Cold storage
Cold storage in the context of Bitcoin refers to keeping a reserve of Bitcoins offline.
For example, a Bitcoin exchange typically offers an instant withdrawal feature, and might be a steward over hundreds of thousands of Bitcoins. To minimize the possibility that an intruder could steal the entire reserve in a security breach, the operator of the website follows a best practice by keeping the majority of the reserve in cold storage, or in other words, not present on the web server or any other computer. The only amount kept on the server is the amount needed to cover anticipated withdrawals.
Methods of cold storage include keeping bitcoins:
- On a USB drive or other data storage medium in a safe place (e.g. safe deposit box, safe)
- On a paper wallet
- On a bearer item such as a physical bitcoin.
- Online, but on encrypted media where the encryption key is offline.
- Use a offline Bitcoin Hardware wallet (So far only Pi-Wallet is operational.)
Deep cold storage refers to keeping a reserve of Bitcoins offline, using a method that makes retrieving coins from storage significantly more difficult than sending them there. This could be done for safety's sake, such as to prevent theft or robbery.
Because Bitcoins can be sent to a wallet by anyone knowing the wallet address, it is trivial to put a wallet in cold storage but to keep a copy of the addresses needed to send funds to it.
A simple example of deep cold storage is opening a safe deposit box and putting a USB stick containing an encrypted wallet file in it. The public (sending) addresses can be used any time to send additional bitcoins to the wallet, but spending the bitcoins would require physical access to the box (in addition to knowledge of the encryption password).
Deep cold storage would typically be used for holding large amounts of bitcoins, or for a trustee holding bitcoins on behalf of others. In such a case, additional precautions should be taken beyond a simple example of a single safe deposit box.
- The box could be accessed by bank or maintenance personnel, so the contents of the box alone should not be sufficient to access the wallet.
- The box could be stolen or destroyed in a disaster, or the media could become unreadable, so the box should not contain the only copy of the wallet.
- The trustee could die or become incapacitated. If access to the wallet or knowledge of its location is lost, or encryption passwords are lost, the bitcoins are gone forever. Provisions should be made so that the box can be accessed by someone else as appropriate, including any encryption passwords.
See also
- How to import private keys
- How to set up a secure offline savings wallet
- Bitcoin Cold Storage In Plain English by David Perry
- Paper Wallet Tutorial blockchain.info
- Security of private key offlineaddress.com