The dangers of custodial accounts; not your keys, not your money. Security practices for long-term vs. short-term storage, trading, and transacting. I don't leave any currency (crypto or fiat) in an exchange for longer than 15 minutes. I use these cryptocurrencies to pay my bills, so I transact very often. So far, I've only ever lost small amounts of bitcoin through stupid mistakes.
1. Don't leave your money on exchanges longer than you have to. If you day-trade, make sure you understand the risk that entails.
2. Organise a tiered storage system of hot and cold wallets, factoring in the amount of bitcoin you're storing, how you plan to use it (soon or not for a long time), and what security risks you're willing to take with each tier.
3. Use cold storage (i.e. paper wallets) for large amounts or for bitcoins you don't plan on using for a longer period of time.
4. Use hardware wallets that are PIN or password-protected
5. Use multi-signature multi-party or multi-factor wallets for carrying out your weekly business transactions.
6. Use hot wallets (ex. mobile wallets) for petty cash, or if you are the Oprah of cryptocurrency.
Transcript
[AUDIENCE] I really enjoyed the testimony you gave to the Australian Senate. I thought that was excellent. In [the testimony], you mentioned and warned against the dangers of custodial accounts. [ANDREAS] Yes.
[AUDIENCE] At that point, I realized all of my cryptocurrency was locked up in custodial accounts. By implication, it wasn't mine because I didn't have the private keys. [AUDIENCE] How do you use bitcoin both as a long-term store of value, and as something you transact with, between all the available options: paper wallets, custodial accounts, and other kinds of online wallets? [ANDREAS] How do I personally use that?
[AUDIENCE] Yes. And how would you recommend someone go about using it? [ANDREAS] Okay. Since 2013, the maximum amount of time I have left currency, crypto or fiat, on an exchange...
is fifteen minutes. I transact weekly, sometimes more often. I don't day trade, that's not my purpose. I use it as a working currency.
I get paid in bitcoin and in ether; I use [them] to pay my bills, to live. I live in the Bitcoin community, so I have to transact. I often have to exchange because I can't always... buy the things I want with cryptocurrencies.
How do I [use exchanges]? In and out. In, three confirmations, sell, ACH or bank transfer out. I don't even leave fiat on exchanges.
I don't trust them to hold money. I don't trust banks to hold money, so how am I going to trust a two-year-old startup that has six employees? [Laughter] Are you kidding me? I don't leave money on exchanges.
That's difficult to do if you're day trading. If you day trade in this environment with these assets of great volatility, you're a brave person. [Laughter] How do I use it? My holdings are in tiers.
Think of it as: hot, warm, cold, and deep freeze. On the cold side, I hold a (honestly) small amount, because this hasn't been a most profitable idea: jumping into an untested technology and not getting paid for a couple of years. But anyway, I have a small amount of bitcoin in deep freeze storage, meaning they're held on keys... not instantiated on any electronic device.
They exist in such a way that they're encrypted with a memorized passphrase, which I have also communicated to people who might become my heirs, so [the bitcoin won't] get lost with me. That's cold storage. Then I have an intermediate tier, which is on several hardware wallets; pin-protected, passphrase-protected, backed up with mnemonic phrases. Then I [have] a warm tier [with] a small amount of operating cash that I use for my businesses, to pay contractors and subcontractors, etc.
Those are in multi-signature [addresses], where either there are other people who are required to consent, or multi-factor wallets in which I'm the only party, but I have several devices that need to sign... independently in order to exercise a transaction. Finally, I have my hot wallet, which is in my back pocket. At the moment, [a Mycelium mobile wallet].
I keep a couple hundred dollars [in there], mostly for the purpose of giving everybody a [fraction of] a bitcoin, as if I'm the Oprah of cryptocurrencies. 'You get a bitcoin and you get a bitcoin!' [Laugther] Actually a millibit, because things are going well! 'A milibit for you and a milibit for you!' So to answer your question: I have tiers. I never keep on my hot wallet more than I'm comfortable keeping in cash, in my physical wallet, as fiat.
I often have to move things around in order to manage it. So far, I have only lost bitcoin through my own stupidity. For example, misplacing a backup and then trashing my phone. I've lost small amounts, less than $100.
I've never been hacked. Fingers crossed. I don't assume I won't be hacked, I assume I might. But as long as it's on the warm side of my wallets, I can take that risk.