Deciding to purchase cryptocurrency as a long-term investment may be the most significant choice for anyone interested in digital assets, but determining where to store crypto like bitcoin can be even more critical.
Following the wildfires in California earlier this year, social media began circulating posts claiming bitcoin losses, with some users displaying metal plates meant to safeguard seed phrases that were burnt and unreadable, or discussing the challenges of recovering crypto keys stored in safety deposit boxes at banks affected by the fires. Although it’s impossible to confirm individual accounts of fires damaging hard drives, laptops, and other devices containing hard and cold storage crypto wallets and seed phrases, one thing is certain: managing bitcoin self-custody introduces a distinctive set of security challenges. And these risks are on the rise.
Crypto holders generally utilize some type of “wallet,” which has several key features—whether the wallet is connected to the internet and the level of control directly integrated into it for trades and transfers. There’s also the fundamental aspect of whether a crypto investor relies on a third party for custody or maintains complete custody and trading control over their assets.
The typical third-party platform “hot wallet”—like those offered by Coinbase or Blockchain.com—remains perpetually online. In contrast, cold storage and “cold wallets” consist of hardware devices (like USB sticks) that store private keys offline, or simply a seed phrase (a master recovery code made up of 12 to 24 words for wallet access) either on paper or metal. Hardware wallets or offline backups of seed phrases can facilitate access to crypto when linked to the internet via another device.
For third-party custodial solutions, there are various measures to help users stay alert against cybercriminals with the potential to access an internet-connected platform, such as employing two-factor authentication and robust passwords. The U.S. Marshals Service, which oversees asset forfeiture within the Department of Justice, utilizes Coinbase Prime for custody of its confiscated digital assets.
Many crypto enthusiasts choose to self-custody digital assets like bitcoin for reasons reflective of their initial interest in cryptocurrencies: skepticism towards certain forms of institutional control. Custodial wallets provided by crypto brokers may offer convenience, but they also expose users to risks associated with exchange hacks, service shutdowns, or fraud, exemplified by the high-profile collapse of FTX. Additionally, recent global events, like wildfires, have prompted further contemplation on the crypto custody debate. Other ongoing issues, such as the Middle East conflict and the Russia-Ukraine war, are causing overseas crypto supporters to reconsider their self-custody strategies.
Nick Neuman, co-founder and CEO of self-custody firm Casa, noted that physical threats like natural disasters present an opportunity to reassess bitcoin security measures and the common security oversights in users’ practices. “Most people secure their bitcoin with one private key. If that key exists on a single device or is written down as a seed phrase, it’s a single point of failure. Losing that key means losing access to your bitcoin,” he explained.
It is evident that storing seed phrases on paper provides minimal protection against fire, yet it remains a prevalent practice, Neuman pointed out. Placing these slips of paper in fireproof bags or safes offers some level of security, but not significant, and even using “indestructible” metal storage plates involves several points of failure. For instance, they may not be as indestructible as claimed, and locating them amidst debris can be nearly impossible.
“Given the locations of the California fires and the stories shared on social media, it’s highly probable that some bitcoin was lost,” Neuman remarked. “Some of these accounts are quite convincing,” he added.
Casa conducts annual stress tests on their seed phrase backups.
Some self-custody providers, like Casa, offer multi-signature setups to diminish the risks associated with single points of failure. A multi-key crypto “vault” might incorporate mobile phone keys, various hardware keys, and a recovery key held by a reputable company like Casa on the owner’s behalf.
The multi-sig custody model enables the owner to retain a majority of the keys, while a trusted partner manages a minority. John Haar, managing director at Swan Bitcoin, explains that under this arrangement, the owner would need to lose all physical devices and seed phrase copies simultaneously. As long as the owner can access at least one key or device, recovering their bitcoin remains possible. This setup significantly reduces the likelihood of losing all keys in events like natural disasters, Haar noted.
“You can distribute these keys across different regions or even countries, and require any three of the five keys to authorize a bitcoin transaction,” Neuman stated about Casa’s five-key solution.
Jordan Baltazor, chief administrative officer at Fortress Trust, a regulated crypto custodian, asserts that best practices from other areas of personal life should be adapted for cryptocurrency. For instance, diversifying storage methods and evaluating associated risks is vital. Digital assets should be treated similarly to backing up critical personal data to guard against loss or corruption.
Companies like Coinbase and Jack Dorsey’s Block are developing products that aim to integrate these concepts, creating a more secure yet user-friendly version of crypto wallets. Coinbase Vault, for example, incorporates enhanced security measures before users can access their crypto holdings for transactions. Additionally, Coinbase Wallet and Block’s Bitkey feature mobile applications that facilitate easy bitcoin transfers while also supporting integration with hardware wallets for better security often associated with cold storage.
Bitkey hardware requires multiple verifications for transactions, enhancing security akin to “multi-sig wallets.” Furthermore, Bitkey offers recovery tools that mitigate one of the primary risks of self-custody—losing codes or phrases crucial for accessing cold wallets.
Innovations like those from Dorsey may help alleviate the balance between convenience and security; at the very least, they highlight the existence of this balance and its potential as an obstacle to broader crypto adoption. In addition to threats such as wildfires, natural disasters, and wars, bitcoin self-custody is also susceptible to the most significant personal risk of all: the unexpected passing of the bitcoin owner. Navigating the complexities of inheritance remains one of the most challenging aspects of managing the crypto chain of custody.
While Coinbase necessitates probate court documentation and explicit will provisions prior to releasing funds from custody, physical wallets often provide minimal to no support, possibly leaving substantial digital assets trapped on a private key. Bitkey launched its inheritance solution in February, addressing what a Bitkey executive described as “a potential multibillion-dollar issue that needs resolving.”
“Individuals with substantial investments in bitcoin must adopt a more thoughtful approach to safeguarding their assets,” remarked Neuman. Following disasters like the wildfires in California, or when exchanges collapse like FTX, the industry witnesses an uptick in crypto holders adjusting their storage practices for greater security. “It’s human nature to wait for ‘bad things to occur’ before taking steps to enhance one’s situation,” he noted. “However, being proactive is crucial. Failing to do so invites the risk of experiencing that ‘bad thing,’ often leaving it too late to act,” he concluded.
