How to Protect your Investments with Technology\n-----------------------------------------------\n\n### Introduction\n\n2017 is coming to an end. And with that we have seen one of the largest revolutions in the financial system pretty much since its inception. This year’s cryptocurrency revolution was not due to the technology. After all, Blockchain has existed for over 7 years now. This year’s revolution was due to a change in perception and how people perceive cryptocurrencies.\n\nWe decided to build this Blog as a way to keep people informed about what’s happening in the field of ICOs and how it’s booming. But the explosion of ICOs has made it difficult for us to even manage and explore all the possibilities that are currently happening, and how governments are evolving to get ready for what’s to come.\n\nWith that, here at Best of ICOs, we make a very safe prediction. We predict that 2018 will be the largest year for ICOs ever, and that there will be at least one Unicorn (a Billion dollar company) born from this revolution. Not everything is great — we also predict that next year will see the most amount of people being legally prosecuted for generating false information, or selling securities as non-securities.\n\nToday we will explore the topic of managing a portfolio of multiple ICOs, from both technical and practical perspectives. We decided to also share with you some of the information we have gathered since our inception, and the lessons we have learned with Blockchain technology.\n\n### The Illusion of Safety\n\nNo system is completely safe. In fact the security industry works on this very principle. A system is never unhackable, it has just been secured enough to deter an attacker. Even the most secure systems are vulnerable to someone being careless and letting someone else get a hold of a master password, and unknown bugs in very reliable software can always be discovered.\n\nFor example, the famous heartbleed bug that was used to compromise webservices was a serious vulnerability in the OpenSSL Cryptographic library, something that had been reviewed by hundreds of leading cryptographic experts in the world. Furthermore hackers have been able to exploit all kinds of systems even if not through technical means through tricking innocent people using social engineering to acquire their passwords, emails, and any other details that they might need\n\nSome of us staff at Best Of ICOs have worked in the cybersecurity industry and the most important lesson they have learned is that the best approach to defending yourself from attacks is to make your wallet or portfolio more difficult to acquire than the average person’s. Most hackers are not malicious towards one specific person and are just looking for an easy target to compromise. Unless you are a very high profile target and draw specific attention from trained attackers, you will be quite safe as long as you take enough security precautions and make yourself less vulnerable than the average crypto-investor.\n\nLastly, as long as you access your wallet through a device connected to the internet, you will always risk being attacked. A virus, a smart hacker, or a mistake can cause you a lot of grief. For this reason it is probably best to use multiple security methods, depending on your level of comfort with risk.\n\n### The Wallet Principles\n\nThe first reality you will have to accept is that if you are investing in multiple cryptoassets **you will need to store them differently.** This means that there won’t be a single solution, account, or method that applies to all of them. Making sure you are organized, and have a process in place will be key. This is your hard-earned money, and you don’t want to lose it because you were not careful, especially when the cryptomarkets are already so volatile.\n\n### A quick summary in public, private keys, and wallets\n\nIn order to send or receive a cryptocurrency you must have a public key that identifies you in the network, and also a private key that verifies your identity. A wallet is essentially the way you store these public and private key addresses. So to clarify, a wallet does not hold your cryptocurrencies, the network does. Your wallet just identifies who you are on the network, and also verifies that you can actually approve a transaction in the network.\n\nPublic keys are the address that people use to publicly identify themselves. This set of characters is what others need in order to send you money. Your private key, on the other hand, is the secret address that you use to “sign” or verify transactions. Is what the Blockchain uses to verify that you are the one sending money to someone else. **The private key is to be kept protected at all times.** Both private and public keys are generated together when a wallet is opened.\n\nA wallet is something that stores your public / private key pairs. We say something, because it can be software, hardware, a piece of paper, a laser etched piece of metal, or even a superhuman remembering a public / private key address. This means that if someone hacks, steals, or finds your wallet, you will lose all your cryptocurrencies within that wallet, with no possibility of recovering it. Some hacks have caused the [Ethereum community to quite literally split.](https://hackernoon.com/how-ethereum-lost-300-million-dollars-bfedf7ba0c19)\n\n### The Trade off: Convenience vs Safety\n\nWhenever you are using a technology, there will always be some form of trade-off between practicality and safety. For example, it is safer to bring your bike inside your house than it is to lock it outside. But it is really impractical to carry it if you live in the 10th floor of an apartment building.\n\nThe way we approach the management of digital assets should be done in a similar way. We have to decide which wallets or tokens will be used frequently, which means we may sacrifice some safety for convenience, while some other amounts or types of tokens will not be used in the near future and can be stored in safer, more inconvenient locations. Inconvenience also makes the life of the hacker more difficult.\n\n### Types of Wallets\n\n#### Cold Wallets\n\nCold wallets are methods of storing your cryptocurrency in the physical world. This means they do not require electricity, nor are they connected to the internet. These are the safest way to store your public / private keys but also the most inconvenient. They are prone to physical damage and physical theft.\n\nThis quite literally means, that you can store your wallets in a physical object, and then put that object in a vault or safe place.\n\nSome examples of these wallets are:\n\n1. Paper Wallets\n2. Hardware Wallets\n3. Coin Wallets\n\n**Paper Wallets**\n\nYou use software to generate a file that you can print your keys onto. This file can be printed on a piece of paper or even be written down (we definitely don’t recommend this). You typically want this software to be running on a computer that has never been, nor will ever be connected to the internet, in order to make sure that the file is never seen by anyone. You also want to completely wipe the hard drive or solid state drive that originally created the file.\n\nThis type of wallet is both dangerous and currently relatively impractical, as keeping devices off the internet forever requires a lot of involvement. Their added benefit is the fact that you can easily store this piece of paper anywhere, such as a safe or a bank vault. You can also technically print your key on a safer mechanism, such as a sheet of metal, like titanium and use a laser cutter to “print” the keys. So potentially you can store it safely for practically ever.\n\nExamples of Paper wallets for Bitcoin are: [bitaddress.org](https://www.bitaddress.org) \nAnd for Ethereum are: [MyEtherWallet](https://www.myetherwallet.com) which provides multiple wallet types\n\n**Hardware Wallets**\n\nThese wallets are typically USB devices, or tablets, that store your public / private key combination in an encrypted solid state drive. The obvious benefit is that these devices do not have access to the internet, therefore they cannot be hacked. They also provide the benefit that they handle the transaction signature, instead of say, your computer or a third service, making it much safer and less vulnerable.\n\nThat said, since they are physical objects they are vulnerable to physical damage such as fires, solid state corruption by magnets or wear, or even normal theft or losing them. The storage device is encrypted so the thief cannot easily retrieve them even if they get physical access to the device, however, it would still be really painful to lose the money.\n\nMost of these wallets provide a secondary way to retrieve your information by allowing the user to keep a safe combination of words, that in the right order bring back the wallet.\n\n!(https://hackernoon.com/hn-images/0*wgKyXUYlolqHTIT4.)\n\n[Ledger](https://www.ledgerwallet.com/) Wallet Hardware Wallet\n\nFamous examples of these wallets are: [Trezor](https://trezor.io) (Bitcoin) and [Ledger](https://www.ledgerwallet.com) (Multi Currency)\n\nHardware wallets are not the easiest to use, and still require some technical knowledge, so we would only recommend these type of wallets for someone who really has the time and resources to manage them.\n\n**Coin Wallets**\n\n!(https://hackernoon.com/hn-images/0*QJ4H9AQv2DP3RVER.)\n\nThe now Hacked Alitin Mint Coin out of Silver\n\nCoin Wallets are simply the **worst and most unsafe** way to keep your Bitcoins. They carry all the risks of physical assets, and all the hackability of third party systems. We simply cannot recommend this method in any way.\n\nThese are physical coins that you can purchase. The coins are essentially a paper wallet that has a sticker or a security hologram that reveals the private key when peeled off. This method is mostly for collectors and has a series of compromises and difficulties.\n\nFor one, how do you ensure that the purchased asset really has an intact private key, or that the company or third party did not keep other copies? This asset is also very difficult to resell since peeling off the sticker completely devalues the asset.\n\nThere are also other issues such as being damaged, or stolen. With zero security this is probably the worst of all methods, but an interesting one for collectors. Some of these tokens are made out of precious materials, as some form of guarantee of minimum value. But with the prices of Bitcoin at an all-time high, a $20,000 gold coin is still far too expensive.\n\nExamples of these tokens (for Bitcoin) are: Alitin Mint (hacked), [Titan Bitcoin](https://www.titanbtc.com/), and Casascius (hacked)\n\n### Light Wallets\n\nIf you wanted to send money directly to someone without using a service, you would be required to download the entire Blockchain and essentially have to send the money by signing off or submitting a transaction. This is a massive problem of the Blockchain, since different tokens have different Blockchains that have grown massively.\n\nTo give you an idea, the full Bitcoin Blockchain size is currently over 135 GB of space, and Ethereum is over 150 GB. Which would be pretty difficult to manage for most of us.\n\nThe name “Light wallet” comes from the fact that these wallets do not require the user to download the entire blockchain, and instead a combination of clever solutions are used to practically send money and keep your wallet inside of your computer.\n\nYouTuber [Jackson Palmer](https://www.youtube.com/channel/UCTOzxu_HvuJfZtTJ6AZ7rkA), further separates these wallets into two categories:\n\n1. Dependent Light Wallets\n2. Independent Light Wallets\n\nNOTE: If your computer gets hacked, both types of light wallets could be compromised, and you could lose all your money. This can be done by creating fake versions of the wallets, using keyloggers, sniffing packets, etc.\n\n**Dependent Light Wallets**\n\nEven though the transactions are signed on the client side (such as on your web browser), these wallets still utilize a third party server that interacts between your browser and their servers in order to submit the transaction to the Blockchain.\n\nThere is not a lot of risk, since the transaction verification and authentication happen in your browser (your computer locally stores your wallet). The problem with this mechanism is that if the third party bandwidth gets too saturated, or fails, you will not be able to send transactions or interact with the network.\n\nExamples of these wallets are: [myetherwallet](https://www.myetherwallet.com),\n\n**Independent Light Wallets**\n\nThese wallets are also stored on the client side (you). However, the biggest difference is that the connection / submission of the transaction is also done from your computer. This means that there is no node or third party connection that sends your signed transactions.\n\nExamples of these for Bitcoin (iOS): [Breadwallet](https://breadapp.com) \nFor Ethereum and Bitcoin (Android, iOS): [MyCelium](https://wallet.mycelium.com/) \nFor Multiple devices and cryptocurrencies: [Jaxx](https://jaxx.io)\n\nThese light wallets are run by something called an SPV or **Simple Payment Verification** technology.This technology enables the client (your computer) to be able to interact with the Blockchain network without having to become a full Blockchain node.\n\nThe way this works is that the system only downloads the headers of the Blockchain transaction instead of the full transaction node and history. This enables the user to send a transaction without having to store the large amounts of information that would be required if you wanted to install a full node on your computer.\n\n### Hot Wallets and Services\n\nThese are probably the most common type of methods to store wallets, and they are also the one that most people start with when they get into cryptocurrencies. They are some of the riskiest,, but also the quickest, easiest and most practical methods.\n\nThe name hot wallet, comes from the fact that you have quick access to your public / private keys. These are the typical options for people who care very little about safety, but want to purchase or sell cryptocurrencies quickly. This is the fastest, and therefore the least safe method to store your public / private key pairs.\n\nEssentially the way it works is that you give your public / private key to some third party, for example a cryptocurrency exchange or some sort of storage service. These companies then keep your wallet in some form of database and do their best to keep it safe.\n\nThe upside of this, of course, is that you don’t have to do any of the work. You trust that whomever is keeping your combination will do so safely, and you also have access to your wallet very quickly through some normal means, like a username and password. This means that even if the service is safe, someone could steal your username and password combination and have full access to all your wallets within that service. Which makes this vulnerable to social hacking.\n\nThis is obviously the riskiest possible way to store your wallet. If someone hacks the third party company, then the money from A LOT of people is gone, simultaneously. You have no control about how they store your information, and it is likely that it won’t be very safe, especially since they have to handle thousands of users doing millions of transactions, they have to be able to have quick access to these wallets, and as we mentioned before, you can have it fast, or safe, but not both.\n\nThe most famous case of a third party hack was [Mt Gox](https://en.wikipedia.org/wiki/Mt._Gox), launching in 2010, it was the largest Bitcoin exchange in the world, dealing with 70% of all BTC transactions. In 2013 they announced they were hacked upwards of 850K BTC or currently about $15B dollars.\n\nOf course some of these services are safer than others, and some have gone to great lengths to keep the wallets as safe as possible, and even insure their wallets.\n\nExamples of these services / exchanges are: [Coinbase](https://www.coinbase.com), [Kraken](https://www.kraken.com/), [QuadrigaCX](https://www.quadrigacx.com/), etc.\n\n### Thick Wallets (Full Clients)\n\nThis is the full client. You download the entirety of the Blockchain. As we mentioned before, this requires a large amount of storage resources, as well as time and patience. Just downloading the Blockchain requires days and a lot of bandwidth. Your computer also will form a node and verify the transactions of the entire Blockchain, this means your computer becomes a miner.\n\nThis is definitely not the right way to go for most people. You may have heard that mining is only even remotely economically feasible by large data centers in certain countries, and your computer will definitely not be able to be rewarded from mining at this point. At least not for Bitcoin, Ethereum or some of the largest cryptocurrencies. Maybe some obscure token with little competition.\n\nThe added benefit is that by downloading and verifying each transaction you get the benefit of not requiring to use any third party, or depend on anyone else to send the transaction. No middle man. The other benefit is that you make the network stronger by adding more transactional nodes, although at this point that seems pointless for any of the largest tokens. Lastly, this type of Desktop wallets can only be accessed on one computer, which again makes it safer but less convenient.\n\nExamples of this are: Bitcoin Core or the Ethereum Mist Client (The full client)\n\n### Multisignature Wallets (Multisig)\n\nMultisignature wallets are a process that enables multiple people to control the funds of a wallet and essentially require multiple signatures in order to choose what to do with the contents of the wallet. This is similar to bank vaults that require multiple keys in order to be opened.\n\nThis type of wallet has some interesting effects. For starters, it does not have a single point of failure. By democratizing a wallet, no one individual has the power to misuse the funds. This can also be a single individual that has keys in different parts of their life.\n\nSo even if a hacker compromises a single key, the wallet can still be safe.\n\nExamples of processes that enable multisignature authentication are: [Electrum (Bitcoin)](https://electrum.org/#home) or [Blocktrail](https://www.blocktrail.com/) (Bitcoin)\n\nNote: Multi signature wallets typically have a higher-than-normal barrier of entry. It is complicated for beginners to have a distributed system for signatures, and it also increases the chances of losing a key, just by the fact that you have many more. Also it’s important to note that even if you lose a key, you can still create a multi signature wallet that accepts some % of keys instead of all.\n\n!(https://hackernoon.com/hn-images/0*4HK94np-PeThQiXz.)\n\n[Electrum](https://electrum.org/#home) Multi Signature Wallet creation process\n\n### Recovery: Mnemonics and Seed Phrases\n\nMnemonics and seed phrases are ways to recover lost private keys if you have a wallet (hardware or software) that allows you to use something called “deterministic” seed generation. The idea is that you keep a certain mnemonic (a list of random words) that is stored safely, if you ever lose your public and private keys, the software or hardware wallet can regenerate those keys with the help of this mnemonic or seed phrase.\n\nThe way this works technically is that all the ways of generating public and private use something called a seed, which is just some set of random information. For example, it could be the words in a mnemonic or it could be the range of temperatures your computer’s CPU has gone through in the last 10 seconds. If you use a mnemonic to generate this seed, then the private key generator will recreate the exact same private/public keypair. Thus it is very important that the mnemonic is stored securely since if someone gets a hold of it, it is just as good as giving them your private key!\n\nMnemonics are a great way to ensure your information is safe as they can be printed out and stored anywhere safely (much like a paper wallet), but if it is lost it is not immediately obvious that they are a mnemonic for a cryptocurrency wallet since they are just random words! Keeping them with other text printouts or writing them down in the middle of a notebook with other text that is unrelated is a great way to store them since it is nearly impossible for someone to guess that those exact set of words are important when blended in with other writing.\n\n### Conclusion: What’s best?\n\nWhat method is the best? None of them.\n\nWhile we could argue some methods are clearly bad, such as purchasing physical coins. There are all kinds of flavors and options about managing your wallets.\n\nWhat you have to remember is that each method has a distinct tradeoff and in reality you should probably be utilizing multiple methods. A lot of people buy cryptocurrencies that they don’t want to sell until they reach some sort of ideal price.\n\nThis means that in a lot of cases you want to wait months or even years in order to “cash out” which means that a slower storage is more desirable, since it’s safer and less practical.\n\nOthers want to use cryptocurrencies in order to do trading or purchase things on the internet. This means that more convenient methods are better since you are able to trade faster and with less friction.\n\nDo whatever works for you, and make sure that the methods you work on are compatible with each technology. I.e. Bitcoin wallets will not store Ether or vice versa. The reality is that no matter what, if you want to keep a balanced portfolio of cryptocurrencies, you will have to inevitably use multiple methods.\n\nAs always, make sure you do your own research, you talk to people that use certain products, check the legitimacy of the company you are dealing with, and also see the reviews and things that others are saying. Never take a single advice or use a single source for anything (including this blog!).\n\nThe point of this article is not to define a winner or even give you a strategy. We want to depict and explain the possibilities and limitations of each method, and allow you to make a decision based on your needs and time.\n\nLooking to help? \n**Support us on Bountey!** [**https://www.bountey.com/bestoficos**](https://www.bountey.com/bestoficos)\n\nWant to stay up to date in ICOs? \n**Visit us at** [**https://thebestoficos.com**](http://thebestoficos.com/)\n\nHave an interesting story? \n**Write us at** [**email@example.com**](mailto:firstname.lastname@example.org)\n\n### Disclaimer:\n\nThis website and the information contained herein is not intended to be a source of investment, financial, tax, technical, or legal advice. This website cannot substitute for professional advice and independent factual verification.\n\nThe ideas and strategies on this website should never be used without first assessing your own personal financial situation, and without consulting a financial professional. All content in this website is for informational purposes only, and is provided “as is”, with no guarantee of completeness,accuracy, timeliness or of the results obtained from the use of this website.\n\nThis is just a stub, your access to and use of this website is conditioned upon your acceptance of and compliance with the [Full Disclaimers.](https://thebestoficos.com/disclaimer.html) The Disclaimers apply to all visitors, users, and others who wish to access or use this website.