With the rising popularity of cryptocurrencies, more and more users are entering the space — the number of Ethereum addresses in use is skyrocketing. As of May 23rd, 2018, Ethereum achieved a market capitalization of 64 billion USD while the top 100 Ethereum based tokens account for another 39 billion USD.

The increasing amount of users also results in higher volumes of funds that need to be stored on the Ethereum blockchain. Since blockchains are fundamentally different from what crypto newbies might be used to when interacting with their banks or online banking interfaces, storing funds will be one of the challenges every new user will run into fairly quickly.

In this post, we’d like to provide both an overview and a (critical) analysis of the different ways users can store funds on Ethereum at the moment.

The Technical Basics

In order to send transactions on the Ethereum blockchain, users first need to create an Ethereum account, which basically is a key pair consisting of both a private and a public key. Whereas the private key is used to generate the public key, part of the public key in turn is used to derive the Ethereum account address. Check out this interactive graphic to better understand how the Ethereum account address is created out of the private and public key. Type in a random passphrase at the top of the graphic and watch the numbers populate!

Just as bank account numbers are used for transactions between bank accounts, the Ethereum account address is referenced when sending funds to the account, and thus acts as a public identifier of the account. Transactions sent from the account, however, need to be signed with a private key.

Since solely the owner of the private key has full access to the account, they also are the only one able to sign a transaction. In case the account owner loses their private key, it cannot be recreated, which means that the account can no longer be accessed. All funds in the account will thus be permanently lost — with no option for recovery. This is the striking difference between the existing banking system, where account holders who lost their credit card or online banking PIN are easily able to recover the information or order a new card, and the Ethereum blockchain, where losing your private key means actually losing your funds.

Centralized Storage of Funds

Most crypto newcomers buy cryptocurrencies on centralized exchanges such as Coinbase or Kraken, providing a convenient way to exchange fiat money into a wide variety of cryptocurrencies. Setting up an account on a centralized crypto exchange is as easy as on other online platforms — all that’s needed is an email address and a password. Some exchanges also have the option to set up two-factor-authentication for an account via the Google authenticator app. Once successfully created, the user’s account is easily accessible from a variety of mobile and web clients. Apart from that, users are also able to reset their password in case they lost it. Hence, funds can always be recovered — at least as long as the user has access to their provided email address.

Some of the most prominent centralized exchanges

Challenges

When a user sends funds to the exchange, those are held by a wallet owned by the exchange, and the equivalent value is typically credited to the user’s account via a database entry. Hence, centralized exchanges store funds on behalf of the user. Any private keys are held by the exchange itself.

Centralized exchanges therefore constitute a single point of failure. Funds are only as safe as access control to these websites is. The users incur counterparty risk: theft (by the exchange or from the exchange through third-party hackers) or withdrawal capacity restrictions, to name a few.

Just imagine if someone stole the private key of the exchange wallet owner or manages to hack the exchange, and transfers all the available funds to their private wallet. Since transactions are instant and irreversible once mined on the blockchain, the owners will never see their money again. Fraud protections traditional bank depositors rely on are unavailable, and not even a government or central bank can stop a cryptocurrency transaction from happening.

Centralized exchanges and wallets have indeed been hacked many times: One of the largest hacks occurred in February 2014, when hackers stole approximately 850,000 bitcoins (worth around $400 million at the time, today worth about $14 billion) from Tokyo based bitcoin exchange Mt. Gox that handled 70% of all bitcoin transactions at the time of the hack. Even beginning of this year, hackers compromised cryptocurrency exchange Coincheck, also based in Tokyo, and stole 500 million NEM tokens from its digital wallets (approx. $533 million at the time of the incident).

Since users cannot export their own private keys from the exchange and thus are not in full control over their own Ethereum accounts, it is best practice to not store significant amounts of funds on centralized services.

Decentralized Storage of Funds

Being in full control of one’s funds means setting up a decentralized wallet. During setup of a decentralized wallet, an Ethereum account along with the public and private key pair is created and remains on the device: For decentralized software wallets, the device would be a computer; for decentralized hardware wallets, it would be the hardware itself, which resembles a USB stick.

In contrast to centralized exchanges, decentralized wallets allow users to own their private key and thus to back up their account. In order to restore their account, users simply need their private key or recovery passphrase. That means that an attacker would need to get into possession of the private keys in order to steal funds from a decentralized wallet. Since there is no single entity that manages the users keys, nobody can block the user’s access to the account as long as the private key is not compromised, lost, or stolen.

There are a number of basic categories of decentralized wallets:

Hot vs. Cold Wallets

The term hot wallets refers to wallets that are virtually always connected to the internet, whereas cold wallets are never or at least not permanently connected to the internet, only when transferring funds out of the wallet. While they can still receive money at any given time, cold wallets are not intended to be used for regular expenses. You could say that a hot wallet works like a checking account, whereas a cold wallet is similar to a savings account. With hot wallets, a small amount of funds is usually transferred on a daily basis, while with cold wallets, funds will only need to be moved once every other month or once a year.

Hot wallets are typically software wallets on a device with Internet connection, such as a mobile phone or desktop computer. Cold wallets could be hardware devices storing private keys that only connect to the Internet when needed. Another example of cold wallets are paper wallets where the private key is printed on an actual piece of paper that has to be kept in a safe spot. If a wallet is not connected to the Internet, hackers cannot steal funds from the wallet. However, its private keys still remain susceptible to physical theft. Hot wallets, on the other hand, therefore can be hacked, which is why it is advised that users store only a small amount of funds in it.

Software vs. Hardware Wallets

Software wallets, which are able to create and restore Ethereum accounts while interacting with the Ethereum blockchain through transactions, are most commonly used. There’s a wide variety of mobile, desktop, and web-based clients for decentralized software wallets. All sensitive data is encrypted and stored on these devices.