Bitcoin’s supply is limited to 21 million, but a significant portion of that total amount is likely to be lost forever. This situation is due to various reasons such as lost private keys and discarded storage devices containing significant amounts of Bitcoin (BTC).
When Bitcoin owners are not careless with their wallet passwords, they can sometimes be targeted by hackers looking to steal their precious crypto. Those who use third-party custodial solutions put their Bitcoin fortunes at the mercy of the security protocols adopted by such services.
Indeed, various attack vectors are constantly being used to access people’s Bitcoin funds. These exploits, which range from simple to advanced, target all of the perceived vulnerabilities inherent in any storage method.
Not your keys, not your coins
Crypto exchanges serve millions of customers, and it is reasonable to assume that a significant portion of that number use these services as their primary Bitcoin custodian. Under such custody arrangement, the cryptocurrency owner does not have the private key of the wallet.
“Not your keys, not your coinsIs a popular refrain in the crypto space, and the maxim serves to warn people of the risks involved in storing cryptocurrencies with outside entities. Indeed, the crypto landscape is riddled with numerous exchange hacks where cyber criminals break into poorly secured platform wallets to steal money from customers.
Sometimes the stock exchange recovers from the theft and sometimes the platform goes bankrupt. Mt. Gox and QuadrigaCX serve as examples of the latter, with affected customers still trying to get their money back.
Today exchanges are trying to upgrade their security protocols to avoid hacks. Exchanges with uninsured and significant cryptocurrencies in vulnerable hot wallets are now strongly discouraged. Some platforms still make this serious mistake and often pay the price.
Crypto forensics is also evolving day by day, making it more difficult for cyber criminals to liquidate their loot. In total, 2020 saw a significant decline in crypto-related thefts with rogue actors allegedly stealing $ 3.8 billion of more than 120 attacks during the year. However, the emergence of decentralized exchanges has opened up another way for criminals to launder money.
The reduction seen in 2020 has broken a four-year trend of increasing cryptocurrency crime. However, decentralized financing now appears to be the new playground for crypto thieves and other rogue actors, with the new market niche accounting for more than half of the cryptocurrency stolen in 2020.
Not a magic bullet
When it comes to robust security for self-hosted Bitcoin storage, it may be important to realize that there is no magic bullet. Indeed, Ruben Merre, CEO of hardware wallet maker NGrave, touched on this point, telling Cointelegraph that BTC owners are often torn between the choice of keeping their coins on reduced security exchanges or in cold wallets that are typically not user-friendly.
In theory, every conceivable method of holding BTC has tradeoffs, and some of the drawbacks associated with any of these systems can act as an entry point for malicious actors.
Take, for example, devices with air vents. On the face of it, simply isolating a computer from the Internet should provide robust security against hacking. However, according to According to a study recently published by Mordechai Guri, a cybersecurity researcher at Ben-Gurion University of the Negev, it is possible to “generate secret Wi-Fi signals from open-air computers.”
In the research paper, Guri noted that “open-air networks are not immune to cyber-attacks.” Indeed, a skilled hacker can exfiltrate sensitive data, such as keylogging credentials and biometrics, from computers with air vents.
Perhaps more troublingly, parts of the research study devoted to the potential means of data exfiltration from vented computers placed in Faraday cages are shielded enclosures that block electromagnetic fields. So relying solely on a Bitcoin wallet stored on a computer isolated from the internet may not be as secure as previously thought. A person using this method may need to use signal jammers continuously.
Then there are hardware wallets that provide robust security with private keys stored offline. While these devices communicate with a computer while in use, they never actually connect to the Internet.
The owner of a hardware wallet should encrypt their keys or keep them in a safe place. For the former, if the encryption is performed on a computer that is or will be connecting to the Internet, there is a significant risk of losing the malware keys.
In fact, a user can use any security measure available with hardware wallets and still lose their Bitcoin. Hardware wallet maker Ledger has suffered serious infractions leading to theft of sensitive customer information. With their phone numbers and personal addresses out in the open, several Ledger customers face the threat of physical attack.
For Monero’s former lead developer, Riccardo Spagni, Ledger’s failure to protect customer information has exacerbated the difficult nature of secure crypto self-control, according to Cointelegraph:
“Securing Bitcoin is difficult, and people often overestimate their technical skills. This is doubly complicated by the fact that companies, such as Ledger, do not keep customer data safe. Ledger is amazingly skilled at building a secure hardware wallet that is also easy to use, but customers are caught out by social engineering due to their customer data being leaked. This makes robust Bitcoin storage even more difficult. “
A few helpful suggestions
An ongoing investigation by NGrave brought that to light 25% of crypto users do not secure their coins as good as they think. While hardware wallets may not offer the ease of use that comes with keeping Bitcoin on an exchange, the consensus among commentators was that the first option is still the safest method.
According to Merre, when the user chooses to own their own assets, they can no longer use the centralized exchange model and have to switch to decentralized exchanges or hot wallets, such as mobile apps, adding:
“With all the online solutions you have a certain convenience, since everything is easily accessible, but you will give up a lot of security. For example, your hot wallet gives you a private key to begin with, and so that key’s first point of contact is immediately with the Internet. Already a huge security risk. “
For Spagni, Bitcoin self-custody is one for the less tech-savvy balance between safety and ease of use. The easiest methods usually have the least security, and the most secure methods require a fair number of configuration protocols.
In November 2020, Whirlpool Stats’ Matt Odell tweeted his favorite Bitcoin storage setup that combined running Bitcoin Core and desktop-based wallet Specter with a ColdCard hardware wallet. According to Odell, the installation costs about $ 150 and required a minimum of 10 gigabytes of storage space. Specter works directly with the Bitcoin Core, so combining both eliminates the need to run an Electrum server. The user can then directly verify transactions on ColdCard.
For users who might find the above setup too intimidating, it’s important to include as many layers of security as possible on top of their chosen storage method. These include two-factor authentication and encrypted keys.
It is also important to note that backups and recovery processes for additional security protocols must be carefully stored. According to Spagni, Bitcoin owners should treat information such as starter words, wallet passwords, passphrases and encryption keys as if they were physical gold bars and keep them safe and secure.
The inability to remember important wallet information has left many Bitcoin owners unable to access their accounts. A whopping 3.7 million BTC, or 20% of the circulating supply, is believed to be lost forever. Some examples of such stories include an IT engineer accidentally throwing his BTC in the trash and now offering $ 72 million for a chance to dig it up. Meanwhile, another crypto aficionado in the early days forgot a password for his hard drive with about $ 266 million worth of BTC and only has two password attempts to unlock his supply or it will be lost forever.
To ensure that nothing is added to that sad statistic, it is important to treat seed words, encryption keys, and the like as valuable data and monitor accordingly.