Over the past few years, we have seen numerous threats to the security of data stored virtually and also to data in transfer during the execution of commercial transactions. With the increasing importance of cryptocurrencies like bitcoins, here are some tips on how we can protect your virtual wallet.
Bitcoin: a safe option?
It’s fair to say that of all the protocols for virtual currency transactions, Bitcoin has been the most successful in standing out and establishing its name in popular economic jargon. Since its early days, this system has demonstrated advantages in terms of security, as well as weaknesses that have been subject to heated debate after various attacks on Bitcoin.
One of the most famous recent incidents was the attack on the bitcoin exchange, Bitstamp. On this occasion, 19,000 BTC were stolen after the virtual wallets belonging to the exchange were compromised. The equivalent value of the resulting loss amounted to an astonishing USD 5 million.
In a previous article, we mentioned Pony Loader 2.0, a Trojan capable of locating and robbing wallets stored on an infected system. This time, the threat was not limited to the theft of bitcoins, but it also sought to take cryptocurrencies from other protocols, such as Litecoin.
So what factors are encouraging the conditions for such incidents to occur again and again, putting the future of Bitcoin in danger?
To start with, bitcoin transactions are irreversible, since there is no official authority acting as an intermediary that is able to undo them. This is critical when the people involved on either side of the transaction don’t know each other, since only the recipient of the payment can return it in the event of an error.
Furthermore, stolen bitcoins retain their value and usability, and although numerous techniques have been proposed for tracking them, none of these have actually been implemented so far.
Additionally, although the users of this currency remain anonymous through Bitcoin addresses created privately for each virtual wallet, the transactions in this protocol are public: anyone can see the list of transactions associated with an address.
For this reason, it is important to take extra precautions to increase privacy, such as masking the computer’s IP address through a tool like Tor.
So, how can you protect yourself?
Taking all these issues into account, we can outline a number of measures to take in order to increase your security when making payments with this currency, bearing in mind that you need to protect both your identity and your wallets from potential digital theft.
- Use a versatile Bitcoin client
For the purpose of privacy, and to hide your IP address, you can use a Bitcoin client that allows you to change to a new address with each transaction.
Similarly, you can separate transactions into different wallets, according to their importance: a recommended practice is to keep a wallet for day-to-day transactions of small amounts, to be topped up when necessary.
- Protect your identity
It is also important to be careful when sharing information about your transactions in public spaces like the web, either voluntarily or unwittingly, so as to avoid revealing your identity together with your Bitcoin address.
- Use an “escrow service”
When you need to buy or sell something and you aren’t sure who is on the other side, you can use an “escrow service.” In these cases, the person who needs to make the payment sends their bitcoins to the escrow service while they wait to receive the item they are buying.
Meanwhile, the seller knows their money is safe with the escrow service and sends the agreed item. When the buyer receives the merchandise, they notify the escrow service to finalize the payment.
- Make a backup of your virtual wallet
With regard to physical storage, as with any critically important backup policy, it is recommended to make frequent updates, use different media and locations, and keep them encrypted.
- Encrypt your wallet
Encrypting your wallet is crucial, especially when it is stored online. As you might expect, the use of a strong password is equally essential. With this in mind, you can use tools like DESlock+ to encrypt files that contain any sensitive information.
Even better is to encrypt the entire system or user space where these files are located.
- Don’t forget about two factor authentication
When using online storage services, it is important to undertake an extensive selection process to determine which are truly reliable. Even then, you have to bear in mind that any provider could end up being subject to the discovery of vulnerabilities in its systems.
- Avoid using wallets on mobile devices
You should avoid using mobile devices, especially in the case of large sums of money, as they can be lost and/or compromised. In these cases, it is actually better to keep the wallet on equipment that is not connected to the Internet.
- Consider using multi-signature addresses
For corporate transactions, or any transactions that require a high level of security, it is possible to use multi-signature addresses, which involve the use of more than one key, the keys usually being stored on separate equipment in the possession of the authorized staff.
This way, an attacker will need to compromise all the equipment on which the keys are stored in order to be able to steal the bitcoins, making their task more difficult.
- Update your systems regularly
Naturally, any application can have faults, so it is essential to constantly update your Bitcoin clients and your operating system, as well as other products that run on it.
Virtual wallets can be affected by any kind of malware that might be hosted on the hardware, so it is recommended to have a properly updated security solution to run full scans on a regular basis.
- Get rid of a virtual wallet if you aren’t using it
Lastly, getting rid of a virtual wallet when it is no longer needed requires a careful process to check that it has really been completely destroyed. On Linux systems, you can use the shred command for this purpose, which overwrites the wallet file with random data before deleting it.
It is important to make the effort to locate any copies that might have been created, either by a user or by the system, and then carry out this same process.
Now you know how to protect yourself…
Although it is impossible to guarantee total protection of our assets from digital theft, this shouldn’t stop us from enjoying the use of the technology.
So long as we make sure to take the necessary precautions, there’s no reason not to take advantage of the benefits offered by cryptocurrencies as they make inroads into our economy.
Image credits: ©Zach Copley/Flickr
Author Denise Giusto Bilić, ESET