If you’re reading this, chances are you’re concerned about protecting your bitcoin private key. And rightfully so – a lost or compromised private key can result in the loss of all of your wealth. But don’t despair! While it’s true that securing your private key can be challenging, there are steps you can take to safeguard your wealth. In this article, we’ll share with you some of the industry best practices for protecting your private key and keeping your bitcoin safe.
How To Protect Your Bitcoin Private Key
Backing up your Mnemonic Sentence or Seed Phrase is paramount. While backing up 12 words is a pretty simple task, the smallest error can be catastrophic. Over the course of a decade people everywhere have been inventing and testing how to do this and there’s been a lot of failures with a lot of lost wealth.
You don’t need to be a cryptography expert to protect your keys though as there’s some very straight forward, industry best practices to do it now. However there’s also no magical single solution we can give as everyone has different requirements, technology capabilities and most importantly balance amounts.
Yes, we said there are multiple correct solutions for this problem. As such, the below solution is for those who have anything more than $1,000 USD in bitcoin.
You should absolutely have full custody of your own private keys, be using a hardware wallet (signing device) and those bitcoins should be safely stored in it.
For that single signature hardware wallet the private key backup should exist in at least 2 different (secure!) locations, be written on laminated paper (or metal seed plate) and be properly secured in tamper evident bags.
Some suggest Multisignature wallets and they are fantastic and even more secure, but they come with more advanced setup and backup requirements which novices can get wrong. So we don’t recommend them until you’ve learned quite a bit more about How Bitcoin Works and have a firm grasp on all aspects of it. If your funds are in the Expert level though, either learn about Bitcoin or hire someone to assist you.
Terrible Ways To Protect Your Bitcoin Wallet
There are now entire industries all centred around protecting your 12 or 24 words with no shortage of experts and guides telling you how to protect your bitcoins from hackers or what to do with your bitcoin private key. Don’t rely on them.
As there’s pretty much an infinite ways to backup 12 or 24 words this results in there being pretty much infinite suggestions, guides, lists and posts online telling you how to do it. Most of them are severely flawed and your shouldn’t just “trust” anyone. Verify, don’t trust and seek second and third opinions from other leading sources that aren’t “crypto exchanges” or other businesses with vested interests.
OK! Let’s dig into some of the most popular (terrible!) ways to protect your crypto private keys! Knowing what not to do is just as important as knowing what to do.
- Shamir’s Secret Sharing: This involves splitting up a single seed phrase into multiple encoded parts which you then hide. At a later date if you need to recover your wallet, you only need a subset of the hidden parts to reconstruct the full backup. Unfortunately, SSS greatly increases complexity which can itself cause failure of the backup while at the same time cause other issues such as reduced ability to audit and confirm the backups originality, difficulty for other (authorised) people such as next of kin to recover the backup and even reduced security.
- Brain Wallets: This is where you remember the seed phrase exclusively in your brain only and never actually write it down. This is terrible because at any given time you could forget it, get brain damage, die or have any other number of things happen that all result in the total loss of your bitcoins. One potential use for this though is if you are fleeing for your life and want to take your wealth with you without having any physical device like a laptop or hardware wallet with you as they may be confiscated or stolen.
- Paper Wallets: This is a very old technique where you print out your extended public and private keys onto a paper, often with a QR code. It’s an old way of creating Bitcoin wallets which usually involved poor Java programs that didn’t generate properly random seeds and thus, created insecure wallets.
- Cloud Storage Backup: As outlined in the Seed Phrase Security section of our Bitcoin Wallet piece, you must always make sure your seed phrase never interacts or is entered into any computer device, ever! This includes taking a photo of it, entering it into a computer or phone, printing it, copying it with a printer or storing it in digital form of any kind including in the cloud. It doesn’t matter if it’s encrypted. Never give your seed phrase a digital form of any type!
More Security Precautions
We’re not done yet! There’s even more to know:
- Backup your wallet regularly (this is your software wallet, not your private keys)
- Test your private key backup!
- Enable App based Two Factor Authentication (2FA) on anything you can
- Encrypt the software wallet part of your setup with a strong, unique password
- Keep your computers, application and hardware wallets software/firmware up to date
- Never send, receive or post information on social media about your wallet setup. Ever!
- If you send/receive bitcoins regularly, do it from another wallet with small amounts in it
- Only buy a hardware wallet directly from the original vendor. Never buy or accept used ones or ones from third parties. They’re all scams!
- Never use a pre-generated seed phrase, even if it’s included with your hardware wallet on an official looking piece of paper. This is a scam. You should set up your wallet alone and your hardware wallet should generate your unique seed phrase for you
Always be aware of scams and other threats such as phishing, malware or social engineering. There is never any reason for you to share your Bitcoin Private Key. Ever.
Should You Trust a Custodial Wallet?
No. While not specifically stated in the Bitcoin whitepaper, the general ethos of Bitcoin is that you should always have custody of your bitcoins and hold your own private keys. You should be the only one that holds the private keys as otherwise you have to place your trust in other third parties.
When a wallet is “custodial” it means you only have access to your bitcoins if that third party allows you to. If they think you have done something wrong, don’t like where you want to send your bitcoins, think you have violated their T&Cs, are forced by a government or simply just go bankrupt or get hacked you will lose access to your funds.
This isn’t just theoretical either, people have repeatedly lost all their bitcoins (cough FTX cough) that were stored with these third party companies through hacks, employees disappearing with customer funds (fraud), CEO’s dying and losing the access to the funds and lately, degenerate and greedy gambling of customer funds.
Not your keys, not your coins!