One of the biggest stories to hit the Bitcoin space in months was the theft of 119,756 BTC (valued at ~$70 million USD) from Bitfinex this week. For those that aren’t familiar with the story, a great re-cap was published on CoinDesk within 24 hours of the break-in. (Obviously, if you’re reading this far into the future, the public’s understanding of the hack has likely changed.)
The attack brought to light a lot of questions about the security of Bitcoin exchanges and online wallets. As I’ve previously written, a lot of these questions arise from the tension between the trust one necessarily places in third parties to secure users’ Bitcoin holdings and the notion that Bitcoin, as a system, is built around the principle of trustless-ness. In light of the repeated failures of trusted third parties to maintain security, it’s likely that there will be more scrutiny of Bitcoin wallet providers and renewed interest in self-managed Bitcoin security.
Here are some suggestions for Bitcoin users looking to beef up their own security.
Vetting online Bitcoin wallets
As it stands today, managing the security of Bitcoin wallets on one’s own can be quite challenging. It is because of this challenge that so many Bitcoin users have come to rely on third-party managed wallets. If you are planning to use a third-party wallet service to store and manage your Bitcoin holdings, be sure that they have the following policies and procedures in place:
- They store a very small amount of user funds in a “hot wallet” that’s exposed to the Internet.
- The company that manages the wallet service is very well capitalized (i.e. they have raised a sufficient amount of money from reputable investors to sustain their operations long-term).
- The company maintains insurance with highly rated carriers that will compensate users in the event of a breach of the company’s physical- or cybersecurity, or in the event of employee theft.
- The wallet service provider has undergone security audits and, ideally, has maintained a good record of public validation of their security practices.
- The service provider encourages users to implement 2-factor authentication using an external 2FA service provider, like Google Authenticator or similar.
Tips & practices for DIY Bitcoin security
In order to help those readers who opt to manage their own Bitcoin security, I decided to share some tips I use to minimize my exposure to security breaches and reduce my reliance on “trusted” third parties.
- Do not store fiat or crypto on exchanges. This is the simplest and easiest way to avoid security breaches caused by the fault of third parties. If your particular trading/investment strategy requires you to maintain a balance of crypto and fiat on your exchange, regularly sweep excess funds off the exchange account; fiat should go back to your bank or another regulated account, and crypto should go into an offline wallet. (Note that this doesn’t currently apply to an exchange like Coinbase, which runs a web wallet services that fulfills the policies & procedures recommendations I made above.)
- Be smart about local wallets. This should also seem like common sense. If you plan to store any amount of Bitcoin (or other crypto) on your laptop or desktop, be sure to implement full-disk encryption and use a strong password for your primary wallet. (Relevant xkcd on password strength.) It is also important to make regular backups of the wallet.dat file, and encrypt those backups using strong encryption. Always maintain at least two backups, storing one offsite in the event of fire or other damage to your main machine and backup device. This will allow you to recover your public-private key pairs in the event that your main machine breaks, and to protect your backups in the event that the location where they’re stored is compromised.
- Find the cold storage solution that works for you. If you plan on holding a small amount of bitcoins for any significant length of time (like, >3 months), or a large amount of bitcoins for any length of time, it’s best to move them offline and off of your computer. This can be accomplished in a number of ways, but the solution that works best for me is to securely generate paper wallets and keep them in a very secure location, such as at a safety deposit box. For a good explanation of how to safely generate paper wallets, check out this website, which has an open source wallet generator and tutorials for how to install and use it securely. There is no need to pay for the products and services that site offers; the open source tools can be used as-is.
Finally, when managing the security of bitcoins on your own, it is absolutely imperative that you know what you’re doing. It is always best to give your security setup a “dry run” with a small amount of bitcoin (like, $1 USD-worth or smaller) to ensure you’re able to successfully send and extract your bitcoins without any hiccups.
As a final note, it bears mentioning that each investor will need to find the solution that works best for them. To learn more about managing your own Bitcoin security, here are a few resources with more in-depth explanations of your various options: