Bitcoin’s supply is capped at 21 million, but a significant portion of that total is likely to be lost forever. This situation is due to several reasons, such as: For example, lost private keys and discarded storage devices that contain significant amounts of Bitcoin (BTC).
If Bitcoin owners aren’t careful with their wallet passwords, they can sometimes be attacked by hackers who want to steal their valuable crypto. Those who use third-party custody solutions are exposing their Bitcoin assets to the security protocols adopted by such services.
In fact, multiple attack vectors are being used all the time to gain access to people’s Bitcoin funds. These exploits, which range from simple to sophisticated, target all of the perceived vulnerabilities inherent in a storage method.
Not your keys, not your coins
Crypto exchanges serve millions of customers, and it is believed that a significant proportion of that number will use these services as the primary Bitcoin custodian. With such a custody agreement, the cryptocurrency holder does not have the wallet’s private key.
“Not Your Keys, Not Your Coins” is a popular refrain in the crypto space, and the maxim is used to warn people about the risks associated with storing third-party cryptocurrencies. In fact, the crypto landscape is littered with numerous exchange hacks, in which cyber criminals have broken into poorly secured platform wallets to steal customer funds.
Sometimes the exchange recovers from the theft and sometimes the platform goes bankrupt. Mt. Gox and QuadrigaCX serve as examples of the latter, with affected customers still eager to get their money back.
Nowadays exchanges are trying to update their security protocols to prevent hacks. Exchanges that hold uninsured and significant amounts of crypto in vulnerable hot wallets are now strongly discouraged. Some platforms still make this fatal mistake and often pay the price.
Crypto forensics is also evolving day by day, making it difficult for cyber criminals to liquidate their prey. Overall, there was a significant decrease in the number of crypto-related thefts in 2020. Rogue actors reportedly stole $ 3.8 billion from over 120 attacks during the year. However, the advent of decentralized exchanges has opened up another avenue for criminals to launder money.
The 2020 reduction broke a four-year trend in cryptocurrency crime growth. However, decentralized funding now appears to be the new playground for crypto thieves and other fraudulent actors. The novel market niche will account for more than half of the stolen cryptocurrency in 2020.
Not a miracle cure
When it comes to robust security for bitcoin self-hosted storage, it may be important to understand that there is no magic bullet. Indeed, Ruben Merre, CEO of hardware wallet maker NGrave, addressed this point, telling Cointelegraph that BTC owners are often torn between choosing to keep their coins on low-security exchanges or in cold wallets that are usually not user-friendly.
In theory, every conceivable method of holding BTC has tradeoffs, and some of the drawbacks associated with any of these systems can serve as an entry point for malicious actors.
Take devices with an air gap, for example. At first glance, simply isolating a computer from the Internet should provide robust security against hacks. However, according to a recent study by Mordechai Guri, a cybersecurity researcher at Ben Gurion University in the Negev, it is possible to “generate covert Wi-Fi signals from air-gap computers.”
In the research report, Guri stated that “air-gap networks are not immune to cyber attacks”. Indeed, a skilled hacker can filter sensitive data like keylogging credentials and biometric data from air-gap computers.
Perhaps even more alarming are parts of the research study that look at the possible means of data exfiltration from air-gap computers housed in Faraday cages, shielded enclosures that block electromagnetic fields. So if you only rely on a Bitcoin wallet stored on a computer isolated from the internet, it may not be as secure as previously thought. A person using this method may have to continuously run signal jammers.
In addition, there are hardware wallets that offer robust security, with private keys being stored offline. Although these devices are connected to a computer during operation, they never connect to the Internet.
A hardware wallet owner must either encrypt their keys or keep them in a safe place. With the former, there is a significant risk that the keys will be lost to malware if the encryption is performed on a computer that is or will be connected to the Internet.
A user can even take advantage of every security measure available with hardware wallets and still lose their bitcoin. Hardware wallet maker Ledger has suffered serious breaches that resulted in the theft of sensitive customer information. Several Ledger customers are at risk of physical attack with their phone numbers and personal addresses.
For former Monero lead developer Riccardo Spagni, Ledger’s failure to protect customer information has exacerbated the difficulty of secure crypto self-custody, explaining to Cointelegraph:
“Securing Bitcoin is difficult and people often overestimate their technical skills. This is made doubly complex by companies like Ledger, who don’t keep customer data safe. Ledger is amazingly proficient at building a secure hardware wallet that is also easy to use. However, customers are surprised by social engineering because their customer data has been leaked. This makes the robust bitcoin storage even more difficult. “
A couple of helpful suggestions
An ongoing survey by NGrave found that 25% of crypto users aren’t securing their coins as well as they think they are. While hardware wallets may not offer the ease of use associated with keeping Bitcoin on an exchange, commentators agreed that the former option is still the safest method.
According to Merre, if the user chooses to own their own assets, they will no longer be able to use the centralized exchange model and will have to switch to decentralized exchanges or hot wallets like mobile apps.
“With all online solutions you have a certain degree of convenience, since everything is easily accessible, but you will give up a lot of security. In your hot wallet, for example, you first receive a private key. Therefore, the first point of contact of this key is immediately the Internet. A major security risk. “
For Spagni, the self-administration of Bitcoin is a balancing act between security and usability for less tech-savvy people. The simplest methods tend to be the least secure, and the most secure methods require some configuration protocols.
Back in November 2020, Whirlpool Stats’ Matt Odell tweeted about his favorite Bitcoin storage setup, which combined Bitcoin Core and the desktop-based Specter wallet with a ColdCard hardware wallet. According to Odell, the setup costs around $ 150 and requires at least 10 gigabytes of storage space. Specter works directly with the Bitcoin Core. The combination of both functions eliminates the need to run an Electrum server. The user can then check transactions on ColdCard directly.
For users who may find the above setup too daunting, it’s important to include as many layers of security as possible in addition to the storage method they choose. This includes two-factor authentication and encrypted keys.
It is also important to note that backup and retrieval processes for additional security logs must be carefully saved. According to Spagni, Bitcoin owners should treat information like startup words, wallet passwords, passphrases, and encryption keys as if they were physical gold bars and keep them safe.
The inability to remember important wallet details has resulted in many Bitcoin owners having their accounts blocked. It is believed that 3.7 million BTC, or 20% of the supply in circulation, is lost forever. Some examples of such stories are that an IT engineer accidentally tossed his BTC in the trash and is now offering $ 72 million for the opportunity to dig it up. In the meantime, another crypto enthusiast has forgotten a password for his hard drive, which has a BTC value of around $ 266 million, and only has two password attempts to unlock his stash. Otherwise it will be lost forever.
To ensure that this sad statistic is not supplemented, it is important to treat startup words, encryption keys and the like as valuable data and protect them appropriately.