🎁 Give the gift of Crypto
Home / Guides / Bitcoin / Why it is important to secure private keys

Why it is important to secure private keys

Auston Bunsen - Posted: July 16, 2018

What are private keys

Private keys are the most important asset you have. They are used for a few important things:

1. To generate your public address - this is where you can receive funds from other people or businesses. This is tied directly to your private key.
2. To "sign" or verify a transaction - this is how the Bitcoin network knows that you are the rightful owner of the money being spent.

Private keys for Bitcoin come in one of two flavors. Either as what is called a "hash":


or what is called a "recovery phrase" (which is used to create the hash above):

"time patch raccoon absent love kite subject ticket return adult impact coyote"

You can think of your private key kind of like a credit card number. Your credit card number is the only way you can spend your money. Of course, if a thief or fraudster knows your credit card number they can also spend your money - that's why you don't post your credit card number on Facebook. However, it is important to understand there is a very big difference between a credit card number and a private key. If someone steals your credit card number, you can call the bank and tell them someone is using your credit card without your permission. The bank will stop all future transactions and may even reverse the fraudulent transactions. Now since Bitcoin is a decentralized network - if someone steals your private key, they can spend all of your money - there is no bank to call. 

For this reason, it is extremely important that you keep your private keys safe. In this article we'll go over a few different scenarios where people lost part or all of their money from private keys either not being in their possession or improperly secured or seized by a government.

The Mt. Gox Hack

Mt. Gox was the worlds most used Bitcoin exchange back in 2013-2014. They accounted for as much as 70% of the worlds bitcoin trades back then. Mt. Gox helped you trade regular currency like USD or GBP for Bitcoin. Mt. Gox did not take the appropriate measures to secure their private keys and in 2011 someone got a hold of their main wallet's private keys. 

It appears that Mt. Gox never even generated private keys for their users, they just used one wallet for all transactions. This means that users never even had their own Bitcoin address or private keys.

This oversight in securing their private keys went unnoticed for nearly 3 years, with Mt. Gox losing about 750,000 Bitcoin. At the time of this writing, that is $5.2b USD in lost Bitcoin. 

How to secure your private keys

There are varying degrees of security for your private keys. It's important to understand that right now, you're making a trade-off: the more secure your private keys are, the harder it is to use the funds in your possession.

We'll go through some popular methods of securing private keys and discuss the pros/cons of each.

1. Create a paper wallet

This is probably one of the strongest security measures you can take. It involves generating a bitcoin address offline and writing down your private key or recovery phrase on a piece of paper. Make sure you do not leave a copy of the private key on your computer - this way hackers will not be able to get your private key. To bump up the security on your paper wallet, consider generating a multi-signature wallet (read our guide on multi-signature wallets here). We have a guide to generating a paper wallet here.

You should laminate the paper to protect it from water damage. To boost security, you should consider storing your private key in a safe. For even more security, you should store your key in a safe deposit box at a bank.

Also, if you print your private key, it's important to reset your printer because it keeps a copy of your private key in it's memory for some time.

Pros of using a paper wallet are that it requires someone to come to your house or bank in person to steal the private key. We think this is a really difficult way to steal people's Bitcoin, perhaps the most difficult, because it can only be done one person at a time.

Cons of using a paper wallet are that you need to write down the key by hand, which may be prone to error. Also you need to import your private key (we've made a guide for private key importing here) into a wallet software or sweep funds out to a different wallet in order to use your Bitcoin funds. Also, if you don't protect your paper in some way, it can be destroyed by water, fire or children. Lastly, your paper wallet will only work for Bitcoin.

2. Use ledger/trezor/keepkey

Using a Trezor, Ledger or KeepKey feels like using a device out of a James Bond or Mission Impossible movie. The way that they work is by generating your private keys on a USB like device that is never directly connected to the internet. Buying one of these cold-storage solutions costs money. It also highly advised that you purchase directly from the vendor on their respective website, otherwise your private keys may be compromised.

These solutions usually ask you to back up your recovery phrase to a paper wallet or crypto steel.  To boost security, you should consider storing your device in a safe. For even more security, you should store your device in a safe deposit box at a bank.

Pros of using a device for cold-storage of private keys like Ledger/Trezor or Keepkey are that they usually support more than one type of cryptocurrency. Additionally, they do not require you to go offline to create a wallet. Lastly, they do not require you to sweep funds or import keys to spend your cryptocurrency.

Cons of using a device for cold storage include the cost - they can be as much as $200. If you don't protect your device, there is a chance it can be destroyed by water, fire or children. Finally, if you do not buy your device direct from manufacturer, you may lose your funds because someone generated fake private keys for you - like this person.

3. Use a custodian

Using a custodian simply means you are entrusting an entity to handle the complete generation and security of your Bitcoin wallet. Going with a custodial solution usually means you're holding $1m USD or more of Bitcoin. It is usually very expensive to set up.

Pros of using a custodian usually include maximum security and peace of mind. Your Bitcoins will be protected against theft, natural disasters and other accidents. Most custodians also support multiple currencies.

Cons of using a custodian include the price, it's very expensive to use custodial services (some services start at $100k in fees). It's also slow to retrieve funds with certain services.

4. Use a CBlock

Using a CBlock means you've entrusted us with generating your private keys. CBlocks make wallet creation hassle free by alleviating you of the responsibility of creating and managing your private keys or recovery phrases.

We create your cold-storage wallets for you, then we load them on a USB using government grade 256-bit encryption protected by a passphrase generated for you. It is still important to remember to store the CBlock USB in a secure place.

Pros of using a CBlock include never having to worry about generating private keys. You also do not need to worry about how to store your private keys as they come encrypted on your USB. Lastly, CBlock works with multiple cryptocurrencies.

Cons of using a CBlock are that you are trusting us to generate your private keys. Also you need to import your private key (we've made a guide for private key importing here) into a wallet software or sweep funds out to a different wallet in order to use your Bitcoin funds.

5. Use a wallet client

You might also opt to use a Bitcoin wallet client like Electrum or Mycelium. These require you to download some software to your computer to generate a Bitcoin address. You can secure your private keys by writing down your seed phrase or private key using this software. Some wallet software even lets you generate multi-signature wallets. Additionally, most good wallet clients encrypt your private keys to protect you.

Pros of using wallet clients are ease of creating transactions; you never have to worry about importing private keys or sweeping funds. Also, you do not need to do much to generate your private keys.

Cons of using wallet clients are that there is a very very small chance your computer could get hacked and your private keys may be compromised since your computer is connected to the internet. Another con is that most wallets only support one cryptocurrency. Lastly, if you lose your computer or it gets destroyed and you have not backed up your recovery phrase, then your funds could be lost forever.

6. Use an online wallet

Using an online wallet is the most popular solution for managing private keys because it is the easiest. Companies like Coinbase have made it extremely easy to create wallets for Bitcoin, Litecoin, Ethereum and other cryptocurrencies. The way this works is that they generate your Bitcoin wallet address and store your private keys on their centralized servers. Some online exchanges take extreme measures to protect your private keys, like Coinbase, which you can read about here. Others, like we've read about with Mt. Gox, do not encrypt private keys or even generate unique wallets for their users.

Pros of using an online wallet are that you can access and manage your Bitcoin funds anywhere, including your mobile phone. You also do not need to worry about how to store your private keys as they are encrypted on the wallet providers centralized servers. You never have to worry about importing private keys or sweeping funds, because they're in a hot wallet. Also many online wallets work with multiple cryptocurrencies.

Cons of using an online wallet are small but significant; all of your Bitcoin can be taken from you if the online wallet provider is hacked or if they are shutdown for any reason (going bankrupt, government seizure, etc). You have to remember that there is no FDIC insurance for bitcoin, if your wallet provider is hacked, then there is no guarantee of funds.

The BTC-E Shutdown

BTC-e.com was an online exchange based in Russia. BTC-e did generate Bitcoin addresses for each account on it's exchange, but as a customer, you were never provided your private keys. You were limited to using their online portal to send and receive Bitcoin. In July 2017, the U.S. Government seized the btc-e.com domain and subsequently a large portion of BTC-e user funds under the allegation that BTC-e was used for criminal activity.

BTC-e team was able to recover about 55% of the funds that were seized and re-opened in September 2017. However 45% of funds are still missing. They still do not provide you with your private keys and for this reason we advise against using their site.
Auston Bunsen
Auston is the cofounder of CBlocks & a life long learner, thinker and programmer. You can follow him on twitter here: twitter.com/bunsen

Join our newsletter to learn about crypto