• Cold storage means storing your bitcoin offline, making it less vulnerable to hacking.
  • Cold storage options include USB drives, paper wallets or hardware wallets.
  • “Deep” cold storage means placing the cold wallet in a vault or safety deposit box.

In the Swiss mountains, there’s an old military bunker where millionaires hide their bitcoin. The bunker was converted into a secure vault by Xapo – a cryptocurrency storage company.

The richest bitcoin investors arrive here with their encrypted hard drives in the strictest secrecy.

war bunker converted into bitcoin vault in switzerland
Credit: JOON IAN WONG/QUARTZ

This is the ultimate in bitcoin “cold storage.”

In simple terms, cold storage means storing your bitcoin offline where it cannot be hacked. It is the opposite of a “hot” wallet which is connected to the internet.

Why should I use cold storage?

Safety from hacks: Your bitcoin is most vulnerable when it’s stored online. Thieves and hackers can potentially access online wallets precisely because they are connected to the internet. To ensure your cryptocurrency wallet isn’t hacked, move it to an offline, cold storage wallet instead.

Long-term holding: Cold storage is ideal for long-term investors who want to buy crypto, hold it and forget about it. But if you’re looking to trade or spend bitcoin regularly, you might want a hot wallet, which is easier to access day-to-day.

What is a cold storage wallet?

Here are a handful of options to store crypto offline:

ledger nano cold storage bitcoin wallet plugged into a laptop

1. Hardware wallets

Hardware wallets are the ultimate cold storage, designed specifically to store cryptocurrencies. They are only connected to the internet for a short moment while you transfer your bitcoin. You then keep them safely offline.

Hardware wallets look like a small USB storage device. They are usually virus-proof, water-proof and come with backup technology. They’re easy to use. Some even have software so you can quickly check your balance. Examples include Ledger (pictured above) and Trezor.

2. Paper wallets

A paper wallet is exactly as it sounds: a piece of paper! That might not sound secure, but it’s never connected to the internet. You can’t hack paper.

The paper wallet contains your private key, either written by hand, printed out, or displayed by a QR code. Without the private key, no-one can steal your crypto.

The downside, of course, is that you could lose or destroy the paper wallet, so always keep a backup.

3. USB stick or external hard drive

Alternatively, you can keep your private key stored as a file on a USB stick or external hard drive.

4. Hot/cold storage hybrid

Some desktop wallets and software wallets now have a “cold storage” mode. You can store some of your crypto safely offline while keeping some online for frequent trading or purchasing.

The downsides of cold storage

If you lose your cold storage device, your bitcoin is gone forever.

Let’s say your hardware wallet is stolen. Your paper wallet is damaged by water. Your hard drive gets corrupted. In all these cases, you cannot get your money back.

It’s estimated that 30% of all bitcoin in circulation is already gone because of this problem.

When you’re using cold storage, always keep a backup, just in case.

Another problem is ease of access. Cold storage isn’t ideal if you want to spend bitcoin or trade it regularly. One option is to keep a large amount in cold storage and a small amount in hot wallets for frequent use.

What is deep storage?

Deep storage is the next level. Take your hardware wallet and place it in a vault or safety deposit box (or a military bunker in Switzerland).

Not only is your bitcoin stored offline and safe from hackers, it is now safe from theft too.

A teenage security researcher has exposed a (now fixed) flaw in cryptocurrency hardware wallets manufactured by Ledger, one of the most trusted names in the industry.

Earlier this month, 15-year-old British hacker Saleem Rashid discovered a flaw in Ledger hardware wallets that allowed attackers to fake the device’s seed generation and steal any funds later stored in addresses spawned from this seed.

On Tuesday, Rashid released a blog post explaining the technical specifics of the vulnerability, as well as why he believes it is more serious than Ledger has previously acknowledged.

The attack — which usually requires physical access to the device but could also be carried out through a combination of malware and social engineering — is carried out by compromising a micro-controller that works in tandem with the wallet’s “secure element,” a tamper-proof chip that stores the private keys.

Because the attack can be most easily deployed with a physical access device, this scheme would most likely be carried out as a “supply chain attack,” wherein an individual installs malicious firmware on a Ledger device and then sells it on a third-party marketplace such as Amazon or eBay.

Though riskier than ordering from the manufacturer, users often purchase these devices from third-party retailers since hardware wallet makers often struggle to produce enough devices to keep pace with surging demand and their stores are frequently out of stock.

Ledger released an update for the Nano S, its most popular hardware wallet, on March 6, eliminating the vulnerability for users who have upgraded to the new firmware. However, it has not yet pushed an update for its higher-end Ledger Blue.

As BlockExplorer reported, Ledger executives had publicly sparred with Rashid on social media following the firmware update’s release, with CEO Éric Larchevêque at one point claiming that Rashid had “greatly exaggerated” the severity of the exploit since in most cases it would require physical access to the device.

Nevertheless, Ledger thanked Rashid (along with two other researchers who discovered issues addressed in the latest firmware update) in a statement discussing the vulnerability, which was also released on Tuesday (both Rashid and Ledger waited two weeks before discussing the exploit in detail so users would have ample time to update to the new firmware).

“All the security team would like to congratulate Saleem for this good work, his help, and his professionalism through the disclosure process,” the company said.