Courses : Bitcoin for beginners Part II
bitcoin·@zachy·
0.000 HBDCourses : Bitcoin for beginners Part II
Buying and Storing Bitcoins  In This Chapter ▶▶Learning how to buy bitcoins ▶▶Finding an exchange ▶▶Getting verified ▶▶Keeping your bitcoins safe T his chapter looks at the practicalities of beginning to use bitcoin: getting your (virtual) hands on that all‐important first bitcoin, setting up a way to store and spend it, and of course, being security conscious as you head off on your spending spree. By the end of this chapter, you should be able to set up and get going with bitcoin. Before getting started, you will need one or both of the following: ✓✓Bitcoin Wallet software installed on your computer or laptop (downloaded from https://bitcoin.org/en/chooseyour‐ wallet). ✓✓Bitcoin Wallet software installed on your mobile device (downloaded from https://bitcoin.org/en/chooseyour‐ wallet). Getting Started: How to Obtain Bitcoins The first hurdle to overcome when getting involved in bitcoin is how to obtain bitcoins. Although you can do so using several methods — which we’ll look at in this chapter — the most obvious choice is to buy them. But where do you go when trying to buy a digital token in exchange for physical money? These platforms are called exchanges, and just like an exchange office where you can use local currency to obtain foreign currency, bitcoin exchanges exchange your physical money for bitcoins. A bitcoin exchange is the currency’s equivalent of the services offered by banks or other regulated institutions that allow currency exchange — commonly known as FOREX transactions. You may have an account at the bitcoin exchange where you hold funds in your local currency and you use that account to trade for bitcoins. From that account, you would send the bitcoins to your preferred wallet and use the bitcoins as you see fit — similar to how you would use local fiat currency held in your checking account. If you recall, bitcoin was designed to work as a borderless, decentralized payment method without needing to convert to local currencies in order to be used. And although a lot of goods and services may be purchased with bitcoin, the need to convert bitcoins (also called BTC) to local currency to pay bills and whatnot is still there. This is why we need exchanges — to help facilitate these types of transfers. Getting registered on an exchange A bitcoin exchange usually takes the form of a website, though there are a few physical exchanges out there (discussed later on in this chapter). When it comes to choosing an exchange, you’ve got plenty of choice of providers. Depending on your geographical location and the type of fiat currency you use, certain exchanges may be preferable to others. At this time, there is no bitcoin exchange that services all countries in the world, due to legal reasons. We recommend checking out the list of exchanges linked from the Bitcoin.org website or reviewing a current guide from an online news site such as Coindesk. You can check them out here: https://howtobuybitcoins.info/#!/ www.coindesk.com/information/how‐can‐i‐buybitcoins/ The main goal of any bitcoin exchange platform is to facilitate the transfer from and to physical currency to and from digital currencies, such as bitcoin. Anyone can create an account at a bitcoin exchange without having to buy bitcoins at that time or owning bitcoins beforehand. Here’s the way an online bitcoin exchange works (the actual details will vary depending on the exchange you sign up to): 1. You sign up for a user account by providing basic information. 2. You then receive an e-mail in your mailbox to activate your account. 3. Once you have activated your account, the actual registration process begins. As you might expect from exchange services, they are the leading indicators of how current market prices are fluctuating. In the case of bitcoin exchanges, these prices can fluctuate by quite a bit, as each business runs on a slightly different business model. Some bitcoin exchanges will pay you less when selling bitcoin and ask a slightly lower market price when you want to buy bitcoin. Other exchange platforms will offer you the current market value but take a small cut (0.05–0.5 percent) per executed transaction as commission. Even though bitcoin is all about supply and demand based on the open market, buyers and sellers still need to be connected. Most bitcoin exchanges use a trading engine, which automatically matches buy and sell orders on both sides of the order book. However, there are other options too, such as local peer‐to‐peer trades, covered later in this chapter. A very important aspect of bitcoin exchanges is the fact that some — though not all — platforms allow you to exchange BTC to a global currency that is not necessarily your local currency. For example, if you live in China, your local currency is the Chinese Yuan. However, if you want to get your hands on U.S. dollars (USD), euros (EUR), or British pounds (GBP), you may choose to use a bitcoin exchange trading in those currency pairs. When attempting to make a withdrawal to your bank account, the value may still be converted to your local currency if your bank doesn’t accept foreign currency transfers. Always do some research before attempting these types of transfers and make sure you are prepared for any associated risks in doing so. Bitcoin exchanges are obliged by their local laws and respective national regulators of financial services and products to obtain some of your personal information. This information includes, but is not limited to, your full name, address, phone number (mobile and/or landline) and country of residence. On top of that, most bitcoin exchanges require you to fill in your date of birth, which is part of the identity verification process (see the next section). Know‐Your‐Customer: Passing the KYC In order to properly use a bitcoin exchange, you will need to complete a “Know‐Your‐Customer” (KYC) verification procedure. This process sounds a lot scarier than it really is, even though you are obligated to submit some very delicate information related to you as a person. Step 1: Confirming your phone number The first step is verifying your mobile phone number. Most bitcoin exchanges send you a text message to that phone number with a code. That code needs to be entered on a specific page during the verification process in order to verify that you have access to that mobile number in case of an emergency, or during an account’s password‐recovery process. Step 2: Providing personal ID The next step usually requires you to verify your identity by providing a copy of personal identification. Depending on the bitcoin exchange platform you’re using, these documents can range from a scan of your ID or driver’s license and a recent utility bill, to a copy of your birth certificate or passport. The types of ID documents required depend on how much you are expecting to trade through your bitcoin exchange. Larger amounts require stricter verification, and thus more sensitive personal information. And this is one of the major struggles novice users face when verifying their identity and purchasing bitcoins for the first time. Besides the information that needs to be submitted, there’s also a waiting period that must be taken into account before these documents are verified. Most major bitcoin exchanges get these documents reviewed within a few hours, but there have been reports of delays taking up to a week. Whenever you submit any documents, always make sure everything is clearly legible, as this will make the verification process a lot smoother. Figuring out exchange rates Bitcoin exchange rates to and from a country’s physical currency may vary quite a lot. Not only do rates depend on the time of day during which you’re looking to make a trade, but there’s a massive difference between various exchange platforms. The bitcoin exchange business is very competitive in nature, and every platform is looking to attract as many customers as possible. In order to do so, each bitcoin exchange has to come up with its own business model to cater to as many people as possible. In most cases, the novice users are the largest untapped market, and efforts are focused on making bitcoin more accessible. To get the best exchange rates for yourself, follow these tips: ✓✓Whenever you’re looking to exchange bitcoin for physical currency or vice versa, make sure to check the current bitcoin price first. See the nearby sidebar “Keeping an eye on exchange rates” for further details. Over the past few years, bitcoin exchanges have started offering a “fixed” price per bitcoin, assuming you complete the transaction within a certain time frame. For example, when converting BTC into local currency, a user must complete the transfer within the next 15 minutes in order to get the current price. Failure to do so may result in a different price at the time of transaction, which can be either higher or lower. ✓✓Keep a close eye on the bitcoin exchange rate for your local currency at all times, to maximize your profits and reduce your losses. Although Bitcoinwisdom.com is undoubtedly one of our favorite sources of data, there are other similar sources such as Cryptrader.com and Coinmarketcap.com. Whichever tools you choose to use, they can aid you by giving you charts such as you would expect to see in regular fiat currency conversions, or just a flat BTC/local currency rate in digits. See the nearby sidebar on exchange rates for more info. You can check them out here: https://bitcoinwisdom.com https://cryptrader.com http://coinmarketcap.com/currencies/ ✓✓Keep in mind that there will usually be an exchange fee at some point during the transaction, so be sure to understand how much that will be. Some bitcoin exchange platforms take a small cut when your buy or sell order has been executed, whereas others will simply charge you more or pay you less overall. Plus, additional fees may be applicable when withdrawing your physical currency to a bank account or other payment method. Keeping an eye on exchange rates Depending on which platform you are using, there are various methods at your disposal to keep an eye on the current bitcoin exchange rate. For computer users, the best option is to check the Bitcoin Wisdom website at www.bitcoinwisdom. com. On this platform, you will find real time bitcoin price statistics for all major currencies (USD, EUR, CAD, RUR, and CNY), and the most popular exchanges dealing with those specific currencies. For mobile users, the story is quite different. Most mobile bitcoin wallets show the fiat currency value next to your bitcoin value inside the app itself (see Chapter 5 for more details on mobile wallets). This is a great way to give you an idea of how much your coins are worth at any given time. Keep in mind you will need an active Internet connection — either mobile data or wi‐fi — for this price to reflect the current value. Exchange rates on bitcoin exchanges fluctuate constantly, in part attributable to free market supply and demand. In recent years, the overall trading volume of bitcoin has increased exponentially, with most of the trading taking place in China and the United States. Despite all of that, other local exchange rates around the world may go up when the major bitcoin markets are going down, or the other way around. Understanding peer‐to‐peer versus regular exchanges Two types of bitcoin exchanges are in use: peer‐to‐peer and what we’ll call regular. On the one hand, there are the regular bitcoin exchanges, which use an order book to match buy and sell orders between people. However, neither the buyer nor the seller has any idea who the other party is, and this provides all users with a certain level of anonymity and privacy protection. This is the most commonly used form of exchanging local currency to and from its digital counterpart in the form of bitcoin. However, bitcoin was originally created to enable peer‐to‐peer transactions. Unlike other familiar peer‐to‐peer technologies you may be familiar with, such as torrent applications, in the bitcoin domain peer‐to‐peer means a one‐on‐one relationship. A peer‐topeer transaction means that you have data related to the person or entity you’re interacting with at all times, rather than interacting with several different peers, as in the case of torrents. The information you have on that person can range from a bitcoin wallet address, to their forum username, location, IP address, or can even involve a face‐to‐face meeting. Rather than using an order book to match up buy and sell orders — and thus controlling all the funds being used on the exchange platform itself — peer‐to‐peer exchanges match buyers and sellers without holding any funds during the trade. For example, let’s say you want to buy a bitcoin from someone who lives in the same city as you do. Rather than hoping to stumble across that person on a traditional exchange — chances of that are slim to none — you can initiate a peer‐to‐peer transfer with that individual. There are several bitcoin platforms in existence that allow you to register an account in order to find other bitcoin enthusiasts in your local area. Some of the more popular platforms include Gemini.com for the U.S. market, whereas Bitstamp.net and Kraken.com offer facilities for customers in international markets subject to their individual policies and restrictions. You can check them out here: https://gemini.com www.bitstamp.net https://kraken.com That said, not everyone will be willing to meet up face‐to‐face. Some people prefer a payment by traditional means, such as a bank transfer or PayPal, rather than meet up for a cash transaction. Depending on what kind of trading experience you prefer, peerto‐ peer trading may be more suitable for your needs than the regular exchange. Generally, peer‐to‐peer trades do not require you to provide any documentation regarding your identity and offer a reputation system in order to track your own — and other users’ — trading history. In doing so, your chances of completing a trade successfully will only increase. One of the most interesting aspects about peer‐to‐peer bitcoin exchanges is their built‐in reputation system. Because you’re dealing with other traders directly, whose funds are not overseen by the platform owners themselves, the trust element is more important than ever before. It only makes sense to know a little bit more about traders’ previous history before going into business with them. Storing Your Bitcoins: Being Safe While Using Exchanges One of the first things you should keep in mind when you consider storing your bitcoins on an exchange platform is that it involves quite a lot of security risks. It goes against the very ideology of bitcoin to use middlemen and be dependent on centralized services and platforms. And even though these exchanges deal in decentralized digital currency, the platforms themselves, like banks, still represent central points of failure, which makes them incredibly vulnerable to attack. That said, bitcoin developers are not sitting on their hands — see the sidebar “Guarding Fort Bitcoin” for info on what they’re doing to protect your funds. Unfortunately for bitcoin users around the world, exchanges do not have the best of reputations when it comes to storing your digital wealth. Whenever an exchange is hacked, or the owners decide to run off with the money, there is not much that can be done, except trying to file legal action and hope the matter is investigated sooner rather than later. When you put your money in a bank, you are protected by government insurance — for example, in the U.S., the Federal Deposit Insurance Corporation (FDIC) insures your deposits up to $100,000. Not the case when it comes to bitcoin exchanges. By storing your bitcoin on an exchange platform, you are not only trusting the service to stay online at all times — which usually will be the case, but you never know — you also rely on the platform being secure enough. To put that into perspective: You are putting your faith — and your financial wealth — in the hands of a platform that claims to use sufficient security measures in order to protect your data and money. Luckily for the bitcoin world, exchanges have stepped up their security game in recent years, even though there is never such a thing as a bullet‐proof platform. As is always the case with new and disruptive technology, it takes time to fully understand its potential and how it should be properly protected. And in the past, exchange platforms had to learn that the hard — and costly — way. Even though bitcoin exchanges have become far more secure than they were in 2010, that doesn’t mean they should be treated as an online wallet service (see Chapter 5 for more on wallets). Bitcoin users have plenty of options at their disposal to store BTC in a decentralized and more secure manner. That said, centralized wallets such as those provided by Blockchain.info or Coinbase.com are popular as mobile solutions. Guarding Fort Bitcoin In the original bitcoin whitepaper (https://bitcoin.org/bitcoin.pdf), as presented by Satoshi Nakamoto, are details on how bitcoin technology can offer tremendous security improvements compared to the current banking infrastructure. It would take quite some time until we saw the first developments in that area. For example, a tool like multi‐signature security was only implemented in 2013. Multi‐signature security in the world of bitcoin is similar to security for traditional banking. Rather than entrusting one single person or entity with access to a certain wallet, multiple “keys” are distributed to various parties. For example: Mark and Alice want to open up a joint bitcoin wallet. In order to ensure there is an unbiased “arbitrator,” they decide to give Dave a key as well. During the wallet‐creation process, a total of three private keys are generated. One key belongs to Mark, another to Alice, and a third key to Dave for safekeeping. If either Mark or Alice wants to send a bitcoin transaction, they need to convince each other or one of them needs to convince Dave that this is a good idea. In practical terms, a multi‐signature bitcoin wallet means that multiple parties must agree and sign off on the transaction with their key. In this case, either Mark and Alice, or Alice and Dave, or Mark and Dave need to come to an agreement before any funds can be spent from the bitcoin wallet. If only one party wants to and the two other disagree, the transaction can’t be executed. More information can be found at https://en.bitcoin.it/wiki/ Multisignature. That said, protecting a financial platform — which is what bitcoin exchanges are — is not an easy feat. Quite a lot of costs are involved in terms of hiring security experts, testing new features, shutting down trading when a discrepancy occurs, and so on. All in all, security and monitoring are a 24/7 job. One of the additions to bitcoin exchange security comes in the form of two‐factor authentication. Though this security feature is completely optional, it is advisable for all users to enable two‐factor authentication (2FA) on their bitcoin exchange account. (We talk more about 2FA later in this chapter.) Bitcoin exchanges have started to implement multi‐signature bitcoin wallets themselves as well. If a hacker were to breach a bitcoin exchange, transferring the funds out is nearly impossible, as they would need other keyholders to sign off on every transaction. However, not all of a bitcoin exchange’s funds are stored in cold storage multi‐signature wallets. (More on this topic later in this chapter). Long story short, storing bitcoin on an exchange platform for long periods of time isn’t very secure. However, if you are planning to spend or transfer those coins within the next 48 hours, it is relatively safe to store them in the exchange wallet for the time being. Any period longer than that, and you’re putting yourself at a major risk. The best way to store your bitcoins is on a wallet in your control, regardless of whether it is on a computer or a mobile device. See Chapter 5 for more. Bitcoin is designed to give end‐users full control of their funds, and no one should rely on a third‐party service to keep their coins safe. Transfer your funds from a bitcoin exchange or online wallet to the bitcoin wallet software on your computer or mobile device as soon as possible. Using two‐factor authentication (2FA) Even if you aren’t planning to store bitcoins on an exchange for an extended period of time, you may want to look into ways to protect your account. Most (non‐bitcoin) online services require users to authenticate with just a username and password, which is not exactly the most secure way of protecting your credentials and personal information. In recent years, it has become apparent that more layers of security need to be implemented on top of the standard authentication protocols. One of the more popular solutions to tackle this problem is called two‐factor authentication (2FA), which requires an additional “token” to be entered when accessing your account. Failing to enter the correct combination results in an error message. It’s not uncommon for an unauthorized third party to get access to your username and password credentials. This is not always a fault of the individual, as some online services may use unsecure methods of storing these details. Enabling 2FA adds a layer of security on top of that to safeguard your data and money. 2FA may be used in multiple ways, although not all of these forms are supported by every platform. The most common type of 2FA comes in the form of Google Authenticator, which is an application you can install on any mobile device. Using Google Authenticator is quite simple. After you download the app to your mobile device, you set up a new account: 1. Log in to the service or platform you want to protect with 2FA. 2. Scan an associated QR code with the camera of your mobile device. 3. Use that QR code to link to your authentication details, pairing it to your mobile device. Every time you open Google Authenticator, it generates a new 2FA code for your account. These codes remain valid for a very short period of time, after which a new code is automatically generated. The validation of this code is automatically verified when logging in. Entering an expired code will return you back to the login screen. Even though mobile 2FA sounds very convenient, a couple of drawbacks should be kept in mind: ✓✓You need to carry your mobile device with you at all times, and it needs to be charged with enough battery to generate a 2FA code. This will not be an issue for most people, but it can cause inconvenience at certain times. ✓✓If you lose your phone or it gets stolen, you also lose your 2FA credentials. Even though there ways to remove 2FA security from your account and enable it on a new device, doing so is quite the hassle and not a process you want to run through if it’s not necessary. Other ways to authenticate your account through 2FA include services like Clef and Authy, available from the relevant app store for your mobile device, and even plain old SMS verification. However, these options — except for SMS verification — require you to carry additional hardware on you in order to verify your credentials, making them less convenient. SMS verification also has its own drawbacks. For example, if you are in an area where you get bad to no cellular signals, SMS verification for 2FA purposes won’t work. Plus, if you are in a foreign country, additional fees may be charged to you for receiving the 2FA authentication code. Regardless of which option you decide to use, when it comes to bitcoin exchanges, be sure to enable any form of 2FA you possibly can. This protects your account properly, and even though it may be slightly cumbersome at times, protecting your money is well worth going the extra mile. Understanding liability The topic of liability regarding bitcoin exchanges is a gray area at best. We’ll do our best to explain your liability here. Bitcoin is an unregulated and ungoverned digital currency, which makes any associated services fall under the same category by default. However, depending on which part of the world you offer that bitcoin exchange service to, there are some regulations you will have to adhere to. At the time of writing, it remains unclear as to who is liable when your bitcoin exchange is hacked or when the service shuts down all of a sudden. Most of the bigger, more reputable exchanges have systems in place that protect you from financial risk up to a certain amount. The idea is that, if the exchange gets breached, or your funds are lost in any other way while stored on the platform, the exchange will reimburse you out of its pocket. That said, we advise you to take a sensible approach and only store on exchanges what you need and not treat them as secure storage for your bitcoins. Some economists would go as far as saying that a bitcoin exchange is a self‐regulating platform, such as NASDAQ. However, as big as the NASDAQ is, it claims immunity from computer crashes — meaning it will not reimburse any funds lost due to a computer crash. Bitcoin exchanges operate in a different manner, but with no clear regulator to report to, there is never a guarantee you will get your money back. The amount of protection that exchanges may offer to customers may well depend on where they are registered and the licensing requirements (or lack thereof) for the exchanges to operate in that jurisdiction. Storing your bitcoins on an exchange for more than a day or two is never a good idea, and if that exchange were to cease operating for any reason at all, your options will be determined by the local laws of the jurisdiction where the exchange is registered. Generally speaking, the tougher the licensing requirements for an exchange, the more protection you’re likely to be offered. However, you should verify the details of any exchange that you choose to use and the level of protection that it may or may not offer you. Granted, you may be able to take legal action should the worst come to pass, but a lawsuit is very costly and time‐consuming. More and more bitcoin exchanges have opened the door to receive independent third‐party audits. An auditor can verify whether a bitcoin exchange is solvent enough to continue its operations, and if needed, get the security measures stress‐tested to verify whether or not user data is protected properly. We discuss current legislative efforts in more details in Chapter 9. Every exchange has its own way of publishing audit results. To find more information regarding the audit report of your preferred bitcoin exchange, contact its support via live chat or e-mail. A representative will be able to give you a clear answer on whether or not the company conducts audits and where the results are published. Regardless of how you look at it, in the end, all liability lies with the people using bitcoin exchanges. Bitcoin puts financial control back in your hands, and if you decide to store bitcoins on an exchange platform, they are your sole responsibility in the end. Encrypting Your Bitcoins Security is a very important aspect of the bitcoin world — without the proper security in place, your digital wealth could get stolen at any time. Bitcoin Core developers have taken notice of this problem from the beginning and enabled a feature inside the bitcoin client that lets you “encrypt” your wallet by protecting it with a passphrase (see Chapter 5 for more on bitcoin wallets). Bitcoin Core is the “standard” bitcoin software client for computer users. All other bitcoin software wallets are based on Bitcoin Core and provide a different user interface and/or bring additional features to the table. Choosing a passphrase By using a passphrase, you “lock” your coins from being spent. Even if an attacker were to gain access to the device on which your bitcoin wallet is running, they would not be able to do anything with the funds unless they also had your passphrase. Your sensitive bitcoin information — a file called wallet.dat that holds the digital ownership of your BTC — is not encrypted by default. This means that if you just install the bitcoin client on a computer or laptop, it isn’t protected. As soon as someone gains access to your computer, they can spend your coins instantly. Therefore, you should properly encrypt your bitcoin wallet. The latest Bitcoin Core client contains a feature that encrypts your wallet with a passphrase. Or if you prefer, you can use an external tool to encrypt your wallet.dat file, most of which are completely free of charge to use. Keep in mind that you need to enter the passphrase every time you want to access your funds or look at a transaction. Encrypting a bitcoin wallet restricts it to “spectator” mode, in which you can see the balance and incoming transactions, but nothing else in detail. All bitcoin users should encrypt their bitcoin client, and the best code of conduct is to use a very strong and difficult‐to‐crack password — preferably a password that contains numbers, upperand lowercase letters, and even symbols such as @ or #. This password should seem as random as possible to anyone else, but keep in mind you have to enter it manually every time you want to use your bitcoin wallet to its full potential. If you want to encrypt a mobile bitcoin wallet, the process is slightly different. Most mobile applications store the wallet.dat file — or its mobile counterpart — on the device itself and protect it with a PIN code. Though PIN codes are generally less secure than encryptions keys, they provide enough security for most users. However, you can always look into encrypting mobile wallets as well. Find software solutions using keywords typed into your favorite search engine, such as 7Zip, Axcrypt, TrueCrypt, or Irzip. Beware malware Something every bitcoin user needs to keep in mind at all times is that, regardless of whether you encrypt your wallet or not, there is no such thing as a completely safe and secure environment. Most bitcoin users will already have antivirus software installed on their computer, but once you start saving financial data on your machine — including bitcoin — you should add more layers of security to your system. Computer users need to protect themselves against all kinds of harmful programs and software. Just installing an antivirus program on its own is no longer sufficient, especially when bitcoin wallets are being used. You’ll also need an anti‐malware and anti‐spyware program, of which there are many available on the Internet, such as Bitdefender, Kaspersky, and Norton Antivirus products. Note that although these examples cited are termed antivirus products, they contain a wide range of features to protect you from the many security threats on the Internet. A major threat plaguing bitcoin wallets around the world is malware. Malware is a particularly nasty kind of software infection, because the end‐user usually doesn’t even notice its presence until it is too late. There are different forms of malware, each of which can lead to you losing your bitcoins if you’re not protecting yourself with the proper software tools. Malware can be spread through your online behavior when you visit sites with malicious content (usually adult‐related), click the wrong links on the Internet, open suspicious e-mail attachments, or download illegal material. Each of these events may pose a serious threat to your computer and your bitcoin wallet, and should be avoided at all costs. Not every e-mail you receive contains malicious files or images, and you shouldn’t start to become paranoid about every e-mail you open. But if you have no idea who the sender is, don’t open any attachment in that e-mail. Clicking a suspicious link is harder to spot, as it can even appear on your social media pages (especially Facebook and Twitter, which are quite prone to these types of links, and disaster is just one mouse click away). Spyware is often compared to computer viruses, even though there are notable differences between the two. Spyware logs information, such as which websites and corresponding login details have been used, which software you have installed on your computer, and what kinds of e-mails you’ve sent and received. This is extremely worrying for people using online bitcoin services, as spyware can obtain your login details and someone can take advantage of that information. A proper anti‐malware and anti‐spyware software solution is usually not free, even though most can be tested without charge for a period of time. But if you’re really taking the plunge to take back financial control and manage your money yourself using bitcoin, security is your number one priority. Storing physical bitcoin Rather than storing your bitcoins on a computer or mobile device, a third option is fairly common among digital currency users. Physical bitcoins — yes, they do exist — are not just great collector’s items, they also let you store your digital currency on them. Or to be more precise, most of them do. Different types of physical bitcoins exist, just as currencies have coins of different monetary values. The nearby sidebar “The Casascius Series of physical bitcoins” highlights one particular, popular line. Each physical coin has its own price, and they come in various alloys. The most common physical bitcoins these days are minted in silver, although there is quite a selection of both bronze and golden coins on the market as well. All coins require a small upfront investment and can be seen as both a collector’s item and bitcoin vault at the same time. The Casascius series of physical bitcoins Perhaps the most famous “line” of physical bitcoins is the Casascius series, created by Mike Caldwell. Over the years, there have been several generations of these coins, all of which can be funded by the buyer using bitcoin. For example, a physical 0.5 BTC coin can be funded by 0.5 bitcoin. You should aim to fund these coins for no more than their face value. The main reason Casascius coins are so popular is because every edition had a limited mintage, and all the non‐commemorative coins are made of silver or gold. Additionally, several Casascius coins have had “errors” on them, which make them even more valuable from a collector’s point of view. More information on Casascius coins can be found at https://en.bitcoin. it/wiki/Casascius_physical_bitcoins. Most physical bitcoins allow the user to store a bitcoin wallet address, and its private key is in the back of the coin. In doing so, you are officially “funding” the coin by sending a BTC amount to that designated address. All coins come with funding instructions, so for the most up-to-date information on funding, read that small print! Keep in mind that you are responsible for generating this address and the associated private key yourself, so make sure you are the only one who has access to those details. Once you have created your bitcoin wallet address and private key, you’ll also receive a small piece of paper on which this confirmation is printed. This document usually comes with the coin itself and includes a hologram. That hologram has to be placed over the back of the coin, making sure your wallet information isn’t tampered with (tampering would break the hologram). Many people use physical coins to store some spare bitcoin in the hopes of an increase in BTC price in the future. Plus, these coins cannot be spent unless they break the hologram and retrieve the private key. Funding a physical bitcoin is a great way to keep your spending habits under control. Buying Bitcoins in Person Buying bitcoins in person is a great way to venture into the world of digital currency. Buying in person not only gets you acquainted with peer‐to‐peer transfer, but is also a way to meet some new and like‐minded people with an interest in bitcoin. In‐person bitcoin trades can attract unwanted attention from people when there is cash involved. Thieves have become more aware of bitcoin trades being completed in person, and someone walking about with a lot of cash is a perfect target for such individuals. Before you can complete your peer‐to‐peer trade, you need to prepare some important things. Perhaps the most important aspect of completing any form of bitcoin trading is creating your wallet address. After all, without a valid bitcoin wallet address, there is no way to store your BTC. Your bitcoin wallet address Your bitcoin wallet is actually a long string of random numbers and lower‐ and uppercase letters. It is impossible to remember a wallet address by heart, and that is intended. The reason for this is simple: additional security. If someone were to remember your bitcoin address, they could look it up on the blockchain and monitor your bitcoin activity in real‐time, for instance on www.blockchain.info. You may create a bitcoin wallet address in several ways, but if you’re completing a peer‐to‐peer trade, mobile solutions might be your best bet. By installing any of the many mobile bitcoin wallet apps, the address generation process is usually taken care of for you. But keep in mind that you may need to register before using a certain app, so make sure to complete that part beforehand. A bitcoin wallet address will be automatically generated for you once you install the bitcoin software on your computer or mobile device. Once you are set up and ready to go out, there’s one last thing to complete. During your peer‐to‐peer bitcoin transaction, you need to present your bitcoin wallet address in a convenient manner to the person who is selling the coins to you. Rather than write down your bitcoin wallet address — a long string of random characters — here’s a far better alternative: QR codes. You have probably seen these weird‐looking square black‐and‐white codes on product packaging or on TV. Your bank may use them as well to authenticate mobile payments in a store nearby. QR codes are a great way of sharing bitcoin payment details with other users. By creating a QR code, you can easily share your bitcoin wallet address with other users. All the other parties need to do is use their phone camera to scan the QR code into their installed bitcoin wallet app. All the details to complete the transaction on their end are filled automatically. Not only is the use of QR codes for bitcoin transfers user‐friendly, it’s also less time‐consuming and improves the overall user experience. After all, who wants to carry a laptop everywhere? Another advantage of using QR codes is that the seller can show you that a transaction has been sent on their device, and by the time you check your device, the money has appeared. Keep in mind that every bitcoin transaction generally takes six network confirmations before the money becomes spendable. Bitcoin transactions need to be confirmed on the network before the funds become spendable by the recipient. Every time a new block is found on the network — roughly every ten minutes — a transaction gains one additional confirmation. In some cases, it takes up to an hour before a bitcoin transaction becomes spendable. Depending on which bitcoin wallet software you use, transactions may become spendable much faster. Especially on mobile devices, your funds are accessible a lot quicker than via computer. This is different for every type of bitcoin wallet, even though the “norm” is to have six network confirmations on a transaction before the funds can be moved again. Chapter 6 talks more about this. Meeting in public places Meeting up for a peer‐to‐peer bitcoin trade is best done in a public area. That protects both parties from potential harm — just in case. Plus, it’s easy to navigate to a public place, even if you have never been there before. Pick a meeting place where you feel secure, preferably somewhere that’s not directly linked to you personally. Don’t invite anyone to your home or workplace, or any other place you frequently visit. Most bitcoin traders intend no harm, but you can never be sure. Another reason why public places are a better choice is that, in order to complete a bitcoin transfer, both users need access to an Internet connection. Plenty of places like coffee shops offer free wi‐fi. In some cases, there may even be a network accessible throughout the entire city. And of course, most mobile providers in the United States, Europe, and Asia offer data connectivity so long as you get a somewhat decent network signal. Once again, this makes public places good choices, compared to remote areas, where cellular connectivity may be an issue. Conducting a peer‐to‐peer bitcoin trade always comes with a small risk. People have been held at gunpoint in an attempt to steal their bitcoins. But this is extremely rare. Use common sense and exercise caution, especially if your bitcoin trader comes running up in a black-and-white stripy shirt carrying a bag marked SWAG. Paying premium rates Buying bitcoin in person from another user has the possibility of one major downside: You may end up paying a premium rate per bitcoin. This means that the price you pay to the person selling the bitcoin may be slightly higher compared to the actual exchange rate. Not all bitcoin traders have a real idea as to what the current bitcoin value is across major exchanges. Checking the current value before agreeing to a peer‐to‐peer‐trade is a good habit to get into. Not only does this give you better insight into how the bitcoin market works, it helps you get the most bitcoins for your money. Bitcoin exchange rates work both ways, of course: No law prevents you from charging a premium rate as a bitcoin seller. This’s the beautiful part about a free market based on supply and demand of bitcoins — anyone can set his own prices. Buyers will always be looking to buy as cheaply as possible, but if the seller’s price happens to be the most convenient at that time, buyers will gladly pay a (small) premium. How big this premium price may be depends on the seller entirely. Similar to how bitcoin ATMs operate (see nearby sidebar), a 5 percent premium on top of the current exchange rate is no exception. But you might encounter vastly different rates as well. It is a free market after all. Always be prepared to pay a price above the current exchange rate, as this is a small sacrifice you make in order to conveniently buy bitcoins compared to going through a lengthy verification process and sending a wire transfer. Choosing a payment method Completing a peer‐to‐peer bitcoin purchase means you have a somewhat wider selection of payment methods at your disposal. However, as people already agree to meet up in person, they will probably tell you which payment method they prefer. In most cases, the obvious choice will be fiat currency in hand. Which brings us to what makes these in‐person trades slightly dangerous. If you are planning to buy any amount of bitcoin worth less than a four‐digit amount in your local currency, you should be relatively safe. Never conduct a person‐to‐person trade in the hopes of buying thousands of USD, EUR, or GBP worth of bitcoin and paying in cash — that would most likely get you in trouble. Bitcoin ATMs A bitcoin ATM works like a regular bank ATM with some differences. By using a bitcoin ATM, you can buy bitcoin in exchange for fiat currency. Some bitcoin ATMs also let you sell bitcoin in exchange for fiat currency. Every bitcoin ATM operates on a certain fee percentage, which can be anywhere from 0 to 12 percent. More information on bitcoin ATM’s can be found at https://en.wikipedia. org/wiki/Bitcoin_ATM. Some local bitcoin sellers may accept a bank transfer and will pass along the details to you when bringing a laptop with you or visiting a bank ATM. However, this payment method is rarely used, for obvious reasons. If they wanted to accept a bank transfer, there would be no real need to meet up in person to begin with. Using a payment method such as PayPal or a credit card will, in most cases, never be an option when completing an in‐person bitcoin trade. The reason for that is simple: Both PayPal and credit cards can be used to charge back funds, whereas bitcoin transactions cannot. As a result, you could in theory buy bitcoin using PayPal or a credit card, receive the coins, and then ask for a refund through either the bank or PayPal. In most cases, you would actually get the money back as well. Hot Wallets and Cold Storage When talking about bitcoin exchange platforms, two terms you will encounter along the way are cold storage and hot wallet. Both cold storage and the hot wallet are security measures put in place by exchange platforms to safeguard user funds from any mishap: ✓✓Cold storage refers to bitcoins kept offline. You could compare this principle to banks moving customer funds into a vault rather than keeping it at the bank teller desk. In the case of bitcoin cold storage, though, there are other layers of security in place. Examples of cold storage include bitcoins kept on a USB drive or a dedicated hardware wallet. As you may have guessed by now, most bitcoin wallets are stored on servers connected to the Internet. Cold storage wallets are kept entirely offline at all times, which also protects from harm in case a hacker would attempt to breach the platform. Bitcoin exchange platforms protect the majority of — or, in some cases, all — customers from harm. However, there has to be sufficient bitcoin liquidity (amount of funds available at all times) within the exchange at all times as well, as there are always users who want to make a bitcoin withdrawal. And a proper exchange will process that withdrawal request immediately, rather than delaying it by several hours. ✓✓Hot wallet refers to the method by which every bitcoin exchange keeps a certain liquidity just in case there is a massive influx of withdrawal requests. You may think of this liquidity as similar to the cash reserve that any bank must hold so that customers can access their funds at any point in time. This hot wallet provides liquidity of digital currency at all times. Unlike cold storage, a hot wallet is a bitcoin wallet connected to the Internet 24/7. Good business practice for a bitcoin exchange means it never stores too many funds in a hot wallet. Even if it stores only 1 percent of the total amount of bitcoins circulating on the exchange, that can quickly add up to several hundreds or thousands of BTC. And if the platform were to be breached, the loss of funds would be quite catastrophic. On top of that, most bitcoin exchange platforms will not process large bitcoin withdrawals from their hot wallet either, but rather move funds from cold storage to the intended recipient. Every platform has its own internal limits for doing so, making it hard to judge what is quantifiable as a large amount (but as mentioned earlier, you should never store too many BTC on an exchange wallet to begin with). Securing user funds Protecting user funds is priority number one for all bitcoin exchanges. If there were even one report of a user losing funds because of insufficient security measures, an exchange’s reputation would be tarnished forever. And as always, bad news travels a lot faster than good news. To protect customer funds, bitcoin exchanges are using other countermeasures besides cold storage and hot wallets (see the previous section), even though these are the two most common methods. There’s still plenty of room for improvement, and several brilliant minds are collaborating to create a Bitcoin Exchange Security Standard. This standard would improve the overall security of bitcoin exchanges and wallet providers and also set the table for minimum requirements every platform has to adhere to. In the past, not all bitcoin exchanges focused enough on security, which led to multiple hacks, breaches, and a lot of funds being stolen. In its current form, there are ten standardized approaches to how private keys and master seeds are generated, as well as the handling of cold storage and hot wallets. A large focus is also put on security audits, proof‐of‐reserve, and other concepts that have not yet been unveiled. Rather than have every exchange doing its own thing in terms of security and protecting customer funds, a unified standard gives bitcoin exchange a more legitimate status. This approach has led to some great success stories in recent years, which is part of the evolution of bitcoin’s ecosystem. Furthermore, a unified standard would be of great aid to regulators. Bitcoin is being kept under close watch by regulators all around the world, so it would be in the best interest of the bitcoin community to help them as much as we can. Regulators are tasked with developing frameworks for bitcoin’s financial activities, and if there is a standard in place for exchange platforms, it could be of great benefit to all parties involved. Preventing exchange hacks Bitcoin exchanges have often been targeted by hackers intending to steal BTC. And over the course of the years, vast sums of money have fallen into the wrong hands, most of which can be attributed to a lack of security on these platforms. Some of the most notorious exchange hacks in the world of bitcoin date all the way back to the very first time Mt. Gox (a Tokyo‐based bitcoin exchange that has customers all over the world) became the victim of a hack. One of the website’s accounts was compromised, ultimately leading to a global price crash from roughly U.S. $32 per bitcoin down to pennies. However, the hackers ran into Mt. Gox’s daily withdrawal limit of $1,000 at that time, rendering their entire operation nearly useless. Bitcoinica was a popular bitcoin exchange back in 2012, but that reputation took a major hit when the company lost thousands of bitcoins belonging to customers. Promises were made to pay back customers in full, from Bitcoinica’s own pocket. However, a second hack followed shortly after, and even more customer funds were lost. In the end, the Bitcoinica story remained unresolved, and there has been no resolution to this very date. The fact that Bitcoinica was linked to Mt. Gox didn’t help matters either. September 2012 spelled the demise of bitcoin exchange BitFloor, during which 24,000 BTC were stolen by a hacker. To indicate how lackadaisical exchange security was at that time, the hacker managed to access an unencrypted backup of wallet keys. In the end, most of the lost customer funds were repaid, in U.S. dollars, not in bitcoin. February 2013 is the darkest period in bitcoin history so far, as this was the time when the second Mt. Gox “hack” occurred, and the exchange shut down for good. Even though the company only held 2,000 BTC, users were owed 750,000 BTC in total. The investigation into the missing or stolen BTC is still ongoing at time of writing. The list goes on and on. There were bitcoin exchange hacks in 2015 as well. There is a long way to go when it comes to creating a proper secure platform where users can trade and store their funds. But until that time comes, you are better off transferring funds out of an exchange at your earliest convenience.