CNET también está disponible en español.

Ir a español

Don't show this again

Explainer Online

How to keep your cryptocurrency safe

Everything you need to know about hot wallets, cold storage and seed phrases.

@benglabs

One of the hallmark qualities of cryptocurrency is its virtuality. Unlike most other forms of currency, crypto has no physical embodiment. You can't get it as paper, coin, bar of gold or fancy bead. There's no token that needs to be locked up in a bank vault or buried beneath a mattress.

But like anything valuable, cryptocurrency needs to be protected. It exists as a natively digital entity that requires an internet connection for any transaction -- and that connectedness makes it vulnerable to hacking. In fact, despite its ethereal nature, it's at least as susceptible to plunder as cash or gold. And with cryptocurrency, these violations are likely to come remotely.

Read: Bitcoin explained -- everything you need to know

Exchanges' default wallets are risky

Many newcomers buy cryptocurrency from an exchange, such as Coinbase or BitFlyer, and leave their holdings in those sites' "custodial" wallets. But like any other online entity, the exchanges are vulnerable to hacking -- and as the crossroads for many billions of dollars of transactions every day, they make for particularly attractive targets. The cautionary tales of Mt. Gox, which "lost" 750,000 of its customers' bitcoins in 2014; NiceHash, which was robbed of $60 million in December 2017; and a recent close call at Binance show the risks associated with leaving your coins in an exchange's online wallet.

Cold storage vs. hot wallets

Conventional wisdom dictates that if you've got more virtual currency than you'd be comfortable carrying around on your person, or you intend to hold it as a long-term investment, you should keep it in "cold storage." This could be a computer that's disconnected from the internet or a specialized USB drive called a hardware wallet. (We'll take a look at how those work in a future explainer.)

Dedicating a computer to store your cryptocurrency or shelling out for a hardware wallet isn't an option for everyone, however. Well known devices such as the Trezor and Ledger cost between $75 and $100 and, by design, add complexity and a few extra steps to every transaction. Software wallets, by contrast, are usually free and easily accessed though, ultimately, less secure.

Now Playing: Watch this: What the heck is blockchain?
1:49

Three kinds of software wallets

A cryptocurrency wallet's primary function is to store the public and private keys you need to conduct a transaction on the blockchain. Many also offer features such as integrated currency swapping. There are three main kinds of software wallets -- desktop, online and mobile -- and each offers a different combination of convenience and security. 

Desktop wallets are software you install on your computer. They give you lots of control over your assets but, if connected to the internet, remain vulnerable. A malware infection, the remote takeover of your computer or -- even if you're not online -- a hard-drive failure could be a catastrophe.

Read: Blockchain Decoded on CNET

Online wallets are hosted on a website. This makes them convenient because they're accessible from any internet-connected device. The downside: Your private keys are (theoretically) known to the website owner and, from a technical perspective, there's not much to stop them from simply taking your coins.

Mobile app wallets are optimized for retail transactions -- that is, paying for stuff with bitcoin or another cryptocurrency. But because your encryption keys are stored on your phone, you lose your coins if you lose your device. You thought it was a bummer to leave your phone in a taxi? Imagine how bad it will be if it has thousands of dollars of cryptocurrency locked on it.

Security fundamentals 


Whether you choose a hardware, software or paper wallet to manage your passwords and private keys, there are a handful of things you can do to keep your stash safer. These include:

  • Be super careful with any online service -- any device connected to the internet is vulnerable 
  • Encrypt your wallet with a strong password
  • Make regular backups and store them in multiple locations
  • Use multisignature security, which helps maintain control of your coins even if one of your devices is compromised
  • Generate, write down and hide your wallet's mnemonic seed -- a group of words you can use to restore your wallet in the event of a hardware failure

Some software wallet options

We'll take a high-level view of some well known software wallets to provide an overview of the different features and tradeoffs to consider. 

Note: There are many wallet options available, and we have not comprehensively tested any of these. As such, we cannot recommend any of them. As with everything related to cryptocurrency, you are advised to do your own research before making any decisions. Caveat emptor! 

Jaxx

jaxx

Jaxx

A versatile online wallet, Jaxx can be installed on a computer (Windows, Mac or Linux), added as an extension to the Chrome web browser, or downloaded as an app on an Android or Apple phone or tablet. In addition to helping you store dozens of cryptocurrencies, Jaxx's support for the ShapeShift API makes it easy to swap coins -- say, Litecoin for Ether -- right inside the wallet. ShapeShift's exchange rates aren't always as low as what you'll find on major exchanges and they do charge a transaction fee (or "miner fee"), which was about 40 cents on the Bitcoin to Ether transaction we priced out. Jaxx offers novices an easy pathway into alt-coins that aren't yet supported by Coinbase or Bittrex.

Learn more: jaxx.io

MetaMask

Super simple to install and use, MetaMask is a specialist, supporting only ERC20 tokens -- that is, any cryptocurrency built on the Ethereum platform. The good news: there are about 50,000 or so tokens (and projects) built on Ethereum, accounting for roughly 90 percent of the total cryptocurrency market cap, which was more than $200 billion at the time of writing, according to CoinMarketCap.com. 

metamask

MetaMask

MetaMask can be used to send, receive and store Ethereum tokens and private keys. All of the data is encrypted and stored locally, making it difficult for the developers or anyone else to steal your keys or coins remotely. And, in addition to its storage and transactional capabilities, the MetaMask extension connects most web browsers (Chrome, Firefox, Opera and Brave) with the growing universe of decentralized applications, also known as dApps, being built on the Ethereum platform.

Learn more: metamask.io

Exodus.io

exodus

Exodus.io

The Exodus software wallet is a good entry-level wallet for cryptocurrency newcomers. It's known for responsive customer support, copious user documentation and a refined design and interface. It accommodates dozens of coins (here's a full list) and was the first wallet to support Shapeshift. There's no mobile app yet, however, and Exodus doesn't offer two-factor authentication or multisignature addressing, which gives you the power to require approval from multiple devices before finalizing a transaction. This could give security-minded coin owners pause. 

Learn more: exodus.io

Mycelium

One of the first mobile wallets, Mycelium has since established a solid reputation as a secure and user-friendly way to store bitcoin (and, so far, only bitcoin). Like any credible wallet, it lets you generate a set of 12 "seed words" that will help you restore the wallet if you lose access to your private keys. There's no desktop interface, but it can be used in tandem with a cold storage solution, managing your accounts on a hardware device like a Trezor or Ledger. (The company also produces a USB key that generates paper wallets; plug it into your printer and out comes a paper wallet without any need for a computer.)

mycelium

Mycelium

Instead of using ShapeShifter, Mycelium runs its own reputation-based exchange platform, which helps coordinate bitcoin trades between buyers and sellers. Transactions incur a fee that ranges from about 70 cents to $8 depending on the priority you set -- that is, how quickly you want it to be confirmed and added to the blockchain.

Learn more: wallet.mycelium.com

Remember: Do your own research before installing or using any of these wallet technologies -- or trading or investing in any cryptocurrency. 

Buying and selling bitcoin: A quick and dirty introduction to trading cryptocurrency.

Initial coin offerings, explained: How can this possibly be a legitimate way to raise money?