This article needs additional citations for verification. (September 2017) (Learn how and when to remove this template message)
A cryptocurrency wallet stores the public and private keys which can be used to receive or spend a cryptocurrency. A wallet can contain multiple public and private key pairs. As of January 2018[update], there are over thirteen hundred cryptocurrencies; the first and best known is bitcoin. The cryptocurrency itself is not in the wallet. In case of bitcoin and cryptocurrencies derived from it, the cryptocurrency is decentrally stored and maintained in a publicly available ledger called the blockchain.:93 Every piece of cryptocurrency has a private key. With the private key, it is possible to digitally sign a transaction and write it in the public ledger, effectively spending the associated cryptocurrency.
When choosing a wallet, the owner must keep in mind who is supposed to have access to (a copy of) the private keys and thus potentially has access to the cryptocurrency. Just like with a bank, the user needs to trust the provider to keep the cryptocurrency safe. Trust was misplaced in the case of the Mt. Gox exchange, which 'lost' most of their clients' bitcoins. Downloading a cryptocurrency wallet from a wallet provider to a computer or phone does not automatically mean that the owner is the only one who has a copy of the private keys. For example with Coinbase, it is possible to install a wallet on a phone and to also have access to the same wallet through their website. A wallet can also have known or unknown vulnerabilities. A supply chain attack is one way of a vulnerability introduction. In extreme cases even a computer which is not connected to any network can be hacked. For receiving cryptocurrency, access to the receiving wallet is not needed. The sending party only needs to know the destination address. Anyone can send cryptocurrency to an address. Only the one who has the private key of the corresponding address can use it.
A backup of a wallet can come in different forms like:
- A (encrypted) file like wallet.dat or wallet.bin which contains all the private keys.
- A mnemonic sentence from which the root key can be generated, from which all the private keys can be recreated. Preferably these words could be remembered or written down and stored on other physical locations.
- A private key like: KxSRZnttMtVhe17SX5FhPqWpKAEgMT9T3R6Eferj3sx5frM6obqA (see the picture).
When the private keys and the backup are lost then that cryptocurrency is lost forever. When using a webwallet, the private keys are managed by the provider. When owning cryptocurrency, those trusted with managing the private keys should be carefully selected. An (encrypted) copy of the wallet should be kept in a trusted place. Preferably off-line. Some people 'write' their mnemonic sentence or private key on metal, because it is robust.
Some wallets support multiple cryptocurrencies.
They come in different forms like:
- An application installed locally on a computer, telephone or tablet (see the picture).
- When using a web wallet the private keys are managed by a trusted third party. Some web-based wallet providers use two-factor (like Google Authenticator) for extra security. In that case a keylogger is not enough for a hacker to steal the credentials and get access to the wallet.[not in citation given]
- Cryptocurrency exchanges link the user's wallet to their centrally managed wallet(s). For example: When trading bitcoins between users on the Kraken exchange, the trades are written in their private ledger (off-chain transaction). Only when a user wants to enter his cryptocurrency into the exchange or when he wants to take his cryptocurrency out of the exchange, the transaction is written onto the public bitcoin blockchain (on-chain transaction).
In order to initiate or verify a transaction, the cryptocurrency wallet connects to a client (node) on the network to process the request. There are several types of clients like: full clients, headers-only clients, thin clients and mining clients. Some of them can process transactions and some of them also have their own wallet functionality. Full clients verify transactions directly on their local copy of the blockchain. Lightweight clients consult full clients.
They are considered secure, because the private keys never leave the physical wallet. They are born (created), live (transaction signing) and die (deleted) inside the hardware wallet. If a hardware wallet uses a mnemonic sentence for backup, then the users should not electronically store the mnemonic sentence, but write it down and store in a separate physical location. Storing the backup electronically lowers the security level to a software wallet level. Hardware wallets have models that require the user to physically press or touch the wallet in order to sign a transaction, the destination address and the amount of coins. The private keys remain safe inside the hardware wallet. Without the private key a signed transaction cannot be altered successfully. Some hardware wallets have a display (see the picture) where the user can enter a pin to open the wallet and where the transaction can be verified before being signed. When reading a mnemonic sentence from the physical display of the hardware wallet a screencapture of an infected computer will not reveal the mnemonic sentence.[not in citation given][not in citation given]
With a watch only wallet someone can keep track of all transactions. Only the address (public key) is needed. Thus the private key can be kept safe in another location.
Hot vs. cold wallets
Terms also used in the context of cryptocurrency wallets are hot and cold wallets. Hot wallets are connected to the internet while cold wallets are not. With a hot wallet cryptocurrency can be spent at any time. A cold wallet has to be 'connected' to the internet first. As long as something is connected to the internet, it is vulnerable to an attack. The short version is that software wallets (where the device is turned on or the wallet software is running) are considered hot wallets. A (not connected) hardware wallet is considered a cold wallet.
Deep cold storage
Deep cold storage is the process of storing cryptocurrencies in cold wallets that were never connected to the Internet or any kind of network. Additionally the private keys associated with this system are generated offline. The process gained main stream attention, when Regal RA DMCC, (the first cryptocurrency licensed company in the middle east) took it a couple of steps further by storing the cold wallets in the Almas Tower vault below sea level along with the company's gold bullion and insured the cryptocurrencies for full value.
With a deterministic wallet a single key can be used to generate an entire tree of key pairs. This single key serves as the root of the tree. The generated mnemonic sentence or word seed is simply a more human-readable way of expressing the key used as the root, as it can be algorithmically converted into the root private key. Those words, in that order, will always generate the exact same root key. A word phrase could consist of 24 words like: begin friend black earth beauty praise pride refuse horror believe relief gospel end destroy champion build better awesome. That single root key is not replacing all other private keys, but rather is being used to generate them. All the addresses still have different private keys, but they can all be restored by that single root key. The private keys to every address it has ever given out can be recalculated given the root key. That root key, in turn, can be recalculated by feeding in the word seed. The mnemonic sentence is the backup of the wallet. If a wallet supports the same (mnemonic sentence) technique, then the backup can also be restored on a third party software or hardware wallet.
A mnemonic sentence is considered secure. It creates a 512-bit seed from any given mnemonic. The set of possible wallets is 2512. Every passphrase leads to a valid wallet. If the wallet was not previously used it will be empty.:104
In a non-deterministic wallet, each key is randomly generated on its own accord, and they are not seeded from a common key. Therefore, any backups of the wallet must store each and every single private key used as an address, as well as a buffer of 100 or so future keys that may have already been given out as addresses but not received payments yet.:94
- Liu, Yi; Li, Ruilin; Liu, Xingtong; Wang, Jian; Zhang, Lei; Tang, Chaojing; Kang, Hongyan (29 October 2017). "An efficient method to enhance Bitcoin wallet security". 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID). IEEE. Retrieved 1 September 2018.
- McGoogan, Sara; Field, Matthew. "What is cryptocurrency, how does it work and what are the uses?". The Telegraph. Retrieved 14 September 2017.
- Antonopoulos, Andreas (12 July 2017). Mastering Bitcoin: Programming the Open Blockchain. O'Reilly Media, Inc. ISBN 9781491954386. Retrieved 14 September 2017.
- Juchisth, Smith. "Wat is cryptocurrency? Een introductie in de blockchain". Cryptostart (in Dutch). Retrieved 9 December 2017.
- "Wallet vulnerabilities". cnn.com.
- Air-gap jumpers on cyber.bgu.ac.il
- "How to store your bitcoins - bitcoin wallets - CoinDesk".
- "Cryo Card Review: Nearly Indestructible Bitcoin Cold Storage - CoinAlert". coinalert.eu.
- "How Bitcoin Companies Keep Your Funds Safe". CoinDesk. 25 November 2014.
- Skudnov, Rostislav. "Bitcoin Clients" (PDF). theseus.org. Retrieved 23 February 2018.
- "Lightweight clients on iacr.org" (PDF).
- Private keys generated, used and deleted on a hardware wallet on hackernoon.com
- Burton, Charlie. "So, you've bought Bitcoin. Now what?".
- "The 3 Best Hardware Wallets For Bitcoin of 2018 ( ++ Altcoins)". 15 November 2017.
- Torpey, Kyle. "Bitcoin Hardware Wallet Review: Ledger May Have Caught Up to Trezor With Nano S". www.nasdaq.com. Nasdaq. Retrieved 5 December 2017.
- "The best multisignature wallets for 2016 » Brave New Coin". 13 January 2016.
- "Zendesk". support.ledgerwallet.com.
- "Bitcoin, Litecoin, & Ethereum Vault".
- "How to create a brain wallet - CoinDesk". 10 June 2013.
- Matonis, Jon. "Brainwallet: The Ultimate in Mobile Money".
- "Bitcoin Glossary".
- "World's First Deep Cold Storage for Crypto-Commodities Launched by Regal Assets in Dubai | News - DMCC". DMCC. Retrieved 2018-04-02.
- Gutoski, Gus; Stebila, Douglas. "Hierarchical deterministic Bitcoin wallets that tolerate key leakage" (PDF). iacr.org. International Association for Cryptologic Research. Retrieved 2 November 2018.