One of the most often overlooked aspects to owning Bitcoin is how to safely secure and store it. Most people have their own best practices and rituals they swear by. My philosophy has always been to continue asking questions and learning from people that are a lot smarter than me. Whatever you do, don’t think you know it all!
The Bitcoin Security Brief is a series that is focused on interviewing individuals from the Bitcoin world and picking their brains about various Bitcoin security topics. The main goal is to provide some useful information that will help people make better decisions when it comes to securing their Bitcoin.
Dhruv Bansil is Physicist turned serial entrepreneur and is the cofounder of Unchained Capital. Dhruv is the perfect person to kick off this series because he helped create and develop Unchained’s new mutisig cold storage product.
How do people know you?
How long have you owned Bitcoin?
What has been your biggest challenge to securing your Bitcoin?
Figuring out how to use multisig in a way that felt secure and defensible.
What is your biggest personal Bitcoin security fail?
Traveling internationally with a (single-sig) Trezor with too much BTC on it. I no longer have reason to behave so cavalierly anymore.
Also one time I accidentally googled an xpub from a key I was operating (I thought I had something else on my clipboard). It came up “No results”, of course, but I still wiped the key.
Finally, I once did a firmware upgrade on a Trezor when I was physically far distant from my wallet words’ locations. You’re always supposed to have your wallet words with you when doing a firmware upgrade but I had never actually needed to use mine previously so I figured it would be fine. Totally wrong. My Trezor bricked and I was sweaty till I was able to re-provision it from my wallet words some days later.
What is the biggest Bitcoin security fail you have witnessed?
I’m thankful that I haven’t personally witnessed too many security fails but I know about a lot of them.
Some are funny, such as when reporters accidentally display their private key instead of their address and within minutes lose $20 of BTC they just received. Like that South Park meme: …aaaaaand it’s gone.
But some security fails are inspirational because they turn loss into teaching moments for the rest of us — I’m thinking specifically of articles by Mark Frauenfelder and, more recently, Sean Coonce. Reading their honest stories of how their BTC was locked or stolen I’m taken by how reasonable they both are. You can see yourself making similar decisions as they did if you were in their shoes, perhaps. And so you get to learn from their mistakes and be better for yourself.
What is your biggest fear when it comes to securing your Bitcoin?
I’m using multisig, cold-storage, collaborative custody with Unchained Capital. I don’t really have too many fears about securing my personal Bitcoin anymore :)
But many people like me depend on Unchained to secure their Bitcoin. This requires software, systems, and processes my team has designed, built, and practiced to work correctly and reliably. That’s a big responsibility, so a lot of my Bitcoin security anxiety comes from working at Unchained and worrying about whether we’re doing the best possible job. I think this is a good mindset because it leads to constant improvement.
What aspect of Bitcoin custody do you think people should take more seriously?
Where are the keys and how are they protected?! If you’re not self-custodying, this is the most important question to ask of your custodian. Make sure you feel comfortable with their answer.
If you are self-custodying then you should be thinking about physical threats. If you’re using a single key, loss due to fire or flood is something you should guard carefully against. This also exposes you to physical attacks.
The best thing you can do (or require your custodian to do) is to embrace multisig. Using multiple keys is absolutely the best way to increase your security.
Why is OPSEC important?
Operations security is about concealing information about your practices and behaviors from potential attackers. The more an attacker can learn about you, the more surface area they can scratch at to uncover vulnerabilities.
Unfortunately, the more you interact with your keys the more opportunities you give an attacker to learn. The best OPSEC would be Bitcoin in a brainwallet that you never talk about or use. Unfortunately this is also a brittle way to store Bitcoin, susceptible to human error and wrench attacks among other weaknesses. So while OPSEC is important, it’s not the only thing worth thinking about.
Also, the more resourceful and capable your attackers the more difficult good OPSEC is to achieve. Many devices record us everywhere we go and most report everything we do with them to 3rd parties. Anything we pay for leaves trails in databases and filing cabinets. Our very bodies slough off tracking codes (our DNA) just as we walk around and interact with the world. Completely hiding data about ourselves and our behavior is not possible so it’s important to decide what kinds of threats from what kinds of actors one’s OPSEC is designed to mitigate.
What tips do you have to help people improve their OPSEC?
There are a few major things that will prevent information about your custody from leaking:
- Don’t turn cold into hot — understand how your choice of cold-storage works and make sure you never put the cold parts (seeds, private keys) into an untrusted computing device, especially if that device can communicate over a network.
- Tell the minimum number of people — cooperating with other people is a great way to increase your security because you gain redundancy and can deal with issues such as traveling, key recovery, inheritance, &c. But don’t tell more people than you have to about how you custody.
- Communicate securely — don’t talk about the details of your custody practices in emails, on Twitter, or other public forums. Do it in person.
For most of us, the above practices are sufficient. If you live in a safe neighborhood in a first-world country and use reputable banks or other vault providers to store your keys you are probably pretty safe already. As your wealth grows you should invest in multisig and in collaborative solutions with friends, loved ones, and or companies such as Unchained Capital that help you stay safer. Using multisig can be a way to deliver higher security with less OPSEC worry because no individual secret matters as much anymore.
You can tighten your OPSEC a lot more, and for certain individuals at higher-risk because of the value of their holdings or because are publicly known, additional practices make sense. But don’t overthink it — James Bond type exfiltration shit exists in the real world and some people do need to defend against it. But pretending you’re someone that James Bond is gonna come after can actually lower your security with practices you can’t effectively implement designed for threats you aren’t really even at risk from.
What is the best way to protect yourself from a wrench attack?
A wrench attack IS an important class of threat that most people are at risk from. When you rely on a single key you make yourself vulnerable to physical attack anytime you access that key; a smart attacker will threaten you at exactly the point you access/store your key. (Using shards does not solve this problem as you have to bring shards together in the same location to use them.)
I think people sometimes default to brute force solutions here instead of being smarter about it. Guns and walls and secrets and resisting torture to protect one key are just not as effective as switching to multisig custody. Multisig custody uses multiple keys which decreases the value of physical attacks on any one key.
With multisig, you can geographically separate your keys at multiple locations and access them sequentially (or in parallel, if you’re part of a group). No person is ever in a location where a device in their hand and/or a fact in their mind can benefit an attacker.
The best protection from violence is other people. Forge personal and business relationships around mutual safe-keeping of funds through mutual multisig. Store devices and secrets with banks or other companies dedicated to providing physical security. Such practices force any attacker to have to get through multiple people in multiple locations possibly working for companies dedicated to security. They’ll need a lot more than a wrench to get past such a defense. Unchained Capital calls our version of this relationship-based security model “Collaborative Custody”.
What do you have to say to people who leave their Bitcoin or other coins on an exchange?
It really depends on the person. If you’re not good with computers and wouldn’t feel confident using a hardware wallet then you probably should rely on a 3rd party custodian such as an exchange to hold your keys for you.
But if you can handle learning about a new kind of personal security and your bitcoin are important to you, you should make the effort to learn about self-custody. It’s really easy to get started these days. And, honestly, if you can afford to buy a risky investment such as Bitcoin in the first place then you should also be able to spend the ~$100 and few hours required to understand how to keep your Bitcoin safely using a hardware wallet or other cold-storage solution.
What tips do you have for those who are willing to take the risk of keeping some coins on an exchange?
Understand that owning BTC and using an exchange immediately means that you are a member of a group at high-risk of being hacked.
Minimally you should learn to use a password manager. It’s a little bit of work to set up but it actually makes your life so much easier. You just have to remember ONE password, that’s it! The password manager (which syncs across all your computers and mobile devices) stores all your other passwords.
But you should really take the additional step of setting up two-factor authentication (2FA) with your exchange. By the way, DO NOT use text messages (SMS) to receive your 2FA codes. It’s OK to use your phone but use a dedicated 2FA app such as Google Authenticator. Dedicated devices such as Yubikeys are also great choices.
What hot wallet(s) do you recommend and why?
I don’t trade or carry BTC around so I’m not a big user of hot wallets. I think using hot wallets which let you have your own key such as GreenAddress and Edge are probably best.
What cold storage options do you recommend and why?
I think hardware wallets are great because they provide high security that is also easy to use, all at a low cost (in both time and money). I’ve used Trezors and Ledgers and I think both are fine choices.
For users with the capability, I believe that air-gapped, offline devices that one has built oneself using open hardware and software is probably the ultimate choice in secure cold-storage. This is still very difficult to do.
What is your personal goto hardware wallet and why?
If I’m forced to choose I’d pick Trezor. I’ve used it longer and I’ve programmed a lot against it. I like that the code is open-source. I’ve read Trezor source code for the C firmware code which runs on the actual Trezor device all the way through source code for the browser plugins. Being able to do this earns more of my trust. It’s also the reason so much of Trezor’s code has been re-used in other crypto projects, including some from Unchained Capital. The community as a whole owes a lot to the team at SatoshiLabs.
What are your thoughts on mixing wallets?
I think having the option to use a mixer directly from your wallet is really powerful. More wallets should allow and encourage this for users who value it.
In the future, features such as Schnorr signatures, Taproot, &c. will provide a lot more flexibility and anonymity for bitcoin transactions — but only if your wallet supports them. So I think it’s important that users train wallet providers about how much they value these features.
What is your best recommendation for those who wish to have multisig protection?
I’m biased here, of course: you should use Collaborative Custody at Unchained Capital!
With collaborative custody, you control your keys and you choose who helps protect your funds and how. Unchained’s user interface helps you navigate the complexities of multisig transactions, multiple signatures & signers, &c. so you feel confident. If you lose keys, we will help you recover your funds by co-signing transactions with you. But we are never able to move funds against your will or without your cooperation. Our custody is also integrated with our financial services: you can get up to a $1M loan against your holdings within 24 hours, all in the same system, with the same support team who knows you and your account. You can check out the user experience we’ve created on our YouTube channel.
Though I believe Unchained is the best choice for multisig, you should do your own research. The questions I think you should be asking about any multisig provider include:
- Are all keys in cold-storage that requires physical access by a human being?
- Is this self-service multisig software? Or is this a service which will co-sign transactions with me. (a) If this is a service which co-signs, how do they verify that requests they receive are really from me?
- Is this solution compatible with my existing keys?
- If I lose access to one of my keys, how do I fix that?
- Can I verify (not trust) that the custody has the properties advertised?
- Can I collaborate with other people I trust to help protect me through this solution?
- If I die, can this solution help my loved ones recover my funds? How?
- How is your company regulated?
- How do you protect me from other users of your product who may be bad actors?
- Will I still be able to use my keys if your company or product disappears or is shut down?
What tips do you have for where people should store their hardware wallet?
It depends on whether you use multisig or not. If you are using your hardware wallet normally, in single-sig mode, then it’s the only key protecting your funds and it can produce the lone signature required to spend them. If your bitcoin are dear to you, protecting this hardware wallet is extremely important.
Using multisig lets you treat different keys differently: you can keep one just on paper in the most secure location(s) you can and keep another one in a hardware wallet at your home or office.
Regardless, the best choice will depend on the threats you’re most concerned about. If you worry about wrench attacks you may want to use a safety deposit box at a bank or other vault provider. Make sure this provider checks valid photo ID, requires an access PIN, and uses 2 physical keys on each vault.
If you already have a home or office vault of your own, perhaps using it makes you more comfortable. Collaborating with your family, friends, or co-workers is a good option if you can trust and rely upon them.
How do you recommend people store their private keys or seed words?
Seed words should be stored safely just like hardware wallets. Use safety deposit boxes, vaults, &c. But also like hardware wallets, the best choice will depend on whether you use multisig as well as your own prioritization of threats.
One property of private keys or seed/wallet words is that they can easily be split into several pieces unlike hardware devices. After your hardware wallet (say) generates a private key and you write down 24 seed words you can always split up that list into a few pieces. Someone able to obtain 12 of your words will still have some modest difficulty finding the other 12. Someone with just 4 of your words would stand no chance.
Splitting up wallet words into such subsets or “scraps” like this and storing them separately is a simple and easy way for some people to increase their security. Others may struggle to find even one physically secure location, much less two. So, again, it depends.
Splitting up wallet words like this may sound like Shamir sharding but it isn’t. Shamir sharding is strictly better than this approach because an attacker able to recover a single shard actually has no information about your private key at all, unlike someone with a scrap of your wallet words, who does. But Shamir sharding requires a computer to recombine shards. Personal computer security is difficult to achieve, especially for high-profile targets.
Many individuals would be better served avoiding computers that they cannot secure and instead merely combining scraps of wallet words together and using hardware wallets.
What would be really nice for users is if hardware wallet makers allowed recovering the device from Shamir shards instead of from a 24-word seed.
What is the best way to generate a private key?
Using a hardware wallet is a safe and accessible way for most people to generate private keys (and wallet words).
It might be theoretically better to use a completely analog system such as throwing dice to generate a private key but this is a bad idea for most people. If you wrote down the results of 100 fair rolls of a 6-sided die on a piece of paper that really would serve as a good basis for a private key. But to turn that list into a useful format usable by bitcoin or other wallet software requires loading it into a computer of some kind and transforming it. Like using Shamir shards, this step is dangerous unless you’re confident about your personal computer security.
Part of what makes generating a private key on a hardware wallet attractive is that everything “touching the secret” happens on the hardware wallet, not your computer, which keeps you safer.
But if you are confident of your ability to operate a clean computing environment, you can theoretically turn any sufficiently long string of characters from any sufficiently random source into a private key for a wallet. “Sufficiently random” is the tricky part; many processes you might think of aren’t really as “random” as you’d like.
It would be bad, for example, to grab the first letters from a bunch of books in your library. The digits of your favorite irrational number are probably a bad idea, too. The best source of randomness is the universe itself: rolling dice, signal noise, quantum processes, or chaotic systems such as the weather.
If you decide to generate your private key yourself there are techniques you should use to estimate “how much randomness” is in your seed, just as a check on the entropy source you decided to use.
How often should you access/inspect/verify cold storage?
They say the value of a new car starts to drop the second you drive it off the lot. The security of a key similarly starts to drop the second you finish creating it. Unless you are looking at your key right now, you can’t be 100% certain that it is still safe, unaltered, and accessible to you.
So it’s important to periodically verify any keys you have placed in cold-storage. Merely looking to see that your words or devices are still intact is insufficient. You should additionally check your balances using your preferred wallet software. It might even be good to execute a small transaction. This way, you’re not just verifying your key is there — you’re verifying that you can still use it. Which is the more important part.
The frequency of these periodic checks, again, depends on your own risk modeling, but I’d suggest doing it every 90 days. (This is the default requirement for keys at Unchained Capital.) This may seem frequent, especially if your key is just seed words on paper in secure vault(s), but remember — you’re verifying that you can still use your key. And using it requires using hardware and software which evolve extremely quickly in our industry. Hence the 90 day recommendation.
What should you do with keys/wallet words/hardware wallets you’re no longer using?
Hardware wallets you are no longer using should be wiped/reset. You can then reuse them with new keys, if you wish.
I don’t believe you should ever destroy or throw out your wallet words unless you are purposefully trying to conceal something. Hanging onto a piece of paper costs you absolutely nothing. And, even if you have no more funds connected to the key represented by a set of wallet words, you never know when it may be handy to refer back to them.
Explain what an air gapped device and why it is important?
An air-gapped electronic device is one which cannot exchange data with other devices through physical cables and ports nor through wireless communications protocols. A truly air-gapped device cannot be remotely hacked because there is no way to interact with the device without having physical access to it.
A person with physical access to the device will still be able to interact with it. Some air-gapped devices retain ports that can be used to transfer information via memory stick. Others have no input/output mechanisms other than a keyboard, a camera, and a screen. QR codes are often used to exchange data with these more limited devices.
There is no air-gapped signing device available in the market today I can recommend. Everyone seems to be building their own using Raspberry Pis, laptops, &c. There is recent progress on open-source software designed to run on air-gapped devices. Square released a project called (Subzero) and Unchained Capital is also about to open-source a similar tool, currently code-named Hermit.
What tips do you have for people accessing their Bitcoin from any device?
Assume that all Internet-capable devices you use are compromised. Don’t let them access your private key or seed phrase. Only trust your keys to hardware wallets you bought yourself or air-gapped devices you built yourself.
Treat accessing Bitcoin like picking your nose: a thing you do in private. You wouldn’t pick your nose sitting at a Starbucks so you shouldn’t access your Trezor there either. Only access your Bitcoin indoors, alone, in a secure location with no cameras.
How important is a VPN and why?
A VPN is a networking tool, simplistically thought of as a “secure tunnel” between your local computer and another on the Internet. If you own the remote computer, a VPN can be a more secure way for you to communicate with it across the Internet. This is often why companies operate VPNs, to create a more secure protocol for remote workers.
If you don’t own the remote computer, a VPN can still be useful because it masks your local computer’s Internet address with the address of the VPN provider. This provides you with greater anonymity when surfing online.
Finally, a VPN can be used to access network resources from the remote computer that you couldn’t directly access from your local computer. This is often the case in repressive regimes such as China where international VPN providers serve as small holes in the Great Firewall, allowing forbidden content to filter through to users.
So a VPN’s importance to your Bitcoin usage and security really depends upon which mode you’re using it in.
If you’re in the first mode (security), where you’re connecting to some other computer you own, a VPN is just a tool for protecting your network and there are others which may work about as well (e.g. SSH), depending on your needs.
In the second mode (anonymity), a VPN is useful if you want to hide something about who/where you are from the service you’re using. A good example might be if you’re about to do a coinjoin and you want to be as anonymous as possible.
In the third mode (access), a VPN may be your only way to access your Bitcoin, so it’s crucial.
What VPNs do you recommend?
I will say that if you are using a free VPN provider then expect that you are non actually anonymous and may potentially be less secure. If you care about anonymity and security then find a paid VPN provider. Unfortunately, I can’t recommend any specific VPN providers as I don’t use one.
What device recommendations or tips do you have to maximize security?
To sum up:
- Only use hardware or air-gapped wallets
- Use multisig with people and companies you trust
- Keep your mouth shut about details around your security
- Periodically ensure you can still use your funds
What Bitcoiners do you recommend people follow to keep up on Bitcoin security best practices?
Unsure if all these people would identify as bitcoiners, but check out
- @ChristopherA — TLS co-author and active bitcoin security researcher
- @spudowiar — white-hat hacker of hardware wallets
- @vessonsecurity — old school cool
- @sawaba — computer security more generally, esp. as effects end-users
Any books you suggest people read to learn more about security?
I don’t have too many books to recommend, but do check out:
- https://www.smartcustody.com/index.html — simple and easy to follow instructions
- https://en.bitcoin.it/wiki/Privacy — in-depth discussion of security, privacy, & op-tech, as it relates to bitcoin
Any last words or security tips?
Securing bitcoin requires understanding it deeply, along with cryptography, programming, networks, psychology, safe-cracking, social engineering, and many other subjects. No one person can hope to achieve this on their own. The best security outcomes will come from talking to other people — not about the specifics of your security setup — but about best practices, threat models, new tools, &c. Don’t be afraid to ask dumb questions. A lot of very smart people are extremely insecure right now in their bitcoin holdings because they are afraid to look stupid by asking a basic question. Don’t be one of these people!