Cold storage is the practice holding cryptocurrency securely by generating addresses offline — meaning that no hacker can gain access to them.

The public key cryptography that underpins all blockchains is extremely strong, meaning that it is impossible for a hacker to steal funds with a brute-force attack: it would take billions of years or more to guess the private key that gives access to a bitcoin address, no matter how powerful the computer used.

However, there are many other ways that coins can be stolen, for example when a hacker gains access to a device and is able to copy a wallet file or learn the private key some other way. The only means to guard against this with complete confidence is to generate a crypto address offline, and then to send coins to it. Since the private key is never exposed to the internet, it is impossible for a hacker to access it.

Air-gapped computer

Generating a wallet offline is relatively easy, but there are two warnings to bear in mind:

Make sure you not only generate the key offline, but that it is never subsequently exposed to the web. Ensure that the software you use to generate the key is robust and hasn’t been compromised.

You need to start with an air-gapped computer — that is, one that is not connected to the internet. You may have to download an operating system and key-generation software to it, but after that, it needs to stay offline. A Raspberry Pi is a cheap way of doing this, and well worth it if you have significant funds to protect. (If you need to connect it to the web, reformat it or pull and replace its storage.)

The website www.BitAddress.org is a good way to generate a bitcoin private key and address. It’s a client-side application that uses Javascript to create the keys, so you can download the site to a USB or Pi before using it offline. It’s straightforward to use — simply follow the instructions. When you’re done, copy the private key to at least two places: a USB drive, paper wallet, and so on, before storing them somewhere safe. You may also like to encrypt the private key with a password before saving it.

You can then copy the address to a USB stick or use the QR code to send funds directly to it. Since the private key associated with the address has never touched the web, assuming you keep your offline copies in a safe place there is no possibility of it being hacked and funds stolen.

Other platforms

The process for other cryptos is much the same, except that you may need different software to generate a key. Ian Coleman’s site has some great resources for generating a SEED for BIP39-supported coins offline, and creating a series of addresses from it. You can use the same SEED to create multiple addresses for multiple different coins — just keep it safe if you choose to use a single SEED.

Some platforms do not (yet) support BIP39, particularly if they are built on a different codebase to bitcoin. Waves is one such platform, so organising cold storage for your WAVES needs another piece of software still. Fortunately, the Waves wallet itself provides such functionality.

Simply download the client from the Waves site and open it. Then disconnect from the internet. You’ll still be able to create a new account, with a random 15-word SEED, and view your address in the wallet. (You won’t be able to access any of the functionality of the client, of course, because you’re offline.) All you need is the SEED and address, which you can save to a USB stick. Then you can send funds to the address from an online device. For safety, you should keep the computer you generated the SEED on offline, or else wipe the hard drive.

That’s all! It’s a relatively straightforward process that takes just a small amount of work to give you unbeatable peace of mind about the safety of your crypto holdings.

Join Waves Community

Read Waves News channel

Follow Waves Twitter

Subscribe to Waves Facebook