Blockchains may be an immutable distributed ledger requiring no third party for security, but this does not protect your money on an exchange. Exchanges are the hottest of “hot wallets”- wallets that are connected to the internet. An exchange should be viewed as a giant honey pot for hackers looking to make millions. While the Mt Gox disaster in 2013 may be the most noted hack, in which $460M in bitcoin was stolen, it was not the last, or the worse. One may argue that this was the “early days” of crypto and that the security has now improved in the exchange infrastructure. The evidence does not support this viewpoint. In August of 2016, Bitfinex was hacked for $72 million dollars. So far, 2018 has been even worse and the increased value of crypto relative to 2013 attracts more attacks. CipherTrace estimated over $730M was stolen from exchanges in 2018, including a $40 million hack of Coinrail and the largest hack of all time, Coincheck, which was taken for $500 million.
The irony with these hacks is that crypto currencies where designed to not require the central points of authority that the exchanges have become. Vitalik Buterin did not mince words on the subject in a recent interview when he said “I definitely hope centralized exchanges go burn in hell as much as possible”. I appreciate the fact that he wanted more than the average hell burn and threw in “as much as possible”.
If an investor is spending their hard earned money and taking the time to learn this industry by reading white papers, studying technical analysis, and keep up with the fast-moving news in this space, he/she should take the time to learn how to protect their investment with a hardware, cold-storage solution. Cold storage means that the private keys are not online. Using a cold storage hardware device can be a little intimidating at first, but so was the first time you got on a bike. And it’s definitely not as strange as taking a picture of yourself holding your ID and a hand-written note to an exchange. That was awkward.
Ledger’s Nano S and Satoshi Lab’s Trezor are the two most popular cold storage hardware wallets on the market. Removing your privates key from the internet is the more secure than the software hot wallets or exchanges. Even if your computer that you connect to these devices is hacked your crypto assets private key are secure.
People have concerns about damaged or lost hardware (or handwritten paper) wallets. Both Ledger and Trezor have similar designs to address this issue by providing a list of secret words directly from the hardware device on initial setup. Essentially, this is your private key in the human reading-friendly form of randomly selected words. So even if you lose or destroy the device, you still have your private key and therefore access to your crypto wallets.
In both, it’s important to remember that the secret words should be treated as the private key. Crypto assets are a bearer instrument and if someone has your private key, they can take transfer your funds and there isn’t anything you can do. Additionally, if you lose your device and the secret words, you will lose your crypto assets forever. This sounds daunting, but will a little bit of thought, you can make a backup list and store it in case the primary list is lost or destroyed.
When using either the Nano S or Trezor wallet, you will not need the secret words for most of your interactions and will instead use a pin number generated by the hardware wallet. Similar to the secret words, since this pin is from the hardware wallet even if your computer is hacked the pin number is safe.
Trezor currently offers 500+ crypto asset wallets. Notably XRP, Monero, and Stellar are not currently available. Trezor functionality is also growing in its ability to use your public key, to allow you to receive funds even if your Trezor hardware is disconnected from your internet connected computer. In Bitcoin, the public key goes through a double hash and Base 58 Check to produce a bitcoin address where coins can be deposited. The Trezor hardware does not need to be connected for someone to receive crypto. Currently, Bitcoin, Litecoin, Dash, ZCash, Dogecoin, Vertcoin, Bitcoin Cash and Bitcoin Gold can all be received directly to your Trezor wallet.
The Ledger Nano S can only manage 30 crypto assets, but that list includes the XRP and Stellar. Monero is also reported to be compatible in the near future, as confirmed by Monero developer Riccardo Spagni in a recent interview for the Doug Polk podcast. Similar to the Trezor, Ledger Nano S uses a series of secret words as a backup to access the private key, and then the user interacts with the wallet through a secure pin number.
Both are solid options, and this comes down to a user’s preference and needs. I had a little trouble setting up and navigating the layers on the Ledger Nano S two-button scheme. Ledger also uses a “Ledger Manager” application and individual wallets that are separate applications. Trezor requires the user to download a bridge, and then the user interacts with their wallet through a very intuitive browser at wallet.trezor.io which has all of the wallets organized in an easy to navigate manner. I feel the Trezor is more intuitive with a better user experience, but the lack of integration with XRP and Stellar is a strike against it.
Whatever choice you make, you’re making a step in the right direction to protect your investment.