How to safely buy & hold crypto

in #bitcoin7 years ago (edited)

digital security
Some of my friends have been asking how to buy & hold cryptocoins. There may be better ways, but the below works for me.

In my professional life, I am responsible for securing extremely valuable data (think “billions”). My overriding concern is therefore safety: if you’re going to speculate with any significant money, you’d like to not lose it all when some website gets hacked, right? So these instructions emphasize safety above ease of use.

I don’t use phone-based wallets. Those are fine for transacting small amounts for day-to-day use, the same way you might keep $5,000 in your account in the bank, but only keep $50 in cash in your wallet.

Bear in mind, I am buying purely to speculate, not to transact on a daily basis. And because I don’t trust any smartphone, I don’t keep my money on my phone. If you want to buy and sell small amounts, then sure, download a phone wallet and transfer a little spending money from your primary wallet address into your phone wallet address. But I’m not covering that use-case here. These instructions are about your primary “savings account” wallets.

OK, let’s get started!

Step 0: Get a secure computing environment

Don’t skip this step. Don’t skimp on security!

Run a Linux desktop, and have taken time to secure your configuration. That means: don’t run services you don’t need (you don’t need NFS, Samba, httpd, ftpd, or sshd on your personal box!) Run SELinux. Make sure your drive is mirrored. Have a regular backup strategy. If you are going to speculate with hundreds or thousands of dollars, you may as well do it right.

While on the topic: a note about wallets. Each wallet you create will have:
(1) a public address,
(2) a private key, and usually also
(3) a wallet recovery phrase.
For each wallet you have, keep all this information somewhere secure.

For the love of God, do not store this info in the cloud: not in Google docs or any other online location. I personally write it all very carefully and legibly on a piece of paper in a safe place, and also save it in a text file in the encrypted persistent storage of a Tails thumb drive. I also keep my online brokerage and retirement account info in the same location. I highly recommend you do the same. The Tails website has clear step-by-step instructions for making a thumb drive with encrypted persistent storage. Do that. It’s worth it.

As long as you know your public and private keys, you can restore your wallet and your funds. Corollary: anybody that learns your public and private keys, can p0wn your funds.

A note about disk space. Each local wallet will need to download the entire blockchain for that coin. Have plenty of fast-access disk space! The Monero blockchain, for example, is 21GB and rising. Indeed, the monotonically increasing blockchain size is a big beef I have with pretty much every coin, but by various arguments (dropping storage costs, cloud baselines of ledger history, etc) I’ve become convinced it’s not a showstopper issue for crypto in general.
Anyway, with today’s prices, you can afford a few hundred GB of mirrored Solid-State Drive (SSD). Get it. And make damn sure it’s mirrored. And that you back up regularly!

By the way: you don’t strictly need to encrypt the drive. That protects against people who have physical access to your powered-off machine. It does nothing to protect your machine while it’s running. That said, of course I encrypt all my drives, with the exception of the drives where I store my backups (since I use dd to take full disk-image backups of encrypted drives, the backups are already encrypted)

If all this seems like too much for you, I understand. And in that case I strongly encourage you not to speculate in cryptocurrency. For a similar hedge against SHTF scenarios, consider buying shares in companies that mine precious metals, or ETFs of the same. Personally I’m a big fan of GDX, and you can safely buy it with any discount online brokerage, and be reasonably safe that your funds won’t be lost or stolen out from under you. Or just buy some actual physical coins; Apmex has great prices on Silver bullion. Everyone should own some silver coins. Everyone!

Step 1: Do your homework and take notes

For each coin, keep a file with links to useful URLs, notes to yourself, questions, etc. There are huge differences between coins and there’s a lot of info out there. You will want to keep it all organized from the outset. You’ll want to be able to come back to your notes months later, and quickly refresh your understanding.

Personally, I do not buy any coin until I have read the technical whitepapers, browsed the source code, and feel I have a good understanding of how it works. This is the same philosophy I use for buying stocks; if I don’t understand the company, I don’t buy the stock. I don’t think everyone has to be that obsessive. But you do need to talk to people and do your research and make sure you feel comfortable with the purchase, before sinking your money on any investment.

You won’t be keeping any secret information in these notes, so feel free to store them in the cloud.

Step 2: Download and install the CLI wallet for the coin you want to hold

Don’t keep your crypto in a web-based, online wallet! Keep it in a wallet on YOUR computer, that YOU control!
Most wallets will take a long time -- several days -- to download the full blockchain for the relevant coin. This is why Step 0 had you get hundreds of gigs of SSD.

Note that I do not hold Bitcoin; I use Bitcoin only as a temporary intermediate when acquiring other coins that cannot be purchased directly with government fiat (US dollars). As such, I do not have a local-storage Bitcoin wallet.

2.1 Monero

You can download the Monero wallet here. The Monero wallet is very easy to set up, and the Monero Support Forum has extremely helpful people.

Start the monero wallet daemon (“monerod”) and it will sync. Create a wallet (“monero-wallet-cli”) and keep all the passwords in the secure location you created back in Step 0.

2.2 Ripple

One benefit to using Ripple: there’s no need to download a blockchain. Huzzah!

  1. Download and unzip the wallet binaries from Rippex here
  2. Run “RippleAdminConsole-1.4.1”
    Note that the command creates a dir ~/.config/RippleAdminConsole-1.4.1 and stores info there.
  3. Agree to the terms (see? this really is bank-worthy!)
  4. Click “Create new account”
  5. Click “Create an empty account” and name your wallet
  6. After you’ve entered & confirmed your password, click the “Settings” gear in the upper right hand corner, then click “Network Settings” on the left, and finally check “Online mode”

You’ll now see a message that you need to send 20 XRP to your new wallet address. Yes, this is legit; it’s part of the protocol; to participate, you are like a “reserve bank”, holding at least 20XRP. Easiest way to do this is to use Bithomp, which lets you deposit directly to into your new wallet from PayPal. Just copy and paste in your newly created wallet address, and click “activate”.

2.3 Ethereum

Similarly, I don’t hold any Ethereum yet, though I plan to in the next few months. Again, when I do, I’ll update this post.

Other coins

Frankly I don't have immediate plans to buy any other coins. Most are, in my opinion, not a good speculative bet. This includes Litecoin, Dash, Golem, and others. I may post my reasons for each coin later. For now, be aware that the CLI wallets above are the only ones I personally am willing to bet money on.

Step 3: Get an account with an online exchange

The online exchange will give you a web-based bitcoin wallet, and possibly others as well. You’ll use these either as a waypoint to transfer the funds to the wallet on your local computer, or to convert from Bitcoin into the relevant altcoin (more on that later).

I personally use Coinbase; I’ve heard good things about BitPanda and would suggest new people start there. Take the time to set up direct deposit with your checking account. It will take a few days: to verify you control the bank account, the exchange makes 2 small deposits (ie, $0.21 and $0.43). Once those show up in your back account, enter the amounts on the exchange website. Think of it as basically a 4-digit two-factor authentication.

Now you can transfer government fiat currency into the online exchange, and from there, buy a coin offered on the exchange. Coinbase lets you buy Bitcoin, Ethereum, and Litecoin directly; BitPanda lets you buy Bitcoin, Ethereum, and Dash. In either case, the proceeds go into the relevant coin’s wallet in your account on the exchange website.

Note that the process takes time, usually several hours, to complete. Hey, if you were buying stocks on a trading platform, it would take several days for the transaction to clear, so shut up and be happy.

Also note that there will be a per-transaction fee, like a brokerage fee. As such, you are better off making a few large purchases, rather than many small ones.

If the coin you want is directly available on the exchange, now just use the exchange website to transfer the funds to the wallet you set up in Step 2. Enter your local wallet address, and send. The confirmation can take hours; be patient. Don’t leave your coins sitting in the online exchange wallet; they are not safe there long term.

Step 4: Convert to the desired altcoin

Most of the “interesting” altcoins are not yet directly available on the exchanges. So, buy Bitcoin, and wait for the BTC to be deposited in your online BTC wallet on the exchange.

Now go to a coin converter. I use Shapeshift.io for this.
Click “Deposit” and choose “Bitcoin”. Then click “Receive” and find the coin you actually want. This is the step where we put the funds into the secure, permanent-storage wallet you downloaded and created back in Step 2. Put in your personal local-storage wallet as the “destination address” here. Put your online Bitcoin wallet exchange as the “refund address” (in case something goes wrong).

Again, there will be a fee. Again, as a result, you are best off doing (say) a monthly or bimonthly large purchase, rather than a smaller purchase every week.

Now your chosen cryptocurrency is transferred into the wallet address that you control on your local computer. The blockchain has recorded the transfer, so even if your computer dies, you can restore the wallet on a new computer using your private key and/or passphrase. This is where the funds will sit while you wait for their value to go to the moon.

Step 5: Maintenance

5.1: Keep a casual eye on the news

Like any other speculation or investment, you should not watch the day-to-day ups and downs of the market. Unlike traditional investments, the crypto landscape is changing fast. Keep on the lookout for new coins; even more so, keep on the lookout for newly-discovered problems with the coins you own.

Personally I follow Neocash Radio (in part because it’s run by personal friends of mine), and Cryptoverse

5.2: Keep software up to date

Periodically (every few days or so), sync the blockchain of coins you hold. You won’t be able to send coins from your wallet, or see new transfers into your wallet, until you sync up.

Periodically refresh to the latest version of your CLI software. This is bleeding edge stuff, and backwards compatibility is not a priority for most of the developers.

Keep your Linux packages current.

Back up regularly.

Vaya con Dios, and may the odds be ever in your favor. I honestly hope you become rich.

Sort:  

Congratulations @denisgoddard! You have received a personal award!

Happy Birthday - 1 Year on Steemit Happy Birthday - 1 Year on Steemit
Click on the badge to view your own Board of Honor on SteemitBoard.

For more information about this award, click here

By upvoting this notification, you can help all Steemit users. Learn how here!

Congratulations @denisgoddard! You have received a personal award!

2 Years on Steemit
Click on the badge to view your Board of Honor.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @denisgoddard! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!