One of the greatest technical challenges in working with Bitcoin has always been finding an effective way to secure it. Although financial security is a serious and complex issue regardless of the underlying financial system that is being used, warranting billions of dollars of spending on the part of major banks every year, in the case of Bitcoin the scale is tipped in favor of the attacker even more than it normally is. There are two key factors that contribute to this: irreversibility and anonymity. Irreversibility means that transactions, once completed, cannot be reversed, so if a Bitcoin exchange is hacked there is no way to force the money back automatically as might be possible under a centrally controlled banking system. Anonymity means that there is no way to tell who or where the thief is physically through the financial system, leaving investigators with very little evidence to work with (although on one prominent occasion a $310,000 thief was caught through other means). Although Bitcoin is technically far more secure than most other financial systems available, in practice its digitally slippery nature means that even the tiniest security flaw in implementation is magnified greatly, and so it is only with services that are quite secure by themselves do Bitcoin’s advantages truly shine through And, over the past two years, we have seen a number of very painful reminders that we are simply not there yet. A list of top 20 Bitcoin heists exists on the Bitcointalk forums, showing a number of incidents in which tens or even hundreds of thousands of dollars were suddenly whisked away, leaving entire companies nearly, or totally, bankrupt in an instant.Even more so than black market activity, such security breaches have arguably been the largest stain on Bitcoin’s reputation. A MtGox hack in June 2011, in which the currency’s price appeared to drop from $17.50 to $0.01 within a day (although it is highly misleading to say that it actually did drop to $0.01), is one of the most often cited incidents by journalists attacking Bitcoin, and for many the various security incidents of 2012 have only strengthened the negative impression originally set by the series of security breaches
that the summer of 2011 brought. Even Bitcoin’s core developers admit that the currency won’t be truly ready for the masses until the security problem is solved.
In the past two weeks, however, three incidents took place which provide a convincing argument that we are well on the way to getting there. The first is, perhaps counterintuitively, another theft. On March 4, BitInstant announced that an unknown intruder had gained access to their VirWox account and made a series of withdrawals to three unknown addresses, presumably their own. The total amount lost: $12,480. Not $1.1 million, like the MyBitcoin scam of 2012, not $90,000 to $310,000 like the four major 2012 thefts from Bitcoinica and BitFloor, and not even the $15,000 that was the size of the February 2012 Bitcoinica theft that almost no one has even heard of, but simply $12,000 – only a rounding error for a corporation of BitInstant’s size. But it wasn’t just the fact that the incident was small that is surprising, but rather what the attacker did to get the money.
BitInstant writes on their blog:
The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother’s maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account). We immediately realized what was going on, and logged in to change the information back. After changing this info and locking the attacker out, overnight he was able to revert my changes and point our website somewhere else. Site5 is denying any damages, but we suspect this was partly their fault. After gaining access, they redirected DNS by pointing the nameservers to hetzner.de in germany, they used hetzner’s nameservers to redirect traffic to a hosting provider in ukraine. By doing this, he locked out both my login and Gareths’ login and they used this to hijack our emails and reset the login for one exchange (VirWox), enabling them to gain access and steal $12,480 USD worth of BTC. No other exchanges were affected due to either Mult Factor Authentication, OTP, Yubikey’s and auto lockdowns.
BitInstant have since learned their lesson, and are now using multifactor authentication for their VirWoX account as well.
Now, compare what it took to steal $310,000 from Bitcoinica last July:
Unbeknownst to us, Tihan was using the mtgox api key as the password for a website called LastPass … Whoever is responsible for the latest theft used the MtGox API key as a password in LastPass hoping that simple security measures were not followed in the setting up of the LastPass. They gained access to MtGox. They transferred a third of the refund money, presumably to themselves.
The MtGox API key was made public in a source code leak a few days before the hack, an enterprising digital hacker decided to try the key as a password on LastPass, and, voilà, the thief earned himself a small fortune. In the case of BitInstant, on the other hand, it took a complex procedure including a form of domain spoofing and social engineering to get anywhere, and the profits were over twenty times smaller. The flaws that the attacker used were not unique to Bitcoin; these are attacks that can be used against businesses no matter what industry they happen to be in, and in the case of social engineering even those that have nothing to do with the internet are not secure. If BitInstant’s defenses after this hack represent anything less than top-notch security, then it is safe to say that pretty much no one is secure.
The second development in Bitcoin security comes from Exante’s recently announced Bitcoin Fund, a Malta-based hedge fund that intends to open the door for institutional investors to enter the Bitcoin markets. The fund will also be the first professionally developed way for investors to trade bitcoins on margin, long and short, and the shorting functionality in particular may turn out to be a significant boon for Bitcoin’s stability.
But the maintenance of such a fund poses a significant security challenge. Exante is in possession of $3 million worth of bitcoins, and if the bitcoins are lost or stolen the fund will have no choice but to shut down in an instant. Exante, however, has risen up to the challenge, and the security measures that they describe are impressive. First of all, the private keys themselves, stored in a BitcoinQt wallet.dat, are encrypted with AES256. The data is then stored in a TrueCrypt container on three flash drives. The container password is then split into three parts using a mechanism known as Shamir’s Secret Sharing. The way basic 2-of-3 sharing works is this: suppose you are trying to hide a secret value,
. Pick a random
, on about the same scale as x. Write down three numbers in three separate places:
. Obviously, no single piece by itself will help you find
. However, if you have any two of them, it’s very easy to combine them in order to get x back, either directly by adding or subtracting
or indirectly by taking
and then dividing by 2 to find
. Shamir’s Secret Sharing is a clever mathematical generalization of this; for example, you can “split” a number into 15 pieces such that any 9 of them (but no 8 of them) are enough to get the original number back. This provides security against theft and redundancy of loss at the same time. Strictly speaking, SSS is unnecessary; multisignature transactions accomplish the same thing using the scripting power of the Bitcoin protocol directly. However, it is effective, and is used to store critical data like root SSL certificate authority private keys, which can cause millions of dollars of damage if leaked. Finally, each flash drive is duplicated several times and the pieces are stored in three separate jurisdictions.
This is the security setup that the team at Exante has deemed strong enough to store millions of dollars of bitcoins securely. This is the gold standard that all major Bitcoin businesses that handle such large quantities of customer funds can aspire to, and it provides a level of security comparable to that used to store data or physical objects tens or even hundreds of times greater in value. Most businesses will, of course, not need nearly so much protection; this level of security is reserved for high-level financial services, but what is important is that, for the first time, a group of professional, internationally trusted and established hedge fund managers has decided that Bitcoin can be made secure enough to be taken seriously.
|BIPS tape archival unit|
Finally, we also have another development in Bitcoin security, this time coming from within the existing Bitcoin community: BIPS. The new merchant platform from WalletBit includes a number of upgrades, including significant improvements in usability and, in some cases, lower fees than BitPay, but where BIPS truly stands out is in its security. Like all other major merchant services and exchanges, BIPS keeps most of its funds in cold storage. Its cold storage platform, however, is one of the most advanced that have ever been implemented for use with BTC. BIPS’ Kris Henriksen writes, “without revealing to much of our infrastructure, we backup to 1 SAN (12 WD Red harddrives), 2 NAS (5 WD RED drives) all running raid 6, and then from there to the robotic tape library”, and director of marketing Adam Harding adds “BIPS follows the same security practices as WalletBit and even more so. This includes regular tape backups of every server stored in a fire proof faraday cage under lock and key. This is the same feature we offer for our cold storage with an additional password only the user knows but in the event of a global EMP, the bitcoind is backed up every hour.” Tape backups are a method of data archival that, Harding adds, “is the most reliable backup method out there and still used by every major organization.” The tapes themselves are stored in a datacenter in Denmark, although the hard drive backups ensure that there is no single point of failure against loss. BIPS’ security scheme is not quite as impressive as that created by Exante; a form of secret sharing is technically used in the RAID 6 implementation, but multi-jurisdiction or even multi-location storage is not yet something that BIPS have implemented. However, for the tiny startup that BIPS is, the setup is quite impressive.
What all of this shows is that Bitcoin security is now being taken very seriously, and established Bitcoin businesses have developed comprehensive security policies and physical systems that are proving increasingly effective against attack. There are still details to be ironed out; two months ago, another Bitcoin exchange lost its funds primarily due to a disappeared shareholder with sole access to the cold storage USB, and mechanisms for Bitcoin exchanges to demonstrate solvency and possession of full reserves to their customers are another improvement that may be needed in the future. However, what Bitcoin users, detractors and journalists need to realize is that we are no longer living in 2011 or 2012. Most of the businesses that were insecure have now been weeded out by natural selection and, as for those that remain, the greater attention to Bitcoin paid by established players like Exante and the Silicon Valley investors in Coinbase and BitPay is ensuring that services run by trustworthy individuals with established reputations on the line are available. Over the course of this past year, although the size of the Bitcoin economy has grown by a factor of ten the total volume of hacks and thefts has actually considerably gone down. Although security will never be a solved problem either in the world of Bitcoin or anywhere else, the crippling hurdle that turned so many away from Bitcoin in 2011 and 2012 is now well past us.
Vitalik Buterin is a co-founder of Bitcoin Magazine who has been involved in the Bitcoin community since 2011, and has contributed to Bitcoin both as a writer and the developer of a fork of bitcoinjs-lib, pybitcointools and multisig.info, as well as one of the developers behind Egora. Now, Vitalik's primary job is as the main developer of Ethereum, a project which intends to create a next-generation smart contract and decentralized application platform that allows people to create any kind of decentralized application on top of a blockchain that can be imagined.