Bitcoin and cryptocurrencies are hot topics right now but they’ve been getting all the wrong kinds of press as the news is dominated with stories about hacks, theft and security issues. (Discover the basics of this cryptocurrency in What the $#@! is Bitcoin?)
In February 2014, what was perhaps the best-known bitcoin exchange, Mt. Gox, filed for bankruptcy. Then, in March, Vircurex declared its insolvency.
Bitcoin has had many other roadblocks too. Its association with online black markets like Silk Road, which was shut down by authorities in 2013, continues. Its market price has also been volatile (to say the least).
As if that weren’t enough, bitcoin also has a growing malware problem. According to a study released by Kaspersky Labs, Financial Cyber Threats in 2013, six million detections of malware were discovered in 2013 that could compromise a bitcoin wallet, a staggering growth from 2012. The study also noted the rise of two new kinds of malware – one that steals from wallets and the other that downloads software to "mine" bitcoin.
"When we look at the issues associated with Bitcoin… mining, malware and drive-by downloads are on the rise and there’s been a number of high profile examples," says Raj Samani EMEA CTO of McAfee. "Of course, Cryptolocker was one of the first examples of ransomware being used for bitcoin. The other challenge we’re beginning to see is the role of bitcoin as it relates to the payment mechanism for cybercrime." (Learn more in PowerLocker: How Hackers Can Hold Your Files for Ransom.)
This can be seen in the growth of online gambling networks that only take payment in bitcoin or illicit activities like the aforementioned Silk Road.
"There’s no doubt that as bitcoin becomes more mainstream, criminals will focus their efforts on these particular currency platforms. Much as you’ve seen Android as the prominent mobile platform and now 97% of malware is on the Android platform, it’s about risk/reward for the criminals," says Samani, who authored the McAfee white paper "Digital Laundry: An analysis of online currencies, and their use in cybercrime."
Making Sense of What to Do With Your Bitcoin
When it comes to keeping bitcoins secure, you can apply many similar principles to bitcoin as you do to cash, says Samani, but only to an extent, especially since the risks that come with bitcoin are much greater.
"The penalties for getting it wrong are much higher with bitcoin than, for example, if you misplaced your credit card or you spent your money at Target," he says. "With bitcoin, if you lose it you’re stuffed."
So, if you accidentally toss out your hard drive with some bitcoin on it, that’s all on you.
"It’s buyer beware," explains Samani on how to use your coins and where to keep them, "if you’re going to put all of your eggs in one basket, in a single exchange, then you have to take that due diligence personally."
Even many exchanges tell you not to put all your bitcoin in their exchange as they are not banks, but there are some similarities nevertheless. According to Michael Perklin, president of Toronto bitcoin security firm Bitcoinsultants, bitcoin shares many properties with regular money management. You wouldn’t walk around with all your savings in your pocket – it’s in the bank. By extension, leaving all your bitcoins in one digital wallet is also a bad idea.
"The majority of your funds should be a little more difficult to access like in a bank account. In the case of bitcoin, [this is done using] something called cold storage or a paper wallet," says Perklin. "Cold storage is a generic term that means a wallet that’s not connected to any network or to any computer."
To access the funds in cold storage, you need to be physically in its presence and because the device is not connected to a network, malware will not be able to find your bitcoin keys.
More Addresses = More Security
Perklin says that it is best practice for users to have multiple addresses, even hundreds. Using only a select number of addresses or holding too many funds in one address are some of the biggest mistakes bitcoin users can make.
The other reason for having so many addresses is privacy. That’s why it’s becoming an industry standard among bitcoin service providers. Most bitcoin software now supports this under the hood, without the user having to think too much about it.
"In practice, as you’re walking around the city and you buy a coffee here and a donut there, every single purchase means you need to create a brand new account," explains Perklin.
"This is done by design to protect your privacy because if I learned that you had address 1ABCDE, maybe because I owed you $5 so I’ve given you $5 to that address, at any point in the future, I can see how many funds you have in that account," Perklin said. "For privacy it’s not ideal to stick with one bitcoin address because once someone learns that that address is yours, from that point on, they can track every purchase you make."
When Something Goes Wrong
If you’re checking your balance and the bitcoin provider in question has been compromised, what should your reaction be? If you have concerns with your provider and how they’re managing your funds, you should consider changing right away. With bitcoin’s volatile nature, making this decision needs to be much quicker than changing banks to avoid being robbed.
"It’s easy for you to create a brand new bitcoin address on another service or on another wallet or on another machine and then send all of your funds to this new wallet," Perklin said. "If the attack is still in play, by the time they get to the rest of your funds, you’ve already moved them to a new address and they are inaccessible."
What Newbies Need to Know
For newcomers, things like privacy settings and cold storage are aspects to consider, but most important is a bitcoin exchange and service provider. With exchanges going under, making a wise decision on a provider is vital.
Trust is imperative and exchanges need to earn that trust from their users.
"I recently did a story with the Wall Street Journal on Coinfloor, and what they talked about was having a transparency with regard to the amount of money that they have within their exchange," Samani said.
These sorts of measures have become necessary post-Mt. Gox in order for exchanges to gain and maintain trust.
"One of the things that [Coinfloor] is trying to do is give transparency, to show you how many bitcoins they actually have," Samani said. "But the reality is that for most people that’s going to be complicated to even understand."
This brings us back to due diligence and making responsible decisions. Don’t use the exchange as a bank, even if they offer cold storage.
"In the banking sector it’s called KYC: know your clients. Well, in this particular example it’s KYE: know your exchange. Be comfortable with the level of security that they tell you they have and certainly don’t put all of your eggs in one basket," Samani said.