Your crypto wallet is not your debit card

Bitcoin wallet

If your bank never performs any second-line identity verification checks, anyone who picked up your debit card would be able to walk in, hand it to the bank teller, and walk out with all the money you have in cash.

But that doesn't happen, because banks know someone with possession of your card isn't necessarily authorized to use it, and oftentimes one has to jump through many more hoops to get a transaction processed. 

You bring your ID card along, verify your date of birth and answer other sundry questions, as well as enter your PIN code into some terminal for good measure. The platoon of CCTV cameras hanging overhead throughout the premises will also capture your face and everyone else's as a psychological deterrence against mischief.

However, when it comes to cryptocurrencies, it’s a completely different ball game. Most people don’t transact through a bank—that’s kind of the whole point of it being decentralized. As a result, individuals themselves become responsible for implementing security, specifically through their selection of cryptocurrency wallets.

Going to extremes with wallet security isn’t crazy

There shouldn’t actually be a big difference between securing cryptocurrencies and traditional money. In essence, both are about managing information deemed adequate for verifying our identities. But for the Bitcoin blockchain, ownership of your cryptocurrencies is solely tied to the possession of your wallet’s private keys. To draw an analogy, identity management would be as robust as in the scenario described above, where verification stops at you simply being a card-holder—simply possessing the private key stored in your crypto wallet. 

This is probably why people go all out to secure their cryptocurrency coins with hardware wallets in a way no one ever thinks necessary with their debit cards or ATM PIN codes. Without a bank to manage the consequences of losing our private keys, people get a little anxious about wallet security. Maintaining the checks and balances that secure access to your crypto holdings is now performed by your wallet.

Is there a best option for storing cryptocurrency?

So how should one go about evaluating wallet security? The imperfection of the “digital money” metaphor is becoming better understood, but so should the failure of the “wallet” comparison - when you lose your crypto wallet, you don’t lose your crypto coins. That is because a crypto wallet doesn’t store coins but houses your private keys. Therefore, the physical security of the wallet doesn’t matter as much as whether the key can be recovered safely and remotely in case of physical destruction. 

What is most important, however, is how hack-proof the wallet is against malicious and unauthorized access. A secure wallet should be able to prevent your private keys from being leaked at any time, especially during a transaction. The best situation would be that even if the wallet were to be stolen, the private keys should remain protected by encryption.

Hot or cold or … both?

Wallets have varying risks of leaking these keys, often based on the extent of key exposure to the web. If you imagine the web to be a hot source of malicious threats, permanent “cold storage” or disconnection of keys will seem like the gold standard. Unfortunately, it’s not a good thing to fix our minds on a stiff dichotomy between safe + inconvenient (cold) and less safe + convenient (hot).

Under these strict “hot” and “cold” categories, we draw our strategy lines along how much value we're willing leave unsecured in order to retain practical use of our coins.

The popular recommendation is for people to segment their cryptocurrency holdings into various buckets of value to use hot/cold wallets in combination: online or software hot wallets for small amounts of cryptocurrency used in daily spending, hardware cold wallets for savings, and paper wallets that you might lock up in a real, physical security vault at a bank, functioning almost like a fixed deposit account. 

However, this distributed solution isn’t an ideal situation for managing your coins, because the gap in convenience between a hot wallet and a cold wallet is so wide—and we know the battle between security and convenience is one in which convenience often wins.

People are likely to store a significant value of cryptocurrency in their hot wallets anyway, considering how inconvenient it is to try transacting with a USB—the form-factor of typical hardware cold wallets take these days.

Forget the labels, make way for innovation

Looking at the popularity of hardware wallets and promising efforts to improve payment convenience, the trend is likely to skew towards more authentication and connectivity enhancements for hardware wallets to become the popular default in mass adoption of blockchain-enabled payments.

Ledger, for one is toying with the idea of hardware to hardware transactions, and others are integrating NFC and Bluetooth connectivity to leverage payment terminals already familiar to the retail space.

With hardware wallets, you can also achieve a sophisticated separation between the authentication of device access and the authentication of payment. This preserves transaction anonymity while allowing enhancements in the identity verification capabilities of hardware wallets, specifically leveraging on technologies familiar to mobile banking such as OTP (one-time password) or even biometric integrations.

The critical choice will therefore no longer be between hot and cold wallets, but whether hardware wallets will be able to simultaneously strengthen key secrecy while securing increased connectivity—forget the hot and cold labels, what we should strive for is leak-proof hyper connectivity.

Within the cryptocurrency environment, the area of greatest vulnerability remains user key management, and therefore wallets are currently the weakest link. While people may be satisfied for now with the use of multiple wallets as a distributed solution for securing their currencies, cryptocurrency storage options will need to innovate quickly to support the accelerating adoption of blockchain-enabled transactions. 

As decentralized ecosystems of commerce, communication and investment start to take root, we cannot be blindsided by the newness of change, without considering the challenge key security poses to its viability. Recognizing the important role wallets play in this emerging future might help us to see where accelerated efforts are badly needed—both safeguards and connectivity. 

Kaiying Fu is Communications Manager at Penta Security Systems Inc.  An information technology security firm headquartered in Seoul, South Korea