Brian Armstrong, CEO of $8 billion crypto exchange Coinbase, wants to set some misconceptions straight about the security of various types of Bitcoin wallets.

Writing in Fortune, Armstrong clarifies – for a mainstream audience – the difference between hot and cold wallets. If the reader is unfamiliar with the concept, it’s pretty simple. A “hot” wallet is connected to the internet and capable of making immediate transactions. A “cold” wallet is secured offline, by definition, although there are degrees of coldness. A private key stored on an internet-connected device but not loaded into any active wallets is still technically “cold” – it takes more effort to use it on the blockchain.

Four Myths About Bitcoin Cold Storage

The billionaire Bitcoin exchange CEO clarifies what he’s identified as four misconceptions about cold wallets. The first is that “you can’t trade” funds in cold wallets. He says that Coinbase Custody allows for the delayed settlement of trades. That is, you can initiate a trade and it will be settled after the funds have been successfully moved out of cold storage and into the transaction.

The next myth he dispels is that all staking systems prevent the staking of cold wallets. He points out that Tezos allows for this via the “Baker” system.

Next up, the notion that cold wallets are always reliant on a single entity. Armstrong writes:

“A well-designed crypto custody solution doesn’t rely on any single person. Instead, it utilizes multiple keys to achieve consensus and redundancy. The larger the transaction, the more parties need to consent. This is really just scratching the surface of a well-designed custody solution.”

Coinbase CEO: Cold Storage > Crypto Hardware Wallet

The last myth he attempts to dispel is the notion of hardware wallets like Ledger are as secure as cold storage. He says he likes hardware wallets, but they don’t actually match the security offered by cold storage. In his own words:

“I’m a big fan of them, and Coinbase uses them in parts of our architecture. When used correctly, they can come close to, but not match, the security offered by cold storage. “Air gapping” your private keys in cold storage means fully disconnecting them from the internet, such that a remote attacker can’t access them without some physical attack as well. This additional manual step introduces a nice guarantee that it is not just software protecting your money. In theory, any software can be hacked, even if it is unlikely.”

Armstrong’s views match those of most experts. The storage of large amounts of Bitcoin in a hot wallet is a dangerous endeavor. You’re not only relying on your own security measures, after all. Parts of the system far beyond your control, such as the operating environment itself, can be compromised.

Some companies have begun implementing blockchain-based security solutions into the very hardware of their ecosystems, like Samsung and HTC, but these solutions are still new.

Human Error Is More Likely Than Hacking

And, in the end, people make mistakes. As Armstrong says:

“Is it possible to get all those details right? Yes, and I’m comfortable using hot storage for reasonable amounts. (Insurance can add an extra layer of protection.) Do I want to bet my entire business on all those details being right indefinitely? Probably not.”

Most of the largest mistakes in cryptocurrency have happened as a result of human error. One notable example is the social engineering hack that lost BitPay nearly $2 million in Bitcoin several years back. Coinbase has yet to suffer a similar hack, and they are insured to the hilt, but it’s certainly possible.

In the end, it’s always going to be safer to store your coins somewhere you have control. “Not your keys, not your coins” is a good mantra to live by. Does this mean you have to run a full node? No. You simply have to own the private keys. There are several solutions that allow you to do this, even mobile solutions like Coinomi. Custodial wallets like Jack Dorsey’s Cash App or Coinbase are more dangerous than following good security practices.

It’s all up to you, in the end, as it’s your Bitcoin – until it’s not.

Brian Armstrong Image from TechCrunch/Flickr