What is Bitcoin Cold Storage? (The Safest Solution for 2024)
Setting up cold storage can be intimidating, but it is actually quite simple. You will gain all the confidence you need to effectively use and manage your private keys with multiple cold storage options in 2024.
With an electronic form of money that exists only in cyberspace, how could we ever be sure our private keys are secure from hacks and bad actors?
TL; DR: While keeping Bitcoin on exchanges offers some protection, it also carries risks like potential hacks or legal issues, as experienced by Mt. Gox and FTX users.
Cold storage is the most secure method, allowing users to have self-custody of their Bitcoin and control it through private keys, thus mitigating risks associated with exchanges.
Feel free to jump to any section below if you are short on time!
Leaving Bitcoin on an exchange can keep it relatively safe from self-inflicted wounds but poses an entirely new set of risks to savers.
The cold storage solution
That’s all well and good, but what does it actually mean? Let’s dive into self-custody, cold storage and how they work in 2024.
Cold storage is a type of self-custody where individuals hold their private keys in a manner that keeps them off devices that are connected to the internet. It’s a similar concept to physical two-factor authentication devices like Yubikey.
You can essentially create your own vault in cyberspace, accessible anytime, anywhere, but only unlock it with a physical private key that could be hidden anywhere.
There are several different cold storage solutions. Some of the most popular physical device options include:
Cold storage enhances security by removing your private keys from the internet. This prevents your Bitcoin from being accessed by anybody in case of an exchange hack or unauthorized access to your phone or computer.
Imagine a vault in cyberspace that remains secret unless someone steals your data. In the event of a compromised phone or computer, the worst thing that can happen is a bad actor can view your balances. That’s about it.
The offline devices required for signing transactions remain offline and secure, requiring attackers or bad actors to gain physical access to those devices to actually move the Bitcoin.
Below, we will walk you through a broad overview of the steps involved.
Once you purchase your hardware wallet, you need to set it up. Devices like Passport come with native apps that give you step-by-step instructions. Others, like the ColdCard, may require a little assistance from BTC Sessions mentioned above… but all have the same general process.
Upon power-up, devices will ask users to create a PIN. It’s important to remember the pin, but it’s not a critical mistake if you forget it. After a pin is created, the device will generate your seed phrase. The seed phrase is a string of 12 or 24 words cryptographically hashed into your public key or receive addresses.
The seed phrase is your private key, the secret that allows you to control your Bitcoin. It is recommended that seed phrases be backed up to protect them from fire or water damage.
The seed phrase is what allows you to restore your wallet in a device if you forget your PIN and lock yourself out or the device breaks and is no longer usable.
Recording and securing your private key properly is the most important step in this process.
Devices often allow you to reenter your private key to confirm you recorded it correctly. If optional, I recommend you take this extra step for another security check.
Do not, under any circumstances, enter your private key or seed phrase into any internet-connected device at this point.
Wallets will allow you to export a public key into Bitcoin wallet software to generate an interface with your wallet. This is often called uploading a "watch-only wallet.”
After confirming your key, you can export your extended public key (XPUB) from your device to whatever Bitcoin wallet software you choose.
When you do this, a new address is generated. When attempting to send Bitcoin, wallets require a signature from whatever device you use.
One of the things about Bitcoin is that it exists everywhere all at once; users can upload their XPUBs to multiple software wallet interfaces simultaneously. They can also use the same private key on multiple hardware devices for redundancy.
However, this is not recommended because it increases your attack surface.
The first step to creating paper wallets is to NOT DO IT. Set up a hardware wallet instead.
Expose you to an increased risk of loss due to fire or water damage.
Paper wallet generators depend on websites and software downloads.
These may contain malware that can steal your private keys.
If you would still rather use a paper wallet, you should:
Use websites like bitaddress.
Make sure to disconnect your computer from the internet before generating your keys.
Run virus and malware scans before generating keys.
Once you can access a computer not connected to the internet, you can run the software through a USB drive and generate your keys. This will provide you with a public and private key pair, typically presented as two QR codes with strings of hashed data.
Print the keys on a piece of paper, and your Bitcoin wallet has been generated.
Ensure you delete all digital copies of the wallet once you’ve printed them out. If they remain cached on your device, it leaves you open to theft if your devices become compromised. We recommend that the private keys be stored similarly to valuables or jewelry.
A fireproof safe or safety deposit box are both great options. However, it cannot be guaranteed that your paper keys will remain viable when exposed to the elements such as water, humidity, or heat.
Generate paper keys at your risk.
The best option for securing your private keys and hardware wallets is immediately taking them on a boating trip, accidentally throw it away or losing them at the bottom of a large body of water.
Joking aside, it’s not a big deal if you lose access to your hardware wallet, provided you backed up your seed phrase correctly. However, losing access to your seed phrase means you lose access to your Bitcoin.
After setting up hardware wallets, it’s common practice to send a small amount of Bitcoin to your address before wiping your device and restoring it with the seed phrase to ensure you can regain your wealth if the hardware is lost or no longer functional.
Now to physical security. The key to maintaining security in your cold storage is to ensure that private keys remain secret and secured. Signing devices or hardware wallets should also be hidden and secured as well, though in a different location from their private keys or seed word backups.
Many people lock their keys in safes or hide them in unusual locations. Companies like Crypto Cloaks make products that allow you to mount your hardware wallets onto or inside wherever you want.
Fun Fact: Some Bitcoiner’s are known to even hide their seed phrases inside of walls or furniture.
Just remember, the most security may add complexity. Complex setups could result in unforeseen errors that prevent you from recovering your Bitcoin.
What if your brother moves and loses his piece of the seed?
What if you experience a falling out with someone safeguarding one of your backups?
You need to consider many aspects when determining how to best secure your seed phrase.
Generally speaking, you want to have them within a day’s travel time just in case of emergency.
** Creativity is good here, but don’t go crazy and shoot yourself in the foot.
There are a few hard and fast rules when setting up your Bitcoin cold storage.
Treat it as you would treat any valuable bearer asset like jewelry, large amounts of cash, ammunition, you name it.
Treat it as if it’s worth at least 10 times more than it currently is. Bitcoin has a tendency to explode in value in short periods of time — plan your security for the long term so you’re not scrambling in the bull market to make your sites safer.
Geographical distribution is also a popular method.
Hide your seed phrase in your friend’s or family member’s home.
You can divide the seed phrase into several pieces and distribute those to multiple parties.
Follow these two guidelines, and you should be all right. For those seeking more specificity, follow along below.
Hardware Bitcoin Wallets
What: Users store private keys on a purpose-built piece of hardware.
Pros: Private keys never touch the internet, which reduces the risk of losing them. Suitable for long-term storage. If you lose your hardware wallet, you can use the backup seed phrase to restore your wallet.
Cons: Users must secure a seed phrase backup, which requires a thoughtful strategy to protect it. It’s recommended to write down your seed phrase on metal and store backups in multiple locations.
If your hardware wallet is stolen, your funds are at risk of being hacked. Protecting seed phrase backups is standard practice for wallets where the user controls the private keys.
What: Typically involves printing out your Bitcoin public and private keys on paper.
Pros: Secure and offline, reducing online hacking risks. They offer full control over private keys and Bitcoin assets, are cost-effective and easy to create with just a printer and paper, and are not prone to hardware failures like digital devices.
Cons: Secure but vulnerable to physical damage, inconvenient for frequent use, and pose a high risk of irreversible loss if lost or stolen. They lack recovery options, require secure storage, and carry a risk of key interception during printing if the printer is not secure.
Paper wallets are just not that reliable. Have you ever seen a baby with a book?
Sometimes it’s cute. Other times, they just start tearing it apart for no reason at all. Sometimes, they try to eat it.
Now, picture that baby with your paper wallet after just hitting your first full Bitcoin. It’s not really a great option if you want to store wealth long-term.
Bitcoin cold storage rules are similar to Fight Club. Don’t talk about it unless you completely trust them, like a spouse or next of kin. No device is perfect. All will inevitably have vulnerabilities that can be exploited.
Pro Tip: Downloading software updates from emails is a surefire way to get your coin jacked from a phishing scam.
And… Last but not least, once your key is generated and backed up, NEVER type that thing into a device connected to the internet. Your phone or computer’s notepad is not a great place to store seed phrases.
Now that you have a clearer understanding of the importance of securely storing your Bitcoin, it’s the perfect time to start your Bitcoin journey.
Buy Bitcoin with Swan today and take the first step towards a more secure and sovereign financial future. With Swan, you’re not just buying Bitcoin; you’re investing in peace of mind.
Thinking about Bitcoin retirement options?
Swan IRA — Real Bitcoin, No Taxes*
Hold your IRA with the most trusted name in Bitcoin.
Mickey Koss became a freelance writer in the Bitcoin space in an attempt to build a proof of work portfolio for when he left the Army. He graduated from West Point with a degree in Economics before serving in the Army for nearly a decade. He became orange pilled in graduate school and is now a regular contributor to Forbes, Bitcoin Magazine, and Bitcoin News. He’s been on popular podcasts such as BTC Sessions’ Why Are We Bullish, and is a regular on Café Bitcoin.
More from Swan Signal Blog
Thoughts on Bitcoin from the Swan team and friends.