What about if an online service offers a wallet or this is available within another application? The classic example of this the online wallet. Here too — as always in the crypto world — there is only one rule and it is this:
You have to be in possession of your private keys at all times!
That is, of course, something of a balancing act. Let’s suppose, for example, that you want to trade with cryptocurrencies. To do this, you have to deposit some of your money in the wallet of the exchange and ideally keep your private keys there too. The exchanges provide secure wallets for that purpose and protect the private keys with all the means at their disposal. But, for one thing, online services are only secure until a hacker strikes and cracks the secure storage, and for another, no exchange operator can really protect you from its own employees who have the appropriate administration rights. That is exactly what could have happened with the Mt. Gox Exchange in 2013, when 600,000 Bitcoins vanished. This case will be described in more detail in a later chapter.
The money—in our case, the Bitcoin—also sit in an online exchange if they are being bought or sold. It is not so dangerous when purchasing because you don’t need private keys, just a Bitcoin address. Private keys must be used in selling because otherwise the Bitcoin can’t be transferred. At the end of the day, each individual has to decide for themselves how much of their assets they are comfortable keeping in a web service.
Not all online exchanges are created equal.
Many offer the possibility that you can export the private key and/or keep the passphrase. This is already halfway there. Exchanges that do not offer one or the other should be avoided—unless you’re not bothered with security and trust the operators blindly. Many choose to take this approach, and it cannot be fundamentally assumed that the money will be lost if you follow this path, just that there no absolute security in place.
It is not the same situation as when you transfer your money to an assets manager. These comrades can also run off with your money but are generally caught and you even sometimes get your money back. Most of them are trustworthy in the sense that they don’t embezzle your money; at most, they lose it through risky speculations. However, if it is a lot of money to you, it is recommended to leave exchanges that do not supply private keys well alone.
Two worlds collide
Having said all that, in the interest balance, the other side of should be shown. There are a few wallet providers who go in exactly the opposite direction, and they can also logically and understandably justify that choice.
If you have greater assets and have to keep these at home, that can present its own unique challenges and costs. You have to install a safe at home and put your money in that. The bigger the safe is, the more tempting it is for criminals because they assume it probably contains large quantities of money, gold and diamonds. With this increased risk, you are forced to adopt additional security measures. Perhaps you install movement sensors, security lighting or even hire a team of guards to guarantee the safety of your assets.
In this case, it makes sense to give the money to a professional who has already undertaken all these advanced security measures and more. Ideally, this would be a bank because banks house unbreakable underground safes, which are secured by the most current security techniques and technologies. Most burglars would be gnashing their teeth for all time at these. Furthermore, there is the three-person principle for keys and time switches, so that the safe does not remain open for an undefined time to ensure that the bank’s own employees can’t pilfer anything.
If you put your money in the bank, you can’t lose it.
All of that makes sense because if you put your money in the bank, you can’t lose it. Online wallet providers sometimes advertise using this argument and offer to keep the private keys secure in so-called “deep cold storage” installations. The private keys would be stored in a mountain massif and can only be given out under certain circumstances, under certain conditions, and in certain time windows.
Online wallet and private keys: It’s complicated
It is a little crazy; a decentralized system is being distorted and violated because, in this process, the keys, which allow access to the safely kept assets, are centrally stored again and you are at the mercy of this central point. Essentially, you can also give your money straight back to your bank—or to the state. The benefit of a decentralized system is gone.
Ultimately, everyone needs to decide that for themselves.
The providers take great pains to ensure security and safekeeping of private keys, and we should recognize that. However, they are naturally not immune from state attacks that occur on the country in which the private keys within an online wallet are stored, even if it is deep in the mountain. At the very least, an online wallet represents a certain residual risk. Moreover, you might not be able to get at your Bitcoin as quickly and easily as you could possibly need to.
In this way, it is just like with a normal bank. If you wish to withdraw a large sum, you need to notify the bank in advance and then pick up the cash a few days later. At least, the loss of “real” money is secured up to a certain amount by the so-called deposit insurance. However, if this still applies if the bank goes bankrupt is doubtful, at least if a big wave of bankruptcies occurs. Still, better than nothing.
However, if you want to have control over your crypto money at all times, then you have to have access to your provate keys and you can’t leave them on an online wallet.
This is a short excerpt from my book.
Bitcoin, Blockchain & Co.
The Truth, and Nothing but the Truth