Recent news reports have already indicated that as cryptocurrencies such as Bitcoin become more widely used, the risk of a cyber attack also increases. The latest string of stories revealing high-value digital heists of cryptocoins from exchanges, users and service providers has highlighted the ever-present skepticism of the currency’s viability as well as its security.
Merchants and service providers participating in the Bitcoin market need to establish trusting relationships with Bitcoin users equivalent to those of other money handling services and therefore, security must be made a top priority. Merchants should explore the security concerns intrinsic to their use of Bitcoin and closely examine how their platforms and choice in third-party services address those concerns. Service providers need to independently validate their security controls and provide customers with methods to verify the integrity of their deposits.
Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets. Currency exchange and hosted wallet services are particularly big targets because of their substantial balances stored in hot wallets and the use of automated transactions. A hot wallet is a storage system for cryptocoin keys that is connected to the internet and often uses complex configurations of addresses to facilitate quick transaction turnaround.
Exchanges, especially those dedicated to trading between multiple currencies, may keep larger sums in hot wallets, exposing their customers to greater risk for the benefit of fast transactions. Merchants processing large volumes of digital currencies may need to implement their own hot wallet systems or rely on the services of a provider. Regardless, sending funds requires the hot wallet keys to be readable, and since knowledge of the key pair associated with a coin is akin to ownership, the servers that host the keys are targets for system-level attacks.
The payment and accounting features of e-commerce sites are also top targets for attacks. Payment in Bitcoin is not assured as soon as a transaction is submitted to the network; rather it requires the transaction be confirmed by a majority of the network sand included in the block chain, the shared ledger underlying the protocol. Change generated during a transaction cannot be safely spent until its preceding transaction is confirmed; this process takes about 10 minutes on average, but can vary dramatically based on the state of the network and the specific transaction. Even confirmed transactions shouldn’t be considered complete until the merchant is certain they are able to spend the received payment. The sender of a transaction sets the conditions on how the recipient can demonstrate ownership, so coins can be sent to an address in such a way as to prevent the recipient from spending it.
So, how can merchants and trade exchanges bolster their security surrounding these currencies?
The most barebones solution is to accept payments directly to a wallet. On a small scale this can be very easy to implement and security is completely in the hands of the merchant. Similar to a safe drop, Bitcoin payments can be sent to a “cold wallet” encrypted, backed up on paper and redundantly stored in bank vaults. Since address balances are visible with only the public key, payments to a cold wallet can still be validated without removing it from secure storage. However, even this method of payment handling can suffer a classic attack. For example, a defacement that alters the published payment address would result in non-reversible payments sent to an address under the adversary’s control.
Another possible solution for a merchant is to partner with service providers that demonstrate practices consistent with their roles as financial service offerings. Merchants wishing to minimize the risk of market volatility can use these providers to perform immediate conversion to government-issued currency. Validating the security practices of payment processors entrusted with both their Bitcoin balances and bank information should be a primary concern for merchants. They should insist on third-party audits of secure development practices, application and network penetration testing, and open discussion of the security protecting their information.
Users, both personal and commercial, of digital currencies are responsible for adhering to best security practices. They should make sure to use encryption when creating the wallet with the Bitcoin application. This way even if their wallets are stolen, the thieves cannot generate fraudulent transactions from them. Client-side security controls such as email and web gateways provide protection against widespread and targeted malware attacks resulting in theft of private keys. In many online services, users’ Bitcoins are pooled into addresses owned by the provider. Accounts are reckoned against a private database with only the service provider’s backing. Users are responsible for researching and weighing the risks against the trust they have in the provider.
Fortunately, we are already seeing digital currency developers, wallet providers and payment services companies making strides on the security front. Bitcoin storing and spending can be integrated into websites, use third party services, or even be used for in-person transactions in similar ways as credit cards. Hosted wallet providers and exchanges are finding ways to use the Bitcoin block chain to prove their solvency and provide users with security features such as two-factor authentication. As established players enter the market and new organizations build their reputations, successful competitors will look to Bitcoin’s cryptographic features to mitigate some of the risk involved in these services.