Your funds may be in jeopardy

Bitcoin is a system where a decentralized ledger keeps track of transactions, this system uses tokens called bitcoins. (Note that the system is capitalized while the token is not.)

The security of bitcoin is related to its storage. What is in essence an astronomically large number is normally kept on a computer or paper hard copy. There is always a chance disaster will strike these copies, and without good backup procedures that data may be lost. Bitcoin being kept in cold storage is no different than other data and in order to best protect your data you should know the limitations of your storage media.

Security weak point

Backup seeds and secret keys are only good if they can be retrieved. That depends mainly on how they are stored and that is why good backup procedures are critical to long term survival of information.

What Bitcoin data is most at risk? Many HD wallets require the user to write down their backup seed, this is often held only on a piece of paper or an encrypted digital medium. A key-pair where the secret key (or private key) is data no different and should be kept stored away from prying eyes.

The best way to keep you seed/secret key safe is to have multiple copies in multiple locations perhaps with multiple formats AND where the keys are split or encrypted. However not everyone has access to multiple locations, access to land long term, or more than one place to store their things. Some people are afraid they might get hit in the head and forget their decryption key. How do they stay safe?

There are many good options, but we’re just here to point out some potential weaknesses out there. We will focus on mediums relating to cold storage and not ones designed for more everyday use such as hardware wallets or HD wallets on a cellphone or computer. Online storage is far from secure so just don’t store funds online please. Where is your backup seed and how is it stored?

Secure generation of keys and endpoint physical security are out of the scope of this article. If you practice good user security then the storage of your seed or secret key may be your main security weakpoint.

Potential problems with common methods of cold storage

 Written on a piece of paper
  • Anyone who can see it, can steal it
  • Handwriting can be hard to read or completely illegible
  • Human error in transcription can cause errors on end product
  • Paper can rot, be torn, burn, or be smoke damaged
Printed on a piece of paper
  • Anyone who can see it, can steal it
  • Printing method – with non laser-printers the ink can run if paper gets wet
  • Printer model – some have internet connections, wifi, and memory
  • Paper can rot, be torn, burn, or be smoke damaged
On laminated paper
  • Anyone who can see it, can steal it
  • Lamination is prone to degradation over time and punctures or cuts that could allow moisture to get trapped in the paper could cause deterioration or rotting in some circumstances – store in cool dry place
  • Can burn or be smoke damaged
  • ‘Fireproof’ & ‘Fire-resistant’ boxes can help protect paper in a small house fire but be warned that they can sometimes fall apart in the fire and can get wet if the fire is put out with water. Remember a burglar can carry a small safe out of the house with them
Engraved /etched /ablated /stamped on a piece of metal
  • Anyone who can see it, can steal it
  • Some metals can deteriorate or corrode, choose a good metal and storage location. Avoid direct contact with other types of metal. Some metals that are corrosion resistant have low melting points, are extremely expensive, or hard to machine. The Keyois Capsule was originally designed with 316 marine-grade Stainless Steel (the best type of steel we could find for this purpose) but titanium was used instead for the first edition capsules.
  • Some metals can still deform or melt from heat, especially under pressure.
    “Most house fires do not burn hotter than 1,200 degrees Fahrenheit. This temperature is typically associated with the hottest portion of a home, which is in the roof area. Homes that burn for longer than 30 minutes or consist of multiple levels sometimes burn at higher temperatures.”
    You want to pick a metal that won’t be destroyed by a fire. So tin, lead, and magnesium (ha) are all out as engraving materials. Metals with melting points above the temperature of a housefire include: silver, gold, copper, brass, bronze, nickel, cobalt, some aluminium alloys, steel, nickel, titanium (which is what the Keyois Capsule has the Secret Key engraved on, with a melting point of over 1600° C / 3000°F) and tungsten (with a melting point double titanium but can be brittle if hit hard).
  • The Cryptosteel product made of 304 Stainless Steel is in this category. It is a very practical backup idea. It is an assemble-at-home secret key/ seed backup however it does not have tamper evident properties (but I bet this can be easily fixed). So anyone who can see it, can steal it.
  • There are multiple companies that sell laser-engraved metal key-pairs about the size of a calling-card; often there are color, material, and design options. Remember not all metals are created equal. This is a great option for BIP38 addresses, although anyone who can see it can see it, they would then still have to crack your BIP38 pass phrase. However it is our opinion that the Keyois capsule is the prettiest of them all.
Stored digitally on a computer
  • Computers can crash, making data recovery expensive
  • Data can still technically be recovered after a system is abandoned by the user. In some cases data can be recovered after multiple overwriting attempts and physical destruction (as long as the attacker can get all or most the pieces) so if you copy files to a new computer and ditch the old one, be careful
  • Can burn or be smoke damaged
  • A traditional hard disc drive can have data corrupted by powerful magnetic fields and can physically shatter
  • A non-negligible amount of HDDs suffer from factory defects that will cause them to fail unexpectedly during their lifetime
  • Accidents can happen that could result in loss of data
  • Solid state drives (SSDs) will lose data if unpowered, they may last years before this becomes a problem but it is unwise to store long-term data in unpowered SSDs
  • Internet connection is another attack vector and the safety is only as good as the encryption used. Someone could be trying to break into the computer at all times
  • There are a lot of ongoing threats with computers, from zero-day exploits to firmware exploits and malicious USB cords
  • External hdds are good for storage for a few years at least if stored properly
  • For computers that are not connected to the internet, safety is only as good as the physical protection and encryption used; could someone mosy into the location and copy the data without anyone noticing?
Stored digitally on CD, floppy disk, laserdisc, or mini-disc
  • Plastics break down over time and with exposure to heat, humidity, regular light, all sorts of chemicals, even the oxygen in the air. This can lead to the loss of your data when stored on a medium made of plastic or written/printed on plastic.
  • Can burn or be smoke damaged
  • Can be physically damaged, making data recovery expensive or even impossible
  • Magnetic media (tapes, floppy disc) can be damaged by magnets
  • Data can become difficult to recover if the software and/or hardware to decode is old, don’t use proprietary formats
Stored digitally on a flash drive
  • Can break and have to be physically repaired before use
  • Rapidly changing magnetic fields can damage the data stored on flash drives
  • Can burn or be smoke damaged
  • Can become corroded from salt water or some atmospheric conditions
  • If they break apart, some lighting conditions can cause data corruption (someone can also put them back together and often still get the data)
  • There are some fake flash drives that look like they saved the data but you can’t get it back later
  • Flash drives are not advised for long term storage; they can be used as one part of a multi-medium-location-format plan.
 A pre-funded physical bitcoin coin
  • The medium that the key is on is often paper/plastic which can burn or be smoke damaged
  • Trust in the manufacturer themselves, someone could have copied the key
  • Trust in their key generation procedure
  • Trust in the operational security of the manufacturer, they could be generating the keys on their everyday computer
  • Trust no one is successfully spying on them. What are their security procedures?Could someone be looking through their documents while they are out of town, or with tiny tin foil hat cameras or long range ones
  • Trust that the object was not tampered with in delivery
  • Trust that no one has tampered with the object in a way you could hardly notice

    How to solve these problems? A combination of good backup procedures and encryption

  • Using some form of multi-signature method and storing the parts in different locations you have permanent access to
  • Consider the Keyois Capsule as a stylish luxury model of a BIP38 wallet. Like a piggy bank it can be funded from the outside and must be destroyed to access the funds
  • Engraving, embossing, or stamping on a sheet of metal is cheaper but far more time consuming. – This puts you back at *anyone who can see it can steal it* so dip in plastic, wrap in duct tape, bury in drywall, encase in concrete, whatever just don’t leave unencrypted keys visible!
  • Have the words etched onto glass at home with off the shelf products; but this has it’s own dangers
  • Anodize the words yourself on a pieces of metal, there used to be a service to help use your home printer to print the words with some chemicals you can buy
  • Use a combination of techniques to split the seed so that it is safe(because it is split and separated) and redundant (because it is backed up)
  • The most cost effective way for a ‘normal’ person (without their own land, without more than one location, and who cannot trust anyone else with their funds) to keep their backup seed/ secret key safe from damage from the elements would probably to buy a stamping kit and hammer and some stainless steel sheet or bar

 Backups are essential for digital data