Which wallet types can you find on crypto exchanges?
Along with the number of proliferating cryptocurrencies, the number of “wallets”, the software and hardware used to store, send and receive cryptocurrency has also skyrocketed. There could be as many 35 million wallets worldwide.
In the decade since Satoshi Nakamoto published “Bitcoin: A Peer-to-Peer Electronic Cash System” creating Bitcoin, the first cryptocurrency, hundreds of new currencies have been created to buy, sell and trade. Have wallets kept up?
According to the landmark Global Cryptocurrency Benchmarking Study published at the end of 2017 by the Cambridge Judge Business School and the Cambridge Centre for Alternative Finance – the first and only report of its kind – around 35 million wallets have been created.
Active wallets in use
The study’s authors estimate that of these, between 5.8 million and 11.5 million are in “active” use. Depending on the wallet provider, “active” refers to a user logging-in or transacting at least once a week.
Cryptocurrency exchanges, platforms that facilitate the trading of legal tender (fiat currency) for cryptocurrency (and vice versa) as well as pairs of cryptocurrencies have also grown in number and popularity.
Depending on whether an exchange is centralised or decentralised, they will either offer their own dedicated wallet function or support third-party wallet compatibility.
How do wallets work?
In many ways the term “wallet” is misleading, since cryptocurrency coins are not actually stored in the wallet at all. A currency’s blockchain contains a record of all the transactions and it is by this record that the wallet indicates how many coins a particular user has.
Inside a wallet there are two vital pieces of data, a “public key” and a “private key”. The private key allows users to access their funds when combined with their public address. Keys take the form of “hexadecimal codes” and are flexible enough to be written down, printed on paper, stored on a USB, converted to image form – or even memorised.
When a person sends you any type of digital currency, they are essentially signing off ownership of their currency to your wallet’s address. To be able to spend those coins and unlock the funds, the private key stored in your wallet must match the public address the currency is assigned to.
If public and private keys match, the balance in your digital wallet increases, and the sender’s decreases accordingly.
But like the currencies they support, all wallets were not created equal. They take different physical and virtual formats, offer varying additional features, and can expose users to increased levels of security risks and benefits.
The basic function of a cryptocurrency exchange
It is helpful to think of a cryptocurrency trading platform in much the same way as a traditional stock exchange where users can buy or sell their cryptocurrencies as the prices rise and fall to make a profit. There are two main types of cryptocurrency exchanges: centralised and decentralised.
A centralised exchange is an exchange that is hosted on webservers in one location. Much like a website, if the exchange’s servers go down then the entire exchange can go offline. Popular crypto websites such as Coinbase and CoinJar are centralised exchanges.
The opposite of a centralised exchange is a decentralised exchange, often called DEX. The cryptocurrency trading services on a decentralised exchange are usually hosted in the cloud or facilitate direct “peer to peer” trades between users without actually holding any cryptocurrency themselves. Bitshares is one of the most popular decentralised trading platforms.
How exchanges offer wallet functionality
Centralised exchanges such as Coinbase, store users’ currency in online software wallets. Wallets for each supported currency are automatically created and connected to new accounts when a user signs up. Cryptocurrency needs to match their wallet. It is vital that users send their currency to the correct dedicated wallet:
- Litecoin to a Litecoin wallet
- Ethereum to an Ethereum wallet
- Ripple to a Ripple wallet
Sending one cryptocurrency to another’s wallet will result in an error and a loss of funds that can’t be reversed.
Decentralised exchanges do not directly offer storage but rather facilitate integration with secure hardware wallets. Users can send coins directly from their hardware wallets to the smart contract of many decentralised exchanges.
As seen in the $460m Mt Gox hack of 2014, centralised exchanges are often the target of hackers. Today it is not considered a good idea to use exchanges as the primary location for storing cryptocurrency beyond what is needed for a trade. When a trade is completed, many traders send their funds directly to an offline secure hardware or software wallet.
‘Hot’ wallets, ‘cold’ wallets
A key characteristic of any wallet is whether it is “hot” – connected to the internet, or “cold” – offline. Rather like a current account, a hot wallet allows users to easily access their funds, while a cold wallet is more similar to a savings account. Cold wallets are considered more secure as hackers cannot steal digital assets that are not connected to the internet.
Today, a common method of managing funds is to hold funds in both hot and cold wallets. For example, for day-to-day purchasing or trading currency a user might store a small amount of funds in a Coinbase exchange account, which is a hot wallet.
The risk is if Coinbase gets hacked, the user could lose their funds. After buying and/or selling currency via Coinbase a user might withdraw the “savings” portion of their funds and transfer them into a secure cold wallet.
There are many different types of cold wallet storage
A hardware wallet is a type of cold wallet that stores users’ private keys in a secure offline device. The key advantages are that users’ private keys are protected and cannot be transferred out of the device in plain text and they are immune to computer viruses that steal from software wallets.
Hardware wallets are considered safe because when a user makes a transaction, they must confirm each one by pressing a physical button on the device. The three main hardware wallet brands are: Trezor.io, Ledger Nano S and KeepKey.
However, hardware solutions might not be the silver bullet once thought. In March this year, Ledger Nano S was revealed by a 15-year-old hacker to have a vulnerability that allowed hackers to steal PINs before or after the device was shipped.
Secure single-currency software wallets
Bitcoin Core was the first wallet. It is a “single currency desktop wallet” meaning that it can only handle one type of cryptocurrency, in this case bitcoin, and requires a download onto a specific desktop device.
It was the original and – for many including industry bible TechRadar – it remains the definitive wallet for storing and spending bitcoin. The site ranked it number one in mid-June this year, its most recent roundup of the top wallets.
The key security advantage is that it’s much more difficult to link a specific bitcoin payment address to a user’s specific identity as Bitcoin Core downloads data about all Bitcoin transactions everywhere.
This also protects against certain types of fraud such as a malicious actor trying to spend the same bitcoin twice, or fooling a user into believing they’ve received funds they haven’t actually got.
While it is widely believed to be one of the most secure ways to trade bitcoin, it is also seen as being relatively impractical for many users. Bitcoin Core requires users to download the entire bitcoin transaction blockchain – currently around 160GB – which can take days and requires high levels of processing speed and restricted to desktop clients.
It also requires uninterrupted internet connection to remain in sync with the network. Users can then create their own offline “cold storage” address.
Other single currency wallets
Like Bitcoin Core, all other cryptocurrencies include an official basic single-currency wallet function. Ethereum’s official Ethereum Wallet, is also considered to be highly secure, but drawbacks include the need for technical expertise to install and use it and, like Bitcoin Core, it requires the user to download the currency’s entire blockchain.
Electrum, is essentially a slimmed-down or “thin” version of Bitcoin Core, and ranks as number two on TechRadar’s top five list. The key feature is instead of downloading the entire bitcoin blockchain, Electrum connects securely to other servers to verify a user’s bitcoin balance and process payments.
The main benefit to This means you can set it up in minutes and it takes up very little space on your hard drive.
Electrum works by generating a random “seed” of 12 dictionary words, from which it derives the keys necessary to spend and receive bitcoin. Electrum displays this unique seed as a user creates their wallet.
This means that if a user loses access to Electrum on a specific computer, they can reinstall it on another and use their seed to restore their bitcoin information.
Unlike Bitcoin Core, Electrum and Ethereum Wallet, multi-currency wallet providers allow users to store, trade and spend more than one type of coin.
The 2017 benchmarking study found that 39% of wallet providers now offer the ability to store more than one currency, and nearly one in five (19%) support more than three. Bitcoin (BTC), Litecoin (LTC) and Ether (ETH) were the most readily supported currencies.
The study also found that one in three of the wallets that currently do not offer multi-currency support “have this feature on their roadmap”.
Universal wallets – cryptos and fiat currencies
Dr Garrick Hileman, co-author of the Global Benchmarking Study, points to Abra, a global currency wallet that launched in 2016, which recently added 20 cryptocurrencies and 50 fiat (legal tender) currencies to its offer, as a prime example of this trend playing out.
And now Infinto, which launched in December 2017 is billing itself as “the world’s first universal wallet”, currently supporting the majority of currencies and tokens on the market.
Founded in 2014 by one of Ethereum’s co-creators, Jaxx is one of most popular multicurrency wallets. It is primarily a hot mobile-based wallet – though it has “cold storage solutions” and desktop compatibility.
Its makers claim that “Jaxx is to blockchain as Netscape was to the internet; Jaxx makes it easy to access and manage your blockchain world”. Right now, it supports Bitcoin, Bitcoin Cash, Ethereum, Ethereum Classic, Litecoin, Dash, Zcash and, it says, “a long list of other blockchain assets”.
Like Electrum, Jaxx offers a 12-word “seed” (they call it a “masterseed”) to help users manage their keys and it ranks at number three on TechRadar’s top five list. TechRadar calls its interface “deceptively simple”, and cites the ability to quickly and easily switch between different currency balances.
Jaxx also has a built-in currency exchange, allowing users to exchange crypto balances, for instance to convert Ether to bitcoin. Users can then view updated balances as soon as processing is complete.
The Jaxx “hack”
Earlier this year it was reported that Jaxx had a vulnerability, which made it theoretically possible for hackers to decrypt users’ private “masterseed” keys.
On Reddit, Jaxx CTO Nilang Vyas released a statement saying that that Jaxx is primarily a hot wallet in which users shouldn’t keep large amounts, and that they believe to have found a balance between ease-of-use, security, and portability.
According to the post, the team behind Jaxx is “very comfortable” with its security model for hot wallets, and recommends users store large amounts of funds in hardware wallets. At the end of the post, he pointed out that in the future users will be able to “secure their wallets” using hardware wallets.
Most wallets (73% according to the benchmarking study) give users full access to their own private keys. But some wallets – an estimated 15% – offer users the option of relinquishing complete custody of their funds – in much the same way as a bank does – by controlling access to their private keys. These are known as “custodian” or “custodial” wallets.
The main benefit of a custodial wallet is users can manage funds very quickly and at any time when there is an internet connection. A user also is not in danger of “losing” their private keys since the wallet provider handles key management.
Coinbase, the popular centralised cryptocurrency exchange that provides a platform for traders to buy and sell bitcoin with fiat money, also functions as a custodian wallet provider. Its basic bitcoin and ethereum wallets are true bank-like deposit accounts where users only own an “IOU” for the stored currency.
It also recently launched “Coinbase Custody” , a dedicated custodian wallet service to support institutional investors who deposit at least $10m.
Multisig custodial wallets
Other custodians actually split the control of the wallet using a “multisignature system” or “multisig”. This means the provider holds at least one of the required keys needed to create a valid transaction.
Advocates believe the main advantage of multisig is that the service generally cannot steal users’ currency without their consent. The centralised exchange Bitfinex partnered with BitGo, the largest multisig wallet provider calling it “impossible to hack”.
However, the 2016 $60m Bitfinex hack – the second-largest security breach of bitcoin – is now seen as a prime example of theft exploiting vulnerabilities in an exchange’s multisig wallet storage security methods.
Whatever your wallet, you’ve got to watch it.