The Bitcoin business: Securing your crypto-currency

Likely to increase, that is, because being a virtual currency and outside of traditional financial regulatory controls, people seem to have a problem grasping that it still needs to be secured properly if they don't want hackers and dishonest vault operators to simply run off with your money.

People continue to throw all their Bitcoin 'savings' into online exchanges for ease of use, without ever considering this fundamental insecurity flaw by doing so. Far better to keep your own wallet, suitably encrypted, offline (cold storage) and stuffed with your stash, only releasing a small amount of ready-spending money into an exchange at any given time. That way, if the service is compromised you only lose a given and controllable sum rather than everything you own.

With more than $1 billion worth of Bitcoins out there in the virtual market already, we are not talking chump-change and only a chump would leave a big pile of 50 notes on their desk in an unsecured office for anyone to steal. Yet, hackers have made off with more than a million dollars worth of Bitcoins from Bitcoin exchanges and vault services on more than one occasion already. One exchange service in Hong Kong was reported to have gone offline in 'mysterious circumstances' with as much as $5 million worth of Bitcoins going missing as a result.

Another concern to some is that Bitcoin mining itself has become a compromised affair, with cyber criminals using dedicated botnets of zombie PCs in order to achieve the kind of processing power required to make it a profitable exercise. One toolbar utility app even included terms in the EULA giving it permission to use the hist computer to "do mathematical calculations for our affiliated networks" and went on to add that "Any rewards or fees collected by xxxxx or our affiliates are the sole property of xxxxx and our affiliates."

Yes, this toolbar installed a Bitcoin miner and actually got the end users to agree to it being used to make money for someone else with their resources. But there's not a lot that you, as an existing or potential user of Bitcoins, can do about that other than more carefully reading what you are agreeing to. You can, though, do something about making the Bitcoins you possess more secure and less vulnerable to theft.

How can you keep your Bitcoins safe?

So how can you better secure your Bitcoin wallet? The first thing that needs to be done is to understand that Bitcoins may only exist in the digital ether, but they have a very real value. Because Bitcoin transactions are irreversible (by design) with no buyer refund options (just like 'real' cash if you think about it), if someone manages to hack into your wallet and help themselves you will have lost everything.

That said, people continue to throw all their Bitcoin 'savings' into online exchanges for ease of use, without ever considering this fundamental insecurity flaw by doing so. Far better to keep your own wallet, suitably encrypted, offline (cold storage) and stuffed with your stash, only releasing a small amount of ready-spending money into an exchange at any given time. That way, if the service is compromised you only lose a given and controllable sum rather than everything you own.

Secure your wallet in the same way you would secure other valuable data. Use two-factor authentication, use encryption, use your head! And using your head means backing up your wallet as well, because if it is lost (stolen laptop, corrupted hard drive whatever) then you've lost your money otherwise.

Oh, and it goes without saying - but I will say it anyway - encrypt your backup. Business users may want to investigate the multi-signature function that the Bitcoin protocol allows, enabling transactions to require more than one private key in order to be processed.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.