kraloz - Fotolia
Cryptocurrencies are here to stay. Many countries -- including the U.S. and countries in the European Union -- have taken steps to allow their use under financial and tax laws and regulations. Other countries, such as China, are more circumspect. While not banning them outright, many of these other countries have passed measures to limit their use due to concerns over price volatility and potential use for money laundering and illegal transactions.
The volatility of bitcoin has also led some companies, such as gaming website Steam, to no longer accept bitcoin payments. With Microsoft, PayPal, Overstock, Tesla and other major companies accepting bitcoin payments, however, its use is gaining in popularity, particularly with the millennial generation.
One benefit for merchants is that bitcoin transaction fees are typically lower than the 2% to 3% charged by credit card processors, and it also eliminates the risk of chargebacks. A top benefit for customers paying with bitcoin is that it is not necessary to provide any personally identifiable information, such as name and address. This increases privacy and reduces the chances of identity theft.
How safe is bitcoin?
Several elements help secure bitcoin from theft. Cryptography controls the creation and transfer of a cryptocurrency, and the protocols underlying bitcoin have proven to be strong. Bitcoin's use of a distributed ledger technology (DLT), commonly known as blockchain, gives owners a record of all their transactions that cannot be tampered with because there is no single point of failure. Bitcoin's DLT transparency means all transactions are available to the public, but the individuals concerned remain anonymous so there is no possibility of a data breach as with traditional financial systems.
However, DLT's and blockchain's strengths haven't stopped attackers from exploiting vulnerabilities within crypto-exchanges, which are platforms on which customers make payments and trade cryptocurrencies for other digital or conventional currencies, and crypto-wallets, which are the software used to store bitcoin on computers and smartphones.
Crypto-exchanges and -wallets generally do not provide enough insurance and security to be used to store money in the same way as a bank. Not surprisingly, as the value of a bitcoin has increased, so too has the number of viruses designed to steal bitcoin from wallets, as well as cyber attacks against exchanges. With the value of a bitcoin trading from anywhere between $29,000 and $63,000 so far in 2021, attacks can be lucrative. CrowdStrike Intelligence noticed hackers shifting from operations targeting large financial institutions to crypto-exchanges. In 2019, about $293 million worth of cryptocurrency and 510,000 user logins were stolen from 12 crypto-exchanges, while 2020 saw nearly $3.78 billion stolen, according to Atlas VPN, with around $281 million taken in one attack against the KuCoin exchange.
How to secure bitcoin wallets
Despite the increasing rate of cyber attacks, cryptocurrency wallets are getting more secure and are still among the best ways to secure bitcoin. Each of the multiple wallet options come with security needs to consider.
Users have to treat their bitcoin wallet the same way they would a real one. A best practice with bitcoin wallets is to use both a hot wallet and a cold wallet. Keep only a small amount of bitcoin on a computer or mobile phone for everyday use in an online (hot) wallet, with the balance kept in a separate offline (cold) wallet. This safeguards the majority of a user's bitcoin from malware trying to intercept the password used to access a wallet or malware trying to find unencrypted wallet data in the device's RAM.
An offline wallet involves installing the wallet software on a bootable USB or a live CD to ensure the OS is virus-free and doesn't cache, log or store wallet keys anywhere. The cold wallet needs to be kept offline and physically secure -- maybe even in a traditional bank vault -- as the loss or theft of a wallet means the permanent loss of the bitcoin it contains. For example, a hard drive storing 7,500 bitcoin was thrown away in 2013 when the owner forgot it contained the cryptocurrency. Worth roughly $7.5 million at the time, as of this writing, the amount would be valued at around $322 million.
For hackers to steal bitcoin from cold wallets, they would need physical access to a wallet and would need to know any associated PINs or passwords used to access the funds in the wallet. If an offline wallet is encrypted, it is important to not forget the passphrase. Some experts prefer not to encrypt this type of wallet because, in the event of death, descendants would not be able to access their inheritance.
These wallets are easier to use than cold wallets but still offer a similar level of security. They are physical devices that act as a flash drive and store a user's private keys. Even when connected to another device, the private keys are never exposed as the signing of transactions is completed onboard the device. They cost $50 or more but can be used even with devices the user doesn't trust. As with any type of wallet, the PIN or password required to access the private keys should be kept secure.
Offline or cold storage services are available, but they aren't regulated by the financial services industry. Some services are insured by an underwriter to provide protection against theft or loss of bitcoin, but users who want to remain anonymous will find it difficult to find a service that does not require some proof of identity. When choosing a cold storage service, check its location, storage technology, reputation, commission rates and how funds can be accessed.
Although bitcoin is a purely digital currency, it can be kept secure in analog form. Paper wallets can be used to store bitcoin offline, which removes the possibility of the cryptocurrency being stolen by hackers or computer viruses. Printing the contents of a wallet -- basically, the private keys and their corresponding public keys -- creates a physical record that must be kept secure. Most wallet software can create a paper wallet, along with QR codes of the keys, which can be easily scanned and added to a software wallet. While paper wallets were once a popular method of storing bitcoin, hardware wallets have made managing and safeguarding cryptocurrencies a lot easier.
Most software and hardware wallets rely on a single signature key. But, if the key is lost or stolen, the funds in that wallet are lost as well. Multisignature (multisig) wallets require two or more private keys to authorize a transaction, greatly decreasing the chances of the wallet being accessed if lost or stolen. For example, a user can set up a multisig wallet with three keys and require at least two keys to access the wallet. One key is then stored in a secure location as a backup key, and another is stored on the user's mobile device. The third key can be stored with a multisig provider so, when the user signs a transaction using the key on their mobile device, the provider automatically checks that the user has entered the correct password -- and possibly other context and fraud checks similar to card checks made by banks -- and then signs the transaction with the user's key they are storing. This completes the two-key requirement to authorize a transaction.
Multisig wallets can improve security because the provider can't access the wallet because the provider only has one key. If users lose their mobile device, they can use the backup key and the key held by the provider to recover their money. If the user's device were stolen, the thief would still need the password to access the key stored on it. Multisig wallets can also be used to ensure at least two people within an organization have to authorize a bitcoin transaction. If the third key is not stored with a multisig provider but on a second device the user owns or in a paper wallet, day-to-day transactions are not quite as simple, but the increased level of security still exists.
Keeping bitcoin secure: Best practices
Any computers or mobile devices that run wallet software should use two-factor authentication. Mobile devices should require fingerprint recognition or a PIN to unlock them. Antimalware software should be running on all devices to guard against phishing attacks, fake websites and malware. Hardware wallets are a more secure option than software wallets as they require physical interactions to confirm a transaction and never expose the keys.
Regular backups of any type of bitcoin wallet are essential to protect against computer failure, theft and human error. Users should never store backups online, especially if they are not encrypted. Encryption tools, such as GnuPG and VeraCrypt, are free and straightforward to use. Always use a secure and complex password unique for each wallet and exchange, and keep wallet software up to date. Also, be aware of the latest bitcoin and cryptocurrency scams to avoid being tricked into exposing keys.
Carefully research any cryptocurrency service or software you intend to use to avoid being scammed, overcharged or denied access to your money. Bitcoin transactions are only pseudonymous. So, if someone knows when, where and how much a user spends, they could potentially find the transaction in the bitcoin ledger and uncover the wallet's address, which could then be used to track spending habits. It's far easier to collect this type of information through someone's internet browsing activities, however.
Keeping bitcoin secure requires planning and some effort, but it is not as complex and time-consuming as it used to be. It is well worth the trouble for anyone with a reasonable number of bitcoin.
Bitcoin is more than a passing internet fad. Dedicated hardware wallets provide a balance between security and ease of use, while increasing the general acceptance and use of bitcoin and cryptocurrency for online transactions.
Dig Deeper on Data security strategies and governance
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading