use it poses the danger that if the passphrase is lost, then the seed phrase won’t work and your assets still won’t be recoverable. Like your private key, your seed phrase and passphrase should never be shared.
Choosing the best wallet for you
What type of wallet should you use? That depends on your situation. Factors to consider include how much crypto you plan to own or trade, how often you’ll want to access your assets, your risk tolerance, and your need for ease of use.
Think of it this way: If you want to buy a candy bar at a mini-mart, you might do so with the cash you have in your pocket. You carry around a few dollars because the loss of a few bucks wouldn’t be a huge tragedy for you, and you don’t feel like they make you a big target for theft.
On the other hand, if you wanted to buy $10,000 worth of stocks or bonds, you would carefully arrange a bank transfer that might take a few days to settle. You might need to access a savings or investment account that has multi-factor identification requirements for added security. You wouldn’t hand over $10,000 in cash to make these purchases, because it’s too easily stolen, and a loss that size would be painful.
It’s a similar challenge in managing wallets. You’ll need to balance convenience with safety concerns, depending on how much value is connected to a wallet.
It’s also important to note that not all wallets support all types of cryptocurrency. For instance, bitcoin can’t be added to some Ethereum wallets. So consider the types of assets you want to work with and make sure your wallet choice will accept those types.
Beyond compatibility, there are three big decisions users must make. Wallets are either:
- custodial (with a service controlling the private keys) or non-custodial (with you controlling the private keys)
- hosted (by some web service) or non-hosted (on a device you own)
- hot (on an internet-connected device) or cold (on a non-internet connected device)
The pros and cons of each of these options are described below.
Custodial wallet or non-custodial wallet?
A custodial wallet is one where a third-party service controls the wallet’s keys. A custodial wallet will be hosted by the service, although not all hosted wallets are custodial. Some users like the convenience of having a platform manage their keys. A non-custodial wallet is one in which you control the keys yourself. For example, MetaMask is non-custodial.
Having to manage your own private keys in a non-custodial wallet carries the risk of losing track of your access information. In early 2021, one U.S. developer stood at risk of losing control of a wallet that enabled his access to bitcoin then worth $300 million because he’d forgotten his passwords. Media outlets reported he was running out of the allowed password tries before the wallet would lock permanently.
Non-custodial wallets enable direct, peer-to-peer transactions between two anonymous wallet owners. They make it harder for regulators to learn the identities of their owners, and regulators complain that this opens the door for money laundering and other nefarious actions.
For many crypto users, control of one’s assets is a feature, not a bug. Many crypto owners prefer non-custodial wallets. “Not your keys, not your coins” is a common philosophy.
A way to balance these concerns is to maintain a custodial account on an exchange that you use only for exchanging crypto with fiat (e.g., dollars), whether buying or selling. You then immediately transfer any resulting crypto to a cold, non-hosted wallet for safekeeping. This is sometimes called the “public restroom” strategy for using custodial wallets: you get in, do your business, and get out. Keep in mind that there are usually costs associated with moving assets between wallets.
Hosted or non-hosted wallet?
The next question in selecting a wallet is whether you want it hosted by a service, or whether you prefer to manage a non-hosted wallet yourself. Hosted wallets are necessarily hot wallets. Hosted wallets may be located on a web platform or an app.
Many users like hosted wallets for the convenience factor. They are usually easy to set up. Hosted-wallet users don’t have to worry about keeping track of a physical wallet themselves.
However, with all of the thefts that have targeted hosted wallets on major platforms in recent years, many users are understandably reluctant to entrust their assets to a hosted wallet. Users must weigh the pros and cons of convenience vs. security in deciding whether to use a hosted wallet or to self-host on a device they manage.
Hot wallet or cold wallet?
If your wallet is connected to the internet, it’s a hot wallet. If it’s not connected in any way to the internet, it’s a cold wallet. Since an internet connection is an attack vector for theft, it’s a best practice to keep only a small amount of crypto in a hot wallet.
Hot wallets are designed to simplify connecting with platforms such as exchanges. While more vulnerable to attack, they have the advantage of simplifying transactions.
For transactions involving large amounts of crypto, most users choose a cold wallet on a separate hardware device that they can store securely. It is connected to the internet only for the time it takes to execute a transaction, then unplugged again. This limits the opportunities for theft.
It’s important to buy hardware wallets directly from the company’s website and not through any third-party vendors, who might alter the devices to allow unauthorized access. A thumb drive can be used as a cold wallet, but most cold wallets are dedicated devices used solely to store and transact assets. Popular cold wallets include Ledger or Trezor. The downside of cold wallets is the effort required to securely store, retrieve, and connect the wallet when you need to use it. Also, cold wallets can get lost.
Making your wallet more secure
As you can see, there is no single best answer to what kind of wallet to use for your cryptocurrency. Many experienced users employ at least two wallets–a hot wallet on which they keep small (or transient) amounts of crypto for transactions, and a cold wallet to store larger amounts. Some take the additional step of using a separate, dedicated computer that’s only turned on for their crypto transactions.
Some wallet providers are working on additional ways to make wallets more secure. One of these is multisig, which requires more than one person’s keys for access. For a complete rundown on multisig’s pros and cons, stay tuned for a full article about multisig.
For more background on keeping your crypto and your identity safe in Web3, see our complete Web3 security guide.