It’s really scary in Bitcoin land. Either you store your coins online and worry about hackers, or you store them offline and worry about burglars, fires, etc.
I’m starting to appreciate the government enforced protections a traditional bank account provides.
There's a very simple solution if you care about security.
Buy a hardware wallet (e.g. Trezor in my example) note down the 24 words that are basically your privatekey. But enable the passphrase (25th word/phrase) which you type yourself and could keep just in your mind.
You have the safety of multiple backups for the 24 words and the extra security from burglars and others with the 25th passphrase.
It also serves as a plausible deniability because when you input your passphrase it will never say it's incorrect, it will merely open a different wallet (generate a different private key).
Helps with the $5 wrench attack. You could setup a "fake" wallet with some activity and a low amount of Bitcoins, and have a different passphrase for the real wallet with the big amount.
If you're handling millions of bitcoins, belonging to other people, I would go with something more hardened than a Trezor. Hardware Security Module with M of N authentication... Use that as a main vault. Keep a smaler number available as liquid. I don't understand why this isn't common sense among these people.
The products I'm talking about are tens of thousands of dollars, but that's a drop in the bucket compared to the security architect that will set that up. This is not a solution for personal use. If you are in this kind of business, and are honestly clueless, then you probably need to be looking to hire a security director who is qualified to handle this. I'll probably venture to say that only the founder/owner or CFO/controller of the company should ever, EVER have unrestricted access to the vault wallet, and depending on the size of the company then even that will need to be addressed somehow (of which I have no idea the best practice on). The security chief does not need to have unlimited access to this in order to do his job. I'd not trust one who asked for such access.
"Simple" ones start at about 5k but require a proper business to buy and can usually do m of n. If you want to go all out you should write your own firmware module and use that. Those engineers are even more expensive than the security architect.
And how would that help Nicehash? They have automated processes paying out amounts. An inside job is enough. Some disgruntled employee having access to scripts and giving someone the private keys the script accesses and KABLOOM!
M of N requires multiple private keys in order to withdraw. The script that handles the automated payouts would have access to a wallet that has a relatively small amount of money. When that wallet gets too low or too high, the security and finance team can go to the HSM with their keys, and perform an agreed upon transfer of funds from the vault wallet to the online wallet, or vice versa.
I won't say it's impossible for the vault to get robbed, but with a proper security setup, such a heist would be unprecedented. It could even garner some respect on this forum (toward both the attacker and the victim), rather than shame. The online wallet could get hacked, but it would be a smaller fraction of the funds lost, rather than the entire farm. Of course, if you have a decent security team, they'll also be taking other measures to lower the likelihood of that happening. And unless you pissed the wrong people off, you'd be very unlikely to be sunk due to a random hacking. You would be too difficult of a target for it to be worth even trying.
Disclaimer: I'm not a security specialist, so don't take this as real security advice. However, was technical lead for payments system of a non-crypto fintech company (this doesn't imply that that company's security is or isn't set up in this way).
Indeed, my suggestion was merely about an approachable secure way for everyday people. Business etc. have do as you say and have more sophisticated setups.
This sounds pretty good, but what if the $5 wrench attacker knows your real wallet needs 25 words, and not just 24... Wouldn't they just hit you with the wrench a few times until you added the 25th word?
That's not how it works. You create two wallets with the same initial 24 words and a different 25th word, and put a small amount of money in the second one. If an attacker has the first twenty four words and tries to beat the 25th out of you, you give them the word that unlocks the fake wallet. They have no way of determining if you have more than one wallet, or how many you created. The only way they could tell it was a decoy would be if they had some other way of knowing the approximate value of your wallet.
Or scopolamine. Who needs a wrench when you've got angel's trumpet growing on the fence outside? Especially when it comes to the right 25th word (or the right VeraCrypt volume password, etc).
Your tone showcases your emotions.
I can send bitcoins to anyone that wants to accept them, anytime.
I can send my USD only if my bank permits me to do so and depending on their schedule.
That's one of the core values for me, however I can see that people are used to or just fine with their current bank relationships. Thinking that it's either the one or the other that work for everyone is naive.
“I can send my USD only if my bank permits me to do so and depending on their schedule.”
I can login to my online Bank of America account now and transfer money to most anyone I know in about 100 countries. I can do the same from my bank account in A foreign bank account.
Freedom = I don’t want the government to know. I don’t have anything to hide and I am perfectly fine with the government seeing to whom I send/receive my money.
But bitcoin’s utility of it being a mechanism for transactions is over. It has become a mechanism to hoard wealth. The same way Tulips were used to hold wealth. The bulb will burst and it will lose that mechanism as well.
That said I think crypto currencies are the future...I just don’t think it’s bitcoin...
Crossing into outright incivility is definitely the wrong direction to take a discussion on HN. Please read the site guidelines and please don't do this again.
FDIC insures up to 250k so you have to spread it around to get protection above that. Not like that is a problem to most people just saying there are limits to that protection.
Crypto currency accounts have some massive accounts now, not sure those would be covered much in those cases even with FDIC protection though it would be nice.
If there truly was a banking crash where more banks went down than in the Great Recession, I wonder how FDIC would hold up based on how many over leveraged games were being played that led to that implosion. Crypto currency is probably a reaction to that as well, trust in banking is immensely low in history.
You can store your bitcoins online (in multiple places for redundancy) in encrypted file you never decrypt. You can still send new bitcoins to that wallet.
When you finally do need to withdraw some bitcoins you just set up clean linux system, download the file, decrypt it, make a transfer, encrypt it again and upload (if you don't withdraw often you can skip that because such offline wallet (at least the one generated by bitcoin core client) can handle few dozens outgoing transfers before you need to update it).
Then you don't have to worry about burglars, fires or hackers. You just need to worry about remembering your password. And about the portion of bitcoins you keep elsewhere to pay for things or trade.
> You can store your bitcoins online (in multiple places for redundancy) in encrypted file you never decrypt.
> Then you don't have to worry about burglars, fires or hackers. You just need to worry about remembering your password. And about the portion of bitcoins you keep elsewhere to pay for things or trade.
This accounts for confidentiality but does not preserve the integrity or availability of the wallet and for those reasons is far less secure than you believe.
I would like to see banks operate Bitcoin accounts.
The bank operates its own wallets, you transfer your Bitcoin to theirs (or just buy it from them.) Keeping the Bitcoin safe is their responsibility. If you want to spend the Bitcoin, you can transfer it back to your own wallet, or directly to the payee. You pay them some fee to do this.
Now, it has obvious downsides. Less privacy. Easier for the government to confiscate your Bitcoin. The bank could go bankrupt. But, a person might rationally reason that those possibilities are less likely than them stuffing up a wallet maintained by themselves. Especially if it was a major bank that they might reason is unlikely to go broke. Obviously the Bitcoin account would not be government insured so if the bank goes bankrupt you might lose it all.
If criminals break into your account and steal your Bitcoin – if it is due to a problem at your end, e.g. a key-logger on your machine, the bank shouldn't owe you anything. If it is because the bank screwed up, they should be liable to compensate you for the loss.
Isn't that mostly the situation we're in with the places that are getting hacked?
BitcoinBank holds your bitcoin. Keeping the bitcoin safe is their responsibility. They get hacked and someone takes the bitcoin from them. They're liable to compensate you for the loss, but they don't have the money to compensate you with - someone stole it all.
Is the difference that a bank like Bank of America would have non-bitcoin assets to compensate you with? That is to say, the hypothetical BitcoinBank gets $65M of bitcoin stolen and that's 100% of their assets so you're out of luck. BitcoinBank owes you money, but doesn't have any. However, if Bank of America had $65M stolen, you could expect them to have other assets to cover that loss and make you whole.
I think the issue is that would cost a lot of money. Would you be willing to pay 2% of your bitcoin per year for this insurance?
I think one of the reasons that our current financial system works well against fraud is the ability to undo many transactions and detect fraud in addition to swallowing losses. If you try to spend $10M, that's likely to cause fraud alerts. If you're shipping goods to someone else and they're expensive, you'll again get fraud alerts. If you're transferring money between banks, it can have certain fraud-protection oversight and has a certain ability to be undone. A lot of this comes from lack of anonymity and limitations. A $5 transaction isn't suspicious and doesn't carry the same risk as a $5M transaction. Most bank to bank transfer systems have daily and monthly limits on them. The banks know who owns the accounts and can confirm if it's the same person. Banks generally have some latitude to undo transactions. Banks can see where you purchase things and determine whether it's suspicious. Banks have centralized places where they determine whether to permit a transaction.
> However, if Bank of America had $65M stolen, you could expect them to have other assets to cover that loss and make you whole.
That's exactly my point. Asking some cryptocurrency startup to look after your bitcoin, if they get hacked, they'll probably go out of business and you will lose everything. A major bank, with billions (or even trillions) of dollars of non-cryptocurrency assets, they will survive the theft of a few million (or billion) dollars worth of bitcoin, and have plenty left to compensate you with.
> I think the issue is that would cost a lot of money. Would you be willing to pay 2% of your bitcoin per year for this insurance?
Some people will probably say yes. If you expect bitcoin to go up by substantially more than 2% pa, 2% might be a reasonable amount to pay to reduce the risk of holding it yourself.
> Banks generally have some latitude to undo transactions.
I don't expect banks would apply the same rules to cryptocurrencies given the inability to reverse. For example, if you make a typo in the target account for a bank transfer, with normal currency the bank will probably just reverse it for you if you call them, with bitcoin you've lost your money. The threshold for compensation would be much higher. But still, if the bank loses your bitcoin due to their own negligence (as opposed to your own negligence), they'd be liable for that.
Can banks reasonably do this with current money laundering rules?
Is the margin of 2% sufficient to cover costs + risk?
Incidentally - when a bank account gets hack the bank compensates a single person worth of $. However every bitcoin system seems to revolve around keeping all of their eggs in a single basket for some reason. Surely the complexity cost is worth the additional security?
If the bank is holding your Bitcoin, what is the point of using Bitcoin at all? It is just an extremely inefficient centralized currency at that point.
As an investment. If a person believes Bitcoin is going to continue to go up in value, they might want to buy a lot of Bitcoin, but have someone else manage the safekeeping of that Bitcoin they bought.
I'm one of many people kicking myself that I didn't buy Bitcoin years ago when I first heard about it. And now I'm wondering if I should buy some now, because there is a decent chance it will continue to go up (in the long run). But if I could pay a modest fee for someone I trust (like a very big bank) to look after those Bitcoins for me, I might consider it.
Sure, but to say that is to say that bitcoin's "unique investment opportunity" is akin to that of pieces of irreplaceable artistic value ... or tulips of irreplaceable biological heritage.
Once people believed bitcoin could be a currency, a medium of exchange that could be used for the ordinary transactions people used ordinary cash for. Now, it's an "investment vehicle" hurdling down the road that gold, natural gas futures and similar things went gone after 2008 when the Fed began QE in earnest.
> I'm one of many people kicking myself that I didn't buy Bitcoin years ago when I first heard about it. And now I'm wondering if I should buy some now, because there is a decent chance it will continue to go up (in the long run). But if I could pay a modest fee for someone I trust (like a very big bank) to look after those Bitcoins for me, I might consider it.
I'm one of those who looks at the 2013 spike and 2014 crash, and wonders what's different this time around.
I would like to see banks operate Bitcoin accounts.
This is completely antithetical to bitcoin. Upon reading that sentence, I thought surely this is a joke.
Not only is a bank account for bitcoins completely antithetical to the very notion of bitcoin, but it eliminates any need for bitcoin's central innovation, a distributed, unified verification system in the form of a 'blockchain,' generated by a clever utilization of P and NP.
Money is fungible, it doesn't really matter if I have dollars, or pesos, or yen in my bank account. The only reason you want a bank account for bitcoin is because you want a bank account with magic internet money that magically, irrationally increases in value until it doesn't. And you don't want the headache of worrying about all the potential missteps when messing about with your magic internet money.
The whole point of offline storage is to guard against the risk of whatever internet-connected device you use to store your keys getting compromised.
If you make a mistake or fall victim to an attack that lets someone steal the encrypted file containing your key, there's a good chance the attacker will also be able to install a keylogger and get your passphrase.
The way I do it, is have a bootable usb stick with a clean install of Tails OS that has all my crypto stuff. I also have a gpg encrypted seed file on my google drive as a backup with MFA turned on.
I don't think offline storage is necessary as long as you're certain your system is clean, which a clean linux install helps.
If he can run a keylogger on whatever computer you use to unlock your wallet, then it does it really matter whether you store it offline on USB stick in a safe or not.
That's where hardware wallets like Trezor or KeepKey come into play. Any transactions are signed on the device and sent back to the computer; your private keys never leave the device.
With no backup? What if you suffer a massive head trauma (or an unfortunate death), no way to recover your millions of dollars for friends and relatives? I'm guessing people put this stuff in their wills these days, how secure is a will?
I have an encrypted file with online banking passwords, account numbers, etc for my wife.
It's on a USB stick in our fire safe, and also in our safe deposit box along with a passphrase hint that my wife or daughter would understand, but is not obvious to an outsider.
There are three widely-used approaches to managing your own keys:
1. Store the keys on your own device, and also write them down on paper as a backup.
2. Store the keys on a dedicated piece of hardware, and also write them down on paper.
3. Encrypt the keys with a username/password and back that up to the cloud.
Option 2 protects against all kinds of malware, including keyloggers. The device has its own screen and buttons, so you can see the backup keys and verify the destination of the funds without trusting you PC.
For the paper backups in options 1 and 2, there are fireproof options like cryptosteel.
Option 3 gives a really nice UX, since it's feels like a standard username/password login. This is what Lastpass does for passwords, but applied to Bitcoin. Keyloggers are still a threat, and if your password is weak, someone might brute-force it in a database breach situation. Depending on your use-case, this may be worth the tradeoff.
The company I work for, Airbitz, implements option 3. In our experience, far more people lose funds accidentally than due to hackers (at least with self-managed keys). Therefore, a familiar UX is crucial to helping users retain control of their funds. Plus, most people aren't willing to invest in specialized hardware, at least at first. If crypto-currencies are ever going to go mainstream, there needs to be a software-only on-ramp.
While I tend to fully agree with everything you are saying wouldn't it be a nice side effect if Bitcoin / crytocurrency dominance forced the average computer user to get serious about password creation and management?
There are other options in Bitcoin land to protect against theft. If the online wallet uses multisig then it requires a signature from yourself before they can take the funds. If they're hacked then the hacker can't spend the coins.
We should not be supporting these criminals, most likely based out of Russia or China. It's my biggest gripe with Bitcoin. By buying Bitcoin you are indirectly supporting them.
I’m starting to appreciate the government enforced protections a traditional bank account provides.