Is Bitcoin Secure?


Bitcoin security checklist

  • For online services:
    • Bitcoin services should be reliable and have a good reputation for providing support.
    • Always use 2-factor authentication for online services.
    • Disable API interfaces if not using them for robot trading.
  • For managing Bitcoins yourself:
    • Use a “deterministic” Bitcoin wallet.
    • Back up the wallet key remotely and make arrangements for heirs.
    • Test restoring backup before funding wallet.
    • Use an offline “cold wallet” for significant amounts.

Managing Bitcoins via an online service

  • Online Bitcoin wallets and exchanges usually have access to your Bitcoins depending on how they structure their service.
    • Some services may allow users to create their own wallet on their local computer but this requires the user to back up their wallet.
  • Online Bitcoin deposits are generally not insured.
    • Online Bitcoin wallets may not have the funds to cover losses if they lose your deposits or if a mistake is made.
    • There have been several losses as a result of Bitcoin exchanges losing funds due to negligence and theft.
    • Many exchanges where funds were lost displayed the logo of the Bitcoin Foundation; that is not an assurance that funds are secure.
    • Bitcoin exchanges generally do “off-Blockchain” transactions so there may be no assurance that they have the funds to cash out your account.
    • Newer Bitcoin exchanges are becoming more reliable but there is risk as with any financial institution.
  • Hackers try to install key loggers to steal passwords and take funds.
    • Online wallets should use “2-factor” authentication which means 2 pieces of information is needed to log in such as a password and a one-time code sent by text.
  • Application Programming Interfaces (API) used for trading robots should be secure.
  • Some exchange wallets are not designed for merchant transactions.
    • Some exchange wallets do transactions via script or after some other type of verification that may cause a delay and invoices may time out before payment is verified.
    • Some exchange wallets send funds from a central wallet and it may be difficult to prove payment was sent by you should there be a problem.
  • Bitcoin exchanges and wallets sometimes have poor or nonexistent support.
  • Experienced users generally manage Bitcoins themselves and only keep funds at exchanges when needed.

Managing Bitcoins yourself

  • Security of Bitcoin depends on the security of the secret “private keys” in the Bitcoin wallet.
  • The user is responsible for security and backups of their Bitcoin wallet.
  • A Bitcoin wallet is more like a key chain than a wallet.
  • If Bitcoins are lost that means the secret “private keys” were lost.
  • If Bitcoins are “stolen” that means that the private keys were compromised and used to transfer funds to another address.
  • Compromised “private keys” can be used in the future to transfer funds out.
  • Users should make sure to download valid software.
  • Users should not use the wallet that comes with the Bitcoin Core software because it lacks good features for new users.
  • A “deterministic” wallet should be used which means the wallet can be backed up with a single key and all addresses are “determined” from that key.
  • If a wallet is encrypted for security and the password is lost it may not be possible to recover the “private keys” and the funds will be “lost.”
    • If you have a partial password some services have adapted password cracking tools to Bitcoin wallets.
  • Practice restoring wallets from backups before depositing funds in them.
  • Backups may be electronic or a paper printout of the key or keys.
  • Backups need to be saved remotely in case of fire, flood, or local disaster that affects an entire geographic area.
  • Backups are generally a list of words or random characters and the backups need not be labeled as Bitcoin backups.
  • Arrangements should be made to pass the Bitcoin wallet to heirs in case of incapacitation or death.

Bitcoin transactions are irreversible

  •  Bitcoin transaction is irreversible once it is has several “confirmations.”
  • A “Confirmation” means the transaction has been included in a block in the Blockchain.
  • “6 confirmations” means 5 more blocks have been added to the Blockchain after the transaction was first included in a “block.”
  • The rule of thumb is to wait 6 confirmations before a payment is considered essentially irreversible which takes 1 hour on average.
  • A “double spend” is where 2 different transactions spending the same Bitcoins are sent to different parties; eventually one transaction will have multiple confirmations while the other will be invalidated.
  • Merchant services companies report little or no issue with “double spending” in practice.

Merchant verification not required for payment.

  • Bitcoin increases security of personal information because merchants don’t need to collect information to verify payment.
  • Bitcoin transactions are irreversible so payment is guaranteed and there is no chance of a “chargeback” weeks or months in the future.

All Bitcoin transactions are traceable.

  • The Bitcoin shared ledger, the Blockchain, is fully open and all transactions are visible
  • Transactions create additional “change” addresses that obfuscates the path of the Bitcoins
    • If you have 3 Bitcoins and send 1 to someone else, 2 bitcoins gets sent to a newly created “change address” in your wallet.
    • If coins are later joined together in future transactions it may be possible to tell which addresses are “change” addresses under certain circumstances.
      • Using Multiple wallets or using tools like the “coin control” feature in Bitcoin Armory can be used to prevent the mixing.
    • Online services such as Blockchain.info try to guess which addresses are related and create a “taint” percentage that tries to show which addresses are related but it is not usually definitive.

Escrow and mediated transactions

  • Since Bitcoin transactions are irreversible many use Escrow/mediation services.
  • Standard escrow is where some holds the funds which are released after the parties are satisfied.
    • Some services combine dispute resolution with escrow services.
  •  Bitcoin transactions can be done by requiring “2 of 3” users needed to approve the transaction.
    • If the buyer and seller agree the mediator not needed and you have 2 of 3.
    • If there is a dispute the mediator is the second approval party and decides who gets the funds.
    • Unlike escrow, the mediator never has access to the funds.

Physical Bitcoin Security

  • Physical Bitcoins may mean that the issuer has the private key and can transfer the funds at a later time.
    • Some issuers use a split key where the seller never has access to the funds once the item is “loaded” with Bitcoin.
    • The seller uses the code and the buyer will need the password in the future to access the Bitcoins.

Bitcoin gaming.

  • Many Bitcoin casinos and betting services are available.
  • Payments can be made without collecting personal information since payments are irreversible after several confirmations.
  • Payoffs can be made much quicker than traditional online betting sites.
  • Some services use cryptography to verify their games are fair but the explanations often requires some knowledge of cryptography.
    • A “cryotographic hash” can be used to ensure data was not changed without giving the data beforehand.
      • Sites could provide a “hash” of the list of all cards to be dealt before the bets.
      • After the bets the site can provide the full list and the user can check the hash to ensure nothing was changed.
      • There still may be ways for the site to cheat depending on the system used.

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>