Which security measures do you take to ensure that your Bitcoins are safe and sound?
In order to efficiently and safely use cryptocurrencies especially Bitcoins, we should follow several steps and be cautious when it comes to the way how we store our funds and in which way we make transactions. There is plenty of ways to make sure your assets are safe and easily accessible but not every one of them is fully reliable despite their popularity.
We bring you some of the tricks and tips based on the customer experience that can help you in order to keep your Bitcoins safe and sound.
Wallets
Judging by the results of a small check I conducted with my friends and acquaintances, many people still store funds on hosted wallets & exchanges. This is one of the most common ways to get your cryptocurrency sorted and easily accessible for transactions. But this system should be used with reservations.
Most owners of Bitcoin consider that online wallets provide the best safety features for their assets since they use private keys and addresses while being user-friendly. There are several wallet options at your disposal such as online and offline, hardware and software as well as paper wallets which are also referred to as cold wallets.
A side note about hardware wallets: do not use them, it is a waste of money since the same level of security can be achieved with the free, open-source Bitcoin-core software, and you do not really know what software those magic ‘vaults’ are running (there were recorded cases of breaches and phishing).
The problem behind wallets is that they are still 3rd party that gets involved in transactions, which means a higher level of risk from hacking.
Thus, either blindly trusting the 3rd-party service provider, or keeping their exposure mostly in fiat, and trading using margin. Well, here’s the thing, Bitcoin and his siblings were never meant to be deposited in the hands of a 3rd-party trustee.
“What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.”
Original Abstract Bitcoin Spec
S. Nakamoto
November 2008
There you have it, black on white, no middle man.
Nevertheless, it does not stop hundreds of different exchanges and wallets from taking charge of the users’ funds, practicing internal transactions between members that are not propagated to the blockchain, and whatnot.
According to Cambridge University’s global cryptocurrency benchmarking study, 73% of the exchanges take custody of their customers’ private keys, by default, without providing any other alternative.
And, when you think about it, it’s also kind of like trusting a 3rd party, right?
Private and Public Keys
Many users of Bitcoin opt for public and private keys to secure their funds. This built-in mechanism is there to help you by protecting both addresses of your wallet and give you control over the assets. Because the private key that protects the assets is in the ownership of Quadriga, many users find this security feature problematic. You should keep this in mind if you desire to embed keys for transactions which would mean giving away part of the authority and therefore safety.
So what’s the solution?
“It’s never going to happen to me” – Average Joe
Well, guess what, Joe.
“If you don’t own your private keys, you don’t own your bitcoins.” – Marshall Hayner, Cryptocurrency expert & entrepreneur
However, this is far more than an abstract and ideological problem, according to Wikipedia’s history of Bitcoin, no less than 17 major, known Bitcoin exchanges got mysteriously closed since the reveal of the Mt. Gox hack on 19 June 2011. The total amount of stoles funds sourpusses 1 Million Bitcoin (over $1 Billion today) with an average of almost 3 exchanges per year. The most recent security incident occurred in August 2016, when hackers stole $72 Million of customers’ worth of Bitcoins, sending bitcoin into a sharp dive of nearly half its value in a few days. As we may or may not know, history tends to repeat itself.
Still, think statistics are on your side? I would suppose not…But don’t worry, the choice of safety mechanisms that can be applied to protect your cryptocurrency is wide and ranges from highly sophisticated programs to basic tricks that any individual can implement. Some of them require 3rd parties or simple tricks that can make your currency easily monitored.
Bitcoin Core
First of all, download Bitcoin Core, this would be the first, most essential step in taking charge of your own funds. As intimidating as it may sound, Bitcoin Core has a simple and straightforward user interface, with support for all major platforms (Windows, Linux, macOS, and even mobile). Additionally, unlike what you might have heard, running a full node does not necessarily require Proof-Of-Work (PoW, mining). It is also recommended that you encrypt your private key (wallet.dat) file, it is possible to do so simply by accessing the ‘settings’ menu on the top bar of Bitcoin-Core.
This way your funds, on the blockchain, will be accessible only to a person with a combination of your encrypted private key and the pass-phrase.
Do not forget this passphrase, since by doing that you will irreversibly lose access to your funds (I always say that it’s better to lose money over one’s own stupidity).
Cold Storage
It’s also a common practice to use ‘cold-storage, this fancy term basically means keeping your encrypted private key off the internet, in a physical storage medium(or several of them), and signing transactions offline.
These types of wallets require your private address and the amount of time needed for the transaction is extensive with a repetitive withdrawal fee.
Two-Factor Authentication
Another possible security enhancement is ‘multi-signature’. Be aware though, with great security, comes greater responsibility.
This feature is available in most online wallets, connecting your account or mobile phone with the wallet so that hacker attacks face additional security factors and therefore breaching into your account becomes much more complex.
Our additional advice is not to use your phone number for this since it is much easier to intercept the password. Also, consider setting up a different mail for the purpose of an online wallet. This minimizes chances for easy security breaches.
Additional remarks
Lastly, the basic tricks that you can also implement are protecting your transactions by not sharing your credentials with other people, skip wallets that are hosted by providers or cold wallets in general, and monitor how is your wallet used in transactions.
Ok, so I got the “my cold-storage set-up”, how do I exchange funds?
There are several options here, just choose your favourite.
1. During the years, a number of open-source, decentralized exchanges appeared, such as BitSquare.
The exchange of cryptocurrencies now runs smoothly via digital currency exchanges which are independent platforms that connect fiat and cryptocurrencies.
That is all great, however, to run those solutions you must run a 3rd party(cough cough) software on your computer along with the Bitcoin-core software, which introduces 2 additional problems:
- Cold/offline transaction signing is no longer possible.
- Despite being a professional open-source project, it still means you give the exchange software an unrestricted amount of trust, which increases your risks in case of any security vulnerabilities on their side.
As mentioned, due to significant risks, it is very much recommendable not to keep too much trust in exchanges especially in storing your funds.
Me, myself, and I agree with Ethereum’s founder & lead, Vitalik Buterin, on his post on the problem of trust.
The fewer, the Better.
2. Moving the funds to an exchange solely for the purposes of exchange/margin trading, and withdrawing those funds immediately once the trade has been executing.
Let’s analyze these solutions:
Simple as it may seem, it requires a complex chain of actions:
- Login, possibly using 2FA
- Deposit funds
- Wait till the deposit is confirmed
- Place an order
- Wait for the order to execute / risk slippage by placing a ‘market’ order
- Finally, withdraw your funds back your wallet and logout
However secure, this chain of operations can be exhausting when done on regular basis.
3. Use a simple, minimalist service such as shapeshift.io or nexchange.co.uk
This option, which I consider the most suitable for the vast majority of the volumes traded on order books of the traditional exchanges, allows you to perform the 6 operations described in the previous option in a blink of the eye, and at a similar cost considering the cost of your time (Maximal 1% of the total spread on crypto-to-crypto trades on both sites, no extra fees).
The first option (shapeshift.io), supports dozens of the most liquid currencies, with nothing but your Public Key (Address) exposed.
However, it also has somewhat of a price slippage when the traded amount is greater than 1 BTC.
The latter option (n.exchange) currently only supports the crypto-majors (BTC, ETH, LTC), however, it has no price slippage up to a 10 BTC order, with a price guarantee of 30 minutes, and support also for 28 Fiat currencies (using various e-wallets, SEPA, Swift, SOFORT and Credit Cards).
It may also require phone verification and basic KYC for funding using some fiat payment methods.
Disclosure:
The writer is the Founder of Nexchange, feel free to write us with requests to integrate new payment systems/cryptocurrencies, or any other matter.
