From attacks via the Internet, to social engineering methods, they put your BTC at risk.
Do not forget the precautions, even if the size of the funds is small.
“Talking about bitcoin is very popular among bitcoiners. What is not advisable is to talk about your bitcoin. Discretion is the first recommendation from Jameson Lopp, CTO of security firm Casa, dedicated to developing bitcoin security software. The specialist intervened last Friday, November 19 at LaBitConf, with a talk entitled The best practices to store your bitcoin.
Lopp offered in his talk concrete examples of the risks that arise when a user publicly comments on the BTC they own. He referred to a high-profile case on Twitter in 2017, in which a user pointed out that he had all his BTC on Coinbase. Within 24 hours he suffered an attack to replace the SIM chip of his cell phone and lost all his funds.
“Thieves cannot steal what they do not know you have,” says the specialist, adding that whoever does not comment with others about their bitcoins decreases the probability of attracting attention and being attacked.
Casa’s co-founder stated that the most prominent risk facing bitcoin is accidental loss of the private key. “In the early days of the protocol it was very easy to lose bitcoins and a lot of people did. It is estimated that so far there are about 4 million bitcoins lost, almost a fifth of all bitcoin that will exist, “says Lopp.
Part of that risk has been mitigated through technology, for example, through metal devices for storing bitcoin’s private key or through the use of multi-signature wallets.
The recommendation to write down the seed phrase, or the set of keywords that give access to a bitcoin wallet, and keep the paper “in a safe place” carries many risks, says Lopp. Paper is vulnerable to moisture or fire, among other eventualities, such as simply forgetting where it was stored.
The speaker gave details about the different options of metal supports that exist in the market to store keywords, and highlighted that one of the most recommended, due to its simplicity and efficiency, is the plate with a squared matrix, in which the respective letters of each keyword are marked with a perforation in the corresponding square.
The previous photo shows a plate that allows recording 12 words and on the right side it can be seen that there is no loss of data when it is subjected to fire. This particular plate is the size of a credit card. Standard-size ones store up to 24 words.
The necessary prevention
“An ounce of prevention is worth more than a pound of medicine.” With this phrase, Lopp highlights that the majority of bitcoin holders do not think about self-defense measures because they do not believe that they are targets desired by hackers. “Even if you consider that you have a modest amount of BTC, you must remember that once someone steals it, that action is almost always irreversible,” he says. The proof of the lack of prevention is in the number of BTC stolen, which is estimated at 2 million, says Lopp.
It also refers to the fact that if there are not, in general, greater security measures, the perception of the value of bitcoin could be affected. “If everyone were careless in properly safeguarding their assets, they wouldn’t be worth much.”
Regarding the risk of theft of private keys, for example, safes, hiding places or distribution of keywords can be used. To prevent digital theft, on the other hand, cold wallet storage is a highly recommended alternative.
The self-custody of bitcoin, through applications, is always subject to risks, says the specialist, and recommends multi-signature proposals, which offer greater security. It also warns against custody granted to third parties, for example to exchanges. “These exchanges have shown significant vulnerabilities against hackers, who constantly update their attack methods,” he says.
In addition to all the technology-based attacks, those that are based on social engineering are the hardest to containLopp argues. These attacks are based on deception and have proven to be effective in many types of scam.
As an example, he showed a communication via email, posing as the provider of a cold wallet. The intention of the communication was to warn that there were records of wallet failures and that the user had to enter the seed to solve the problem. The careful design of the message, with the provider’s logo, could convince some careless users, who thus hand over the private key and the BTC disappear in seconds, said the speaker.
Finally, he touched on a little-addressed aspect when talking about the security of bitcoin: the heritage of BTCs. The methods of safeguarding the private key are aimed at a single person having access to it. As a security provider, Casa has BTC funds protection plans that include conditional access by heirs to private keys, Lopp said.
At the end of last October, Lopp stated on his Twitter account that half of the bitcoin in circulation were in the hands of custodial companies, a fact that was commented on by CriptoNoticias. According to figures from Glassnode and Chainalysis, the amount of BTC in custody platforms is between 2.5 million and 8.5 million.