In its more than thirteen-year history, no one has ever hacked the Bitcoin network.
Consider the following for a sense of just how impenetrable the 256-bit encryption is that underpins the network. The odds of guessing a specific private key -- that is, the password for an account on a distributed public ledger known as the blockchain -- is about the same as winning the Powerball lottery nine times in a row.
But to tap into the complete security of the Bitcoin network, you must hold your private keys in cold storage.
So what is cold storage? Simply put, it means storing passwords on devices that never touch the internet. In the early days of Bitcoin, people used pen and paper to safeguard their private keys. But while storage techniques have progressed since then, many bitcoin owners continue to leave their keys on exchanges in what are known as "hot" wallets (wallets that are connected to the internet).
Exchanges have undoubtedly bolstered their security since the notorious Mt. Gox hack in 2014. Still, storing bitcoin in an exchange's hot wallet goes against best security practices.
For the most secure bitcoin experience, opt for cold storage. However, moving bitcoin keys offline can seem like a daunting task. Thankfully, there are ways for everyone to capitalize on the benefits.
Cold Storage Options
The easiest way is to research the storage methods of your exchange or provider. Some, such as banks that partner with NYDIG, keep all client keys in cold storage.
Here’s how it works. When you buy from a bank backed by NYDIG’s platform, NYDIG credits bitcoin held in its offline storage to your account. As a result, a potential thief can’t gain direct access to your coins even if they can obtain your account information. However, suppose a thief did steal your account data. In that case, they still wouldn’t be able to move bitcoin out of NYDIG’s platform quickly. Doing so would still require undergoing an identity check.
This cold storage solution is best for those who want to own bitcoin but don’t want the personal responsibility of holding their keys.
For those that want to hold their bitcoin -- say because they value the self-custody property of the protocol -- there are hardware wallets. While this option grants greater flexibility and removes intermediaries, it comes at the cost of much greater personal responsibility. Self-custody means there’s no one to call if you lose your private key. That’s a trade-off many people may not be comfortable making, and for a good reason. Bitcoin’s history is replete with stories of fortunes lost because of simple mistakes. In one infamous case, a software engineer in the United Kingdom threw away a hard drive that held the private key for an account now worth hundreds of millions of dollars.
A multi-signature setup is the third way of putting bitcoin keys in cold storage. The bitcoin owner, a service provider, and a trusted third party each hold what amounts to a fraction of a key. Each holder keeps their part of the key offline. In a typical two out of three configuration, a transaction requires two keys. What you get is redundancy while still maintaining direct access to your bitcoin. If a private key is lost, the bitcoin remains accessible through the other two accounts. The trade-offs for choosing to go with a multi-signature setup are less freedom than if you held the keys on your own and the fees charged by the service provider.