Before investors can acquire digital assets directly, they need to obtain a cryptocurrency wallet with which to store their digital assets. A wallet is an application or a hardware that allows users to send and receive cryptocurrencies. Wallets may support just one cryptocurrency or a range of them. Each wallet comes with a public key and a private key, which can be likened to an email address and the corresponding password. If the blockchain underlying a cryptocurrency is said to be public, which is the case for most established cryptocurrencies, it means that anyone can use blockchain explorers view the amount of fund in a particular wallet if they know the corresponding public key (there are also privacy coins whose transactions are hidden from the public). For instance, BitInfoCharts utilizes this feature and lists the “richest” Bitcoin wallets on their website. Although anyone with the public key to a particular wallet can view the funds stored within the wallet, they cannot access the funds unless they have the private key. This also means that to lose or to forget the private key to a wallet is to lose access to the cryptocurrencies stored within the wallet. Over the years, many people reported losing millions of dollars’ worth of Bitcoin due to negligent storage of their private key like James Howells, who famously threw away a computer hard drive containing the private key to a wallet with 7,500 bitcoins by accident.(1) Even institutions have failed to implement appropriate measures in securing their private keys in the past, as was the case for QuadrigaCX, one of the largest Canadian cryptocurrency exchanges. The exchange stored their customers’ funds in a single wallet and the private key to the wallet was held solely by the founder of the exchange. When the founder passed away unexpectedly, the private key to access their customers’ funds were lost, which was worth $190MM at the time of the news report.(2) As such, it is imperative that cryptocurrency investors exercise prudence in securing their private keys and understand how exactly their funds are stored, especially if they are replying on third-party custodians.
The recognition of the need for a better user experience and the ease of navigating custody of cryptocurrencies has driven innovations to address such issues. One prominent feature that is commonly used to enhance the security of cryptocurrency custody is multisignature, or multisig for short. A multisig wallet is a wallet which requires multiple keys to access the funds stored in the wallet, or mathematically, only m of n private keys are required. This does not only enhance the wallet security by requiring multiple keys to access the wallet, but it also allow the custodial responsibilities of cryptocurrencies to be shared by a group of people, all the while insuring against the case where one of the keys is lost.
There are also other innovations around private key management, such as HTC’s Society Key Recovery mechanism, which was developed to protect the users of EXODUS 1, HTC’s latest blockchain phone which supports the storage of cryptocurrencies on the device, against the loss or theft of the phone. It does so by allowing users to securely share encrypted bits of their private keys with trusted contacts such as one’s family members and close friends, enabling users to recover their private keys by retrieving them if necessary.(3)
Wallets also vary in the levels of security they offer. All wallets fall on the spectrum of hot and cold. Hot wallets are wallets which are connected to the internet whereas cold wallets are ones which are offline. While connectivity to the internet provides hot wallets with the ease of access to the funds, which makes them ideal for day-to-day usage, their connectivity also make them more vulnerable to hackers compared to cold wallets. Conversely, cold wallets are ideal for security, but do not offer the same convenience as hot wallets in accessing the funds. For this reason, the use of multiple wallets is encouraged for security reasons. It may be helpful to think of hot and cold wallets as checking and savings accounts respectively.(4)
Additionally, wallets can exist in the form of a software, hardware or a piece of paper, in order of hottest to coldest on the wallet spectrum. Software or mobile wallets are applications which can be downloaded on computers and smartphones, many of which have intuitive user interfaces and are easily accessible. These apps generally store the private keys on behalf of the user and allow them to access their funds through numerical passcodes or mnemonics generated from their private keys. Hence, users may be exposed to the risk of these software and mobile apps being hacked and losing their funds, depending on how the security of the wallet is configured. Hardware wallets are “colder” relative to software or mobile wallets. These are USB devices and some of them come with physical keys for an additional layer security of pin-protection in addition to encrypted passphrases. Lastly, on the extreme cold end of the wallet spectrum are paper wallets and private keys which have been committed to memory by individuals. A paper wallet is basically a piece of paper which contains the private key or encrypted passphrase which has never been recorded on any electronic device. When generating private keys for a wallet, users may want to take extra care to ensure that the computer they are using are free of virus and it is generally advised that they do not print their keys with a printer as printers can also be compromised in hackings.(5)
One of the most trusted Bitcoin wallets is Bitcoin Core, a software wallet whose security relies on users maintaining the full ledger of all transactions on the Bitcoin network. Its high level of security and stability come at the expense of storage space (200 GB of disk space) and memory consumption of the computer it is running on. For a list of Bitcoin wallets approved by the Bitcoin community and a brief description of each of them, investors can visit https://bitcoin.org/en/choose-your-wallet.
Once an investor has decided on a wallet, depending on the wallet’s user interface, first time users may find the wallet interface unintuitive. Additionally, it is common experience for users to feel anxious as they transfer large quantities of digital assets to or from their wallets for the first few times. Investors may find it helpful to familiarize themselves with the Public Key Infrastructure (PKI) in cryptography in gaining confidence in dealing with cryptocurrencies. Doing so would also allow investors to appreciate the extent of the security of cryptocurrencies. Nevertheless, many leaders in the crypto industry have acknowledged the poor user interface around cryptocurrencies and are working make them more accessible and usable for lay users.(6)
3. Third-party Custodians
While self-custody of cryptocurrencies may be a viable option for investors are who making small or personal investments, investors who are making investments on behalf of others may be subject to the custody rule. It requires fund managers to store their clients’ assets with qualified custodians. Although there were only a few credible crypto custodians in the past, the number of traditional institutions and cryptocurrency exchanges are offering crypto custody services is rapidly growing. To name some such companies, Fidelity now offers custody of cryptocurrencies, Bakkt, a cryptocurrency exchange backed by the Intercontinental Exchange (ICE) has acquired the Digital Asset Custody Company and announced a partnership with BNY Mellon, and Coinbase, one of the leading cryptocurrency exchanges, announced having over $1 billion in AUM in just a year after launching its services in May 2018 (7) and has recently acquired Xapo, one of the oldest cryptocurrency custodians. These custodial services are targeted at institutional investors and the growth in the sector seem to suggest the high demand for such services.