Securing Your Client’s Bitcoins (Part 1)

In this post, I’m going to talk about how businesses can secure any bitcoins or other cryptocurrency they might have. Lawyers need to understand how their clients’ businesses work, both for litigation and compliance purposes. Not to mention that law firms themselves should probably consider keeping at least some funds in Bitcoin for flexibility.

Private Keys

First, we need to discuss some basic concepts: Any bitcoins you have (and this is generally true for other cryptocurrencies) will be assigned a specific public/private key pair. The public key is also the address that people use to send you bitcoins. The private key lets you send those bitcoins to someone else. If a malicious actor has the private key, your bitcoins are gone, period. So the entire goal of Bitcoin security is to keep that key secure. (Really, it’s keys, plural, but we don’t have to get into that right now.)

Paper Wallet

Paper wallets put the public and private keys on a physical sheet of paper. By their very nature, they can’t be hacked. But except for sole proprietorships or very closely held companies, they are not suitable for business use. Why?

  • They can be destroyed in a fire or similar incident and the bitcoins would be lost forever.
  • It’s impossible to know whether a paper wallet had been copied at some point along the way.
  • There is no audit trail for a paper wallet.
  • Whenever the company wants to use funds in a paper wallet, the private key needs to be transferred into an online wallet.
  • It’s difficult to transfer responsibility for a paper wallet when someone is fired or moved to a new position. The easiest way to do it would be for the newly responsible employee to create a new paper wallet and transfer all the funds from the old paper wallet into it. But then any new funds transferred into the old wallet would be lost.

If you want to use a paper wallet:

  • provides a wallet generator for Bitcoin
  • provides a wallet generator for Litecoin
  • provides a wallet generator for Ethereum

Later Posts

In later posts, I’ll talk about more enterprise-friendly methods, like hardware wallets, multi-sig, and other ideas that businesses could implement.

Author: Michael O'Connor

Michael O'Connor is a Visiting Assistant Professor of Law at Penn State. He teaches in the areas of cyber law, including data security & privacy, cybercrime, and emerging technologies. His scholarship focuses on cryptocurrency and blockchain technology, including securities regulation, money laundering, and other topics. He joined Penn State Law from private practice at the law firm Quinn Emanuel Urquhart & Sullivan LLP, where he was resident in the Washington, D.C., office. Before that, he clerked for the Hon. D. Brooks Smith on the U.S. Court of Appeals for the Third Circuit and worked for another major international law firm. While in private practice, Michael advised clients on legal planning for data breaches, their obligations for safe handling of personally identifiable information, and the legal implications from emerging technologies like Bitcoin, Ethereum, and the blockchain. He applied his technical training to patent cases involving semiconductor design, systems programming, and mobile device architecture. He also worked on multiple cases at the intersection of patent and antitrust law. Michael represented clients in cases before federal courts throughout the country, as well as before the International Trade Commission.​

One thought on “Securing Your Client’s Bitcoins (Part 1)”

Comments are closed.