Today we are going to look at bitcoin wallets to try and discern what they are exactly, and perhaps a little counterintuitively, what they are not. At some stage in your bitcoin journey you will ask yourself “What is a Wallet?” and then “Do I need one”.
The answer to the first question is what we will tackle within this article. As for the second question, the chances are that if you own any sort of digital assets at all, you more than likely already have a wallet.
A wallet can be thought of a way to store your assets, but it isn’t so straight forward as a place that stores your coins, it is more so the fact they store your keys that unlock your ability to spend your coins. But let’s not get too far ahead of ourselves, this is what we will explore in this article.
There are a plethora of articles, YouTube videos and resources on the various types and brands wallets available on the market, we won’t be going into any of them specifically. ColdCard, Bitbox and Ledger have good reputations and are a good place to start. For today though we will simply focus on what wallets are specifically, how they work and we will cover the 3 broad categories of wallet, namely Exchange Wallets, Cold Wallets and Hot Wallets.
This article follows on from our Bitcoin Basics series as the natural progression from the articles on blockchain, signatures, keys and addresses.
For a recap on those articles, please see:
Bitcoin Basics: Blockchain, hashing & mining….oh my!
Bitcoin Basics: Key’s, Signatures, Addresses and Seed-Phrases — Hug a nerd today!
What a wallet is not (I’m a poet and I didn’t know it).
The term “wallet” when we are talking about storing digital assets like Bitcoin is a little misleading. One could be forgiven for assuming that they are something physical that stores these digital version of coins/tokens. This actually is not the case. They don’t store these digital versions of coins, they store your keys.
Then what is a wallet?
We need to go back and review our “Bitcoin Basics: Key’s, Signatures, Addresses and Seed-Phrases — Hug a nerd today!” article for a quick recap on Signatures and Seed-Phrases.
- Recall that the bitcoin ledger is simply a blockchain containing comprehensive lists of transactions and addresses and balances?
- Also recall that addresses are derived from keys with the Seed-Phrase/Private-Key relationship being the cornerstone of that process (Figure 1)?
- And then, finally recall that when you want to spend balances from your addresses, you need to be the holder of the private key associated with that address. When you want to spend any of the funds held by those addresses, you must cryptographically sign this transaction using that Private-Key.
A wallet can be understood in its simplest terms as a handy way to store and use that Seed-Phrase/Private-Key and provides the interface for you to be able to sign transactions.
At their most fundamental level, that is all a wallet is, a storage device not too dissimilar to a USB stick, or an app on your phone or an application on your desktop, that is storing data. That data being your private-key/seed-phrase. The manufacturers/developers then add their individual bits of flare from connectivity, interfaces and software features to make the user experience more seamless, user-friendly and feature-packed.
The 3 main types of wallet. Exchange Wallet, Hot Wallet and Cold Wallet.
Exchange Wallet
Exchange wallets are likely to be the most common wallet in use and will more than likely be the first type of wallet most people interact with when they first buy bitcoin (even if you are unaware of it). And while it is the most common, it is also the least secure. You may have previously heard the term “Not your keys, not your coins”. This is exactly the situation that statement is referring to. For each type of digital asset you hold on an exchange, the assets are stored in their own wallet. The exchange therefore holds the keys to those funds held within their addresses. You simply have a claim to that asset.
Exchange wallets are the least secure method of storage for your assets as you are leaving yourself open to attacks on the network, malware attacks on your PC, phishing attacks for your personal info, data leaks, or hacks of the exchange itself, or insider attacks from the employees of the exchange.
It is NOT recommended to store large amounts of wealth on an exchange. While you are dollar-cost-averaging into you bitcoin position, as soon as your position becomes so large that it would be impactful to you if it were lost, it is time to find an alternative solution to storing your keys. That amount is different for different people, so you need to decide your level of risk for yourself, however I would suggest a good bench mark would be above $1k in assets, you need to be thinking about an alternative solution.
I have heard many people argue that most of these exchanges are quasi-regulated now, but that still doesn’t mean they guarantee the funds within your exchange account, or are even obligated to do so. There have been many instances of exchange hacks over the years (even the big exchanges) where people lost everything, and the exchange operators simply wipe their hands and walk away. As much as I hate banks, at least most of those deposits have a guarantee over them (at least here in Australia that is the case). However we can “one-up” the banks by you becoming your own bank and that is achieved by managing your own keys.
Hot Wallets
Hot wallets are a term to describe a wallet that directly touches the internet. The “Hot” part of the name referring to the fact that these wallets are live on the web. These are a less-than-ideal way to store your keys, but are one step up from an exchange wallet, provided they are managed effectively.
By removing funds from an exchange wallet you are removing the 3rd party risk by taking control of your keys. This is what we call “taking self-custody of your bitcoin”.
But why do we need to worry about a wallet being “Hot”. While you have significantly reduced your exposure by taking self-custody of your bitcoin, there remains that attack vector by having these keys stored directly on a device that interfaces with the internet. We are leaving ourselves open to attacks, hacks, malware and spyware.
Hot wallets can refer to either mobile wallets or desktop wallets and there are a number of reputable names within the space, they are a great way to start playing around with wallets, some offering test-net environments so that you can play with their features without using your physical funds. Hot Wallets are a great way to get familiar with sending and receiving funds between addresses.
Setting up your hot wallet.
When you download a hot wallet client they normally give you a few options which can be confusing at first. Desktop wallets can sometimes be a tad bit trickier than mobile wallets, due to advanced features and interoperability with cold wallets (which we will look at next) and connectivity to nodes (e.g the bitcoin core software). Use the tutorials and online guides when provided to set up your wallet.
Most software packages/apps will let you generate a new wallet by generating a new 12/24 words seed phrase. Write this down and keep it secure. Keep a backup copy at your mum’s house.
Remember, if someone gets a hold of any of these backups they have access to your funds, they essentially are holding the keys to unlock your wealth in their hand so you need to keep it secure and out of sight.
Once you have created your wallet, confirmed and then backed up your seed-phrase, you are ready to send yourself your bitcoin.
Sending yourself some bitcoin
For your first time sending yourself your funds from your exchange wallet to your hot wallet, it is highly recommended you send a small amount of bitcoin first to ensure you are completely comfortable with the process. You will feel much more confident once that small amount lands within your hot wallet. It is totally worth the extra transaction fee the exchange will charge you to do 2 transactions of your funds, knowing you have done it correctly and haven’t risked your entire kitty in the process.
To send yourself your funds go to your hot wallet and click “receive”. You will be presented with either a QR code, an alphanumeric string of characters or both (usually both).
Go to your exchange wallet, open it up and hit “send”. Enter a small amount to send yourself (some exchanges have a minimum), and either copy and paste the address in from your wallet or use the QR code if you are able. When sending to a desktop wallet, I like to use my mobile to do the sending from the exchange so I can use the phone’s camera interoperability with the QR code. It is just easier, simpler and less prone to making a mistake. Either way, you want to double (or triple) check each and every character on the sending and receiving addresses.
Why do you need to be so careful? You need to take the time to check this, because one wrong move can mean lost funds…. forever. Once you have confirmed a bad transaction it is lost forever, there is no reversing of a bitcoin transaction and no intermediary to roll it back (unlike some other shitcoins which shall remain nameless).
This is what makes bitcoin such a powerful monetary network, nobody has control of it, nobody can stop a transaction and nobody can roll it back, however as Uncle Ben said to Peter Parker “With great power comes great responsibility”. With a little know-how, patience and effort you won’t make a mistake.
Most wallets check for valid addresses these days, so cutting off the starting or finishing character might be enough to flag it as a bad address, but never put trust in this assumption. Don’t trust, verify.
Once that initial small transaction is completed and confirmed, feel free to send the rest of your funds over, remember to double check the send/receive addresses to ensure they are correct before committing.
NB: You should always try to generate a new receive address each and every time you send and receive funds. It helps with adding privacy to your transactions and to your bitcoin ownership.
To illustrate this with an fictitious example. Joe had a balance of 0.5BTC on an exchange, Joe sent it to his hot wallet in one transaction some time ago. Joe decided to buy a guitar off his mate Max for 0.010BTC which is sent to Max’s address on-chain. Max looked up the Tx ID on the blockchain, saw the receiving address and the UTXO’s (explained below) and could therefore tell Joe still had a balance of 0.49BTC. Lucky they are mates so Joe didn’t really care, but this isn’t always the case, you don’t want people knowing how much bitcoin you have.
You can overcome this by sending large amounts in smaller tranches to create many UTXO’s to many addresses and thus, make it harder for people to analyse the blockchain.
There are other options such as coinjoins which you can explore at your leisure.
Side Track 1: What the hell is a UTXO?
Within bitcoin transactions there usually exists 3 UTXO’s. UTXO stands for unspent transaction output. When we first receive funds in a wallet, those funds are held in an UTXO linked to your address. When you want to spend some of these funds, 2 new UTXO’s are created, one for the receiver of the funds and the second with the remaining balance of the those funds (less the transaction fee which gets allocated to the pool of fee’s awarded to the miners). There can be one of many UTXO’s at the input, depending on the balances of each and the amount you wish to send, and 2 UTXO’s at the output for a standard transaction.
Sidetrack 2: Connect to your node
Many hot wallets will also allow interoperability with your Node should you be running one. As a bitcoiner, you should be running your own node, this is the natural progression once you get past this point in your bitcoin evolutionary cycle. If you aren’t there yet, don’t worry, the more you learn about bitcoin you will find yourself actually wanting to take part and do your bit to secure the network, but this is by no means a necessity to benefit from the technology.
A node is simply a copy of the bitcoin ledger and the protocol wrapped up in a software package running on a computer like your PC. Some choose to install dedicated hardware devices for their nodes like Raspberry Pi’s. Nodes are the keepers of the truth and provide the true decentralisation of the bitcoin protocol. Running a node helps “do your bit” for the network and costs virtually nothing to run, the more nodes, the more decentralised and secure the bitcoin network becomes.
Back to the show: Lightning or Bitcoin?
Many hot wallets now also come with lightning functionality. Lightning is the second layer on top of bitcoin allowing for fast, instant and cheap transactions. We won’t dig into lightning today, for now, simply understand that a lightning address usually can’t be used to send bitcoin from an exchange to your hot wallet. Not yet at least but many exchanges are starting this transition. If you are not sure, just make sure you are on the “bitcoin” side of your wallet (Figure 2).
Lightning on the second layer is not as secure for large transfers. Lightning is designed be used for purchasing coffee or McDonalds, not for transferring portions of your generational wealth portfolio. For large amounts, ensure you are using the bitcoin base layer, it is worth a few extra dirty fiat dollars knowing it is on the base layer. Future articles we will dive into the lightning network and highlight the differences between the layers, the security and tradeoffs that occur and the typical use-cases for each layer.
Sending funds
Sending funds from your hot wallet is not too dissimilar to what we just saw with sending funds from an exchange. Once the receiving address is known, this is pasted into your wallet’s “send to address” field. Check the address and hit send. Depending on the app and the security layers, it is always good practice to use two-factor-authentication (2FA) methods to verify identity before approving transactions, if your wallet supports this, ensure to enable it. As a side tip, avoid SMS verification wherever possible for 2FA, sim swap attacks are a thing and do occur, use authentication apps instead. This goes for your exchange accounts too. Don’t risk it.
How much should I keep on a hot wallet?
There is no set amount as a maximum amount to keep on a hot wallet. If properly backed up and good security habits are maintained, some people are comfortable storing larger amounts than others on a hot wallet. That is the key point right there, that amount is different for different people. Personally, I treat hot wallets the same as I treat exchange wallets. As soon as the amount becomes uncomfortably large, I look to move to it to cold storage. A good analogy I like to use is the analogy of how much cash am I comfortable carrying around in my old-school, back-pocket leather wallet. A couple of hundred dollars is fine for me, above $1000 and I am probably more nervous and above $2000 and I start to become aware of it. Time to move it on.
Cold Wallets
What’s the difference?
A cold wallet is a way of holding your keys in a way where the wallet doesn’t touch the internet directly. The most common type and easiest way of using cold storage for your bitcoin is by using a hardware wallet. Hardware wallets come in many shapes and sizes including many features and software packages. Figures 3.1 and 3.2 show a few popular hardware wallets available on the market. Like everything, there can be trade-offs to be made for the sake of ease and interoperability.
Hardware wallets usually come with their own software interface from the manufacturer. You place a certain amount of trust when using hardware wallets, so you should always buy direct from the manufacturer to ensure your device hasn’t been tampered with. Using the manufacturers software may mean you are giving up some privacy, but some trade-offs are worthwhile or even necessary depending on your tech-ability.
Like hot wallets, many cold wallets can be configured straight to your node so you do not need to use the manufacturers software and this gives you a bit more control, freedom and privacy.
Hardware wallets are undoubtedly the best way to secure your bitcoin. You are removing all the 3rd party attack vectors by taking self-custody of your keys. The only person who can fuck it up………you.
When you first receive your hardware wallet, follow the guides provided to setup a new wallet and generate your seed-phrase. Just as we did with the hot wallets, these seed-phrases need to be written down, backed up and secured. If anyone gets a hold of your seed-phrase, they have your bitcoin. But storing your seed-phrase backup is necessary to get access to your bitcoin should you lose or damage your hardware wallet.
In the event a hardware wallet is lost, stolen or damaged, your seed-phrase can be used within any type of wallet, whether it be hot or cold to get access to your bitcoin quickly. It is then recommended you create a new wallet and transfer your bitcoin over to the new wallet.
Most hardware wallets have a pin or passphrase in addition to your seed-phrase in order to use them, so in the event it gets lost or stolen you still have piece of mind that there is this security layer protecting your keys.
Most hardware wallet manufacturers provide graphical user interfaces to help you manage your keys via the hardware device, these software packages are usually packed full of additional features to add icing to the cake. These software packages will usually scrub the blockchain for the transaction history for any address associated with your keys, tally them up, provide balances and more. They will also help you manage spending, UTXO management and can even provide csv exports of your balance and transaction history, handy at tax time.
Receiving Funds
Receiving funds is very similar to using the hot wallet with the exception of now having to plug in your hardware device (or similar process depending on the wallet) to generate and verify the receive address.
It is an exceptionally good habit to get into to generate and manually verify a new address each and every time you send funds to yourself. It will ensure they are going to get to where they are intended to go and not into the hands of some clever hacker who knows how to alter your address book within your exchange account. And as we saw earlier in this article, generating new addresses can help increase your privacy.
Sending Funds
When you wish to send funds from your hardware wallet, you will have to sign that transaction with your Private Key. This is as simple as hitting send, pasting the destination address in, confirming the amount and pressing send. Your software will normally prompt you then to plug in your hardware wallet , review the transaction and confirm it on your device (thus signing the transaction). Other devices will require you to load the transaction data, verify and sign this message using an SD card or similar. This depends on the device in use. But the process will be not too dissimilar to that outlined above.
Paper Cold Wallets
There is one other type of wallet we have yet to cover and that is paper wallets. These can be generated by the user or you may receive them from bitcoin ATM’s.
They are basically a Private Key and Public Address pair, printed on a piece of paper, sometimes with a QR code. Go to bitaddress.org and have a play with the random address generator there. Figure 4 is the resultant address of one I generated for an example.
Paper wallets are the least recommended of the cold storage options, and while essentially they are considered a cold wallet, you normally are connected to the internet to generate the keys or a wifi network to print them. Both things you should avoid.
To overcome these problems you could go to bitaddress.org, and once it is loaded within your browser, kill your internet. Then only use a cable-connected printer with wifi switched off to be completely sure there wasn’t anyone spying. bitaddress.org is great to play around with to see some of the ways keys and addresses can be generated. Figure 5 is a cool little printable paper wallet generated from this site.
A word of caution though, randomly generated passphrases are almost always better than the most clever “brain wallet” you can come up with. “MyDogsNameIsBanjo” may have already been used or is easily guessed.
Multi-Sig
Many services and devices now support a concept known as Multi-Sig. This Multi-Signature concept means you can have more than one seed-phrase/private-key protecting your funds. For example, you can request that in order to unlock funds you need to sign the message with 2 private keys instead of just one 1. You could have one hardware wallet with one private key hidden at home, and another hardware wallet with another private key at your mum’s house. In order to spend your funds you need to sign the message with both keys. If someone broke into your home, stole your hardware wallet, happened to guess the pin/password protecting it, they still couldn’t get access to your bitcoin without also being in possession of the other wallet.
You can choose any number of combinations, 2 of 3 means you need to be in possession of any 2 of 3 private keys, or 3 of 5 etc etc. These are the sort of solutions being implemented by large firms trying to sort out the digital bearer instrument custody issues that goes along with holding billions of dollars worth of funds.
Imagine a disgruntled CFO of a company holding bitcoin on their balance sheet quitting and fleeing the country with the only key to unlock billions of dollars in wealth. A 2of3 solution would mean he would need access to one of the other keys before he could do anything with the funds.
A 2 of 3 multisig solution is being adopted by more and more plebs as well, trying to eliminate single points of failure. There even exists custody solutions where a trusted 3rd party can hold 1 key for you, should any of the other 2 be compromised this custodian can be relied upon as 1of2 needed to get to your bitcoin if needed. The custodian is not really a threat to your security as the single key they hold is useless without at least 1 of your remaining 2.
Implementing a multi-sig solution for yourself comes with further considerations on how to manage your keys and your backups, but as we saw above, this is becoming more common as the space evolves.
Conclusion
Not your keys, not your coins. It’s a term you will hear often and for good reason. Being your own bank comes with a degree of responsibility and a small amount of forethought and effort. It’s not hard, you just have to take the time to understand what you are doing. All of the wallets available have tradeoffs, it is thus important to know what the risks are when you are taking an easier route. Understand the attack vectors you are exposing yourself to will allow you to be better prepared and arm you with the tools to mitigate against those threats.
Once your position size is larger than an amount you would feel upset about losing, it is time to take action. Hardware wallets are the best way to store the keys to unlock the generational wealth you have started building for you and your family, it deserves to be managed properly. Don’t leave your bitcoin on an exchange.
If you an emotional person prone to reacting to market gyrations and fear, uncertainty and doubt (FUD), holding your bitcoin in cold storage is a great way of forcing a delay between emotional reactions. When bitcoin is held on an exchange it is very easy (too easy) to panic sell. When your bitcoin is on a hardware wallet, it is a more deliberate action to send your bitcoin, wait for the confirmations and sell it. Sometimes this is just the hesitation you need to prevent yourself from making a silly, emotional mistake.
I continue to dollar-cost-average into bitcoin every single day. I still use an exchange, but once every month or so I move those funds into self-custody with my geographically dispersed multi-sig cold storage solution. I generate a new key each time I move those coins, I plug in my hardware wallet and I verify that new address before committing. It takes less than 5mins and I know I control the keys to a digital bearer asset that is completely permission-less and censorship resistant, and it feels fan-fucking-tastic.
This concludes this article on wallets, I hope it helped shed some light on what they are, what they are not and what you should be doing to manage your keys. Get your bitcoin off the exchange and into cold storage, your grandkids will thank you for it.
Happy stacking plebs. Thanks for reading
Daz Bea
