An online wallet service could "lose" my bitcoins?



At, there's a prominent notice that an online wallet service could "lose your bitcoins." As I understand it, all bitcoin transactions, and therefore wallet balances, are stored in the block chain, on the peer-to-peer network, so they would not be lost in the event of a service failure. I suppose that the notice is meant to warn against loss of bitcoin addresses/keys, right? As long as I back up my keys locally, I can always recover my bitcoins, right? (Nevermind the case of an untrustworthy wallet service that doesn't protect my keys, or uses them to rob from me.)


Posted 2013-07-13T11:47:20.950

Reputation: 21

yes it could, just as a bank could loose your money. The difference is insurance. – Loourr – 2013-07-13T15:27:13.593

Huh? A bank could lose my money in the sense that a server of theirs could crash and not recall the amount of money I have saved with them, but I don't understand how that applies to bitcoin, where (I suppose) every client maintains a copy of every balance. Insurance comes from government, and I understand that there is no such thing for the bitcoin economy. – Marc – 2013-07-13T15:41:41.303

A bank gets robbed, you loose your money. and exchange wallet gets hacked you loose your btc. A bank goes under and cant pay your money back, an exchange mismanages funds and cant pay your money back. The risk that your talking about is inherent in any market. – Loourr – 2013-07-13T16:15:37.207

For the highly technically minded you might want to read this question (and answer) on Crypto Stack Exchange that covers sharing private keys across trusted third- and fourth-parties.

– Gary Rowe – 2013-07-14T09:44:33.920



The loss refers to a few things, all centered around the simple fact that using an online wallet creates a SPOF (single point of failure).

Consider effects on your balance when:

  1. Online wallet operator incompetence enables

    • Accidental deletion of private keys for addresses in which your balance is stored.

    • Security vulnerabilities in proprietary code may let someone else send your balance elsewhere or store your keys for theft if and only if your balance gets large.

  2. Online wallet operator dishonesty enables

    • Operator or its government(s) to seize your balance.

    • Vendor lock-in if you cannot derive the private keys yourself (e.g. your password simply decrypts client-side private keys stored on the wallet service).

    • Theft if the Operator decides to close shop, be it a MAD scenario or theft of balance once private key is exposed.

One should only use an online wallet with these features:

  • Service cannot derive private keys
    • Private keys are stored encrypted
    • Keys are decrypted client-side
    • User is prompted to accept code updates
    • User is permitted to review client-side code before accepting updates
  • Service offers portability
    • Once decrypted, private keys can be shown to the user
    • User tests import to another wallet client, be it a service or fat client
  • Service offers two-factor authentication
    • Password and security token authentication
    • Security token is decentralized or wholly random (RSA, Google Authenticator, etc.)
    • Security token is hardware-based and single purpose (YubiKey)

Colin Dean

Posted 2013-07-13T11:47:20.950

Reputation: 6 834

Very informative answer. Just to be sure I understand: (1a) I protect myself by keeping a backup of all of my bitcoin keys/addresses; (1b) I should use a trustworthy wallet service with a good reputation for security; (2a) if I install my own bitcoin client, am I somehow immune from this kind of prosecution? (2b) if I use a service that allows me to save my keys locally, then I'm safe; (2c) this is under the umbrella of a dishonest bank that robs from me because they have access to my private key. And by heeding the rest of the advice, I can select an online wallet service with little risk? – Marc – 2013-07-13T17:49:59.273

1a) Yes. 1b) Yes. 2a) Yes, assuming that no one can get physical control of your device, or that you don't download a virus of some kind. 2b) Yes, in which case you're basically using a fat client in the browser and the same precautions apply. 2c) Yes. Rest of advice: in my opinion, yes, but I'm just one random guy on the Internet with enough StackExchange points to indicate that I probably know what I'm talking about. You should still do research on your own to choose one that is best for your needs. Personally, the only web wallets I use are exchange wallets and I don't store much there. – Colin Dean – 2013-07-13T18:35:22.500