What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
Nevertheless, it does not stop hundreds of different exchanges and wallets taking charge of the users funds, practicing internal transaction between members that are not propagated to the blockchain, and what not.
It can also be seen, that they are sensibly spending quite a fortune to secure those private keys, however, to me this expanse is obscure and redundant,
considering the fact that the protocol already had a build in security mechanism.
However, this is far more than an abstract and ideological problem, according to Wikipedia’s history of Bitcoin, no less than 17 major, known Bitcoin exchanges got mysteriously closed since the reveal of the Mt. Gox hack on the 19 June 2011.
The most recent security incident occurred on August 2016, when hackers stole $72 Million of customers worth Bitcoins, sending bitcoin into a sharp dive of nearly half it’s value in a few days.
As intimidating it may sound, Bitcoin Core has a simple and straight-forward user interface, with a support for all major platforms (Windows, Linux, MacOs and even mobile).
Do not forget this passphrase, since by doing that you will irreversibly lose access to your funds (I always say that it’s better to lose money over one’s own stupidity).
Is is also a common practice to use ‘cold-storage’, this fancy term basically means keeping your encrypted private key off the internet, in a physical storage medium(or several of them), and signing transaction offline.
A side note about hardware wallets: do not use them, it is a waste of money since the same level of security can be achieved with the free, open-source Bitcoin-core software, and you do not really know what software those magic ‘vaults’ are running (there were recorded cases of breaches and phishing).
And, when you think about it, it’s also kind of like trusting a 3rd party, right?
That is all great, however, to run those solutions you must run a 3rd party(cough cough) software on your computer along with the Bitcoin-core software, which introduces 2 additional problems:
- Cold/offline transaction signing is no longer possible.
- Despite being a professional open-source project, it still means you give the exchange software an unrestricted amount of trust, which increases your risks in case of any security vulnerabilities on their side.
2. Moving the funds to an exchange solely for the purposes of exchange / margin trading, and withdrawing those funds immediately once the trade has been executing.
- Login, possibly using 2FA
- Deposit funds
- Wait till deposit is confirmed
- Place an order
- Wait for the order to execute / risk slippage by placing a ‘market’ order
- Finally, withdraw your funds back your wallet and logout
This option, which I consider the most suitable for the vast majority of the volumes traded on order books of the traditional exchanges, allows you to perform the 6 operations described in the previous option in a blink of the eye,
and at a similar cost considering the cost of your time (Maximal 1% of total spread on crypto-to-crypto trades on both sites, no extra fees).
The first option (shapeshit.io), supports dozens of the most liquid currencies, and completely anonymous trading, with nothing but your Public Key (Address) is exposed.
However, it also has somewhat of a price slippage when the traded amount is greater than 1 BTC.
The latter option (nexchnage.co.uk) currently only supports the crypto-majors (BTC, ETH, LTC), however it has no price slippage up to a 10 BTC order, with a price guarantee of 30 minutes, and a support also for 28 Fiat currencies (using various e-wallets, SEPA, Swift, SOFORT and Credit Cards).
It may also require a phone verification and basic KYC for funding using some fiat payment methods.