Maximizing Bitcoin Security

By Andreas M. Antonopoulos / October 26th, 2015

Bitcoin allows anyone to be his or her own bank. If that sounds to you like a potential scenario for chaos, it’s only because you haven’t yet heard of the great lengths to which Bitcoin users can go to ensure the security of their “one-person banks.” By following a handful of basic security guidelines, they can achieve a level of security for their money that is actually unavailable in the banking world as we know it.

The truth is that banks are barely able to keep accounts secure. Although banks promise to have your deposited funds available for you, none of them could withstand a “run” in which all depositors simultaneously decide to withdraw their funds. In that respect, bank funds are just an abstract reference to value, because your money isn’t really there. It’s just a number in a ledger, but the actual money is out on loan to the bank’s borrowers.

Bitcoin is different. Instead, it functions very much like digital cash or gold. Once sent to your Bitcoin address, it is entirely within your control; you maintain it, and when you want to use it for a purchase, it is there for you—yours and yours alone.

With Bitcoin, possession gives 100 percent control. With this great power comes great responsibility.

Having the keys to unlock a bitcoin is entirely equivalent to possessing a chunk of precious metal. Which means if you misplace it, have it stolen or accidentally send the wrong amount to someone, you would have as much recourse as if you dropped cash on the sidewalk and didn’t notice until you got home.

However, Bitcoin has capabilities that cash, gold and bank accounts do not. A Bitcoin wallet, containing your keys, can be backed up like any file. It can be stored in multiple copies, even printed on paper for hard-copy backup. A backup of bitcoin keys is as good as possession of the original keys. You can’t “back up” cash or precious metals. Banks can recover funds for you, but only at their discretion. And they can also confiscate funds, adding a risk that doesn’t exist in Bitcoin. Bitcoin is different enough from anything that has come before that we need to think about its security in a novel way, too.

What should end users do to secure their Bitcoin wallets? Here are five guidelines:

Balance The Risk of Loss and Theft

While most users are rightly concerned about theft, loss is an even bigger risk. Data files get lost all the time, but if they contain bitcoins the loss is much more painful. In the effort to secure their Bitcoin wallets, users must be very careful not to go too far and end up losing the bitcoins instead.

In the summer of 2010, a well-known Bitcoin awareness and education project lost almost 7,000 bitcoins. In an effort to prevent theft, the owners had implemented a complex series of encrypted backups. In the end they accidentally lost the encryption keys, making the backups worthless and losing a fortune. Like hiding money by burying it in the desert, if you hide it too well you might not be able to find it again.

Use Two-Factor Authentication

Many first-time users will use a web-based wallet or online service as their Bitcoin bank. Unfortunately, this has led to a rash of thefts from Bitcoin users, almost all due to compromised desktop computers. Hackers will install trojans and keyloggers looking for access to well-known Bitcoin sites. As soon as users log on, their own computer will compromise the account and surreptitiously transfer all their money to another Bitcoin address. Once stolen, there is no recovery, as Bitcoin transactions are not reversible.

The most effective defense against this attack is using what is known as a “two-factor authentication scheme” or using a smartphone application to generate one-time codes. (See Google Authenticator or Authy.)

Bitcoin is different enough from anything that has come before that we need to think about its security in a novel way, too.

Spread The Risk

Would you carry your entire net worth in cash in your wallet? Most people would consider that reckless, yet Bitcoin users often keep all their bitcoins in a single wallet. Instead, users should spread the risk among multiple and diverse Bitcoin wallets. The prudent user will keep only a small fraction—perhaps less than 5 percent—of his bitcoins in an online or mobile wallet as “pocket change.” The rest should be split between a few different storage mechanisms, such as a desktop wallet and offline storage as described below.

Use Multi-Signature Wallets

Multisignature, or multi-sig, is a powerful feature that was added to the Bitcoin core protocol in 2012. Like a bank safe deposit box, where two keys are simultaneously used to unlock a single box, Bitcoin’s multisig feature allows users to secure their bitcoins using multiple keys. Unlike a bank safe deposit box, which offers limited configurations (typically two of two keys), Bitcoin can currently support up to fifteen total keys with any configuration of required signers.

Currently the most popular multisignature configuration is 2-of-3, where you hold two keys and a wallet provider or some third party holds the third. The most popular configuration for businesses is 3-of-6, where three executives in a company each hold one key, two keys are stored at different off-site cold storage locations, and the last is held by a third party for recovery purposes only.

In summary, Bitcoin is a completely new, unprecedented and complex technology. The industry has grown considerably over the past six years, demonstrating an incredible rate and breadth of innovation. Over time we will develop better security tools and practices that are easier to use by non-experts. For now, Bitcoin users can employ many of the tips above to enjoy a secure and trouble-free Bitcoin experience.

Use Physical Storage or Hardware Wallets

Bitcoin keys are nothing more than long numbers. This means that they can be stored in a physical form, such as printed on paper or etched on a metal coin. Securing the keys then becomes as simple as physically securing the printed copy of the bitcoin keys. A set of bitcoin keys that is printed on paper is called a “paper wallet,” and there are many free tools that can be used to create them. Another way to store bitcoins securely is in “hardware wallets”: devices designed to securely store bitcoins. These hardware wallets allow non-expert users to attain an almost foolproof level of security. Unlike a smartphone or desktop computer, a purpose-built Bitcoin hardware wallet has only one purpose and function—to hold bitcoins securely. The devices don’t run general purpose software and have simple interfaces that work to limit opportunities for compromise. (See Trezor, Case, and Ledger.)


By Andreas M. Antonopoulos

Andreas M. Antonopoulos is the author of "Mastering Bitcoin" (published by O'Reilly Media), considered by many the definitive technical guide to Bitcoin. He is an expert in security and distributed systems, an entrepreneur and a coder. He has founded six companies and advised hundreds more in a career spanning two contients and more than two decades. He can be contacted on twitter as @aantonop or at http://antonopoulos.com.