Menu

Blog

Archive for the ‘bitcoin security’ tag

Jun 2, 2017

Wallet Security: Cloud/Exchange Services

Posted by in categories: bitcoin, cryptocurrencies, finance, hacking

3½ years ago, I wrote a Bitcoin wallet safety primer for Naked Security, a newsletter by Sophos, the European antivirus lab. Articles are limited to just 500 hundred words, and so my primer barely conveyed a mindset—It outlined broad steps for protecting a Bitcoin wallet.

In retrospect, that article may have been a disservice to digital currency novices. For example, did you know that a mobile text message is not a good form of two-factor authentication? Relying on SMS can get your life savings wiped out. Who knew?!

With a tip of the hat to Cody Brown, here is an online wallet security narrative that beats my article by a mile. Actually, it is more of a warning than a tutorial. But, read it closely. Learn from Cody’s misfortune. Practice safe storage. If you glean anything from the article, at least do this:

  • Install Google Authenticator. Require it for any online account with stored value. If someone hijacks your phone account, they cannot authenticate an exchange or wallet transaction—even with Authenticator.
  • Many exchanges (like Coinbase) offer a “vault”. Sweep most of your savings into the vault instead of the daily-use wallet. This gives you time to detect a scam or intrusion and to halt withdrawals. What is a vault? In my opinion, it is better than a paper wallet! Like a bank account, it is a wallet administered by a trusted vendor, but with no internet connection and forced access delay.

Exchange and cloud users want instant response. They want to purchase things without delay and they want quick settlement of currency exchange. But online wallets come with great risk. They can be emptied in an instant. It is not as difficult to spoof your identity as you may think (Again: Read Cody’s article below!)

Some privacy and security advocates insist on taking possession and control of their wallet. They want wealth printed out and tucked under the mattress. Personally, I think this ‘total-control’ methodology yields greater risk than a trusted, audited custodial relationship with constant updates and best practice reviews.

In case you want just the basics, here is my original wallet security primer. It won’t give you everything that you need, but it sets a tone for discipline, safety and a healthy dollop of fear.


Philip Raymond co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.