Secure Bitcoin self-custody: Balancing safety and ease of use

Published at: Jan. 17, 2021

Bitcoin’s supply is capped at 21 million, but a significant proportion of that total sum is likely lost forever. This situation is due to a variety of reasons such as lost private keys and discarded storage devices containing substantial amounts of Bitcoin (BTC).

When Bitcoin owners are not being careless with their wallet passwords, they can sometimes be targeted by hackers looking to steal their precious crypto. Those who utilize third-party custodial solutions place their Bitcoin fortune at the mercy of the security protocols adopted by such services.

Indeed, several attack vectors are constantly being utilized to try and gain access to people’s Bitcoin funds. These exploits, which range from the simple to the sophisticated, target any perceived weaknesses inherent in any storage method.

Not your keys, not your coins

Crypto exchanges cater to millions of customers, and it’s reasonable to assume that a significant proportion of that number uses these services as their primary Bitcoin custodian. Under such a custodial arrangement, the cryptocurrency owner does not possess the private key of the wallet.

“Not your keys, not your coins” is a popular refrain in the crypto space, and the maxim serves to warn people of the risks involved in storing cryptocurrencies with third-party entities. Indeed, the crypto landscape is dotted with numerous exchange hacks where cybercriminals broke into poorly-secured platform wallets to steal customer funds.

Sometimes, the exchange recovers from the theft, and other times, the platform goes bankrupt. Mt. Gox and QuadrigaCX serve as examples of the latter, with affected customers still striving to recover their funds.

These days, exchanges are attempting to upgrade their security protocols to prevent hacks. Exchanges holding uninsured and substantial crypto sums in vulnerable hot wallets is now greatly discouraged. Some platforms still make this grave error and often pay the price.

Crypto forensics is also evolving by the day, making it more difficult for cybercriminals to liquidate their loot. In all, 2020 saw a significant decline in the number of crypto-related thefts with rogue actors reportedly stealing $3.8 billion from over 120 attacks throughout the year. However, the emergence of decentralized exchanges has opened up another way for criminals to launder money.

The reduction seen in 2020 has broken a four-year trend of increasing cryptocurrency crime. However, decentralized finance now seems to be the new playground for crypto thieves and other rogue actors with the novel market niche accounting for more than half of the stolen cryptocurrency in 2020.

No magic bullet

When it comes to robust security for self-hosted Bitcoin storage, it’s perhaps important to realize that there is no magic bullet. Indeed, Ruben Merre, CEO of hardware wallet maker NGrave, touched on this point, telling Cointelegraph that BTC owners are often torn between the choice of keeping their coins on exchanges with decreased security or in cold wallets that are typically not user-friendly.

In theory, every conceivable method for holding BTC has tradeoffs, and some of the drawbacks associated with any of these systems can act as an entry point for malicious actors.

Take air-gapped devices for instance. On the face of it, simply isolating a computer from the internet should provide robust security against hacks. However, according to a study recently published by Mordechai Guri, a cybersecurity researcher at the Ben-Gurion University of the Negev, it is possible to “generate covert Wi-Fi signals from air-gapped computers.”

In the research paper, Guri established that “air-gapped networks are not immune to cyber attacks.” Indeed, a skilled hacker can exfiltrate sensitive data like keylogging credentials and biometrics from air-gapped computers.

Perhaps even more alarming are portions of the research study devoted to the possible means of data exfiltration from air-gapped computers placed in Faraday cages, shielded enclosures that block electromagnetic fields. So, relying only on a Bitcoin wallet stored in a computer isolated from the internet might not be as secure as previously thought. A person utilizing this method might need to run signal jammers continuously.

Then, there are hardware wallets that offer robust security with private keys stored offline. Though these devices interface with a computer when in use, they never actually connect to the internet.

A hardware wallet owner needs to either encrypt their keys or store them in a safe place. For the former, if the encryption is performed using a computer that has or will be connected to the internet, then there is a significant risk of losing the keys to malware.

A user can even utilize every security measure available with hardware wallets and still lose their Bitcoin. Hardware wallet maker Ledger has suffered severe breaches leading to the theft of sensitive customer information. With their phone numbers and personal addresses out in the open, several Ledger customers are facing the threat of physical attack.

For Monero’s former lead developer, Riccardo Spagni, Ledger’s failure to protect customer information has exacerbated the difficult nature of secure crypto self-custody, telling Cointelegraph:

“Securing Bitcoin is hard, and people often overestimate their technical abilities. This is made doubly complex by companies, like Ledger, failing to keep customer data secure. Ledger is amazingly competent at building a secure hardware wallet that is also easy to use, but customers are getting caught out by social engineering due to their customer data being leaked. This makes robust Bitcoin storage even more difficult.”

A few helpful suggestions

An ongoing survey by NGrave revealed that 25% of crypto users are not securing their coins as well as they think. While hardware wallets might not offer the ease of use associated with keeping Bitcoin on an exchange, the consensus among commentators was that the former option is still the safest method.

According to Merre, when the user opts to own their own assets, they can no longer use the centralized exchange model and have to move to decentralized exchanges, or hot wallets, like mobile apps, adding:

“With all online solutions, you have some level of convenience as everything is easily accessible, but you’ll be giving up a lot of security. For example, your hot wallet will give you a private key to begin with, and hence, that key’s first touchpoint is immediately with the internet. A huge security risk already.”

For Spagni, Bitcoin self-custody for the less tech-savvy is a balancing act between security and ease of use. The easiest methods tend to have the least security and the most secure methods require a fair few configuration protocols.

Back in November 2020, Whirlpool Stats’ Matt Odell tweeted his favorite Bitcoin storage setup that combined running Bitcoin Core and desktop-based wallet Specter with a ColdCard hardware wallet. According to Odell, the setup costs about $150 and required at least 10 gigabytes of storage space. Specter works directly with the Bitcoin Core, so combining both eliminates the need for running an Electrum server. The user can then verify transactions on ColdCard directly.

For users who might find the above setup overly daunting, it’s important to include as many security layers as possible on top of their chosen storage method. These include two-factor authentication and encrypted keys, among others.

It is also important to note that backups and retrieval processes for additional security protocols must be carefully stored. According to Spagni, Bitcoin owners should treat information such as seed words, wallet passwords, passphrases and encryption keys as though they were physical gold bars and keep them safely ensconced.

The inability to remember key wallet data has led to many Bitcoin owners locked out of their accounts. As many as 3.7 million BTC, or 20% of the circulating supply, is thought to be lost forever. Some examples of such stories include an IT engineer accidentally discarding his BTC into the trash and now offering $72 million for an opportunity to dig it up. Meanwhile, another early-day crypto enthusiast has forgotten a password for his hard drive containing around $266 million in BTC and only has two password tries left to unlock his stash or it will be lost forever.

To ensure that one does not add to that sad statistic, it’s important to treat seed words, encryption keys and the like as valuable data and guard them accordingly.

Tags
Related Posts
Crypto wallets in 2021: From hot to cold, here are the options
After another jump in the price of major cryptocurrencies at the end of 2020, crypto enthusiasts began to mine, sell and buy currencies with renewed vigor — which means that nowadays, the topic of custodying cryptocurrencies is more relevant than ever. But unlike the past bullish waves, this time many users are also concerned with how to protect their assets. The blockchain industry is developing, and traders have become noticeably smarter, but scammers and thieves have also become much more agile. This is also indicated by the period appearance of news related to exploits and rug pulls, not only regarding …
Technology / March 14, 2021
FLUX, SFP and Badger DAO surge even as Bitcoin price falls to $47K
The year-long mantra that the crypto market would see a blow-off top in December has proven to be a dud thus far and for the last week, most cryptocurrencies have been under sell pressure and Bitcoin (BTC) is encountering difficulty in trading above $47,000. That said, it's not all bad news for cryptocurrency holders on Friday because several altcoins have managed to post double-digit gains due to new exchange listings and protocol upgrades. Data from Cointelegraph Markets Pro and TradingView shows that the biggest gainers over the past 24-hours were Flux (FLUX), SafePal (SFP) and Badger DAO (BADGER). FLUX benefits …
Bitcoin / Dec. 10, 2021
Seven common mistakes crypto investors and traders make
Investing in cryptocurrencies and digital assets is now easier than ever before. Online brokers, centralized exchanges and even decentralized exchanges give investors the flexibility to buy and sell tokens without going through a traditional financial institution and the hefty fees and commissions that come along with them. Cryptocurrencies were designed to operate in a decentralized manner. This means that while they’re an innovative avenue for global peer-to-peer value transfers, there are no trusted authorities involved that can guarantee the security of your assets. Your losses are your responsibility once you take your digital assets into custody. Here we’ll explore some …
Adoption / March 31, 2022
Hardware crypto wallet sales increase as centralized exchanges scramble
Blockchain analysis firm Glassnode recently characterized the 2022 bear market as the worst on record. This seems to be the case due to events such as the war in Ukraine and rising inflation, coupled with serious problems among centralized crypto exchanges. Yet, the bear market hasn’t negatively impacted all players in the crypto ecosystem. Hardware wallet providers seem to be benefiting from the massive amount of crypto withdrawals from centralized exchanges. Pascal Gauthier, CEO of hardware wallet crypto firm Ledger, told Cointelegraph that the company’s revenue dropped about 90% during the 2018 crypto winter, but this hasn’t been the case …
Decentralization / July 6, 2022
How to keep your crypto safe in 2023: a few tips from an analyst
There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user. “If you have gold in your vault, if you have cash in your wallet, it's the same concept: you need to exercise a level of responsibility,” said Check in our latest Cointelegraph interview. Check argued that, while third-party custody and semi-custodial solutions such as collaborative custody may …
Adoption / Jan. 9, 2023