Not Your Keys, Not Your Bitcoin.
This article by Brandon Quittem was published on swanbitcoin.com website.
Alright so you’ve acquired some Bitcoin, now what’s the best way to store it? Here we’ll take you through the process of finding the right Bitcoin wallet for you.
Although it seems like a straightforward question, there is a surprising amount of nuance to consider. How much Bitcoin do you have? How often do you plan to spend it? Are you confident your keys are more secure with you than with a regulated custodian’s cold storage? Answering these questions will help determine the right solution for you.
Bitcoin is a bearer asset, meaning you can hold the keys to your bitcoin yourself. When you hold your own Bitcoin keys you are in direct control of your money. It is not entrusted to any third party, like a bank. You should hold your own keys once you determine that the risk of holding your keys personally is lower than the risk of a custodian losing them. Making that decision relies mostly on your understanding of how and why to hold your own Bitcoin keys. In this article, we’ll help you understand both.
In this article we’re going to explore:
- “Not your keys, not your Bitcoin”
- Security vs convenience
- Overview of Bitcoin wallet types
- Multi signature setups
- Our recommendation for selecting the best wallet for YOU
Bitcoin is Bearer Asset #
In cryptography, a public key is used to encrypt messages and a private key is used to decrypt them. If someone wanted to send you an encrypted message, they would encrypt it with your public key. Your private key is the only way to decrypt that message, so as long as you are the only person who holds the private key, you are the only person who can read the message.
Bitcoin uses public/private key cryptography to secure transactions. A private key is created when you make a Bitcoin wallet. The wallet creates public keys that are hashed and used as addresses for receiving Bitcoin. The private key is required to prove the ownership of the Bitcoin stored at that address so it can be spent.
If you personally don’t control the private keys associated with your Bitcoin, then you don’t actually hold your own Bitcoin. In other words, if an exchange or a bank is holding your Bitcoin on your behalf you are not in direct control of your Bitcoin. You are outsourcing the security of your Bitcoin to another party.
To take full advantage of the unique properties of Bitcoin as a money you need to hold your own private keys. As Bitcoiners often say “not your keys, not your Bitcoin.” It is empowering to be able to hold your Bitcoin in your custody so that it cannot be seized or confiscated by banks or the hackers that target them. But choosing to hold your own keys does come with the responsibility for the security of your Bitcoin.
Our goal is to help you become comfortable with the prospect of holding your own keys. Until then the Bitcoin in your Swan account is held by our banking partner, Prime Trust, under state of the art security practices.
Now, we’ll take a look at what options you have for taking control of your own Bitcoin keys.
Bitcoin Custody Tradeoff: Security vs Convenience #
The main tradeoff to consider when storing your Bitcoin is between security and convenience. Obviously both security and convenience are desirable traits when storing your Bitcoin, however they are directly opposed to each other.
Where do you sit on the security vs. convenience spectrum?
Ask yourself these questions to gain a better feel for what storage method makes the most sense for you:
- Total value — are you storing on the order of 0.1%, 1% or 10+% of your net worth in Bitcoin? The answer would necessitate very different methods of storing your Bitcoin. Obviously you would be willing to suffer more inconvenience if it meant protecting 50% of your net worth.
- Timeframe/Accessibility - When and how often do you need to spend your Bitcoin? Is this more of a checking account, medium term savings account, or is your Bitcoin more similar to a long term retirement account?
Word to the wise: don’t make your custody setup so complicated that even you forget how to access the funds. Bitcoiners tell cautionary tales of people losing Bitcoin due to overcomplicated custody setups resulting in the owner forgetting how to access their coins.
Wallet Overview: Exploring Paper, Hardware, Mobile, Desktop, and Multisig Bitcoin Wallets #
Now that you’ve decided to acquire some Bitcoin (smart move) it’s time to decide where to store your Bitcoin. This can feel overwhelming when you’re getting started. In this section we’ll give you a quick overview of your options. Like most things in life, it’s all about tradeoffs.
Paper Bitcoin Wallets #
What: Users print private keys and Bitcoin addresses onto a piece of paper.
Pros: Private keys never stored on the internet. Suitable for long term storage.
Cons: Hard to backup, if you lose the paper you lost your Bitcoin. Users should laminate and store in a fire resistant place. Need to import into a software or hardware wallet to easily spend the coins.
Hardware Bitcoin Wallets #
What: Users store private keys on a purpose-built piece of hardware.
Pros: Private keys never touch the internet which reduces the risk of losing them. Suitable for long-term storage. If you lose your hardware wallet, you can use the backup seed phrase to restore your wallet.
Cons: Users must secure a seed phrase backup, which requires a thoughtful strategy on how to protect it. It’s recommended to write down your seed phrase on metal and store backups in multiple locations. If your hardware wallet is stolen, your funds are at risk of being hacked. Note: protecting seed phrase backups is a standard practice for wallets where the user controls the private keys.
Mobile Bitcoin Wallets #
What: Users store private keys on a mobile device.
Pros: Simple to use, good for beginners, works for small amounts, convenient for spending even though most people rarely spend their Bitcoin right now (too much upside to holding for the long term.)
Cons: Least secure option as private keys are on a device connected to the internet. If an attacker gains physical access to your phone, funds can be sent to their own wallets. Not good for long term storage.
Desktop Bitcoin Wallets #
What: Users store private keys on their desktop computer
Pros: Good UX, Convenient for spending even though most people rarely spend their Bitcoin right now (too much upside)
Cons: Not very secure as computers are connected to the internet and vulnerable to attacks. Not good for long-term storage.
Multisignature Bitcoin Wallets #
What: User stores private keys in a special wallet that requires multiple private keys to sign before your funds can be moved. For example, in a “2‑of‑3” multisig wallet a user needs any two out of three private keys to send funds.
Pros: One of the most secure ways to store your Bitcoin, reduces the effectiveness of physical attacks, suitable for long-term storage.
Cons: Hard to set up on your own, but several services exist to make it easier. Not convenient for spending, but that’s kind of the point.
Hot vs Cold Bitcoin Wallets: What’s the difference? #
Hot wallets are connected to the internet. This means your keys are easier to access than they are on a hardware wallet, however this also means your funds are more vulnerable to hackers. Hot wallets are only recommended for small amounts.
Cold wallets are NOT connected to the internet. This means your funds are harder to access. Cold wallets are less convenient for users but much harder for hackers to gain access to your funds. Cold wallets should be considered the only option for long term storage.
Bitcoin Wallet Backup Seeds #
Most wallets require users to write down a “backup seed phrase.” This is a safety precaution in case you lose access to your private keys / wallet. This also means users must be very careful with their backups as they contain all the necessary information to access your funds. Treat your backups as securely as you would a pile of gold.
Seedless Bitcoin Wallets #
Another way to store your Bitcoin is with a seedless wallet. These are designed for multi-signature accounts where users don’t create backup seeds and instead rely on a service for backups. Casa is leading the charge with seedless wallets with their Keymaster multisignature product.
Bitcoin Multisignature: How it Works #
Instead of requiring a single private key signature to move your funds, multisig wallets require multiple signatures to move your funds. There are many ways to architect a multisig wallet, but let’s use a 2‑of‑3 for our example.
As a user, this means you have 3 total private keys corresponding to a single Bitcoin wallet. In order to move your funds, you need at least 2 of your private keys to sign a transaction. Most users will physically separate the locations of each key to further minimize risks. Just don’t get too creative or you might fool yourself and lose your funds (it’s happened many times).
As mentioned above, here are a few examples of Multisignature wallets
- Blocksteam Green Wallet (2‑of‑2)
- Casa’s Keymaster (2‑of‑3 and 3‑of‑5)
- Unchained Capital’s Vault (2‑of‑3)
- Specter (Can design own setup)
Benefits of Multisig #
Multisig offers some room for error. If you have only a single private key and lose it, your funds are lost forever. However if you have a 2‑of‑3 setup, you can afford to lose one private key and still access your funds.
Multisig also mitigates physical attacks. Let’s say you were physically threatened and asked to give up your precious Bitcoin. If you had a normal wallet (not multisig) then you could easily transfer your Bitcoin to the attacker. However, if you had a multisig setup, with one of your keys at your house and the other keys in a separate location (ex: your office and a safety deposit box). This geographic separation of keys greatly reduces the incentive for a physical attacker to target your Bitcoin.
Why does my Bitcoin wallet keep changing my address? #
Each set of private keys is capable of generating billions of public keys. These public keys are then transformed (through a mathematical process called hashing) to produce public addresses.
Every single one of those addresses can receive Bitcoin. So each set of private keys you own is capable of producing its own unique, massive set of public addresses that you, and you alone, own. Anyone can send Bitcoin to those public addresses, but only the holder of the private keys can spend Bitcoin from those addresses.
Many people like to analogize private keys, public addresses, and Bitcoin wallets to email addresses. The private keys are your password, the public address is your email address, and the wallet is the email client you use (Gmail, Protonmail, yahoo etc…). Although useful, this analogy is slightly misleading because with Bitcoin each password (private key) that you own gives you access to billions of potential email addresses (public addresses) to send Bitcoin from and receive Bitcoin to.
Don’t be concerned if your wallet consistently generates new Bitcoin addresses. That’s actually one of its features! Wallets generating and using new public addresses helps protect your privacy from people snooping on the public Bitcoin blockchain. Just remember that so long as you still hold the private keys to your wallet, you alone still own the present and future Bitcoin sent to any public address that your wallet generated. Just make sure to keep your Bitcoin private keys safe, secure, and private.
Our Recommendation: Let Percentage of Net Worth Guide your Bitcoin Wallet Choice #
The easiest way to approach Bitcoin custody is to focus on “how much money is at stake.” In other words, what percentage of your net worth is being secured? Here’s our breakdown, but of course each person’s situation is unique. Use this as a guideline rather than absolute truth.
Small amounts (~0.1% net worth) — Use a Mobile Bitcoin Wallet
- Muun — It’s probably the easiest bitcoin wallet for iPhone and Android. It seemlessly integrates Bitcoin and Lightning.
- Samourai — Best privacy-focused wallet (only for Android)
Medium Amounts (~1% net worth) — Use a Hardware Bitcoin Wallet
- Trezor (Beginners)
- Coldcard (Advanced users)
Large amounts (more than 10%+ net worth) — Use a Multisig Bitcoin Wallet
- Casa Keymaster Multisig — easy to use interface, can choose from 2‑of‑3 and 3‑of‑5 setups. They have a self recovery tool, however I have not personally used this and would like to do more research before a wholesale recommendation.
- Unchained Capital’s Multisig — easy to use interface, 2‑of‑3 setup, can access financial services based on your BTC in deposit.
- Self Hosted Multisig using Specter — This requires more technical proficiency compared to Unchained and Casa however you don’t sacrifice any privacy.
Protip: Some users choose to diversify their long-term storage. They may store funds in multiple wallets. For example, store a third of their Bitcoin with a Specter multisig, another third with Unchained Capital Vault, and a third on a Coldcard.
Let’s Wrap Up #
That’s our summary of the Bitcoin self-custody landscape. If you’re still pretty intimidated, no worries. We recommend taking control of your own Bitcoin keys only once you are comfortable with the logistics. But we do encourage you to continue to consider the unique opportunity Bitcoin provides: the ability to be in absolute control of your own wealth.