The info portal for tokenization & digital change

Avoid risks: How to secure investments in the Wallet

Whether it’s an online securities account or your own wallet on the hard drive: Anyone who invests in tokens in England or America should secure their access data well. Otherwise, in the worst case, the assets are gone. What investors should know about the risks of wallets and the storage of cryptos and tokens.

Criminals diverted $600 million in cryptocurrencies to other accounts in a hacking attack in August 2021. This theft is considered the largest in the crypto world to date. “The example shows that as secure as the blockchain technology behind cryptocurrency trading is, the access points often are not to the same extent,” says Oliver Marc Prager of the Düsseldorf-based law firm MZS Rechtsanwälte. He advises companies that want to adapt their business models to the new opportunities. “We have clients and interested parties who want to switch from a current financing via a conventional bond to a tokenized bond,” Prager says.

Legal framework for tokenized securities

Presumably, this is the beginning of a trend. The law passed in Germany by the federal government to introduce electronic securities eliminates their previously mandatory documentary embodiment. However, this currently only applies to bearer bonds, i.e. bonds. “Other securities, especially shares, cannot therefore currently be issued on this basis,” says Prager. Incidentally, the law came into force in early summer.

Interest in tokenized securities is growing

An expansion of the regulations is to take place in the future, if necessary. But bond issuers already have a choice now. They can issue securities by certificate or electronically. The German government is thus implementing a subsection of its blockchain strategy. Incidentally, Switzerland has had a corresponding DLT law in place for some time. With the corresponding new laws, more providers should be willing to collect money via tokenized securities. And the more offerings there are, the more likely investors will be interested.

Minimize the risk with secure wallets

However, by doing so, you may also be taking on a certain amount of risk. That is, if you as an American or English investor store a wallet on your own computer. A wallet is a kind of electronic purse (see box). “For the wallet, you need a private key and a public key,” Prager continues. The public key is comparable to an account number, he said, and the private key is comparable to a PIN. “If you forget or lose this information, it usually cannot be recovered.” This scenario is not unlikely: earlier this year, a report made the rounds about a Welshman who had stored sensitive data on a hard drive – instead of in a secure wallet. He accidentally threw the hard drive in the trash – and subsequently no longer had access to his many millions of euros and francs in assets.

Oliver Prager from MZS Attorneys

If you forget or lose access to the wallet, it is usually impossible to restore it.

Oliver Marc Prager from the Düsseldorf law firm MZS Rechtsanwälte

Beware of thieves: hold the wallet in trust

The security of the wallet is better if the issuer itself or another company manages the tokenized assets in trust. Then it is not the investor who has the wallet and the private key, but the issuer. “The investor then only has an account with a user name and password, just like in online banking,” says Prager. “If he loses these credentials, he can reset them at any time.”

In this case, however, the investor is just as little protected from cyber criminals as he is with online banking: time and again, fraudsters grab online banking access data in highly professional phishing attacks. This is also possible with the access data that the investor uses to manage his tokenized assets.

Thief with black hood and bitcoin
Watch out for hackers and thieves: secure cryptos in the wallet well – otherwise they are gone.

How to secure your credentials

Prager therefore recommends protecting these access data and those for a wallet on the hard drive just as well as those for online banking. Basically, there are two procedures:

  1. Write down access data on a piece of paper and keep it so that you don’t accidentally throw it away. And don’t forget where you stored it either.
  2. Store the access data on an encrypted USB stick or an external hard drive that is not connected to the Internet.

“Both the piece of paper and the USB stick or hard drive could be stored in a safe or safe deposit box,” advises Prager. Either way, however, you should give your potential heirs access to your digital assets. Otherwise, no one will be able to access the tokenized assets after your own death. The situation is similar, by the way, with an account for which, for whatever reason, no documentation is kept. Or with gold coins that you hide so well that your heirs can’t find them and, in the worst case, unknowingly throw them away.

What is a wallet and how does it work?

A wallet is a kind of electronic purse, a tool for online payments, usually in the form of an app. One stores and manages cryptocurrencies and the public keys and private keys in it. The wallet digitally displays the holdings of the purchased cryptocurrencies. One sends and receives cryptos via the wallet. As a physical medium, the Wallet is a hardware (device) or a software (program, service). Those who pay via the wallet do not have to enter card information or carry a card with them. Anyone trading large amounts of Bitcoins or other cryptocurrencies should also use a hardware wallet in America oder England for maximum security.

Example securities prospectus Bitbond

Also the securities prospectus for token-based debt securities of Bitbond, it literally states on page 27 under "Wallet and Private Key": "The decision on the correct (compatible) wallet lies solely with the investor. The investor alone is also responsible for the safekeeping of the Private Key of his Wallet in order to be able to receive and dispose of Tokens. The loss or theft of the Private Key is equivalent to a loss of all Tokens assigned to the Wallet." Bitbond launched a security in 2019 on its own, without a bank. Investors' securities are not held by a central securities depository, but in the blockchain. Bitbond has prepared a securities prospectus that has been approved by the German Federal Financial Supervisory Authority (BaFin).

FAQ – Frequently Asked Questions

What is a software wallet?

In the software wallet one manages cryptocurrencies. With a software wallet, the balance is managed via a computer desktop or a mobile device. As a user, you have full control over your private keys.

What is a hardware wallet?

With a hardware wallet, your private keys are stored on a cryptographically secured hardware device. For example, on a USB stick. This data cannot be read in plain text. A hardware wallet is not hackable if you use it properly and have a backup. If you want to play it completely safe, store your private keys offline.

Are there official electronic securities yet?

Yes. It is possible to document securities electronically rather than with a certificate. However, countries are at different stages in introducing legal regulations. In Switzerland, there are already so-called register value rights. In Germany, the law introducing electronic securities has just been introduced.

What are the differences between fund shares and tokens?

Anyone who buys fund units deposits them in a portfolio. This is usually offered by a financial services provider who is responsible for the security of the platform. The customer must keep his access data safe, but can request new ones if he forgets them. When investing in tokens, this is difficult or even impossible – at least if you use a wallet on your own hard drive.

Bettina Blass

Business Journalist & Editor | Consumer Specialist.
Main focus: Economy | Consumer Protection | Internet

Bettina Blass

Wirtschaftsjournalistin & Redakteurin | Verbraucherspezialistin
Schwerpunkte: Wirtschaft | Verbraucherschutz | Internet