Wallet manufacturers debated the best ways to store bitcoin private keys safely at the BalticHoneybadger conference in Riga.Read MoreCoinDesk
Bitcoin (BTC) security is hard to get right: Any form of offline, or “cold” storage available today has trade-offs. Which one is the most secure is still a matter of debate between bitcoin software developers and wallet makers.
Self-sovereign money comes with responsibility. Experienced bitcoiners would tell you: It’s not enough to just buy bitcoin – to really start your trip to financial autonomy, you need to be in full control of your cryptographic private keys, meaning your bitcoin should sit on your own device.
However, choosing a device to store your bitcoin is an endeavor on its own. Over recent years, companies working in this field came up with a variety of options, all of which have pros and cons.
The easiest thing to start with is to download a software wallet, or an app generating keys for your bitcoin on your phone or laptop. But phones and computers get stolen or lost, they break and can be infected by malware. The young hardware wallet industry offers a different solution: a small device that is designed to hold bitcoin keys in its memory and sign transactions, with no other features and no persistent internet connection.
However, what the best solution is for an average bitcoiner is still debatable. Some of those arguments came up during a panel at the bitcoin-only Baltic Honeybadger conference in Riga, Latvia, this past weekend.
Below are some highlights.
Pavol Rusnak, CEO of hardware wallet maker Trezor, argued a product like the one his company makes is the most secure way to store bitcoin because it has a “limited attack surface.”
“It’s a less-complex hardware, and the software is not as complex as Windows or MacOS or Android. And it’s offline most of the time,” Rusnak told CoinDesk, adding that “most of the attacks are remote attacks using malware, and that’s what the hardware wallet protects you from.”
Speaking on a panel on bitcoin security, cryptography consultant Peter Todd disagreed with this approach, saying he does not use hardware wallets: “I’d rather use a laptop, as it’s unlikely it would be specifically targeted, and put [the laptop] in a safe box.”
Hardware wallets, which you usually order via the internet and get shipped to your home, might put a target on your back as a bitcoin holder. Using a laptop, people might never know, Todd explained talking to CoinDesk off-stage.
Also, the factories manufacturing hardware wallets might become the target of a supply chain attack, he added. Someone could tamper with the devices and redesign them to steal bitcoin from users.
Therefore, “My advice to a lot of people is get a phone, get your hardware wallet on it and don’t use it for anything else. Your phone isn’t a target. The supply chain of your phone is not a target,” Todd said.
An ideal setup would be using a multi-signature wallet, when you use several devices in your possession to sign every transaction spending your bitcoin, Todd said. However, at the moment “the software stack for multisig technology isn’t very good and not easy to use.”
Ultimately, there is no way for a regular person to check whether the device being used is working as claimed, Todd said on stage. “Have I personally ever bothered getting my Trezor, which I don’t use for various reasons, and actually doing all the work to verify that it works the way it claims? No, it’s a whole bunch of work, and chances are it doesn’t work,” he said.
It gets worse, he added: If a wallet uses open-source software – meaning, its code is published on the internet – you might be able to verify that code, but then there are compilers – another type of software that turns high-level code into machine language that a regular computer can understand – which is even harder to verify.
“These systems are so insanely complex,” Todd said, adding that these compilers are like “gigantic factories” of code, very difficult to go through and usually not all parts of the compilers’ code are open source.
Another controversial question is how the hardware wallets should talk to other devices.
To receive information about a transaction it’s about to sign, a hardware wallet must at some point be connected to an internet-connected device, a laptop or mobile phone. They can connect via a wire with a USB port, a microSD memory card or communicate via QR codes that a wallet generates for a phone camera to read.
Some hardware wallet manufacturers make a point of avoiding a wire connection between a wallet and a computer, so they have an air gap – a security feature where a device is never connected to the internet.
“Transferring electronic information physically, such as through a MicroSD card, rather than through a computer network, will greatly reduce the possibility of synchronous attacks,” said Rodolfo Novak, co-founder and CEO of Coinkite, manufacturer of the Coldcard hardware wallet, in an email to CoinDesk. (Coinkite did not present at the Riga conference.).
“With USB, attackers have direct access to hardware, making remote attacks easier. The fact that the computer’s operating system has to pick the correct driver for USB devices based on their serial numbers creates an anonymity problem for devices like Trezor whose data clearly includes a serial number at boot,” Novak explained, adding that “any malicious actors who may have penetrated your computer’s internet connection may have access to your keys if you are connected by USB.”
By exposing the wallet’s existence and unique serial number on the internet, a USB connection makes it vulnerable, Novak said. With a micro-SD card, on the contrary, no crucial information is being compromised when a live internet connection is involved, he added.
However, the participants of the Baltic Honeybadger panel disagreed that an SD card is safer than a USB cord.
“The wire between your wallet and your computer isn’t necessarily a bad thing,” Todd said onstage. “The question is how you design that wire, how much current, how many electrons, literally, per second, are flowing through that wire and how fast can that number change.”
He added that modern SD cards used for air-gapped versions of wallets are not such simple devices as they seem: an SD card is “an entire 32-bit microprocessor.”
Rusnak, of Trezor, echoed the idea. “SD cards these days use more computing power than my first computer,” he said. “I’m more afraid this SD card might exfiltrate some data from my computer.”
Novak disagrees. “A MicroSD attack is harder to accomplish compared to a USB attack by a factor of several orders of magnitude,” he told CoinDesk, adding that the microSD cards Coldcard provides with its wallets use “a much reduced amount of code,” compared to the USB, “which makes it easy to audit for exploitable bugs.”
Ultimately, anything can be hacked.
“The job of a hardware wallet manufacturer is to make it not worth the attacker’s time, too costly in terms of time or money,” said Douglas Bakkum, the founder of a hardware wallet firm BitBox.
There are several levels at which hardware wallets can be attacked, Bakkum explained in his presentation, which repeated points made in a company blog post from October: Attacks on the communication layer (meaning, the protocol connecting a wallet to a laptop, be it USB port, QR code or SD card, is compromised), the logic layer (malicious software is injected) and physical layer (attacker breaks open the device, attach probes and tampers with it).
A supply-chain attack threat can hit both for USB-connected devices and SD cards, said Rusnak.
“If there is an attacker that wants to attack you through USB they might as well give you an SD card that is somehow malicious. If your attacker is a regular thief that’s not an issue, and if the attacker is the FBI or some other federal agency, even an SD card won’t help you,” he told CoinDesk.
“You need to draw a line in the sand somewhere when you go down the rabbit hole where you can not trust anything,” Rusnak said.
When securing your bitcoin, it’s important not to make things too complex for yourself, Rusnak said. People who choose to design a complex security setup for their bitcoin storage, for example, writing their seed phrase (a key to recovering a lost wallet) in the wrong order, might “shoot themselves in a foot” if they either forget the correct order or their heirs aren’t able to reconstruct it.
“Your setup should be usable even in 10 years time, in 15 years time,” Rusnak said onstage, recommending that users always document their security building processes for the future.
“Just don’t trust your brain,” Bakkum echoed.
Rigel Walshe, former police officer in New Zealand and now a developer at Swan Bitcoin, a California-based company that helps clients save in bitcoin, reminded the audience that no matter what technical solution is used, it’s important to take care of your physical safety – meaning, don’t let people know where you (and your bitcoins) are located.
For example, you can use a post office box or even an LLC company for a mailing address to shield your actual location; even your utility bills can be sent to an address other than where you actually are, Walshe said. In this case, even if people find your personal information on the internet, they still won’t be able to get you (and your bitcoin).
“Assume that your information will be doxxed and it will be out there,” Walshe said.
Talking to CoinDesk, Todd mentioned another possible security factor, taking a shot at the Ethereum blockchain, which hardcore bitcoiners consider a worse technology.
“Because ecosystems like Ethereum exist, where security is terrible, bitcoiners aren’t actually that much at risk as they could be,” Todd said. “If you’re a bad guy and know how to crack stuff, what would you focus on? You’re going to focus on stealing from [decentralized finance], which is easier than stealing bitcoin. It keeps hackers away from us.”
Read more about
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.