According to CoinDesk, 2021 was the cryptocurrency industry’s biggest year ever. This banner year was credited to not only because token prices went up, which was highlighted by some seeing gains in thousands of percentage points, but also — and more importantly — crypto growth this past year came in the form of major adoption and integration, such as El Salvador’s bitcoin policy and the embrace of crypto currencies by major brands and celebrities.
Furthermore, cryptoasset payments have been adopted by major organizations such as PayPal, Visa, and Mastercard during 2021. This suggests that the trend of cryptoassets being used for transactional purposes is starting to enter the mainstream and may be here to stay.
The fact is, these cryptoassets are increasingly valuable. According to Fortune, experts predict that Bitcoin could reach $100,000 in 2022. This puts a bullseye on cryptoassets by criminals around the globe. Hackers are getting more creative and aggressive and are seeking opportunities wherever and whenever they can to get their hands on this new form of currency. CNBC recently reported that “Cryptocurrency theft rose 516% from 2020, to $3.2 billion worth of cryptocurrency.”
In years past, only large corporations and government organizations needed to worry about highly skilled hackers targeting their systems. Today, because cryptocurrencies can be stored directly on a person’s computer, hackers are motivated to go after even a private citizen’s systems.
Because these assets are so valuable, many are asking how they can be secured and protected. A common way to organize and store assets like Bitcoin is with a wallet. A Bitcoin wallet is a digital wallet that can hold Bitcoin as well as other cryptocurrencies, such as Ethereum or XRP. It is used to store, send and receive Bitcoins much like a physical wallet will hold physical currency. The difference is a digital wallet stores the cryptographic information used to access Bitcoin addresses and send transactions.
There are several types and categories of wallets with varying degrees of usage and security. For example, an exchange wallet like Coinbase or Binance enables users to create accounts and store their cryptocurrency within the exchange’s infrastructure. This provides benefits such as streamlining transactions, but also comes with inherent risks. If a bad actor gains access to the exchange’s network, the cryptocurrency could become vulnerable. Another resource is called a “hot wallet,” which Investopia describes as applications (usually a mobile app) connected to the internet and the cryptocurrency infrastructure. Hot wallets give users an interface to access and store their cryptocurrency, while enabling the cryptocurrency network to facilitate any changes to the transaction record kept on the decentralized blockchain ledger. Because the public and private keys are stored on the internet, the items in a hot wallet are vulnerable to attack. No matter how many firewalls, passwords and other precautions are taken, if the hot wallet is on a computer that is connected to the internet, it is reasonable to say it is at risk.
According to Investopia, a potential solution to this security issue is to move these digital assets offline into what is known as cold storage. Cold storage is usually considered even more secure than a traditional wallet because it ensures the crypto assets are entirely separate from any Internet access. One method of cold storage is to use an SD memory card as your wallet. There is no need to worry about a hacker gaining digital access to an SD memory card wallet when the wallet itself is not online.
There are several off the shelf hardware wallets that make use of SD memory cards as the cold storage for protection and to securely store encrypted content for bitcoin and other cryptocurrencies.
One popular example (for Bitcoin only) is Coldcard from the Canadian company, Coinkite. Coldcard is an open-source hardware device that looks like a handheld calculator. It is a Multisignature wallet (or multi-sig, for short), that requires two or more private keys to sign and send a transaction. Coinkite is one of the oldest and most experienced Bitcoin companies and has filled Coldcard with numerous features, including a microSD backup, that have given it a reputation as one of the more secure options to store Bitcoin on the market.
A demonstration of how Coldcard leverages microSD memory cards is provided by Bionnex:
microSD Memory Card
Coldcard uses partially signed Bitcoin transactions (BIP174) to achieve a completely air-gapped environment where you never need to connect the wallet to a computer. You first create a transaction on your PC using any wallet that supports BIP174. You save the transaction on the microSD memory card and then insert the card in the microSD slot on the side of the wallet. The transaction is signed by the Coldcard using your private key. You then plug the SD memory card back into your PC and broadcast it to the network.
Another example is BitBox02 from ShiftCrypto of Switzerland. This multi-sig wallet has gained notoriety for its simplicity and ease of use, which makes it particularly appealing to those who are new to cryptocurrency. This piece of hardware has a minimalist design that looks similar to a thumb drive. With the BitBox02, users can connect to any Dapp on the Ethereum ecosystem, such as NFT marketplaces, decentralized exchanges (DEXs) and many more DeFi applications, while keeping keys safely stored on the device. BitBox02 supports Bitcoin, Litecoin, Cardano, Ethereum, Chainlink, BAT and 1500+ ERC20 tokens. That said, arguably the best feature is BitBox02 provides easy backup and restore with microSD memory cards.
It outlines the backup process here:
Create your wallet backup:
The BitBoxApp now shows you important security considerations about the backup you are going to create on the microSD memory card. Read these carefully and confirm the checkboxes, then click “Continue”.
Now insert the microSD memory card and tap the checkmark on the BitBox02. The BitBox02 now creates a backup of your wallet on the microSD memory card and asks you to confirm today’s date.
Remove and secure your microSD memory card by storing it in a safe place.
The final example (among many) is the Trezor Model T by SatoshiLabs, headquartered in Prague. This is the next-generation hardware wallet that emerged from the experience of the Trezor One, which according to Chain Debrief was the first Bitcoin hardware wallet to be released commercially. It has a modern and intuitive interface for improved user experience and security. Part of this enhanced security is how it leverages SD memory card technology, which is described in its user manual as follows:
SD protection provides extra protection against physical attacks on the Trezor Model T. When it is enabled, a randomly generated secret is stored on the microSD memory card that you can insert into your Trezor Model T.
During every PIN checking and unlocking operation this secret is combined with the entered PIN value to decrypt data stored on the device. Simply put, the device gets bound to the SD memory card and cannot be unlocked without it until you intentionally disable the feature or factory-reset your Trezor.
If you are concerned about physical attacks, you can remove the SD memory card whenever the device is not in use and keep the two in separate locations. One without the other is worthless to an attacker, because the SD memory card protection feature is an entirely random value which carries no information about the seed or passphrase.
Keeping digital assets like cryptocurrency in cold storage can significantly reduce the risk of unauthorized access. Remember, your computer must be offline and disconnected from the internet or a network (defined as a collection of computer systems and devices that are linked together using LAN, WAN, CAN, or HAN) to keep your cryptocurrencies safe. By keeping an SD memory card with cryptocurrency in a safe deposit box, you will know for certain that they are secure and out of reach from cybercriminals.
Today’s SD memory cards have incredibly fast read/write speeds and can easily handle cases in which large volumes of data are associated with cryptoassets. Furthermore, many manufacturers offer a lifetime or 10-year warranty, which provides peace of mind for the long haul.
Disclaimer: The information provided in this article does not, and is not intended to, constitute legal or financial advice; it is for general informational purposes only. Any links to outside sources are provided as a convenience; they do not constitute an endorsement or approval by the author, the SD Association or its members.
Yosi Pinto is chairman of the SD Association. Pinto can be reached at Yosi.Pinto@wdc.com.
SD trademarks are owned and licensed by SD-3C LLC.
© 2022 SD Association. All Rights Reserved.