Storing Bitcoin Case Study
I started my Bitcoin journey a little over two months ago. I did not know what I did not know. This is a storing bitcoin case study. I was following guidance from someone who seemed to know (let’s call him the “guru”). This is where you discover how little you do know and the risks you are taking. I will walk you through my journey and then I will tell you about the risks and the options I should have been exploring.
- Got a Bitcoin wallet. This feels like a sensible first step – somewhere to store your Bitcoin. The guru said that a good first place to start is with an online wallet and to use the most widely used one from Blockchain.info. The guru liked this wallet because it had solid two factor authentication (where you have to confirm an action via a separate device – e.g, a code from your smartphone or a text message or a code from a dongle device). I opened a Blockchain.info wallet – it still has no Bitcoin in it.
What I learned: Security is very important. Two factor authentication is important especially if you have lots of Bitcoin. An online wallet (like Blockchain.info) is only as secure as the service provider allows it to be. Having good tools to backup your wallet information and to store that offline (called cold storage) is important. Being able to access a wallet from different devices certainly makes for ease of use – so when you are shopping you can use a wallet on your phone to make a Bitcoin payment or to give a taxi driver a Bitcoin tip.
What don’t I know: How secure is my online wallet provider – i.e., Blockcain.info? It is one of the largest wallets in use. Recently Bitcoin.org, the industry organ for Bitcoin, withdrew Blockchain.info from its approved list – apparently it had failed a security test in resetting two factor keys for customers – they did not use enough factors to check the reset requests. How secure are the online wallet providers servers that communicate with the blockchain that runs Bitcoin? Where does the wallet provider keep your Bitcoin? They are supposed to be kept on the Bitcoin blockchain but often they are not. What happens if they lose access to the Bitcoin? And more.
- Joined a Bitcoin Mining pool. The guru told me that Bitcoin Mining has become an “arms race” where the players with large resources win. One way around this is to join a mining pool. I joined BitClub Network which is a shared mining pool – it is a pool of people working together. It is also a network marketing business that grows as membership grows. To join I had to pay my membership fee and the cost of mining pool shares in Bitcoin. As a reward for joining BitClub Network I was allocated a pile of ClubCoin, which is BitClub Network’s own cryptocurrency. The mining pool pays out my share of Bitcoin as they are mined and some are used to purchase more mining equipment. That means that I have a growing pile of Bitcoin accumulating inside BitClub Network – some have been reallocated to purchase additional mining equipment and some have been allocated to me.
What I learned: While I do have Bitcoin sitting inside BitClub Network, I do not have a Bitcoin address inside BitClub Network. I do know how to get Bitcoin out. I put in a Bitcoin address and request a withdrawal and the Bitcoin will be moved. I have not tried it yet but I am sure that I can only transfer as many Bitcoin as are listed as being owned by me.
What I don’t know: How secure is BitClub Network? They do have two factor authentication in place so I can increase the security for anyone accessing my account. They do run all the Interenet security protocols. And they do get Denial of Service attacks. Whose Bitcoin address are my Bitcoin attached to? Can I be confident that nobody can access my Bitcoin? This sounds like a question of trust and the whole idea of Bitcoin is it is supposed to be an open trustless system. What backup is there in place at BitClub Network?
- Converted Currency to Buy Bitcoin: Now I needed to buy Bitcoin so I could pay to join BitClub Network. There are a whole bunch of ways of doing this and they differ depending on which country you are in. Basically you will have to find a way to make a bank transfer to someone who will sell you Bitcoin (e.g., the wallet provider like Coinbase does in 32 countries; the Bitcoin exchange like Kraken) or find a person who will sell you Bitcoins for cash or a bank deposit. I did explore this second channel for a while based on a link at Blockchain.info that pointed me to LocalBitcoins.com. That was an interesting diversion and I went back for guru help and found an Australian business (CoinJar) that would take bank deposits using a formal bank transfer system (BPAY). I opened an account, I deposited funds using BPAY and I have an online wallet with my own Bitcoin address. I bought Bitcoin for Australian Dollars – I did check the exchange rates were market rates and the spread (the cost) was fair
What I learned: The easiest place to start your wallet choice will be where you are going to get your Bitcoin from – because you may get one automatically. In my case, I used CoinJar and I have a Bitcoin wallet there. I made my payments to BitClub Network from there. If you get your funds via an exchange like Kraken, you will have a wallet there. If you have to buy Bitcoin through a LocalBitcoins.com participant you can choose any type of wallet you like – probably choosing the one your seller uses as you can sit side by side on the same wallet system and check that he deposits the Bitcoin. It is important to check the rates you will get for selling your currency. Do a Google search for the market price for Bitcoin in your currency and you will find it – and check the transaction costs are reasonable. They should be quite cheap compared to what you are used to from your bank.
What I don’t know: How secure is my online wallet provider – i.e., CoinJar? They do provide two factor authentication which I use. They authenticate with a code sent by text message to my mobile phone. They do use all the secure Internet protocols. Can I back up my wallet to an offline location? What backup is in place at CoinJar? And where are my Bitcoin? Are they on the blockchain or locked up in a offline cold storage – which is more secure but not very helpful if CoinJar go out of business?
- Started Staking ClubCoin: ClubCoin is BitClub Network’s own cryptocurrency. It will eventually be used as a platform for a series of merchant services. It has its own blockchain and holders of ClubCoin can earn ClubCoin by doing what is called staking. This is the same as mining in Bitcoin world. I was told that staking provided the highest return for ClubCoin especially in the early days. Interested in high returns I started down the path of staking my allocated ClubCoin. This involved downloading the ClubCoin wallet onto my desktop computer, transferring my ClubCoin to the address it created and opening the wallet up for staking
What I learned: There are different types of Bitcoin desktop wallets. ClubCoin uses the same one that Bitcoin Core uses (i.e., the one developed for Bitcoin based on the Qt code). The first thing that happens is the whole blockchain is downloaded to the computer and each time the computer starts up the wallet synchronises with the blockchain. For ClubCoin this did not take very long to set up – for Bitcoin using Bitcoin Core wallet this is a file in excess of 40 gigabytes and it takes 3 to 4 days to download. I was concerned about security and backup – so I encrypted the wallet using a complicated passphrase (which I have recorded securely away from my computer) and I made a backup of the wallet. I learned that one can only earn ClubCoin from staking if the computer is on and the wallet running and the wallet unlocked for staking – the IT geek worked that out and within a few weeks I had earned around 90 ClubCoin which was a return better than 3%. I went away on holidays and I earned another 1 percent – not bad for 10 days of doing nothing. The day we got home we had a power problem and my computer shut down.
What I don’t know: How often do I need to take a backup? In theory, if every wallet carries the whole blockchain, all I have to do is get my specific wallet keys up and running again and my recovered wallet should synchronize again and all will be good. Well I did start up the computer and got the wallet running again and the wallet said it was “Out of Sync” and that it was 3 days behind. I had some other computer problems and had to do some restarts and the wallet did not start up automatically. Once I got it going, it was now 4 days behind – so I left it running for several days – logical really – you are 4 days behind = so give it 4 days to run. So now I have 7,104 allocated ClubCoin plus over 100 I had mined sitting on a wallet that would not sync. Could I get my ClubCoin back to my BitClub Network wallet? Is there actually a ClubCoin wallet address with my name on it? Can I move ClubCoin out of a wallet that is out of sync? Is staking via a desktop wallet the only way to stake ClubCoin? Did I earn more money from staking ClubCoin than the cost of running my computer 24 hours a day 7 days a week?
- Moved ClubCoin to an Exchange: I opened a support ticket about the “out of sync” wallet. While I was waiting I started exploring other places I could hold my ClubCoin. BitClub Network does not appear to have an address you can send Club Coin to. Once the ClubCoin have left there, they cannot go back – and the support desk person did not answer that part of my question. I toyed with the idea of creating another wallet on a laptop computer – problem is the laptops close down when they are inactive and the staking stops working. Someone (maybe it was a guru) had mentioned the possibility of selling the ClubCoin on an exchange and that ClubCoin was listed on Bittrex.com. You can trade a whole raft of cryptocurrencies on this exchange but you do have to deposit your currency before you can make a trade. I opened an account. I found the ClubCoin listing. I got a ClubCoin wallet going and sent ClubCoin from my “out of sync” wallet on my computer (I sent 6,300 and paid a fee of 0.02 = cheap). I then set up an order to sell the ClubCoin for Bitcoin. When that order was complete, I sent the Bitcoin back to my CoinJar wallet.
What I learned: You can send coin out of a wallet that is out of sync. When you open up an account at an exchange you will be getting a blockchain address for the currency you want to trade (I had two – one for ClubCoin and one for Bitcoin). There are ready markets between cryptocurrecnies where the spreads between bid and ask prices are reasonable and transaction costs are low. And you can move cryptocurrency in and out very easily.
I also learned how to fix an “out of sync” wallet. It does help being an IT geek and I followed what the support desk told me. I learned too that even though my wallet was “out of sync” it soon picked up from where it left off properly and recognised the last block I had mined just before the wallet fell over. That saved me cash for a few beers. But it had not been mining those 4 days I waited.
What I don’t know: How secure is the wallet in the exchange? Bittrex does offer multi-factor authentication using the Google Authenticator system. Their website does use full Internet security protocols. Can I make a backup of my exchange wallet and store it somewhere else? Are my coins sitting on the blockchain or are they sitting in offline cold storage? What happens if the exchange goes bankrupt or gets closed down by the government? Note: I do not even know where Bittrex is. With so many unknowns, I moved everything out as soon as the transaction was completed.
- Received Bitcoin for a transaction: This was really very easy. I gave the sender my CoinJar address. We agreed the amount of Bitcoin. He sold local currency for Bitcoin and made the payment and it was confirmed in 10 minutes. It had taken him 3 days to get his account set up and funds transferred in – after that the Bitcoin side was really easy.
What have I learned and what I will be doing
- Security is very important. Wherever you are accessing a wallet make sure that the password you use is unique, is strong (ie long enough with a mixture of character types), cannot be guessed and does not contain things that people might guess. Select wallets that offer multi-factor authentication – probably better if there are different ways to authenticate – e.g., send a code via text message or use an authenticator app.
- Make sure you have backed up and stored this access information separately from your access devices – preferably offline (though this can be in a device that is sometimes attached to the Internet). Make sure the codes to access that storage are also hard to guess
- Once you have enough Bitcoin (enough is where you will really suffer if you lost them) do not store these in an online wallet – no matter how secure you think these places may be. Either download a desktop wallet or get a mobile wallet. Once you have done that make sure you have backed up your access information and you have backed up the wallet itself. Keep more than one backup and make sure the backups are made regularly. You may even want to consider a hardware wallet like Trezor.
- If you do need to keep Bitcoin in an online wallet, make plans to migrate these on a regular basis (or when you are not using them) to a wallet that can be taken offline (i.e., as in 3 above). You may be wondering why you would need to have Bitcoin online. Examples, you need to keep a wallet online to receive transactions for your business – eg., a Bitpay wallet. You want to have some Bitcoin available so you can do transactions – e.g., buy stuff, pay tips, etc. You are trading and need to have Bitcoin (or other cryptocurrency) in the exhange. When it comes to deciding which wallet to choose here I would lean towards using one that had versions for each platform you might use – provided they are secure. That way you only have to learn one.
- Make plans for what happens when you die or become incompetent – someone needs to know how to unlock your wallets so your dependents can get your Bitcoin. Otherwise they will be lost forever and no court order is going to help (which is the way bank accounts get unlocked at this state of life and death).
Background: I am not a Bitcoin guru. However, I do understand technology. I do understand banking – in fact I co-authored a book on Banking and Technology called The Banking Revolution: Salvation or Slaughter. And finally I do understand markets and trading.
Coin image by Andre Gunawan of Tech in Asia Buy Bitcoin image by Gerd Altmann found on Pixabay