We investigate the existing ways of banking your cryptocurrency and try to find out if newer second-generation solutions, or new technologies, deserve your trust.
Reportedly over $1 billion worth of currency was taken directly out of the digital pockets of users, exchanges and businesses by hackers and other malicious attackers worldwide between 2017 and 2018.
The importance of security to blockchain is arguably reflected in both the severity and regularity of cryptocurrency related thefts. Theft poses a threat to blockchain companies of all types, as well as to token-holders.
Exchanges use software wallets
Significant examples are attacks against cryptocurrency exchanges: making victims of both the business and its customers.
It is unknown which individual citizen has lost the greatest volume of cryptocurrency at this point [and it’s not something many would admit to], but in the worst recorded cases of attacks, victims have lost millions of dollars worth of tokens.
In some cases where this happens, the exchange [if financially, commercially and ethically grounded] refunds all customers affected for their losses. Others, however, are not so fortunate.
Exchanges are continually targeted by hackers for a myriad of reasons, but generally speaking, it can be summed up by the following conclusion: all funds and wallets are held in a networked resource, and provide an “always online” token-storage solution for customers.
If the network is compromised, then all user data and currency is made vulnerable as well. This has led to the creation of solutions which seek to overcome these security flaws, such as the first generation of “hardware wallets”.
When Wallets went hardware
The fundamental difference between hardware and software wallets is indicated by their names.
With software wallets [like accounts on crypto exchanges]: user funds, identity, and private keys are stored and managed by the service provider in an online server. Hardware wallets, on the other hand, attempt to protect funds and other data by storing them fully offline.
A typical hardware wallet keeps private keys in memory on a device and signs transactions outside of the computer environment so that the keys cannot be exposed to an online attack.
Whilst the key is secure for the most part due to being stored on an offline device, this does not make these wallets completely oblivious to security threats. After all, the key is still secured on this device which-if compromised-would allow the attacker full access to the victim’s account.
The hardware wallets today are far different from their forebears. Many of these progenitors have released subsequent products along with a new generation of competitors, with new features and technologies that go beyond cold storage methods.
Hardware wallets have been praised by many as one of the most reliable ways to keep your cryptocurrency safe, however, this does not guarantee 100% safety. Cold storage devices protect users from online attacks [since the private keys are never online], but they do not offer protection from physical attacks such as when the device is seized, lost, or stolen.
Hardware 2.0
Threats to security don’t always come from external sources, with reports of user errors costing individuals dearly.
Hardware wallet manufacturer Bitfi claims to have eradicated problems surrounding storage and subsequent theft of private keys by creating a device in which the private key is created anytime a user performs a transaction. No private keys exist on the device once a transaction is complete.
Because no vulnerable data is stored on board in the device, it means that even if a hacker were to successfully intrude, they would not have access to any usable data.
This could prove to be an elegant solution to an ongoing security challenge. Rather than building ever more sophisticated encryption to store private keys, Bitfi doesn’t store them at all. This eliminates the possibility that they can be stolen.
According to BitFi representatives, the reason for this is:
“something that is stored can be stolen either through an online or physical offline attack. On the other hand, something that is not there at all cannot be stolen.”
A blank slate
The latest product from Bitfi is called the DMA-2 and it’s the company’s second-generation entry into the market, and the project receives continual updates online. Whilst a progression in firmware and an upgrade in hardware, DMA2 still possesses all of the key features that make BitFi’s technology different from other wallets on the market.
Instead of using a mnemonic seed as the means of recovering an otherwise inaccessible account, BitFi replaces this long [up to 24 words] access code with a much shorter ‘secret phrase’. One that is easier to remember than its counterpart, and thus offering the possibility to be memorized.
The secret phrase feature is amongst a number of key features incorporated into BitFi’s technology that is focused towards providing the best security solution for cryptocurrency storage, that anybody can use with relative ease.
Along with an accessible and UX optimized interface, BitFi doesn’t require the user to install any additional applications or software on their computer: reducing the number of steps between becoming a customer and being a secured token-holder.