4 rules when using cryptocurrencies
I have planned a series of articles about earning money with cryptocurrencies but first it might be needed to remain some basic rules when you start using, managing and investing cryptocurrencies. Whatever you use Bitcoin, Ethereum, Litecoin, Stablecoin (USDT, USDC, DAI,…) or other relatively new fancy coin and token like Cardano, Polkadot or Solana (to cite only the ones that climbed recently in the top 10) the principle is the same.
Rule 1 : Not Your Keys, Not Your Coins
This became almost a slogan but it’s very true and something that might not be understood well or at least neglected by many beginner. When dealing with cryptocurrencies, you don’t need to trust and you should not have to trust anybody to be able to send coin from one wallet to another wallet. This means that you must be in full control of your wallet. A wallet, to make it simple in the first place, is a pair or one private key and its matching public key. Share the public key to get paid and use the private key to execute transaction out of your wallet to another wallet (sent to another public key address). Of course you must keep the private key for yourself or the other person that might access it will be able to take away all your coin from you.
However most of the time when you get your first Bitcoin or other cryptocurrency, you might need to buy them from a fiat currency (USD, EUR, CHF,…) using a centralized exchange. While they are still the most efficient (in therm of usage and cost) to convert fiat currencies into cryptocurrencies and vice-versa, centralized exchanges operate more in a traditional way, like a bank would do it. You open an account (and not a wallet) at an exchange and they allow you to send money by credit card (with high fee) or by bank transfer (with an IBAN or SWIFT) that will be added to your account. Let’s say you transferred EUR to your cryptocurrency exchange account, then you can use some of these EUR to place a buy order for Bitcoin. Once the order has be executed, your account will now show a certain amount of EUR and BTC (symbol for the original Bitcoin). But you will not have access to your private key to move theses Bitcoin out of your account (the same way you cannot directly take out the EUR on your account and send them to someone else). You need to ask the exchange (the company managing the exchange) to send these coins to a public address of your choice but you cannot force them to do so and they can charge you whatever fee they want for this service.
Having cryptocurrencies and fiat currencies at a centralized exchange only indicate that the exchange own your a certain amount of EUR and coin but you don’t really own them and are not in control at all of the fund managed by the cryptocurrency exchange company. They can go bankrupt, get hacked, close down and disappear with all the money, you cannot do anything directly to get back your funds (beside fighting in justice for years, like MtGox customers did, in vain…).
So that’s good to use centralized exchanges to buy and sell cryptocurrencies from and to fiat currencies but as soon as you don’t need to trade them in short term, get them out of the exchange to a wallet that you, and only you, fully control. And if an exchange or more often a bank or platform offer your to buy cryptocurrencies but without the possibility to withdraw them to you own wallet (cough, Revolut, cough), your will never be able to own these coin and only sell them back to the same company at their term and conditions. Avoid that at all cost. Example of trusted cryptocurrencies exchanges are for example: Kraken, Coinbase, Bitstamp, among many others. Some banks like Swissquote offer your to buy some cryptocurrencies and allow your to withdraw them to another (external) wallet.
Rule 2 : Protect your private keys
This rules might be obvious but you have to consider it in two point of view. I told you above how private and public keys are working together. In practical your don’t use directly the private keys anymore. When you create a new wallet from a wallet app, it will generate for your a fresh seed passphrase, composed of 12 to 24 words in a specific order (usually in English but it could be set in other languages sometimes). This seed will be used by the wallet app to generate an infinite number of private keys with each a matching public key. The same seed in the exact same order will always generate the same private keys in the same order. This help to keep the usage of Bitcoin and other cryptocurrencies more private (when you share a fresh public key to receive money, the other person cannot know how much you own on your other addresses) and somewhat anonymous (even if it’s never totally the case).
The most obvious meaning of protect your private keys, is that you should never communicate them or make it possible to anyone to access them by any mean, otherwise you can consider all your coins as lost forever. From here I will only refer to the seed passphrase and not the private keys as you would most probably never have to deal directly with the real private keys, this is managed by the wallet in the background and only the public keys will be visible as text or QR code to be able to receive coins from others. You have always the possibility to retrieve the actual private keys with special tools but your should never do that in any normal usage situation.
The seed passphrase will allow the wallet to generate the private keys (in the background) and the matching public keys, it must stay private and it’s often refer as the secret seed passphrase or just secret seed or secret passphrase. Especially the seed (secret) passphrase must NEVER be written in plain text digitally in a computer file, nor in an email or in any place like a cloud or whatever is accessible from your computer or smartphone. Even if it might be somewhat safe to keep it stored in a password manager this should be avoid as well, in case your computer got hacked or compromised somehow, the seed might be accessible by a hacker or a rogue program once your unlock your password vault to use it and then your coins are gone forever. So it’s important to write down manually, yes with a pen and a piece of paper, this thing made out of dead tree, to keep it physically offline. In addition you don’t want to get robbed and have your seed phrase found by a thief in plain sight, so you should hide it somewhere safe.
Of course you and only you are generating your seed passphrase by yourself (with the help of a wallet app). This operation, if done with a good and trustworthy open source wallet app, is done totally offline without any external intervention, not even any interaction on the blockchain. So of course, once again, nobody can restore it for you. You have to take care to write it down and keep it in a safe place, most probably to keep several copies in several physically distant safe places. They must be protected from theft, fire, flood or any natural or accidental destruction or lost. It’s up to you to define which mean you will use, depending on the among hold in the wallet and your personal situation. Some have several copies at several places, some have partial copies of the seed split in 2 or 3 parts in different locations, some use fireproof metal tool to write the seed down or just have a paper copy in a physical safe at a bank. Once your are comfortable and familiar with cryptocurrencies and managing your wallet and seed, you might even learn about other technical possibility like protecting your seed with an additional password (the 25th word) or with advance key sharing method like Shamir Backup (you need x out of y keys to retrieve the complete original wallet seed). Define what work best for you and think about all eventualities.
Rule 3 : Don’t trust anybody
As soon as money or anything valuable is involved, you will always find some evil-minded persons to try to stole it. When this valuable asset is digital and difficult to trace back (once again, not impossible, keep that in mind) this make it even more prone to be stolen. Don’t talk about the cryptocurrencies you own and more importantly how much you own, to anyone your don’t trust 100%. And even if you trust them, don’t give them any hint in how and where you store your seed passphrases. In real life, this must be mitigated by the compromise that you might want someone else, a significant other, kids or parents, to be able to retrieve your funds in case something happen to you, but this is up to you to manage that and keep it with as few person as possible.
Regarding any online activities, this mean as soon as you interact with your wallet, you must really, REALLY, not trust anybody or any software. When you interactive with a website, don’t use without checking a link your found on a blog, Reddit, Facebook. If possible get the link from a reputable search engine, not from the ads results, that can often be phishing results paid by hackers that didn’t get removed yet. Then double, triple check that the URL is correct, by comparing with several source (official social media account from the service or developers, Wikipedia and other sources). The chances that all the sources are compromised is lower, if not zero compare to trust the first link your find. Then bookmark the URL for future use and then always use your bookmark and still double check the URL and SSL certificate associated. Then if you download a software from the website, try to get the signature from the developer and check that the signature of the file match (this might be a bit tricky, I will have to cover it in a separate article in the future, but you should already find many online resource about this). If it’s a mobile app, get it from a trusted source, like F-Droid or to some extent the official app store (Play Store and Apple App Store). Note that it might happen that fake app still end up on the official stores and can stay available a few days before taken down. Interestingly enough, this risk is much more limited with F-Droid as everything is check manually in the background by some volunteer before any release on the store and everything is signed in the background, thanks to the open source nature of the software and the strong community.
There are no give away where you have to send some coins to get back more. They are no, too good to miss, deal. If you might slightly think that it’s a scam or that it’s too good to be true, it’s probably the case. If anybody or any software ever ask for your private key, your seed, passphrase or anything that should stay secret while your are not especially trying to restore a wallet from an already generated seed, then it’s a scam, stop what you are doing immediately and make research and extra check before going further. And by the way, no you will not get millionaire in 6 months by buying some hundred or even thousand of cryptocurrencies or participating in any DeFi (Decentralized Finance) project whatsoever. If that’s your (main) expectation, you might not start investing or using cryptocurrencies in the first place.
Still you might have triple check everything, avoid all scams and phishing, there is still a risk that your computer or smartphone is corrupted by a virus or rogue software that could trick you into sending coins to the wrong address somehow while your interact with your wallet. This can be avoid or strongly mitigated by using a dedicated offline hardware to store you private keys. In this case the use of the private key to sign a transaction (create the authorization to make a coin transfer to another address) is 100% handled offline and only the signed transaction is send to the blockchain once confirm by your on the offline device. You can achieve this by using a dedicated laptop that has been installed specifically for that purpose without ever touching that internet, nor your any local network. This solution might be very interesting for educational purpose but practically it can be cumbersome to use. Thankful some companies offer user friendly and very compact product to achieve that, it’s what is called most commonly hardware wallet. Of course it cost some money, from 60CHF (55€) up to almost 200CHF (170€) per device and you might need to have two of them depending on your use case, but when you are holding and transferring a significant among of money, this will worth it. Think about it like an investment, what you would pay for a bank account or a safe installed in your home. Once again it’s up to you to define when it’s worth it or not and what kind of features your might need. The two most famous and most compatible hardware are Trezor and Legder Nano S or X. When it comes to hold and transfer the most famous cryptocurrencies, like Bitcoin and Ethereum, the basic, cheaper, versions of these hardware wallet are perfectly enough. If you want advanced fancy features, comfort features and some specific cryptocurrencies requiring more power, the advanced models might offer your more but in most cases they are optional.
Rule 4 : Don’t invest what you are not prepare to loose
This last one is more of a disclaimer or friendly reminder, that cryptocurrencies are still, even after more than 10 years of existence for Bitcoin, experimental software and assets. They are mostly unregulated and the law or insurance might not cover your back in case of bad event. They are heavily developed and prone to new bug and exploit discovery. It’s really not uncommon that a centralized or even a decentralized exchanges get hacked and if it happens, it might not always cover the losses, even if the most reputable ones did cover the losses in the past (Mt. Gox is not what I would call reputable and it’s ancient history in Bitcoin timeline). A project can be withdraw from its developers at any time and even if it’s open source, the project might struggle to be adopted by a new community that will maintain it. Finally you could do a mistake, send the wrong coin to the wrong address, add or miss a zero, mistaken the fee value with the transaction value or any other bad manipulation that might result in a partial or total loss of your coins. This can all be mitigated somehow by using the most common and used coins, wallet, app, exchanges and services but there will always be a certain among of risk that is usually higher than using a traditional bank with fiat currencies or investing in the stock market and bond. Don’t get a mortgage on your house to buy more than you can afford of Dogecoin. In fact don’t buy Dogecoin, this is just a meme, really. Start slowly, learn as much as you can. Invest a small portion of money you are comfortable with, get familiar with the environment and tools you are using. Then decide if it worth stepping up or not.
This would act as my introduction article about using cryptocurrencies for possibly investing in them. I didn’t introduce the concept and the history of Bitcoin, blockchain and cryptocurrencies in general but they are already a lot of article about it. You can start reading information on bitcoin.org and ethereum.org for example. Another very good introduction is done by the Swiss crypto “bank” project MtPelerin (not yet a real, official, bank) on their blog, it starts with the very basics: What is money?
If you like this post, be sure to subscribe by RSS and follow @eluc on Mastodon or @ElucTheG33k on Twitter to not miss any future post.