Given the rise of cryptocurrency hedge funds and other investment products, Bitcoin and cryptocurrency fund managers are having to make decisions regarding optimal storage methods to suit their particular needs when holding and trading cryptocurrencies and other blockchain assets. Unlike securities or futures held in custody of a registered and established broker-dealer or futures commission merchant (FCM), cryptocurrency transactions are often executed through an exchange, but held elsewhere. In this post, we will discuss advantages and disadvantages of mainstream storage methods currently available to fund managers.
First, it is worth addressing public key encryption. Public key encryption is the type of encryption most mainstream cryptocurrencies utilize as a security mechanism. In public key cryptography, an individual has a public key and a private key. A public key is widely accessible to the general community, and it allows an individual to receive cryptocurrency sent to the public key’s corresponding address. A private key, however, should only be accessed by an account holder. The private key is the only key capable of decrypting information or assets sent to an account holder’s public key. Anyone who controls a private key controls the assets contained in a cryptocurrency storage wallet. In its simplest terms, a public key allows a fund to receive cryptocurrency, and a private key allows a fund to access its account to withdraw or send cryptocurrency.
Generally speaking, hot storage is connected to the internet. On the spectrum of convenience and safety, hot storage will generally be more convenient at the expense of safety. Given security concerns, capital and cryptocurrencies normally move in and out of hot storage wallets as opposed to being stored for any significant amount of time.
Storing cryptocurrencies on an exchange is likely the most convenient method of storage. As opposed to dealing with and tracking public and private keys,. storing cryptocurrencies on an exchange allows one to simply login with a username and password to trade and access funds, much like a traditional broker-dealer or FCM. The downside of storing cryptocurrencies on an exchange is that you do not have full control over your coins (i.e., you may not have access to your private key). As with all online storage, exchanges are vulnerable to hacks (e.g., the Mt. Gox $450 million hack). Also, the lack of access to a private key could potentially result in the loss of an entire portfolio if the exchange experienced data failure or a sudden shutdown.
Similar to exchange storage, online wallets are convenient. Online wallets also typically partner with exchanges to allow account holders to trade various cryptocurrencies. Unlike most online exchanges, online wallets typically give account holders full control over public and private keys. Like exchange storage, however, online wallets are vulnerable to hacks due to internet connectivity.
Desktop wallets are generally considered the safest method of hot storage. A desktop wallet is typically downloaded online and utilized to store cryptocurrency locally. In a typical desktop wallet, an individual’s private key will solely be stored locally on the user’s hard drive; however, desktops wallets must connect to the internet to allow the trading of cryptocurrencies. This can expose the desktop wallet to malicious software and hacking efforts. Additionally, if the local machine were to experience hardware failure, a fund could potentially lose all of its coins or incur substantial data recovery expenses.
Cold storage concerns the process of keeping cryptocurrencies stored completely offline. While cold storage is by far a safer method of storage, it is substantially less convenient than hot storage and it still has pitfalls in security.
One of the more secure ways to store any cryptocurrency is through the use of a paper wallet. To generate a paper wallet, a fund can generate a public and private key completely offline on a printable piece of paper. The benefit of this storage is that there is no potential for the key to be hacked due to the lack of connection to the web and storage is as simple as securing a piece of paper. The downside, however, is that all of your funds are solely held on a sheet of paper (or another physical instrument) that can be destroyed, stolen, or simply lost. Additionally, paper wallets are far less convenient storage methods compared to hot storage, and a fund would likely not keep short-term trading assets held on paper wallets.
A hardware wallet is a purposefully designed cryptocurrency wallet. Unlike a wallet placed on a USB drive or other bootable drives, hardware wallets are dedicated, self-contained pieces of hardware that generate their own public and private keys without the use of any outside software. The private keys are typically stored and encrypted in a protected area of the hardware wallet’s microcontroller and non-transferrable out of the hardware wallet. Hardware wallets are also generally immune to computer viruses and malicious malware and can be secured through additional password protection. While hardware wallets are among the safest storage options available, they can still be stolen (even if the funds cannot be accessed), destroyed, or otherwise damaged, resulting in a loss of the contents of the wallet.
Vault storage is a long-term storage method that contains elements of hot and cold storage. Some exchanges (such as Coinbase and Xapo) provide vault storage services as an additional security service. In vault storage, exchanges create a private key completely offline for an account-holder’s vault. Fund managers can then purchase cryptocurrency on an exchange and send the cryptocurrency to the vault’s public address. Vaults readily accept incoming transactions, but require advanced identity confirmation for all outgoing transactions. Coinbase and Xapo both provide a 48-hour delay on withdrawal transactions, can require multiple approvers for any given transaction and require multiple forms of proof of identity. While vault storage suffers from the same control issues as exchange storage, vault storage can eliminate some of the risks associated with destruction or damage to paper and hardware wallets. Additionally, some vault storage facilities insure vault-stored assets from theft and/or destruction
Given the digital nature of cryptocurrencies and other blockchain assets, all storage methods will possess vulnerabilities. Funds can, however, mitigate the risks associated with the above-listed storage methods in the following ways:
- Two-factor authentication (i.e. requiring a password and QR Code) for all transactions on hot storage mediums;
- Multisignature Wallets (requiring the entry of multiple private keys for substantial transactions in hot wallets);
- Setting concentration limits (i.e. no more than 5% of a particular cryptocurrency on a particular wallet) and dividing assets among multiple wallets;
- Depositing cold storage wallets in safety deposit boxes or physical vaults;
- Regularly replacing and properly destroying old electronic hardware;
- Having multiple backups and seeds to recover hardware and paper wallets; and
- Diversifying methods of hot and cold storage methods.
Based on the needs of a particular fund, the optimal storage approach is likely a combination of multiple methods of hot and cold storage, accompanied by a systematic application of some or all of the above-listed risk mitigation procedures.
Please feel free to reach out to us if you have any questions about cryptocurrency storage methods, or if you are thinking of starting a cryptocurrency fund.