It happened again. Last week, hackers stole 4,700 Bitcoins (over $80 million at today’s price) from mining marketplace NiceHash.
(The company pairs up people with spare computing power with others who are willing to pay to use that capacity to mine Bitcoin– and then announced they would reimburse users who lost money from the hack.)
On top of that, last month hackers stole $31 million of another cryptocurrency called Tether.
But those are only two recent attacks.
Remember Mt. Gox?
The Bitcoin exchange was founded 2010. By 2013, it was handling around 80% of all Bitcoin transactions.
Then the company halted all trading after “technical issues” caused 850,000 Bitcoins to go missing.
Those missing coins are worth over $15 billion at today’s price.
All of the crypto theft making people question the security of Bitcoin and other digital currencies.
But it’s important to remember, in these cases, “Bitcoin” didn’t get hacked… it was the exchanges or marketplaces that got hacked.
This happens almost every day; people unwittingly get their phones and emails hacked and end up losing their cryptocurrency in the process.
It reminds me of the early days of the Internet, back when WiFi was still a new thing and banks were just starting to provide online account access.
Back then, hacks were commonplace. Users didn’t know enough about wireless network security, and banks didn’t have SSL enabled… so hackers could easily ‘sniff’ data packets and steal bank login details.
Fast forward 10-15 years and all of that’s changed.
Most people at this point (hopefully) know how to secure their WiFi networks with WPA2 security or better, and banks employ much better security and encryption standards.
But with cryptocurrencies it’s still very Wild West out there, vastly increasing the chances of hacks, cracks, and theft.
You’d be amazed, for example, how many people use a ridiculously unsecure password like “123456” for a website login that stores their Bitcoin secret key.
And even if hackers don’t steal your crypto, there’s still a chance you’ll lose it.
A friend of mine bought some Bitcoin in 2010 and stored it on a laptop. Then he threw the laptop away… along with all the Bitcoin. And there’s no way to get it back.
Like just about anything, all it takes is a little bit of education to prevent a major disaster from occurring.
One approach I encourage you to learn about for storing crypto is called “cold storage.”
Before I define cold storage, a bit of background if you’re unfamiliar with how the public key/private key system works.
A public key is a code available to anyone who trades cryptocurrency with you. A private key is a secret, alphanumeric number never to share with anyone.
Imagine a cryptocurrency public key is your home address. That address is in just about every public database imaginable, from the county clerk’s property registry to the local phone book.
And if you want someone to send you mail, you give them your address. Easy.
But the simple fact that someone has your home address doesn’t give them access to the inside of your house, and the contents within it.
No, for that, they’ll need your house key. And that’s essentially what your crypto private key is: something that allows only you to access the property.
So: public key = home mailing address, private key = house key.
Clearly it makes sense to safeguard your house key. You wouldn’t make copies and distribute them in public to everyone who walks by.
Similarly it makes sense to safeguard your private key (sometimes called secret key).
When you store your cryptocurrency with an exchange, or even in a web or mobile wallet, it means that some other service or application has control of your private key.
If they get hacked, you’ll lose everything. If they go rogue, you’ll lose everything.
I’m always amazed that so many people store crypto in this way.
Part of the benefit of holding crypto is that you can essentially be your own banker, i.e. there is no middle man between you and your savings.
Bottom line, you don’t need some website storing your key online for you. With a bit of education, it’s possible to create your own wallet and store the private key -offline-.
This is what’s known as cold storage.
Bear in mind that a private key is nothing more than a string of digits, something like
If you really wanted you could simply write this down on a piece of paper, or even memorize it if you’re so inclined (though those methods are prone to errors).
But one safer option is to go to a site like bitaddress.org, which is a client-side application to create a public/private key pair.
This is important, because once you load the page you can actually disconnect your computer from the Internet entirely, ensuring that no one is spying or sniffing on your activity.
(There are other steps you can take to be even more secure, like setting up a stand-alone virtual machine solely for creating a wallet– but we’ll save those for another time.)
The page will go through a process to generate a key, and when prompted, you can choose the “paper wallet” option.
At that point you can simply print your paper wallet, put it in your home safe (or wherever you store your other valuables), and never give it to anyone.
Once you’ve secured your paper wallet in your safe, the bulk of your crypto wealth is offline and safe from computer glitches or hacks.
And the next time some poor soul loses his hard drive… or another major Bitcoin exchange gets hacked… you can rest assured that your crypto wealth is safe.