Actual Bitcoin units are stored in “wallets” – secure cloud storage locations with special information confirming their owners (Bitcoin users) as the guardians of the Bitcoin units contained within. Though wallets like Coinbase theoretically protect against the theft of Bitcoin units that aren’t currently being used, they’re vulnerable to hacking – particularly public wallets used by Bitcoin exchanges, online marketplaces, and specialized websites that exist solely to store Bitcoin wallets known as “wallet services.”

The largest and most notorious Bitcoin hack involved wallets held by Mt. Gox, a Japanese Bitcoin exchange that shut down after hackers stole hundreds of millions of dollars in Bitcoin (in contemporary valuations) from its supposedly secure servers. Hackers often target public wallets that store users’ private keys, enabling them to spend the stolen Bitcoin. Ars Technica has a nice rundown of Bitcoin hacks large and small, current to late 2017.

Like keys, copies of wallets can be stored on the cloud, an internal hard drive, or an external storage device. Unlike keys, they can’t be stored on paper. As with keys, it’s strongly advised that users have at least one wallet backup. Backing up a wallet doesn’t duplicate the stored Bitcoin units, only their ownership record and transaction history.

Private Keys
Every Bitcoin user has at least one private key (basically, a password), which is a whole number between 1 and 78 digits in length. Individual users can have multiple anonymous handles, each with its own private key. Private keys confirm their owners’ identities and allow them to spend or receive Bitcoin. Without them, users can’t complete transactions – meaning they can’t access their holdings until they recover the corresponding key. When a key is lost for good, the corresponding holdings move into a sort of permanent limbo and can’t be recovered.

Users either manually create their own private keys or use a random number generator to do the same. Keys can be stored online (either in private cloud storage or on public Bitcoin exchanges), on physical storage media (such as thumb drives), or on paper, and only entered online during transactions.

Since private keys essentially give Bitcoin holdings value, security experts advise against storing private keys in easily accessible online locations or keeping only one private key copy. Savvy users store identical key copies on paper printouts and physical media not connected to the Internet.