Cryptocurrency is powerful because it gives you complete control over your money, but this also puts the responsibility of proper security and procedures completely with you. As part of SimpleCrypto's goal of advancing cryptocurrency accessibility we've put together an educational article on how to properly secure your wallets and ensure that your funds are safe at all times.
Which wallet?
All cryptocurrencies use a "wallet" of some kind. A wallet is a program that allows you to send and recieve cryptocurrency. Well established currencies (mainly Bitcoin) have a wide range of wallet options available, but to try and provide information that is applicable to the widest range of users we'll be discussing the "reference wallet." This is frequently referred to as the "QT wallet", and is frequently the only option available for less popular cryptocurrencies.
Understanding Wallets
Your wallet is simply a file on your computer. It contains three main types of data in it:
- Addresses (public/private keys). This is the important part, and is what actually allows you to spend your coins. If you lose this data, you can never spend your coins!
- Transaction history. This is simply a copy of the data that is in the blockchain. This allows quick review of the history without re-downloading everything.
- Metdata (names, etc. not important really). For example, the account name associated with one of your addresses.
Your wallet stores all the addresses in what's called a "keypool." This is simply a collection of keys (addresses). When you first create a wallet (which happens automatically when you start the client for the first time) a keypool is generated. Usually it starts with 50 keys. Each time a new address is needed it's taken from the keypool. That is, unless the keypool is out of unusued keys. If this is the case then the keypool gets "refilled" with fresh, unused keys (usually 50).
Backups
Backing up your wallet is fairly simple. Once you locate the wallet file on your computer (detailed instructions can be found here) then you can copy it onto a flash drive. Ideally this flash drive should be stored in a fireproof/floodproof box, and possibly have multiple flash drives. If you wanted to be even more safe you could purchase a FIPS-140-2 certified flash drive which has stronger garuntees about data durability and can encrypt the data stored on it. You could also consider storing the drive in a safety deposit box.
Encryption
Wallets can be encrypted with a passphrase to protect them from unauthorized use. This means that even if the wallet is stolen the thief will have to work very hard to steal your funds. You should always encrypt your wallet.
Backups become stale?
Unfortunately yes, at least with the "QT" wallet. Some newer wallets use what are called "Hierarchical Deterministic Keys" which derive (generate) all new keys from a single root key, but unfortunately this isn't an option for a lot of cryptocurrencies.
Most backups will become stale due to something called change addresses. The reasons for change addresses are beyond the scope of this short article, but all you need to know is that every time you send coins a new address gets used, one that hasn't ever been used. A portion of your coins will actually go to this "new" address. This address is taken from the keypool as discussed above.
The issue of stale backups comes in when the keypool is out of pre-generated addresses but a new one is needed. When this happens new addresses will get generated, but these addresses aren't in your old backups! This is when you need to make another backup.
Determining stale backups
The most straightforward way to determine that a backup is stale is to check
the "keypoololdest" at time of backup, and then occasionally check it when
sending out coins. Check your keypoololdest by going to "Help -> Debug" and
then typing getinfo in the terminal. If the "keypoololdest" of your backup is
smaller than the "keypoololdest" shown then it's time to take a new backup.
If the "keypoololdest" of your backup is smaller than the "keypoololdest" shown then it's time to take a new backup.
Coldstorage wallets
Most of your money doesn't need to spendable all the time. One way to reduce your risk of theft is to maintain "cold storage" wallets. These are wallets where the keys aren't stored on a computer unless you need to make a withdraw, making them much safer from the threat of theft. This can be done using paper wallets, but could also be done simply by maintaining two separate wallet files, one of which is never on a computer longer than needed. This is a really good idea if you have a substantial amount of money held in cryptocurrency.
Conclusion
Does this sound like a lot of headache? Well, unfortunately it is, especially if you are managing funds in many different cryptocurrencies or are running a business that relies on crypto. Solutions like Electrum ease much of this pain, but are unfortunately only good options for Bitcoin at this time. Issues like these are true inhibitors to widespread adoption of cryptocurrency and SimpleCrypto hopes to slowly ease these problems and bring cryptocurrency into the mainstream.
We hope that this is informative can help keep crypto users stay more secure. If there are other topics that you'd like to see us write about let us know!
TLDR;
If you're using the QT wallet:
- ALWAYS encrypt your wallet with a strong password that isn't stored on your computer.
- ALWAYS have at least 1 backup of your wallet stored somewhere safe. Ideally not on a running computer.
- FREQUENTLY check your
keypoololdestand update your backups as needed. - NEVER Send your wallet file to anyone you don't trust.
References