Your Bitcoins might be at risk
Which security measures do you take to ensure that your Bitcoins are safe and sound?
Judging by the results of a small check I conducted with my friends and acquaintances, many people still store funds on hosted wallets & exchanges.
Thus, either blindly trusting the 3rd-party service provider, or keeping their exposure mostly in fiat, and trading using margin.
Well, here’s the thing, Bitcoin and his siblings were never meant to be deposited in the hands of a 3rd-party trustee.
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
Original Abstract Bitcoin Spec
S. Nakamoto
November 2008
There you have it, black on white, no middle man.
Nevertheless, it does not stop hundreds of different exchanges and wallets taking charge of the users funds, practicing internal transaction between members that are not propagated to the blockchain, and what not.
According to Cambridge University’s global cryptocurrency benchmarking study, 73% of the exchanges take custody of their customers private keys, by default, without providing any other alternative.
It can also be seen, that they are sensibly spending quite a fortune to secure those private keys, however, to me this expanse is obscure and redundant,
considering the fact that the protocol already had a build in security mechanism.
It’s never going to happen to me
Average Joe
Well, guess what, Joe
If you don’t own your private keys, you don’t own your bitcoins
Marshall Hayner
Cryptocurrency expert & entrepreneur
However, this is far more than an abstract and ideological problem, according to Wikipedia’s history of Bitcoin, no less than 17 major, known Bitcoin exchanges got mysteriously closed since the reveal of the Mt. Gox hack on the 19 June 2011.
The total amount of stoles funds sourpusses 1 Million Bitcoin (over $1 Billion today) with and average of almost 3 exchanges per year.
The most recent security incident occurred on August 2016, when hackers stole $72 Million of customers worth Bitcoins, sending bitcoin into a sharp dive of nearly half it’s value in a few days.
As we may or may not know, history tends to repeat it self.
Still think statistics are on your side?, I would suppose not…
So what’s the solution?
First of all, download Bitcoin Core, this would be the first, most essential step in taking charge of your own funds.
As intimidating it may sound, Bitcoin Core has a simple and straight-forward user interface, with a support for all major platforms (Windows, Linux, MacOs and even mobile).
Additionally, unlike what you might have heard, running a full node does not necessarily require Proof-Of-Work (PoW, mining).
It is also recommended that you encrypt your private key (wallet.dat) file,
it is possible to do so simply buy accessing the ‘settings’ menu on top bar of Bitcoin-Core.
This way your funds, on the blockchain, will be accessible only to a person with a combination of your encrypted private key and the pass-phrase.
Do not forget this passphrase, since by doing that you will irreversibly lose access to your funds (I always say that it’s better to lose money over one’s own stupidity).
Is is also a common practice to use ‘cold-storage’, this fancy term basically means keeping your encrypted private key off the internet, in a physical storage medium(or several of them), and signing transaction offline.
Another possible security enhancement is ‘multi-signature’.
Be aware though, with great security, comes greater responsibility.
A side note about hardware wallets: do not use them, it is a waste of money since the same level of security can be achieved with the free, open-source Bitcoin-core software, and you do not really know what software those magic ‘vaults’ are running (there were recorded cases of breaches and phishing).
And, when you think about it, it’s also kind of like trusting a 3rd party, right?
Ok, so I got the my cold-storage set-up, how do I exchange funds?
There are several options here, just choose your favourite.
- During the years, a number of open-source, decentralized exchanges appeared, such as BitSquare.
That is all great, however, to run those solutions you must run a 3rd party(cough cough) software on your computer along with the Bitcoin-core software, which introduces 2 additional problems:
- Cold/offline transaction signing is no longer possible.
- Despite being a professional open-source project, it still means you give the exchange software an unrestricted amount of trust, which increases your risks in case of any security vulnerabilities on their side.
Me myself, I agree with Ethereum’s founder & lead, Vitalik Buterin, on his post on the problem of trust.
The fewer, the Better.
2. Moving the funds to an exchange solely for the purposes of exchange / margin trading, and withdrawing those funds immediately once the trade has been executing.
Let’s analyse this solutions:
Simple as it may seem, it requires a complex chain of actions:
- Login, possibly using 2FA
- Deposit funds
- Wait till deposit is confirmed
- Place an order
- Wait for the order to execute / risk slippage by placing a ‘market’ order
- Finally, withdraw your funds back your wallet and logout
However secure, this chain of operations can be exhausting when done on regular basis.
3. Use an anonymous, minimal service like shapeshift.io or nexchange.co.uk
This option, which I consider the most suitable for the vast majority of the volumes traded on order books of the traditional exchanges, allows you to perform the 6 operations described in the previous option in a blink of the eye,
and at a similar cost considering the cost of your time (Maximal 1% of total spread on crypto-to-crypto trades on both sites, no extra fees).
The first option (shapeshit.io), supports dozens of the most liquid currencies, and completely anonymous trading, with nothing but your Public Key (Address) is exposed.
However, it also has somewhat of a price slippage when the traded amount is greater than 1 BTC.
The latter option (nexchnage.co.uk) currently only supports the crypto-majors (BTC, ETH, LTC), however it has no price slippage up to a 10 BTC order, with a price guarantee of 30 minutes, and a support also for 28 Fiat currencies (using various e-wallets, SEPA, Swift, SOFORT and Credit Cards).
It may also require a phone verification and basic KYC for funding using some fiat payment methods.
Disclosure:
The writer is the Founder of Nexchange, feel free to write us with requests to integrate new payment systems / cryptocurrencies, or any other matter.
