Hot storage is very convenient and accessible, however, it is much less secure than cold storage. Any time a wallet is connected to the internet, it has the potential to be hacked. Cold storage remedies this problem at the expense of convenience.
The device creates your private keys in its secure chip and stores your keys offline away from the internet.
The biggest mistake we see people make is to store money on exchanges. Then the exchange gets hacked or exit scams and people lose their money.
Today were going to make it easy to decide which wallet is best for you. Read on!
This guide is intended to provide a broad overview of the best practices for securing your crypto assets. While most of these steps are not mandatory, following them will greatly increase your financial security and peace of mind in the crypto world.
Hardware wallets are small devices that are plugged into your computer or phone. The hardware wallet generates your private keys securely in an offline environment. The innovation is that many wallets generate private keys on internet connected devices like computers or mobile phones.
If you just need a wallet for some small, infrequent payments then using one of the Android, iPhone or desktop wallets mentioned above would be fine.
By generating your private keys on an offline device, your keys are out of the reach of hackers.
This brings us to the general best practices portion of this guide. Malware is everywhere on the internet and regardless of your attention to detail, sooner or later you are likely to fall victim to some type of malicious software. As such, it is best to have active antivirus subscriptions on your devices and to run periodic scans. I personally like to runMalwarebytesandRoguekilleron my PC once each week and have background scans on my phone that run each automatically. Generally speaking Windows is the least secure OS, primarily due to the fact that it is the oldest and most pervasive OS in use today. Many security conscious techies tend to prefer Linux or iOS for this reason.
Coinomiis another multi-cryptocurrency wallet that is available for iOS and Android.
Any common mistakes to be careful of?
This will open MyEtherWallet in your browser. You will be warned that you cant connect to the network, but that is normal. When using the wallet in this manner, you wont be able to view your Ether or other token balances, but they can still be viewed withEtherscan.
Google Authenticator An app that resides on your mobile device and cycles through one-time use access tokens. If you go this route, be sure to save your backup code that is provided at initial setup. If you dont have this and your phone is lost or broken then you have no way to get these code settings back.
Once it arrives, select the Backup tab. Create a password and continue. Exodus will then reveal your 12 word recovery phrase that you can use to recover your cryptocurrencies. Write this phrase down and store it away safely.
Finally, you can set up a 4-digit security which will allow you to access your wallet regularly.
When in doubt, navigate to the legitimate exchange or web service that the email supposedly originated from and contact their support team to inquire on the validity of what you received before taking further action.
You can find out if any accounts associated with you have ever been compromisedhereas well as usingthis toolto test just how strong variations of your passwords may be (*do not use your real password on here, only similarly structured variations).
Jaxx will then ask if youd like to create a wallet back up now. Select yes, and it will generate a 12 word backup phrase. Like the other backups, be sure to write it down and store it in a safe place.
You can check out ourLedger Nano S reviewfor more info.
Plug the USB stick into a computer with no internet access and extract all the files from the drive to the computer. Within the MyEtherWallet folder, select index.html to open the wallet.
Your wallet will automatically generate addresses for you. Each crypto has slightly different formats for the addresses.
MyEtherWallet generates private keys locally, so they are not stored on MEW servers. This increases security and puts control of the wallet into your hands.
The benefit of using a KeyStore file is that you dont have input your entire private key, just the password that encrypts the file. However, this process is not entirely safe, as you are giving your private key file to a website.
Ethereum addresses start with a0and usually look somethinglike this:
TREZORis very similar to the Nano S, but is sold by Satoshi Labs. TREZOR was actually the first hardware wallet to have a screen, which provides extra security.
Online wallets, or web wallets, are wallets that are accessed through your web browser. These wallets store your private keys in the cloud. Exchange wallets such asCoinbaseare a type of web wallet.
One may want to do this because Electrum has some unique features that TREZORs wallet doesnt have, like spending from specific outputs or freezing certain addresses so they cant be spent from.
Exodus is also integrated with ShapeShift, so you can swap your coins within your wallet.
Clean interface makes it easy for new users to use, with or without a hardware wallet
In order to hold ERC20 tokens on the Ledger Nano S, you have to install a 3rd-party software wallet, such asMyEtherWallet (MEW). After installing MEW, you will be able to store ERC20 tokens on your Ledger Nano S.
How do I get a cryptocurrency address?
This is a bit more complicated, but may be worth it for the extra security. First,download. Click on etherwallet-vX.X.X.X.zip to download, then move the file to a flash drive.
A few of our recommended hardware wallet manufacturers are Ledger, Trezor, and Keepkey. You can find our more detailed wallet reviewshere. As with all hardware/software, please ensure that your device firmware is kept up to date, as patches are pushed out continuously to address security concerns.
Mobile wallets are safer than online wallets, but are still vulnerable to hacks.
Desktop wallets are easy to use and offer a variety of features
While there is no such thing as an unhackable system, there are valuable steps that you can take to drastically reduce your likelihood of compromise.
MyEtherWallet (MEW) is an open source wallet that was launched in 2015. This software wallet is one of the most popular options for users looking to store Ethereum and other ERC20 tokens.
Private keys arent exposed to your computer
This category is how most people have been compromised and lost money in crypto. How? Primarily, by treating an exchange (Coinbase, Binance, Bittrex, Poloniex etc.) as a wallet to store their crypto assets in.
Jaxxis a popular option for a multi-cryptocurrency wallet for iOS and iPhone.
Integration with hardware wallets likeLedger Nano Shas made the combo ofLedger Nano S+ MEW the most popular way to store Ether and ERC20 tokens
Hot storage refers to any type of wallet that is connected to the internet, while cold storage is any type of wallet that does not have internet connection.
You only carry small amounts of discretionary spending funds in these wallets as they are more susceptible to loss or theft. Again, what is more convenient for you is more convenient for a malicious actor as well. Your phone is also susceptible to malware and should not be considered sufficiently safe for storing large amounts of funds.
The desktop version supports the same currencies previously listed, and also has ShapeShift integrated. Jaxx stores your private keys on your computer.
Mobile cryptocurrency wallets are software wallets that are downloaded onto your mobile device in the form of an app. The app stores your cryptocurrency. These wallets are simple and easy to use, and work well for people who pay for transactions using cryptocurrency.
Open the exchange or wallet you are sending the cryptocurrency from and paste the deposit address. After sending the cryptocurrency, you should be able to see it arrive in the Exodus wallet.
Another important reason for installing other software wallets is to hold other non-supported tokens. For example, the default Nano Ledger S software wallet can hold Ethereum, but it cannot hold other ERC20 tokens.
Youll have tofirst buy cryptocurrency on an exchangeand then transfer the coins from the exchange to your wallet. This is the only way to fund your wallet.
Overall, hardware wallets are the safest type of wallet, with many security features built-in as well as support for many different types of cryptocurrencies. If you have significant crypto holdings that you want to store securely, you should strongly consider getting a hardware wallet.
Creating a MEW wallet is a relatively simple process. The first step is to visit the MyEtherWallethomepage. Be sure the website domain is exactly correct to avoid spoofing websites. You should also bookmark the website to prevent this problem in the future.
Disclaimer:Buy Bitcoin Worldwide is not offering, promoting, or encouraging the purchase, sale, or trade of any security or commodity. Buy Bitcoin Worldwide is for educational purposes only. Every visitor to Buy Bitcoin Worldwide should consult a professional financial advisor before engaging in such practices. Buy Bitcoin Worldwide, nor any of its owners, employees or agents, are licensed broker-dealers, investment advisors, or hold any relevant distinction or title with respect to investing. Buy Bitcoin Worldwide does not promote, facilitate or engage in futures, options contracts or any other form of derivatives trading.
Litecoin addresses start with anLand usually look somethinglike this:
The migration of value into the digital realm brings with it new challenges in terms of best security practices. As with any unit of value, there is always someone, somewhere that seeks to extract this value for their own ends, whether it be through coercion, social manipulation or brute force.
Security on the web is akin to game of whack-a-mole and your level of security will likely scale accordingly with the amount of sensitive data (or crypto assets) that you are protecting.
Some wallets have additional features such as QR code scanning or the use of near-field communication technology
The Nano S supports Litecoin, Bitcoin,Ethereum, Zcash, ERC20 tokens, Ripple, Dash and many other altcoins. Ledger is the most universal cryptocurrency hardware walletmeaning it supports the most coinsso if you need to store a lot of coins the Ledger Nano S is a good choice.
A basic example is thatTREZORs own walletsupports Bitcoin, but you can also useElectrumto use your TREZOR with Bitcoin.
Jaxx, the iOS and Android wallet we mentioned above, is also available for desktop. Jaxx is not open source, but the code is viewable on their website.
Regular back-ups are required to prevent the above from occurring
We typically recommend setting up two-factor authentication (2FA) for any and every account that offers it, even if the service is not crypto related. All 2FA does is require a second means of confirmation that you are who you say you are when logging into accounts. Most typically this is in the form of something you know (password) and something you own (SMS code sent to phone).
Bitcoin addresses start with a1or3and look somethinglike this:
You can then select which cryptocurrency wallet(s) you would like to create. You must select at least one, but you can add or remove more at any time later on. You will then be asked to select the a fiat currency. The value of your coins will be listed in this currency.
Select the Download KeyStore File (UTC/JSON) button, then click I understand. Continue.
Note that to use a cryptocurrency hardware wallet you need a software wallet to interact with the device.
Youll then be required to type your backup phrase into the Jaxx wallet to ensure you did not just skip through that step.
This section will aim to answer some of the most common questions related to cryptocurrency wallets.
Note: MyEtherWallet was recently the target of an elaboratehack.
Buy Bitcoin Worldwide receives compensation with respect to its referrals for out-bound crypto exchanges and crypto wallet websites.
If you are investing in cryptocurrency and need secure storage for your funds, then a hardware wallet like Ledger or TREZOR will better fit your needs.
We highly advise against web wallets, as they are by far the least secure type of wallet. Do not store a large amount of currency in web wallets, and do not use them for long term storage.
Mobile app wallets such as Mycelium, Breadwallet, Samourai, Cryptonator, etc. should be treated similarly to how you may treat your physical wallet/purse.
Using a desktop wallet allows for greater security than a web wallet, and a number of different features. If you plan to store large amounts of currency on a desktop wallet, you should certainly place it in cold storage.
TREZOR supportsLitecoin, Bitcoin, Ethereum, Zcash, Dogecoin, Dash, ERC20 tokens and many other altcoins. The device creates store your cryptocurrency in its secure chip away from the internet.
Some software wallets can be hot or cold storage. If you download a desktop wallet on an internet-connected computer, it is hot storage. If you download the same wallet onto a device then disconnect from the internet, it becomes cold storage. Hardware wallets are always cold storage, with the convenience of a hot wallet.
But, dont worry: weve gone through all of the wallets and listed the best choices.
Each type of software wallet has varying levels of security and accessibility, however, generally hardware wallets tend to be the safer but pricier option.
You must have the hardware to confirm a transaction, preventing remote hacking
Run the file that downloads and install the wallet. In order to fully set up your Exodus wallet, you have to deposit some cryptocurrency.
Coinomi also offers One-Time Backup. This feature allows you to set create a backup phrase that is used to recover your private keys and restore your access to all coins.
FIDO U2F This is a physical device that plugs into a USB port and requires a physical button touch to generate a unique 2FA access code. It is preferable because a hacker would need to have the device in their physical possession in order to access your account. Most hacks occur remotely which makes this our top 2FA choice (albeitnot a panacea).
You can create an account on a cryptocurrency exchange, but this is not a default cryptocurrency account in the same way that you have a bank account.
The KeyStore file will be downloaded, and you will be able to view your private key on the next screen. You should save the KeyStore file to an offline hard drive, or a flash drive that you do not use online.
Next, create a backup link by entering your email address. You can follow this email link then enter your password to regain access to your Exodus wallet.
If your computer is infected with viruses or malware, your wallet could be hacked
How do I open a cryptocurrency account?
Select the KeyStore file that you previously saved, then enter the password you used to create your wallet initially.
Due to the variety in software wallets, we will cover each type individually in more detail below.
You hold your own private keys, as opposed to a 3rd-party, which reduces your chances of being hacked
Great for people who buy items often with cryptocurrencies
Almost every online service/exchange requires some type of email account association during the activation process. If you are like most people, you will probably use your default email that youve had for years, and perhaps add a bit more complex password for the account itself for good measure.
Most hardware wallets are encrypted with a PIN or other security feature
DO NOT STORE YOUR MONEY ON AN EXCHANGE!
If someone steals your phone, they could access your wallet
It is best to NEVER open suspicious attachments or provide credentials through email and to always closely inspect the logo, wording and send address of any emails received that pertain to financial accounts or that request sensitive information.
TheNano Shas a screen so it helps you verify and confirm all outgoing transactions, which provides additional security.
If your computer has internet access, your wallet is at higher risk
Coinomi supports currencies such as:
Software wallets encompass a variety of different wallets, but in general they are wallets that are downloaded or accessed digitally. These wallets include online/web wallets, desktop wallets, and mobile wallets.
Paper wallets are a cheap way to create secure storage for crypto. The main issue is its very confusing and hard to do right. This is why we dont cover it in this post. If you want to use a paper wallet, please do your own digging on Google.
If you lose your hardware wallet, you can still recover your coins
The wallet is integrated withShapeShift, so you can actually exchange coins from within the wallet.
After clicking Save your Address, you will be prompted to unlock your wallet to see your public wallet address. In the selection screen, choose KeyStore / JSON File.
Web wallets allow you to quickly access your coins from any internet connected device. However, because a company holds your private keys, you have no control over your wallet. These companies could take use your private keys to steal your currency, or their servers could be hacked.
Some wallets allow you to buy bitcoins from within the wallet, but there is yet to be a wallet that allows you to buy a coin other than Bitcoin.
Select the Wallet tab on the left side of the screen. Select the cryptocurrency you wish to deposit, then click Receive. Your deposit address will be displayed and you can select the copy button.
Buy Bitcoin Worldwide does not offer legal advice. Any such advice should be sought independently of visiting Buy Bitcoin Worldwide. Only a legal professional can offer legal advice and Buy Bitcoin Worldwide offers no such advice with respect to the contents of its website.
In most cases however, all a hacker needs is access to your emails in order to reset account passwords that may be tied to it. Its as simple as navigating to the website/exchange and clicking the forgot password link to begin the process. So, if you are like most people and have an email address that has been active for years, with a weak login password, your chances of being hacked are much higher.
Once the wallet is downloaded and installed, the first screen you will see is the release notes. Select continue then agree to the terms of service. In the next screen, select Create New Wallet, then continue. Then, select the custom option, as this allows you to set up security features and other preferences.
Wallabit Media LLC and/or its owner/writers own Bitcoin.
Coinomi is also integrated with ShapeShift andChangelly, another cryptocurrency exchange website.
All of the hardware wallets have default software wallets made by the company. However, you can also install separate software wallet to use the hardware wallet with an altcoin.
Exodus is not entirely open source, however, so it is not as trustworthy as a fully open source wallet.
SMS Codes send to your cell phone through text message. Better than no 2FA at all, but susceptible to social engineering SIM attacks. Interestingly, SMS 2FA security holes did not come to light until the popularity of Bitcoin began to grow.
Starting from the ground up,password complexity and re-use are two major pain pointsthat many average users do not consider adequately. As you can see bythis list, average password complexity still leaves a lot to be desired. The less complex your password is, the more susceptible to hack your account is. If you use the same passwords, or even slight variations of the same passwords across multiple accounts, your chances of compromise are greatly increased.
Mt. Gox, Bitfinex, BitGrail and Coincheck are just four out of a handful of crypto exchanges that have been hacked in the past 5 years, with the cumulative amount stolen exceeding $1 billion USD. While some users of these exchanges have been ameliorated to an extent, many are still suffering from the partial or even total loss of crypto funds that they held on these exchanges at the time of the hacks.
Jaxx supports a number of cryptocurrencies, including:
Authy Similar to Google Authenticator but potentially less secure as you can re-access the codes from an alternate mobile device if your main one is lost or broken (this feature can be disabled but is active by default). While this may seem more ideal, what is more convenient for you is also more convenient for those who may be trying to hack you.
There is no such thing as a cryptocurrency account.
Notably, MyEtherWallet cannot store Bitcoin, Bitcoin Cash, or other related currencies. It is solely for Ethereum based coins.
MyEtherWallet – Online Ether and ERC20 Wallet
If you dont hold the private keys, you dont own your money!
We can both agree that finding the right cryptocurrency wallet can be confusing.
Your keys are held offline, so if your computer breaks, you could lose your funds
So what can you do? Fortunately the fix for this is relatively easy. Use randomly generated 14 character+ passwords and never re-use the same password. If this seems daunting to you, consider leveraging a password manager such asLastPassorDashlanethat will assist in password generation and storage.
You can create a cold storage wallet by disconnecting your computer from the internet
A safer alternative is running MyEtherWallet offline.
The desktop version supports the same currencies previously listed, and also has ShapeShift integrated. Jaxx stores your private keys on your computer.
TheLedger Nano Sis probably the most popular cryptocurrency hardware wallet at the time of writing. It costs about $95 and is sold by Ledger, a Bitcoin security company based in France.
Desktop wallets are software wallets that are downloaded and installed onto your computer. These wallets store your private keys on your hard drive. This makes them safer than web wallets. However, if your computer is connected to the internet, your wallet is still vulnerable to attacks.
Hardware wallets cannot receive computer viruses or malware
This section will give you some tips on how to secure your cryptocurrency in many ways, whether your on an exchange or wallet.
Your wallet could be hacked, especially if your phone is consistently connected to the internet
With these fail-safes in place, your wallet is all set up.
To set up a Jaxx wallet for desktop, first go to theirwebsite, then select the downloads tab. Select the desktop version.
Jaxx, the iOS and Android wallet we mentioned above, is also available for desktop. Jaxx is not open source, but the code is viewable on their website.
In order to set up an Exodus wallet, first visit the Exoduswebsite. Select the Download button, then choose your operating system.
If you have crypto then you are an ideal target for phishing scams. Facebook and Twitter are just two of many avenues that hackers scour for potential victims. It has become common to see fake crypto exchange emails or ICO fundraising confirmations circulating such as the example below.
The next section will go over some popular cryptocurrency wallets.
Exodusis another popular multi-cryptocurrency wallet or universal cryptocurrency wallet, meaning it supports many coins. Like other desktop wallets, your private keys are stored on your computer.
TREZOR will cost you $99 and ships from Europe.
Exodus supports the following cryptocurrencies:
While SMS is still the most common form of 2FA offered by online services, it is unfortunately theleast secure. The following general use 2FA methods are ranked from most secure to least:
You can have a wallet, which stores your coins.
For the above reasons, do yourself a favor and create a new/dedicated email address for use with your crypto accounts. Services likeProtonMailandTutanotaare free and offer end to end encryption without sacrificing usability (mobile app availability etc.). If you decide to stick with Gmail, consider activating theAdvanced Protection Programthat Google offers.
The cryptocurrency wallet that is best for you will depend on what youre using cryptocurrency for.
Phishing email impersonating . Note send address & logo irregularity.
Before continuing, it is important to note the difference between hot and cold storage.
Coinbase is an exchange and should not be used as a wallet. Coinbase is definitely a trusted place to buy bitcoins, but once you do so move your Bitcoin, Litecoin or Ether off the site into one of the wallets discussed in this post.
Several hundred ERC20 tokensexist, so downloading a software wallet can massively increase your hardware wallets functionality.
On the home page, enter a password, then select the Create New Wallet button. MyEtherWallet will then generate a KeyStore file in UTC/JSON format. This is your password protected private key.
Our advice is to hold crypto on hardware or paper wallets that you alone control. If you wish to trade on exchanges, only do so with funds that you are potentially willing to forfeit entirely should either the exchange or your individual account become compromised.