Say any given exchange has a 50% chance of losing or stealing your money
Applying a population average to an individual is a course of last resort, especially in a marketplace that contains everything from solidly reliable businesspeople to those who will just take your money and run. One must seek further information about each individual to make a judgement about who can best be trusted.
For example, the reviews I found of one of the exchanges I considered were almost all negative, the main complaint being that it was next to impossible to withdraw funds from it and customer support was uncontactable. The few positive reviews I found read like spam. No-brainer there—avoid.
It also became clear to me that to deal seriously in cryptocoins (and dealing at all is too expensive to do frivolously), you must have your own wallet on your own machine, and not merely have an account with an exchange that holds your coins for you in their own wallet. The track record says that no exchange can be trusted to that extent. The latter is the usual way of handling conventional currency, but that is because banks, funds, etc. are on the whole and by and large, reasonably reliable, notwithstanding notable financial crashes from time to time. (Even then, you need to mitigate the risk by diversifying not just your kinds of investment, but the institutions they are invested with.) You then have to take seriously the security of that wallet, to the point of never exposing it to the internet except as absolutely necessary and for the shortest possible time.
In short, you have to think about specific failure modes and plan against them.
Your post is a good summary of how to have excellent cryptocurrency security, but why is it a requirement to have excellent security? In sentences like this one:
you must have your own wallet on your own machine
Where does the “must” come from? What would happen if you didn’t?
This seems like applying K-selection strategy, in a situation where a r-selection strategy might outperform. I posit that it would have been better to use $10 to buy 5 Bitcoin without substantial consideration of security risk, rather than put $0 in due to worries about security. Yes, you might lose that $10 in all sorts of ways, but that’s the risk you’re signing up to take, and the potential reward makes it worth it.
I bought 200 BTC and lost them in a hack. Later bought 50 ether and kept them in a wallet, so I still have those. In light of that, I’d say security was pretty important!
Security is great! I love security. I recommend hardware wallets if you’re storing a non-trivial amount of crypto.
But the question is about what someone should do when it’s 2011 and they want to buy $10 worth of Bitcoin as a (+EV) lottery ticket. My claim is that, if your goal is “have some Bitcoin”, then the options go like this:
“Buy Bitcoin + implement security best practices” > “Buy Bitcoin without worrying about security” > “Don’t buy Bitcoin”
It’s great if you can get the first one, but it’s irrational to let the existence of the first strategy push you into the third strategy. The second strategy ends up with “maybe some Bitcoin”, which is more Bitcoin then “definitely no Bitcoin”.
For my purposes, I rate the middle option lower than the last. I’m not interested in merely “having some Bitcoin” (or other cryptocurrencies, some of which look more promising going forward). My only reason for doing this is for a significant chance of making some useful amount of money. By “useful” I am roughly thinking in terms of at least 6-figure sums of money. Proper security is essential at that scale, and caution over who I deal with. My currently trifling amount of BTC was only to test the basics of how to do it, and in fact I haven’t yet tested the other half of the matter, i.e. turning BTC back into conventional currency.
a significant chance of making some useful amount of money
It sounds like you’re talking about a different bet than the one the article is about. Gwern’s 0.05% is not “a significant chance”.
I agree that for your totally different case, you should put more effort into security.
[Edit: The 80⁄20 for crypto security is to buy from Coinbase if you’re in the US, or the most credible local exchange if not. If you’re buying altcoins, convert from BTC/ETH on poloniex or shapeshift. Then put it in a hardware wallet such as Trezor or Ledger, with paper copies of your private key in a couple secure locations.]
Applying a population average to an individual is a course of last resort, especially in a marketplace that contains everything from solidly reliable businesspeople to those who will just take your money and run. One must seek further information about each individual to make a judgement about who can best be trusted.
For example, the reviews I found of one of the exchanges I considered were almost all negative, the main complaint being that it was next to impossible to withdraw funds from it and customer support was uncontactable. The few positive reviews I found read like spam. No-brainer there—avoid.
It also became clear to me that to deal seriously in cryptocoins (and dealing at all is too expensive to do frivolously), you must have your own wallet on your own machine, and not merely have an account with an exchange that holds your coins for you in their own wallet. The track record says that no exchange can be trusted to that extent. The latter is the usual way of handling conventional currency, but that is because banks, funds, etc. are on the whole and by and large, reasonably reliable, notwithstanding notable financial crashes from time to time. (Even then, you need to mitigate the risk by diversifying not just your kinds of investment, but the institutions they are invested with.) You then have to take seriously the security of that wallet, to the point of never exposing it to the internet except as absolutely necessary and for the shortest possible time.
In short, you have to think about specific failure modes and plan against them.
Your post is a good summary of how to have excellent cryptocurrency security, but why is it a requirement to have excellent security? In sentences like this one:
Where does the “must” come from? What would happen if you didn’t?
This seems like applying K-selection strategy, in a situation where a r-selection strategy might outperform. I posit that it would have been better to use $10 to buy 5 Bitcoin without substantial consideration of security risk, rather than put $0 in due to worries about security. Yes, you might lose that $10 in all sorts of ways, but that’s the risk you’re signing up to take, and the potential reward makes it worth it.
I bought 200 BTC and lost them in a hack. Later bought 50 ether and kept them in a wallet, so I still have those. In light of that, I’d say security was pretty important!
Security is great! I love security. I recommend hardware wallets if you’re storing a non-trivial amount of crypto.
But the question is about what someone should do when it’s 2011 and they want to buy $10 worth of Bitcoin as a (+EV) lottery ticket. My claim is that, if your goal is “have some Bitcoin”, then the options go like this:
“Buy Bitcoin + implement security best practices” > “Buy Bitcoin without worrying about security” > “Don’t buy Bitcoin”
It’s great if you can get the first one, but it’s irrational to let the existence of the first strategy push you into the third strategy. The second strategy ends up with “maybe some Bitcoin”, which is more Bitcoin then “definitely no Bitcoin”.
Th easiest way to buy Bitcoin was MtGox for a long time and anybody who just kept the Bitcoins at MtGox lost them afterwards.
Yep! When you make 1000-to-1 bets, usually you lose.
For my purposes, I rate the middle option lower than the last. I’m not interested in merely “having some Bitcoin” (or other cryptocurrencies, some of which look more promising going forward). My only reason for doing this is for a significant chance of making some useful amount of money. By “useful” I am roughly thinking in terms of at least 6-figure sums of money. Proper security is essential at that scale, and caution over who I deal with. My currently trifling amount of BTC was only to test the basics of how to do it, and in fact I haven’t yet tested the other half of the matter, i.e. turning BTC back into conventional currency.
It sounds like you’re talking about a different bet than the one the article is about. Gwern’s 0.05% is not “a significant chance”.
I agree that for your totally different case, you should put more effort into security.
[Edit: The 80⁄20 for crypto security is to buy from Coinbase if you’re in the US, or the most credible local exchange if not. If you’re buying altcoins, convert from BTC/ETH on poloniex or shapeshift. Then put it in a hardware wallet such as Trezor or Ledger, with paper copies of your private key in a couple secure locations.]