The relatively brief history of Bitcoin includes two key moments when it entered the public consciousness: first, when it was used to buy illegal drugs, and second, when its worth topped $10,000 per coin.
Bitcoin’s high value has created a whole new group of millionaires who, while considering how to spend their newfound wealth, also have to seriously consider how to secure that wealth. As a wholly privatised asset operating outside the control of government, no traditional security mechanisms or laws protecting financial assets apply for Bitcoin. As Sam Lessin recently pointed out to me, “When everyone is the bank, everyone needs bank security.”
Bitcoin works a lot like the bearer bonds that the thieves were after in every good heist movie of the 20th century. In other words, Bitcoin is as good as cash – better really, as it can’t be traced – making it impossible for any criminal enterprise worth its salt to resist. Hollywood may not find these Bitcoin crimes action-packed enough for the big screen, but the general lack of security around Bitcoin makes it the biggest new game in town. Today, stealing diamonds is strictly for the birds.
Where to watch out: storage and transit
What should you do to keep safe if you are newly affluent in Bitcoin? There are two main areas to consider: storage and transit. Also, there are two main cryptocurrency mechanisms that support both of these activities: a cold wallet for storage and a hot wallet for transit.
Storing your Bitcoin offline through Xapo, Coinbase or other trusted custodian services should be considered your primary storage solution, which combines convenience and security. Other options are to create your own system offline from secure USB keys or smart phones. There is endless room for creativity here, with some Bitcoin holders taking the idea of ‘cold wallet’ literally and putting Bitcoin storage devices in their freezers. The main thing is to consider removing any connection of your storage solution to the Internet, a counterintuitive but critical move.
When you want to trade your crypto currency assets, you will have to connect your storage solution to the Internet. This is what cyber criminals are waiting for. As with most crime, the majority of Bitcoin thefts will be quite standard. Global organised crime has strict ROI targets it must meet, which is why designing security for extreme edge cases is usually a waste of a user’s time.
In the case of a typical digital heist, sneaking malware onto devices or catching users unaware using phishing links are far and away the most common ways to steal Bitcoin. This is a similar approach to how cyber criminals exploit weaknesses in traditional banking structures. The difference with Bitcoin is that the loss is absolute – there is no bank to fall back on to recoup your loss. Essentially, you, and all other Bitcoin owners, are the “bank.”
Upping your digital security game
With this perspective, I would say it is wise to increase your security if you own Bitcoin. Therefore, if you are operating a hot wallet – as an institution or as an individual – the devices you use to access and trade Bitcoin should be protected with sophisticated solutions. I would propose using a solution that is as sophisticated as what traditional banks use.
First, you can implement recommended, standard cyber hygiene guidance, which is offered by a number of tech-savvy sources, such as Wired. In addition, Rubica has the following protections available specifically for devices running hot wallets:
- Monitoring for 109 different IDS signatures (patterns of attacks) specific to crypto-currency hacking to block attempts against your devices. This number continues to increase via threat hunting and analyst feedback loop into the system.
- DNS server that automatically blocks phishing attempts, including ones aimed at crypto theft.
- Detection of known malware dropped onto your device for the purposes of credential jacking.
- Smart airlock VPN that automatically protects against man-in-middle attacks during authentication process (crypto transactions)
- Prevention of CPU takeover (crypto-jacking) from coin-miners
On top of these advanced, automated protections, Rubica runs data through a 24/7 security operations center to detect data anomalies. We believe Rubica is the most advanced solution for defending against dynamic attacks on crypto currency in transit. To help tamp down this growing source of cybercrime and bring our service to more consumers, we’ve developed a different fee structure for the crypto community. At Rubica we believe that digital security is everyone’s responsibility at the personal level because it is impossible for our legal and government agencies to protect us online. Now more than ever, with such tempting Bitcoin targets at risk, it is critical to take serious stock of the state of our own digital security – and not just cross our fingers and hope for the best.