Note: this is a very old post and no longer reflects the latest best practices. For up to date guides, check out my security resources page.
Depending upon the value of your crypto assets, you’ll need to take different levels of precautions in order to provide sufficient protection of the assets against loss, whether accidental or due to a malicious third party.
I personally think of crypto asset wealth in terms of three tiers:
- Pocket money; in the range of what you’d keep in a wallet, likely under the equivalent of $1,000.
- Small investment; in the range of $1,000 to $XX,XXX.
- Large investment / primary storage of one’s wealth. The majority of your net worth is in crypto or you have greater than $10,000 stored in crypto assets.
When it comes to protecting your bitcoins, there are several types of loss to safeguard against:
- Loss due to catastrophic device failure / natural disaster.
- Loss due to human error.
- Loss due to theft / seizure.
- Loss due to robbery.
The number one rule to storing crypto assets is this: if you don’t hold the private keys, you don’t actually own the assets. As a result, I do not recommend ever storing crypto assets with custodial online services such as a web wallet or an exchange. Even “high security” storage services often do not meet this simple criteria. Many people learned this the hard way with Bitcoinica, Silk Road, MTGOX, etc — don’t repeat their mistakes.
If your holdings fall into Tier 1, you probably don’t need bank-level security. You are mainly going to be concerned about redundancy so that you can restore your wallet if the device ceases to function or is lost / stolen. For modest amounts of bitcoin, just taking an encrypted backup of your wallet and storing it in several different physical locations should suffice.
If your holdings fall into Tier 2, you want at least bank-level security. You should have a sufficient number of physically distributed backups such that even if your home burns down and nothing remains, you should be able to regain access to your assets with minimal inconvenience. This level of assets should not reside on an Internet connected device; you’ll want to use a cold storage solution such as a paper wallet. You can find learn about setting up cold storage here. Whatever backup method you use, ensure that it is encrypted. If you decide to store complete digital wallet backups, you can encrypt the files with software such as CipherShed. If they are paper wallets, you can encrypt them with BIP38. You may wish to use a traditional bank to store one set of your backups in a lock box, as it provides a great deal of physical security and protection against environmental damage. At this point you also need to deal with the morbid reality that you may die without warning — you need to ensure that your last will & testament provides a way for your heirs to take ownership of your assets.
If your holdings fall into Tier 3, you want greater than bank-level security. You should meet all of the prior conditions, but now you should also protect yourself against seizure by even the most powerful entities. Assume a worst-case scenario where government agents may be able to bypass any physical security measures, even gaining access to bank vaults. Prepare for a scenario where you are kidnapped and tortured for your private keys. Point being, at this level of wealth, your assets should not be directly accessible by any single person — even yourself. The solution at this level is technical — cold storage that requires a consensus of trusted individuals to access. Thus you’ll want either paper wallets that are split keys via Shamir’s Secret Sharing algorithm or storage of your assets in multi-signature addresses. The former can be accomplished via Armory’s fragmented backup feature while the latter can be accomplished with a wallet that supports multi-sig, such as BitGo. The multi-sig address is preferable to any of the aforementioned backup solutions, but at time of writing it is a feature that is not yet supported by many software wallets.
One of the great features of Bitcoin and other crypto assets is that you can be your own bank, but this can also be a terrible weakness if you don’t take the appropriate precautions. With a modest amount of effort, you can make use of cryptocurrency protocols’ features to exceed the level of security offered by traditional financial institutions.