Cryptocurrency is stressful enough. Follow this guide to make sure that your hard earned coins don’t get hacked.
If all of our cryptocurrencies don’t go to zero one day, we want to make sure that we don’t lose them due to negligence, malicious entities, or a combination of the two. There is a wrong way to secure your cryptocurrencies, and there is s a right way to secure your cryptocurrencies. Here is the correct way. This article is written for bitcoin, but the principles apply to other cryptocurrencies.
Like in all of my posts, I enjoy teaching the important security principles involved. Before we delve into threats and protection mechanisms, we’ll cover the general principles that you should be familiar with. You don’t have to learn the bits and the bytes, but a general understanding is important. The principals for this post are asymmetric cryptography (also known as public/private key cryptography), digital signatures, and hashing. Let’s review these quickly.
The backbone of blockchains
Public key cryptography
As the name (“asymmetric”) implies, there are two different keys involved. A public key and a private key. These keys are used to encrypt and decrypt data asymmetrically. If you encrypt data with the private key it can only be decrypted with the public key. Conversely, if you encrypt data with the public key it can only be decrypted with the private key. This is the backbone of many cryptographic schemes, such as SSL/TLS. There is one piece of information that you can put into the world, your public key, and one piece that you must guard until your death, the private key.
A hash of a message, also known as a digest, is calculated based on the contents of a message. A hash is deterministically generated by a hashing algorithm. The input to a hashing algorithm is data of an arbitrary length. The output is a calculated hash of a predefined length. Because it is “deterministic” the same input will provide the same output every time. Mathematically it is easy to go from message to hash, but it is computationally difficult to ascertain an original message from a given hash.
Let’s look at an example. You can put “the quick brown fox jumps over the lazy dog” into any SHA256 hashing program and you’ll get out “05C6E08F1D9FDAFA03147FCB8F82F124C76D2F70E3D989DC8AADB5E7D7450BEC” as the hash. If you change one thing, such as capitalizing a letter, the hash will be different. This is easy to calculate. Try it! However, if I give you a random SHA256 hash such as “A061622278D26D76BBF979566F56F075C483D3473BE8A5D73408D0EABDD867AD” you will be hardpressed to figure out the original message. We’ll send the first person to comment with the original message a free Trezor Crypto Wallet!
Let’s put these two ideas of asymmetric cryptography and hashing together to understand a digital signature. The purpose of a digital signature is to confirm the integrity of a message, and enforce non-repudiation. Integrity lets you state that “the message received is the same as the message created.” Non-repudiation lets you say that “the message could only have been created by a specific entity”. Digital signatures do not keep messages secret! Without further encryption, digitally signed messages can be read by the world. A digital signature is just used to confirm that the message has integrity, and confirm who created it.
A digital signature is an encrypted hash of a message — it is encrypted using a private key. Anyone with the corresponding public key (e.g. the entire world) can decrypt the digital signature. Decrypting the digital signature with the public key gives you the original hash. Anyone who can read the message, can independently calculate the hash of the message on their own. They can compare the independently calculated hash to the decrypted hash and ensure that the hashes are the same. If the hashes match, they’ve confirmed that the message was not altered between creation and reception. They’ve also confirmed that only an entity with the corresponding private key could have digitally signed the message.
So a quick summary of what we’ve learned before we apply that to our beloved currencies (err… securities?):
- Asymmetric cryptography depends on a private and public key pair. If information is encrypted with a private key it can only be decrypted with the corresponding public key. The private key cannot decrypt information encrypted with itself or vice versa! The public key can be shared with the world. The private key must be guarded.
- A hash is computed from a message. If a message is altered it will produce a different hash. It is easy to calculate the hash of a message, but it is hard to reverse the process and find a message for a given hash.
- A digital signature is a hash that is encrypted with a private key. Anyone (e.g. the entire world) with the corresponding public key can decrypt the digital signature. They can compare the decrypted hash (i.e. digital signature), with an independently calculated hash of the message. If the hashes are identical, this confirms that the integrity of original message is intact and that the message was signed by the entity with the corresponding private key.
Applied to cryptocurrencies
Pfewww! Now that that’s over let’s apply it to cryptocurrencies. If you’re reading this you probably have an understanding of a distributed ledger, colloquially known as a blockchain. For the uninitiated, a distributed ledger maintains a copy of itself across multiple systems. It creates a decentralized record of all transactions occurring within a given system. With cryptocurrencies you don’t actually own or carry “coins” with you. Instead the blockchain maintains a record of how much cryptocurrency you can transact to and from other entities within the system. Transactions are confirmed using the aforementioned cryptographic principles.
Every cryptocurrency wallet, or cryptowallet is actually a collection of one or more “wallets”. In its purest form, a “wallet” is a private key. From the private key you can create the public key. From the public key you can create public wallet addresses. So a “cryptowallet” is a collection of private keys.
Your wallet addresses are often converted into QR codes that you can easily share with the world. This is does not need to be kept secret. In fact, you could put it out into the world (like on your blog) and see if anyone just decides to send you cryptocurrency. You “own” any cryptocurrency sent to your wallet’s addresses. You can then transact your cryptocurrency using your private key.
To transact cryptocurrency you create a transaction. This is public information. A transaction is simply a collection of information that the blockchain needs to move the cryptocurrency. The data that we’re concerned with is the destination address and the amount. Anyone can create a transaction, but transactions are only accepted into the blockchain if it is confirmed by multiple members of the network. A transaction is not confirmed unless it is valid, and it is not valid unless it is digitally signed by the necessary private key. So, you sign a transaction with your private key. This signed transaction gets pushed to the blockchain, and once confirmed using public key data, becomes a part of the blockchain.
So your private key should be a closely guarded secret. Any attack against your private key is essentially an attack against your cryptocurrency. An attacker wants to digitally sign transactions, from your addresses to her addresses, using your private keys. Or an attacker may just want to hurt you by destroying your private keys, erasing access to your cryptocurrency. Let’s protect our private keys.
Where our risks comes from
We know what we’re protecting, cryptocurrency. Before we discuss how we’re going to protect our cryptocurrency, let’s identify who we’re protecting them from; who are our specific threat actors? The first threat is losing access to your coins. Since cryptocurrency ledgers do not have a central authority, there is no redress if you lose access to your wallet. Your wallet is a public/private key pair. If you lose this private key you lose your wallet. If you lose your wallet you lose your cryptocurrency. You are your first threat.
The next class of threats are the ones we tend to think about and hear on the news: opportunistic attackers, dedicated attackers, and nation states.
An opportunistic attacker is one that sees your coinbase wallet open on your laptop and initiates a transaction to their public wallet address. Opportunistic attackers aren’t attacking you specifically, but if you make it easy for them, they won’t turn down a nice stash of coins.
Dedicated attackers range from individual attackers to groups of attackers working together. They will focus on an individual target such as an owner of a significant amount of cryptocurrency, a cryptotrader, or a small trading office. They’ll perform research and often initiate their attack with a spear phishing campaign. Other dedicated attackers take a broader approach and write malware that will try to steal private keys from your system if it gets infected.
Nation states have large, coordinated, and well sponsored groups of attackers. Their motivation is financial, espionage, or a combination. Proofpoint has a great writeup on the cryptocurrency attacks from the Lazarus Group, an advanced persistent threat sponsored by North Korea.
Depending on who your threats are — based on how much cryptocurrency you control and how much you’re transacting in a given day — precipitates different risk mitigation steps.
If you want to lose all of your cryptocurrency, just throw away all of your access keys. This could look like locking yourself out of your web wallet and losing access to your password reset email address for your web wallet. Or it could look like damaging a paper copy of your private keys. You’re reading this, so you are probably a proactive thinker. Here are some more tips:
- When setting up a new hosted wallet (e.g. coinbase), go through the process of forgetting your password, or losing your multi-factor token. Make sure that you can recover when there is not much at stake.
- If you control your own private keys you should make a paper backup and store them in a personal safe or in a bank’s safe deposit box. When generating a paper backup print directly to the printer using a USB cord. Wipe the printer’s memory with a power cycle. Some experts advise against printing, and rely exclusively on handwritten “paper wallet” backups. (Printers can store print jobs, which could then be hacked).
- Do not store the backup copy of keys in the same location as your daily use keys. You are at risk from losing both at the same time due to fire, theft, etc.
- If you use a multi-signature (multisig) wallet, a wallet that require two or more private/public key pairs to authorize transactions, take backup precautions. If you control both private keys in a “2-of-2” setup (two keys, both are always required to sign a transaction) then ensure that both backups are stored separately, in locations away from your daily use keys. If you use a “2-of-2” setup but the keys are divided between two people, consider moving to a “2-of-3” setup (two out of three keys are required) where a third key is controlled by a trusted third party. This will allow you to recover if the second person is unavailable or incapacitated.
If you are a casual cryptocurrency trader your threats probably aren’t that sophisticated. You need to take simple steps to protect yourself. First, consider the main account that you need to protect. It probably is not your coinbase wallet, or other online wallet accounts. It is likely your email. Your email is used to authorize new devices, reset passwords, and confirm transactions. Your email is the holy grail for an opportunistic attacker. Lock it down and make the attacker look elsewhere.
- Check out our post on Google Advanced Protection for locking down your GMail, or at least enable application-based, or hardware-based, multi-factor for your email.
- Next, enable multi-factor authentication for you online wallet.
If you’re actively trading sizeable amounts of cryptocurrency you need to be aware of dedicated attackers. Dedicated attackers are going to research you and launch personalized attacks. They are going to try to phish you and reuse found credentials if your data was compromised in previous breaches. You need to practice defense in depth.
- Do everything needed to prevent opportunistic attackers and then take it a step further.
- Review our recommendations for tech startups. Many will apply to you.
- If possible, avoid using web clients. If you’re going to use a web client, consider using a one that gives you full control over your currencies. Applications such as coinbase maintain “hosted wallets”. This means that you don’t actually have a claim to a wallet (e.g. transferable private/public key pair); you maintain a balance within coinbase and this allows you to spend funds which are sent from coinbase controlled wallets.
- Strongly consider using a desktop client. A desktop client gives you control over your keys.
- Strongly consider using a hardware client to maintain your private keys. This will prevent private key data from ever touching a system that is connected to the Internet. Combine a hardware client with an Internet connected desktop client to balance security with convenience. The desktop client generates the transactions, the hardware client signs the transactions, and the desktop client transmits the transactions to the network.
- If you believe that your threats are sophisticated, create multisig wallets that require two or more private/public key pairs to authorize transactions. Your desktop client can maintain one key and the hardware client can maintain the other. This means that if your hardware key is stolen, and unlocked, an attacker cannot authorize transactions of cryptocurrency without the desktop client’s key. Additionally, if malware infects the system on which you are hosting the desktop client, it cannot authorize transactions without the multisig wallet. Any non-multisig wallets, associated respectively with each private key, would still be vulnerable to the described attacks.
Highly dedicated, well funded, and state sponsored threat actors
- For starters, you should not exclusively consult a blog post. You should hire professionals who can learn your unique environment and provide customized recommendations.
- Follow all of the above steps (lock down your email accounts, follow general cyber hygiene, etc.) and then keep upping your security.
- Depending on the amount of cryptocurrency under your control, you may need to worry about physical security, to your person and to your devices. We can’t make recommendations for that in a blog post.
- You should use true “cold storage” with air gapped systems. Consider using multisig wallets where transactions are signed offline. You can do this with clients such as Electrum and Armory. You will install the software on an “air gapped” (or “offline”) system, a system disconnected from any signal transmission medium such as Wifi, Bluetooth, or ethernet. You will install another copy in “watch-only” mode on an “online” system, an Internet connect system. The online system will generate an unsigned transaction, a USB will transfer the transaction to the air gapped system, the air gapped system will sign the transaction using multiple private keys, the USB will transfer the signed transaction back to the online system, and the online system will transmit the multisig signed transaction to the network. Some desktop clients even support maintaining the private keys in hardware wallets.
Investing in cryptocurrency is hot right now. Stealing cryptocurrency is just as hot. Threat actors take advantage of the public’s limited understanding of the underlying technical principles of cryptocurrency. Reading this is the first step to tipping the scales back in your direction. These are best practices, and your personal use cases will dictate what is actually realistic.
If you’re an active trader, you might not have time to do full multisig cold storage. But, you probably do not want to hold the private keys to hundreds of thousands of dollars worth of cryptocurrency on a personal, Internet connected laptop. You have to find a balance that works for you. The most likely setup is a combination. You’ll maintain a small operating amount in a web or desktop wallet, and move larger chunks into cold storage. Whatever you chose, think critically about your threats and ensure that you aren’t the reason that your cryptocurrencies suddenly vanish. Because when they’re gone, they’re gone.
Thank you to Elpsy for assistance with this article. If you have questions or comments please leave them below. If you found it helpful please clap and subscribe.