Buying and Storing Bitcoins

![marches-crypto-monnaies.jpg](https://steemitimages.com/DQmP5cTjMajyZohFhCAqGLnHsqXrWXYVTso53XkooU3Dx2c/marches-crypto-monnaies.jpg)


In This Chapter
▶▶Learning how to buy bitcoins
▶▶Finding an exchange
▶▶Getting verified
▶▶Keeping your bitcoins safe

T
his chapter looks at the practicalities of beginning to use
bitcoin:
getting your (virtual) hands on that all‐important first
bitcoin, setting up a way to store and spend it, and of course, being
security conscious as you head off on your spending spree.
By the end of this chapter, you should be able to set up and get
going with bitcoin.
Before getting started, you will need one or both of the following:
✓✓Bitcoin Wallet software installed on your computer or laptop
(downloaded from https://bitcoin.org/en/chooseyour‐
wallet).
✓✓Bitcoin Wallet software installed on your mobile device
(downloaded from https://bitcoin.org/en/chooseyour‐
wallet).

Getting Started: How to
Obtain Bitcoins


The first hurdle to overcome when getting involved in bitcoin
is how to obtain bitcoins. Although you can do so using several
methods — which we’ll look at in this chapter — the most obvious
choice is to buy them.
But where do you go when trying to buy a digital token in exchange
for physical money? These platforms are called exchanges, and
just like an exchange office where you can use local currency to
obtain foreign currency, bitcoin exchanges exchange your physical
money for bitcoins.
A bitcoin exchange is the currency’s equivalent of the services
offered by banks or other regulated institutions that allow
currency
exchange — commonly known as FOREX transactions.
You may have an account at the bitcoin exchange where you hold
funds in your local currency and you use that account to trade for
bitcoins. From that account, you would send the bitcoins to your
preferred wallet and use the bitcoins as you see fit — similar to how
you would use local fiat currency held in your checking account.
If you recall, bitcoin was designed to work as a borderless, decentralized
payment method without needing to convert to local
currencies in order to be used. And although a lot of goods and
services may be purchased with bitcoin, the need to convert
bitcoins
(also called BTC) to local currency to pay bills and
whatnot
is still there. This is why we need exchanges — to help
facilitate these types of transfers.
Getting registered on an exchange
A bitcoin exchange usually takes the form of a website, though
there are a few physical exchanges out there (discussed later on
in this chapter). When it comes to choosing an exchange, you’ve
got plenty of choice of providers. Depending on your geographical
location and the type of fiat currency you use, certain exchanges
may be preferable to others. At this time, there is no bitcoin
exchange that services all countries in the world, due to legal
reasons. We recommend checking out the list of exchanges linked
from the Bitcoin.org website or reviewing a current guide from an
online news site such as Coindesk.
You can check them out here:
https://howtobuybitcoins.info/#!/
www.coindesk.com/information/how‐can‐i‐buybitcoins/
The main goal of any bitcoin exchange platform is to facilitate the
transfer from and to physical currency to and from digital currencies,
such as bitcoin.
Anyone can create an account at a bitcoin exchange without
having to buy bitcoins at that time or owning bitcoins beforehand.
Here’s the way an online bitcoin exchange works (the actual
details will vary depending on the exchange you sign up to):
1. You sign up for a user account by providing basic
information.
2. You then receive an e-mail in your mailbox to activate your
account.
3. Once you have activated your account, the actual
registration
process begins.
As you might expect from exchange services, they are the leading
indicators of how current market prices are fluctuating. In the
case of bitcoin exchanges, these prices can fluctuate by quite a
bit, as each business runs on a slightly different business model.
Some bitcoin exchanges will pay you less when selling bitcoin and
ask a slightly lower market price when you want to buy bitcoin.
Other exchange platforms will offer you the current market value
but take a small cut (0.05–0.5 percent) per executed transaction as
commission.
Even though bitcoin is all about supply and demand based on
the open market, buyers and sellers still need to be connected.
Most bitcoin exchanges use a trading engine, which automatically
matches buy and sell orders on both sides of the order book.
However, there are other options too, such as local peer‐to‐peer
trades, covered later in this chapter.
A very important aspect of bitcoin exchanges is the fact that
some — though not all — platforms allow you to exchange BTC to
a global currency that is not necessarily your local currency. For
example, if you live in China, your local currency is the Chinese
Yuan. However, if you want to get your hands on U.S. dollars
(USD), euros (EUR), or British pounds (GBP), you may choose to
use a bitcoin exchange trading in those currency pairs.
When attempting to make a withdrawal to your bank account,
the value may still be converted to your local currency if your
bank doesn’t accept foreign currency transfers. Always do some
research before attempting these types of transfers and make sure
you are prepared for any associated risks in doing so.
Bitcoin exchanges are obliged by their local laws and respective
national regulators of financial services and products to obtain
some of your personal information. This information includes, but
is not limited to, your full name, address, phone number (mobile
and/or landline) and country of residence. On top of that, most
bitcoin exchanges require you to fill in your date of birth, which is
part of the identity verification process (see the next section).
Know‐Your‐Customer:
Passing the KYC
In order to properly use a bitcoin exchange, you will need to
complete
a “Know‐Your‐Customer” (KYC) verification procedure.
This process sounds a lot scarier than it really is, even though you
are obligated to submit some very delicate information related to
you as a person.
Step 1: Confirming your phone number
The first step is verifying your mobile phone number. Most bitcoin
exchanges send you a text message to that phone number with a
code. That code needs to be entered on a specific page during the
verification process in order to verify that you have access to that
mobile number in case of an emergency, or during an account’s
password‐recovery process.
Step 2: Providing personal ID
The next step usually requires you to verify your identity by providing
a copy of personal identification. Depending on the bitcoin
exchange platform you’re using, these documents can range from a
scan of your ID or driver’s license and a recent utility bill, to a copy
of your birth certificate or passport.
The types of ID documents required depend on how much you are
expecting to trade through your bitcoin exchange. Larger amounts
require stricter verification, and thus more sensitive personal
information.
And this is one of the major struggles novice users face when
verifying their identity and purchasing bitcoins for the first time.
Besides the information that needs to be submitted, there’s also a
waiting period that must be taken into account before these documents
are verified. Most major bitcoin exchanges get these documents
reviewed within a few hours, but there have been reports of
delays taking up to a week.
Whenever you submit any documents, always make sure everything
is clearly legible, as this will make the verification process a
lot smoother.
Figuring out exchange rates
Bitcoin exchange rates to and from a country’s physical currency
may vary quite a lot. Not only do rates depend on the time of day during which you’re looking to make a trade, but there’s a massive
difference between various exchange platforms.
The bitcoin exchange business is very competitive in nature, and
every platform is looking to attract as many customers as possible.
In order to do so, each bitcoin exchange has to come up with its
own business model to cater to as many people as possible. In
most cases, the novice users are the largest untapped market, and
efforts are focused on making bitcoin more accessible.
To get the best exchange rates for yourself, follow these tips:
✓✓Whenever you’re looking to exchange bitcoin for physical
currency or vice versa, make sure to check the current bitcoin
price first. See the nearby sidebar “Keeping an eye on
exchange rates” for further details. Over the past few years,
bitcoin exchanges have started offering a “fixed” price per
bitcoin, assuming you complete the transaction within a certain
time frame. For example, when converting BTC into local
currency, a user must complete the transfer within the next
15 minutes in order to get the current price. Failure to do
so may result in a different price at the time of transaction,
which can be either higher or lower.
✓✓Keep a close eye on the bitcoin exchange rate for your local
currency at all times, to maximize your profits and reduce
your losses. Although Bitcoinwisdom.com is undoubtedly one
of our favorite sources of data, there are other similar sources
such as Cryptrader.com and Coinmarketcap.com. Whichever
tools you choose to use, they can aid you by giving you charts
such as you would expect to see in regular fiat currency conversions,
or just a flat BTC/local currency rate in digits. See
the nearby sidebar on exchange rates for more info. You can
check them out here:
https://bitcoinwisdom.com
https://cryptrader.com
http://coinmarketcap.com/currencies/
✓✓Keep in mind that there will usually be an exchange fee at
some point during the transaction, so be sure to understand
how much that will be. Some bitcoin exchange platforms take
a small cut when your buy or sell order has been executed,
whereas others will simply charge you more or pay you less
overall. Plus, additional fees may be applicable when withdrawing
your physical currency to a bank account or other
payment method.

Keeping an eye on exchange rates
Depending on which platform you are using, there are various methods at your disposal
to keep an eye on the current bitcoin exchange rate. For computer users, the
best option is to check the Bitcoin Wisdom website at www.bitcoinwisdom.
com. On this platform, you will find real time bitcoin price statistics for all major currencies
(USD, EUR, CAD, RUR, and CNY), and the most popular exchanges dealing
with those specific currencies.
For mobile users, the story is quite different. Most mobile bitcoin wallets show the
fiat currency value next to your bitcoin value inside the app itself (see Chapter 5
for more details on mobile wallets). This is a great way to give you an idea of how
much your coins are worth at any given time. Keep in mind you will need an active
Internet connection — either mobile data or wi‐fi — for this price to reflect the
current value.
Exchange rates on bitcoin exchanges fluctuate constantly, in part
attributable to free market supply and demand. In recent years, the
overall trading volume of bitcoin has increased exponentially, with
most of the trading taking place in China and the United States.
Despite all of that, other local exchange rates around the world
may go up when the major bitcoin markets are going down, or the
other way around.
Understanding peer‐to‐peer
versus regular exchanges
Two types of bitcoin exchanges are in use: peer‐to‐peer and what
we’ll call regular.
On the one hand, there are the regular bitcoin exchanges, which
use an order book to match buy and sell orders between people.
However, neither the buyer nor the seller has any idea who the
other party is, and this provides all users with a certain level of
anonymity and privacy protection. This is the most commonly
used form of exchanging local currency to and from its digital
counterpart in the form of bitcoin.
However, bitcoin was originally created to enable peer‐to‐peer
transactions. Unlike other familiar peer‐to‐peer technologies you
may be familiar with, such as torrent applications, in the bitcoin
domain peer‐to‐peer means a one‐on‐one relationship. A peer‐topeer
transaction means that you have data related to the person or entity you’re interacting with at all times, rather than interacting
with several different peers, as in the case of torrents. The information
you have on that person can range from a bitcoin wallet
address, to their forum username, location, IP address, or can even
involve a face‐to‐face meeting.
Rather than using an order book to match up buy and sell
orders — and thus controlling all the funds being used on the
exchange platform itself — peer‐to‐peer exchanges match buyers
and sellers without holding any funds during the trade.
For example, let’s say you want to buy a bitcoin from someone
who lives in the same city as you do. Rather than hoping to stumble
across that person on a traditional exchange — chances of that
are slim to none — you can initiate a peer‐to‐peer transfer with
that individual. There are several bitcoin platforms in existence
that allow you to register an account in order to find other bitcoin
enthusiasts in your local area. Some of the more popular platforms
include Gemini.com for the U.S. market, whereas Bitstamp.net and
Kraken.com offer facilities for customers in international markets
subject to their individual policies and restrictions. You can check
them out here:
https://gemini.com
www.bitstamp.net
https://kraken.com
That said, not everyone will be willing to meet up face‐to‐face.
Some people prefer a payment by traditional means, such as a
bank transfer or PayPal, rather than meet up for a cash transaction.
Depending on what kind of trading experience you prefer, peerto‐
peer trading may be more suitable for your needs than the
regular exchange. Generally, peer‐to‐peer trades do not require
you to provide any documentation regarding your identity and
offer a reputation system in order to track your own — and other
users’ — trading history. In doing so, your chances of completing a
trade successfully will only increase.
One of the most interesting aspects about peer‐to‐peer bitcoin
exchanges is their built‐in reputation system. Because you’re dealing
with other traders directly, whose funds are not overseen by the
platform owners themselves, the trust element is more important
than ever before. It only makes sense to know a little bit more about
traders’ previous history before going into business with them.

Storing Your Bitcoins: Being Safe
While Using Exchanges
One of the first things you should keep in mind when you consider
storing your bitcoins on an exchange platform is that it involves
quite a lot of security risks.
It goes against the very ideology of bitcoin to use middlemen and
be dependent on centralized services and platforms. And even
though these exchanges deal in decentralized digital currency, the
platforms themselves, like banks, still represent central points of
failure, which makes them incredibly vulnerable to attack. That
said, bitcoin developers are not sitting on their hands — see the
sidebar “Guarding Fort Bitcoin” for info on what they’re doing to
protect your funds.
Unfortunately for bitcoin users around the world, exchanges do not
have the best of reputations when it comes to storing your digital
wealth. Whenever an exchange is hacked, or the owners decide to
run off with the money, there is not much that can be done, except
trying to file legal action and hope the matter is investigated
sooner rather than later. When you put your money in a bank, you
are protected by government insurance — for example, in the U.S.,
the Federal Deposit Insurance Corporation (FDIC) insures your
deposits up to $100,000. Not the case when it comes to bitcoin
exchanges.
By storing your bitcoin on an exchange platform, you are not only
trusting the service to stay online at all times — which usually will
be the case, but you never know — you also rely on the platform
being secure enough. To put that into perspective: You are putting
your faith — and your financial wealth — in the hands of a
platform that claims to use sufficient security measures in order to
protect your data and money.
Luckily for the bitcoin world, exchanges have stepped up their
security game in recent years, even though there is never such a
thing as a bullet‐proof platform. As is always the case with new and
disruptive technology, it takes time to fully understand its potential
and how it should be properly protected. And in the past, exchange
platforms had to learn that the hard — and costly — way.
Even though bitcoin exchanges have become far more secure than
they were in 2010, that doesn’t mean they should be treated as an
online wallet service (see Chapter 5 for more on wallets). Bitcoin
users have plenty of options at their disposal to store BTC in a
decentralized and more secure manner. That said, centralized wallets
such as those provided by Blockchain.info or Coinbase.com
are popular as mobile solutions.


Guarding Fort Bitcoin
In the original bitcoin whitepaper (https://bitcoin.org/bitcoin.pdf),
as presented by Satoshi Nakamoto, are details on how bitcoin technology can offer
tremendous security improvements compared to the current banking infrastructure.
It would take quite some time until we saw the first developments in that area.
For example, a tool like multi‐signature security was only implemented in 2013.
Multi‐signature security in the world of bitcoin is similar to security for traditional
banking. Rather than entrusting one single person or entity with access to a certain
wallet, multiple “keys” are distributed to various parties.
For example: Mark and Alice want to open up a joint bitcoin wallet. In order to
ensure there is an unbiased “arbitrator,” they decide to give Dave a key as well.
During the wallet‐creation process, a total of three private keys are generated.
One key belongs to Mark, another to Alice, and a third key to Dave for safekeeping.
If either Mark or Alice wants to send a bitcoin transaction, they need to convince
each other or one of them needs to convince Dave that this is a good idea.
In practical terms, a multi‐signature bitcoin wallet means that multiple parties must
agree and sign off on the transaction with their key. In this case, either Mark and
Alice, or Alice and Dave, or Mark and Dave need to come to an agreement before
any funds can be spent from the bitcoin wallet. If only one party wants to and the
two other disagree, the transaction can’t be executed.
More information can be found at https://en.bitcoin.it/wiki/
Multisignature.
That said, protecting a financial platform — which is what bitcoin exchanges
are — is not an easy feat. Quite a lot of costs are involved in terms of hiring security
experts, testing new features, shutting down trading when a discrepancy occurs,
and so on. All in all, security and monitoring are a 24/7 job.
One of the additions to bitcoin exchange security comes in the form of two‐factor
authentication. Though this security feature is completely optional, it is advisable
for all users to enable two‐factor authentication (2FA) on their bitcoin exchange
account. (We talk more about 2FA later in this chapter.)
Bitcoin exchanges have started to implement multi‐signature bitcoin wallets themselves
as well. If a hacker were to breach a bitcoin exchange, transferring the
funds out is nearly impossible, as they would need other keyholders to sign off on
every transaction. However, not all of a bitcoin exchange’s funds are stored in cold
storage multi‐signature wallets. (More on this topic later in this chapter).


Long story short, storing bitcoin on an exchange platform for long
periods of time isn’t very secure. However, if you are planning to
spend or transfer those coins within the next 48 hours, it is relatively
safe to store them in the exchange wallet for the time being. Any
period longer than that, and you’re putting yourself at a major risk.

The best way to store your bitcoins is on a wallet in your control,
regardless of whether it is on a computer or a mobile device. See
Chapter 5 for more.
Bitcoin is designed to give end‐users full control of their funds, and
no one should rely on a third‐party service to keep their coins safe.
Transfer your funds from a bitcoin exchange or online wallet to the
bitcoin wallet software on your computer or mobile device as soon
as possible.
Using two‐factor authentication
(2FA)
Even if you aren’t planning to store bitcoins on an exchange for
an extended period of time, you may want to look into ways to
protect your account. Most (non‐bitcoin) online services require
users to authenticate with just a username and password, which is
not exactly the most secure way of protecting your credentials and
personal information.
In recent years, it has become apparent that more layers of
security
need to be implemented on top of the standard authentication
protocols. One of the more popular solutions to tackle this
problem is called two‐factor authentication (2FA), which requires
an additional “token” to be entered when accessing your account.
Failing to enter the correct combination results in an error
message.
It’s not uncommon for an unauthorized third party to get access
to your username and password credentials. This is not always a
fault of the individual, as some online services may use unsecure
methods
of storing these details. Enabling 2FA adds a layer of
security
on top of that to safeguard your data and money.
2FA may be used in multiple ways, although not all of these forms
are supported by every platform. The most common type of 2FA
comes in the form of Google Authenticator, which is an application
you can install on any mobile device. Using Google Authenticator
is quite simple. After you download the app to your mobile device,
you set up a new account:
1. Log in to the service or platform you want to protect
with 2FA.
2. Scan an associated QR code with the camera of your
mobile device.
3. Use that QR code to link to your authentication details,
pairing it to your mobile device.

Every time you open Google Authenticator, it generates a new 2FA
code for your account. These codes remain valid for a very short
period of time, after which a new code is automatically generated.
The validation of this code is automatically verified when logging
in.
Entering an expired code will return you back to the login screen.
Even though mobile 2FA sounds very convenient, a couple of
drawbacks
should be kept in mind:
✓✓You need to carry your mobile device with you at all times,
and it needs to be charged with enough battery to generate a
2FA code. This will not be an issue for most people, but it can
cause inconvenience at certain times.
✓✓If you lose your phone or it gets stolen, you also lose your
2FA credentials. Even though there ways to remove 2FA security
from your account and enable it on a new device, doing so
is quite the hassle and not a process you want to run through
if it’s not necessary.
Other ways to authenticate your account through 2FA include services
like Clef and Authy, available from the relevant app store for
your mobile device, and even plain old SMS verification. However,
these options — except for SMS verification — require you to carry
additional hardware on you in order to verify your credentials,
making them less convenient.
SMS verification also has its own drawbacks. For example, if you
are in an area where you get bad to no cellular signals, SMS verification
for 2FA purposes won’t work. Plus, if you are in a foreign
country, additional fees may be charged to you for receiving the
2FA authentication code.
Regardless of which option you decide to use, when it comes to
bitcoin exchanges, be sure to enable any form of 2FA you possibly
can. This protects your account properly, and even though it may
be slightly cumbersome at times, protecting your money is well
worth going the extra mile.
Understanding liability
The topic of liability regarding bitcoin exchanges is a gray area at
best. We’ll do our best to explain your liability here.
Bitcoin is an unregulated and ungoverned digital currency, which
makes any associated services fall under the same category by
default. However, depending on which part of the world you offer
that bitcoin exchange service to, there are some regulations you
will have to adhere to.

At the time of writing, it remains unclear as to who is liable when
your bitcoin exchange is hacked or when the service shuts down
all of a sudden. Most of the bigger, more reputable exchanges have
systems in place that protect you from financial risk up to a certain
amount. The idea is that, if the exchange gets breached, or your
funds are lost in any other way while stored on the platform,
the
exchange will reimburse you out of its pocket. That said, we advise
you to take a sensible approach and only store on exchanges what
you need and not treat them as secure storage for your bitcoins.
Some economists would go as far as saying that a bitcoin exchange
is a self‐regulating platform, such as NASDAQ. However, as big
as the NASDAQ is, it claims immunity from computer crashes —
meaning it will not reimburse any funds lost due to a computer
crash. Bitcoin exchanges operate in a different manner, but with no
clear regulator to report to, there is never a guarantee you will get
your money back.
The amount of protection that exchanges may offer to customers
may well depend on where they are registered and the licensing
requirements (or lack thereof) for the exchanges to operate in that
jurisdiction. Storing your bitcoins on an exchange for more than a
day or two is never a good idea, and if that exchange were to cease
operating for any reason at all, your options will be determined by
the local laws of the jurisdiction where the exchange is registered.
Generally speaking, the tougher the licensing requirements for an
exchange, the more protection you’re likely to be offered. However,
you should verify the details of any exchange that you choose to
use and the level of protection that it may or may not offer you.
Granted, you may be able to take legal action should the worst
come to pass, but a lawsuit is very costly and time‐consuming.
More and more bitcoin exchanges have opened the door to receive
independent third‐party audits. An auditor can verify whether a
bitcoin exchange is solvent enough to continue its operations, and
if needed, get the security measures stress‐tested to verify whether
or not user data is protected properly. We discuss current legislative
efforts in more details in Chapter 9.
Every exchange has its own way of publishing audit results. To find
more information regarding the audit report of your preferred bitcoin
exchange, contact its support via live chat or e-mail. A representative
will be able to give you a clear answer on whether or not
the company conducts audits and where the results are published.
Regardless of how you look at it, in the end, all liability lies with
the people using bitcoin exchanges. Bitcoin puts financial control
back in your hands, and if you decide to store bitcoins on an
exchange platform, they are your sole responsibility in the end.

Encrypting Your Bitcoins
Security is a very important aspect of the bitcoin world — without
the proper security in place, your digital wealth could get stolen at
any time. Bitcoin Core developers have taken notice of this problem
from the beginning and enabled a feature inside the bitcoin
client that lets you “encrypt” your wallet by protecting it with a
passphrase (see Chapter 5 for more on bitcoin wallets).
Bitcoin Core is the “standard” bitcoin software client for computer
users. All other bitcoin software wallets are based on Bitcoin Core
and provide a different user interface and/or bring additional
features
to the table.
Choosing a passphrase
By using a passphrase, you “lock” your coins from being spent.
Even if an attacker were to gain access to the device on which your
bitcoin wallet is running, they would not be able to do anything
with the funds unless they also had your passphrase.
Your sensitive bitcoin information — a file called wallet.dat that
holds the digital ownership of your BTC — is not encrypted by
default. This means that if you just install the bitcoin client on a
computer or laptop, it isn’t protected. As soon as someone gains
access to your computer, they can spend your coins instantly.
Therefore, you should properly encrypt your bitcoin wallet. The
latest Bitcoin Core client contains a feature that encrypts your
wallet with a passphrase. Or if you prefer, you can use an external
tool to encrypt your wallet.dat file, most of which are completely
free of charge to use. Keep in mind that you need to enter the passphrase
every time you want to access your funds or look at a transaction.
Encrypting a bitcoin wallet restricts it to “spectator” mode,
in which you can see the balance and incoming transactions, but
nothing else in detail.
All bitcoin users should encrypt their bitcoin client, and the best
code of conduct is to use a very strong and difficult‐to‐crack
password — preferably a password that contains numbers, upperand
lowercase letters, and even symbols such as @ or #. This password
should seem as random as possible to anyone else, but keep
in mind you have to enter it manually every time you want to use
your bitcoin wallet to its full potential.
If you want to encrypt a mobile bitcoin wallet, the process is
slightly different. Most mobile applications store the wallet.dat
file — or its mobile counterpart — on the device itself and protect it with a PIN code. Though PIN codes are generally less secure than
encryptions keys, they provide enough security for most users.
However, you can always look into encrypting mobile wallets as
well. Find software solutions using keywords typed into your favorite
search engine, such as 7Zip, Axcrypt, TrueCrypt, or Irzip.
Beware malware
Something every bitcoin user needs to keep in mind at all times is
that, regardless of whether you encrypt your wallet or not, there is
no such thing as a completely safe and secure environment.
Most bitcoin users will already have antivirus software installed on
their computer, but once you start saving financial data on your
machine — including bitcoin — you should add more layers of
security to your system.
Computer users need to protect themselves against all kinds of
harmful programs and software. Just installing an antivirus program
on its own is no longer sufficient, especially when bitcoin
wallets are being used. You’ll also need an anti‐malware and
anti‐spyware program, of which there are many available on the
Internet, such as Bitdefender, Kaspersky, and Norton Antivirus
products. Note that although these examples cited are termed
antivirus products, they contain a wide range of features to protect
you from the many security threats on the Internet.
A major threat plaguing bitcoin wallets around the world is malware.
Malware is a particularly nasty kind of software infection,
because the end‐user usually doesn’t even notice its presence until
it is too late. There are different forms of malware, each of which
can lead to you losing your bitcoins if you’re not protecting yourself
with the proper software tools. Malware can be spread through
your online behavior when you visit sites with malicious content
(usually adult‐related), click the wrong links on the Internet, open
suspicious e-mail attachments, or download illegal material. Each
of these events may pose a serious threat to your computer and
your bitcoin wallet, and should be avoided at all costs.
Not every e-mail you receive contains malicious files or images,
and you shouldn’t start to become paranoid about every e-mail
you open. But if you have no idea who the sender is, don’t open
any attachment in that e-mail. Clicking a suspicious link is harder
to spot, as it can even appear on your social media pages (especially
Facebook and Twitter, which are quite prone to these types
of links, and disaster is just one mouse click away).
Spyware is often compared to computer viruses, even though there
are notable differences between the two. Spyware logs information,
such as which websites and corresponding login details have been
used, which software you have installed on your computer, and what
kinds of e-mails you’ve sent and received. This is extremely worrying
for people using online bitcoin services, as spyware can obtain your
login details and someone can take advantage of that information.
A proper anti‐malware and anti‐spyware software solution is usually
not free, even though most can be tested without charge for a
period of time. But if you’re really taking the plunge to take back
financial control and manage your money yourself using bitcoin,
security is your number one priority.
Storing physical bitcoin
Rather than storing your bitcoins on a computer or mobile device,
a third option is fairly common among digital currency users.
Physical bitcoins — yes, they do exist — are not just great collector’s
items, they also let you store your digital currency on them.
Or to be more precise, most of them do.
Different types of physical bitcoins exist, just as currencies have
coins of different monetary values. The nearby sidebar “The
Casascius Series of physical bitcoins” highlights one particular,
popular line.
Each physical coin has its own price, and they come in various
alloys. The most common physical bitcoins these days are minted
in silver, although there is quite a selection of both bronze and
golden coins on the market as well. All coins require a small
upfront investment and can be seen as both a collector’s item and
bitcoin vault at the same time.
The Casascius series of physical bitcoins
Perhaps the most famous “line” of physical bitcoins is the Casascius series, created
by Mike Caldwell. Over the years, there have been several generations of
these coins, all of which can be funded by the buyer using bitcoin. For example, a
physical 0.5 BTC coin can be funded by 0.5 bitcoin. You should aim to fund these
coins for no more than their face value.
The main reason Casascius coins are so popular is because every edition had a
limited mintage, and all the non‐commemorative coins are made of silver or gold.
Additionally, several Casascius coins have had “errors” on them, which make them
even more valuable from a collector’s point of view.
More information on Casascius coins can be found at https://en.bitcoin.
it/wiki/Casascius_physical_bitcoins.

Most physical bitcoins allow the user to store a bitcoin wallet
address, and its private key is in the back of the coin. In doing so,
you are officially “funding” the coin by sending a BTC amount to that
designated address. All coins come with funding instructions, so for
the most up-to-date information on funding, read that small print!
Keep in mind that you are responsible for generating this address
and the associated private key yourself, so make sure you are the
only one who has access to those details.
Once you have created your bitcoin wallet address and private
key, you’ll also receive a small piece of paper on which this confirmation
is printed. This document usually comes with the coin itself
and includes a hologram. That hologram has to be placed over the
back of the coin, making sure your wallet information isn’t tampered
with (tampering would break the hologram).
Many people use physical coins to store some spare bitcoin in the
hopes of an increase in BTC price in the future. Plus, these coins
cannot be spent unless they break the hologram and retrieve the
private key.
Funding a physical bitcoin is a great way to keep your spending
habits under control.
Buying Bitcoins in Person
Buying bitcoins in person is a great way to venture into the world
of digital currency. Buying in person not only gets you acquainted
with peer‐to‐peer transfer, but is also a way to meet some new and
like‐minded people with an interest in bitcoin.
In‐person bitcoin trades can attract unwanted attention from
people when there is cash involved. Thieves have become more
aware of bitcoin trades being completed in person, and someone
walking about with a lot of cash is a perfect target for such
individuals.
Before you can complete your peer‐to‐peer trade, you need to
prepare
some important things. Perhaps the most important
aspect of completing any form of bitcoin trading is creating your
wallet address. After all, without a valid bitcoin wallet address,
there is no way to store your BTC.
Your bitcoin wallet address
Your bitcoin wallet is actually a long string of random numbers
and lower‐ and uppercase letters. It is impossible to remember a wallet address by heart, and that is intended. The reason for
this is simple: additional security. If someone were to remember
your bitcoin address, they could look it up on the blockchain
and monitor
your bitcoin activity in real‐time, for instance on
www.blockchain.info.
You may create a bitcoin wallet address in several ways, but if
you’re completing a peer‐to‐peer trade, mobile solutions might
be your best bet. By installing any of the many mobile bitcoin
wallet apps, the address generation process is usually taken
care of for you. But keep in mind that you may need to register
before using a certain app, so make sure to complete that part
beforehand.
A bitcoin wallet address will be automatically generated for you
once you install the bitcoin software on your computer or mobile
device.
Once you are set up and ready to go out, there’s one last thing to
complete. During your peer‐to‐peer bitcoin transaction, you need
to present your bitcoin wallet address in a convenient manner
to the person who is selling the coins to you. Rather than write
down your bitcoin wallet address — a long string of random
characters
— here’s a far better alternative: QR codes. You have
probably seen these weird‐looking square black‐and‐white codes
on product packaging or on TV. Your bank may use them as well
to authenticate mobile payments in a store nearby. QR codes are a
great way of sharing bitcoin payment details with other users.
By creating a QR code, you can easily share your bitcoin wallet
address with other users. All the other parties need to do is use
their phone camera to scan the QR code into their installed bitcoin
wallet app. All the details to complete the transaction on their end
are filled automatically.
Not only is the use of QR codes for bitcoin transfers user‐friendly,
it’s also less time‐consuming and improves the overall user experience.
After all, who wants to carry a laptop everywhere?
Another advantage of using QR codes is that the seller can show
you that a transaction has been sent on their device, and by the
time you check your device, the money has appeared. Keep in
mind that every bitcoin transaction generally takes six network
confirmations before the money becomes spendable.
Bitcoin transactions need to be confirmed on the network before the
funds become spendable by the recipient. Every time a new block is
found on the network — roughly every ten minutes — a transaction
gains one additional confirmation. In some cases, it takes up to an
hour before a bitcoin transaction becomes spendable.
Depending on which bitcoin wallet software you use, transactions
may become spendable much faster. Especially on mobile devices,
your funds are accessible a lot quicker than via computer. This is
different for every type of bitcoin wallet, even though the “norm”
is to have six network confirmations on a transaction before the
funds can be moved again. Chapter 6 talks more about this.
Meeting in public places
Meeting up for a peer‐to‐peer bitcoin trade is best done in a public
area. That protects both parties from potential harm — just in
case. Plus, it’s easy to navigate to a public place, even if you have
never been there before.
Pick a meeting place where you feel secure, preferably somewhere
that’s not directly linked to you personally. Don’t invite anyone to
your home or workplace, or any other place you frequently visit.
Most bitcoin traders intend no harm, but you can never be sure.
Another reason why public places are a better choice is that, in
order to complete a bitcoin transfer, both users need access to an
Internet connection. Plenty of places like coffee shops offer free
wi‐fi. In some cases, there may even be a network accessible
throughout the entire city.
And of course, most mobile providers in the United States, Europe,
and Asia offer data connectivity so long as you get a somewhat
decent network signal. Once again, this makes public places good
choices, compared to remote areas, where cellular connectivity
may be an issue.
Conducting a peer‐to‐peer bitcoin trade always comes with a small
risk. People have been held at gunpoint in an attempt to steal their
bitcoins. But this is extremely rare. Use common sense and exercise
caution, especially if your bitcoin trader comes running up in
a black-and-white stripy shirt carrying a bag marked SWAG.
Paying premium rates
Buying bitcoin in person from another user has the possibility
of one major downside: You may end up paying a premium rate
per bitcoin. This means that the price you pay to the person
selling
the bitcoin may be slightly higher compared to the actual
exchange rate.
Not all bitcoin traders have a real idea as to what the current
bitcoin
value is across major exchanges. Checking the current
value before agreeing to a peer‐to‐peer‐trade is a good habit to get
into. Not only does this give you better insight into how the bitcoin
market works, it helps you get the most bitcoins for your money.
Bitcoin exchange rates work both ways, of course: No law prevents
you from charging a premium rate as a bitcoin seller. This’s the
beautiful part about a free market based on supply and demand of
bitcoins — anyone can set his own prices. Buyers will always be
looking to buy as cheaply as possible, but if the seller’s price happens
to be the most convenient at that time, buyers will gladly pay
a (small) premium.
How big this premium price may be depends on the seller entirely.
Similar to how bitcoin ATMs operate (see nearby sidebar), a 5 percent
premium on top of the current exchange rate is no exception.
But you might encounter vastly different rates as well. It is a free
market after all. Always be prepared to pay a price above the current
exchange rate, as this is a small sacrifice you make in order
to conveniently buy bitcoins compared to going through a lengthy
verification process and sending a wire transfer.
Choosing a payment method
Completing a peer‐to‐peer bitcoin purchase means you have a
somewhat wider selection of payment methods at your disposal.
However, as people already agree to meet up in person, they will
probably tell you which payment method they prefer. In most
cases, the obvious choice will be fiat currency in hand.
Which brings us to what makes these in‐person trades slightly dangerous.
If you are planning to buy any amount of bitcoin worth less
than a four‐digit amount in your local currency, you should be relatively
safe. Never conduct a person‐to‐person trade in the hopes of
buying thousands of USD, EUR, or GBP worth of bitcoin and paying
in cash — that would most likely get you in trouble.
Bitcoin ATMs
A bitcoin ATM works like a regular bank ATM with some differences. By using a
bitcoin ATM, you can buy bitcoin in exchange for fiat currency. Some bitcoin ATMs
also let you sell bitcoin in exchange for fiat currency. Every bitcoin ATM operates
on a certain fee percentage, which can be anywhere from 0 to 12 percent.
More information on bitcoin ATM’s can be found at https://en.wikipedia.
org/wiki/Bitcoin_ATM.
Some local bitcoin sellers may accept a bank transfer and will pass
along the details to you when bringing a laptop with you or visiting
a bank ATM. However, this payment method is rarely used, for
obvious reasons. If they wanted to accept a bank transfer, there
would be no real need to meet up in person to begin with.
Using a payment method such as PayPal or a credit card will, in
most cases, never be an option when completing an in‐person
bitcoin
trade. The reason for that is simple: Both PayPal and credit
cards can be used to charge back funds, whereas bitcoin transactions
cannot. As a result, you could in theory buy bitcoin using
PayPal or a credit card, receive the coins, and then ask for a refund
through either the bank or PayPal. In most cases, you would actually
get the money back as well.
Hot Wallets and Cold Storage
When talking about bitcoin exchange platforms, two terms you will
encounter along the way are cold storage and hot wallet.
Both cold storage and the hot wallet are security measures put
in place by exchange platforms to safeguard user funds from any
mishap:
✓✓Cold storage refers to bitcoins kept offline. You could compare
this principle to banks moving customer funds into a
vault rather than keeping it at the bank teller desk. In the case
of bitcoin cold storage, though, there are other layers of security
in place. Examples of cold storage include bitcoins kept
on a USB drive or a dedicated hardware wallet.
As you may have guessed by now, most bitcoin wallets are
stored on servers connected to the Internet. Cold storage wallets
are kept entirely offline at all times, which also protects from
harm in case a hacker would attempt to breach the platform.
Bitcoin exchange platforms protect the majority of — or, in
some cases, all — customers from harm. However, there has
to be sufficient bitcoin liquidity (amount of funds available at
all times) within the exchange at all times as well, as there are
always users who want to make a bitcoin withdrawal. And a
proper exchange will process that withdrawal request immediately,
rather than delaying it by several hours.
✓✓Hot wallet refers to the method by which every bitcoin
exchange keeps a certain liquidity just in case there is a
massive influx of withdrawal requests. You may think of this
liquidity as similar to the cash reserve that any bank must
hold so that customers can access their funds at any point in
time. This hot wallet provides liquidity of digital currency at all times. Unlike cold storage, a hot wallet is a bitcoin wallet
connected to the Internet 24/7.
Good business practice for a bitcoin exchange means it never
stores too many funds in a hot wallet. Even if it stores only
1 percent of the total amount of bitcoins circulating on the
exchange, that can quickly add up to several hundreds or
thousands of BTC. And if the platform were to be breached,
the loss of funds would be quite catastrophic.
On top of that, most bitcoin exchange platforms will not process
large bitcoin withdrawals from their hot wallet either, but
rather move funds from cold storage to the intended recipient.
Every platform has its own internal limits for doing so,
making it hard to judge what is quantifiable as a large amount
(but as mentioned earlier, you should never store too many
BTC on an exchange wallet to begin with).
Securing user funds
Protecting user funds is priority number one for all bitcoin
exchanges. If there were even one report of a user losing funds
because of insufficient security measures, an exchange’s reputation
would be tarnished forever. And as always, bad news travels a
lot faster than good news.
To protect customer funds, bitcoin exchanges are using other
countermeasures besides cold storage and hot wallets (see the
previous section), even though these are the two most common
methods. There’s still plenty of room for improvement, and several
brilliant minds are collaborating to create a Bitcoin Exchange
Security Standard.
This standard would improve the overall security of bitcoin
exchanges and wallet providers and also set the table for minimum
requirements every platform has to adhere to. In the past, not
all bitcoin exchanges focused enough on security, which led to
multiple
hacks, breaches, and a lot of funds being stolen.
In its current form, there are ten standardized approaches to how
private keys and master seeds are generated, as well as the handling
of cold storage and hot wallets. A large focus is also put on
security audits, proof‐of‐reserve, and other concepts that have not
yet been unveiled.
Rather than have every exchange doing its own thing in terms of
security and protecting customer funds, a unified standard gives
bitcoin exchange a more legitimate status. This approach has led
to some great success stories in recent years, which is part of the
evolution of bitcoin’s ecosystem.
Furthermore, a unified standard would be of great aid to regulators.
Bitcoin is being kept under close watch by regulators all
around the world, so it would be in the best interest of the bitcoin
community to help them as much as we can. Regulators are tasked
with developing frameworks for bitcoin’s financial activities, and if
there is a standard in place for exchange platforms, it could be of
great benefit to all parties involved.
Preventing exchange hacks
Bitcoin exchanges have often been targeted by hackers intending
to steal BTC. And over the course of the years, vast sums of money
have fallen into the wrong hands, most of which can be attributed
to a lack of security on these platforms.
Some of the most notorious exchange hacks in the world of bitcoin
date all the way back to the very first time Mt. Gox (a Tokyo‐based
bitcoin exchange that has customers all over the world) became
the victim of a hack. One of the website’s accounts was compromised,
ultimately leading to a global price crash from roughly U.S.
$32 per bitcoin down to pennies. However, the hackers ran into Mt.
Gox’s daily withdrawal limit of $1,000 at that time, rendering their
entire operation nearly useless.
Bitcoinica was a popular bitcoin exchange back in 2012, but that
reputation took a major hit when the company lost thousands
of bitcoins belonging to customers. Promises were made to pay
back customers in full, from Bitcoinica’s own pocket. However, a
second hack followed shortly after, and even more customer funds
were lost. In the end, the Bitcoinica story remained unresolved,
and there has been no resolution to this very date. The fact that
Bitcoinica was linked to Mt. Gox didn’t help matters either.
September 2012 spelled the demise of bitcoin exchange BitFloor,
during which 24,000 BTC were stolen by a hacker. To indicate how
lackadaisical exchange security was at that time, the hacker managed
to access an unencrypted backup of wallet keys. In the end, most of
the lost customer funds were repaid, in U.S. dollars, not in bitcoin.
February 2013 is the darkest period in bitcoin history so far, as this
was the time when the second Mt. Gox “hack” occurred, and the
exchange shut down for good. Even though the company only held
2,000 BTC, users were owed 750,000 BTC in total. The investigation
into the missing or stolen BTC is still ongoing at time of writing.
The list goes on and on. There were bitcoin exchange hacks in
2015 as well. There is a long way to go when it comes to creating
a proper secure platform where users can trade and store their
funds. But until that time comes, you are better off transferring
funds out of an exchange at your earliest convenience.