Balancing Security vs Convenience for Cryptocurrency

by | Jan 8, 2020 | cybersecurity, security

What’s the best cryptocurrency wallet? What wallets are both secure and easy to use? How should I backup my cryptocurrency wallet and credentials such as seed phrases? Is it okay if I keep my funds on exchange for now? There’s no 100% right answer to these questions, but there are wrong answers. Rather, there’s a trade-off between safety and security on the one hand, and convenience and usability on the other that everyone needs to decide themselves before answering these questions. However, generally speaking, people often fail to implement adequate security practices necessary for their situation, often with tragic results.

User Responsibility

Cryptocurrency is and volatile asset class and too many people, despite having significant wealth in the form of cryptocurrency, fail to take proper measures to appropriately secure their cryptocurrency holdings. Instead, they opt for convenience and ease-of-use options, often due to laziness or apathy on their part. 

Frankly, taking full and sole custody of what can be a very large pool of assets is something many people don’t want to take responsibility for; they’re comfortable working with a bank or financial institution that can ‘fix’ any mistakes they make or reverse a transaction at will. Of those that claim they do want to take custody of their funds (or at least speak of the virtues of decentralization, such as “be your own bank”), many fail to implement basic security practices to prevent theft or loss of their cryptocurrency assets. Security of cryptocurrency assets is the sole responsibility of the user and most ought to implement better security practices applicable to their financial situation.

Balancing Security and Convenience

We could write a whole book on how people should properly secure their cryptocurrency, but for the sake of brevity, we’ll be far briefer here. 

First, it’s important to recognize that the level of security measures that should be taken should generally be proportional to the value of the cryptocurrency holdings themselves. If a person wants to experiment and invest $100 in cryptocurrency, frankly it would be overkill to implement sophisticated and expensive (relative to $100, such as a hardware wallet) security practices. In our opinion, it’s okay to put a nominal amount of funds on an exchange which is known to be less secure than proper self-custody, as just one example. But the user should be cognizant of the increased risk of theft or loss associated with this level of security. There’s a trade-off between security and convenience that needs to be decided upon, and if it’s a relatively small amount of cryptocurrency, choosing a more convenient (and less secure) option wouldn’t necessarily be a poor decision.

Cryptocurrency investors need to consciously decide what level of security precautions they ought to take based on their situation and preference. It never hurts to implement a more secure setup, but a more secure setup isn’t always practical, and if individuals are OK with the risks of a less secure setup, and wouldn’t be financially ruined if the assets were lost or stolen, then less rigorous security practices are fine. As an example, if an investor wants to keep a calculated portion (<20%) of their Ethereum in a wallet generated on MetaMask for purposes of day-trading, that’s sensible: it negates the need for whipping out a hardware wallet and taking other steps. That trader would not find it convenient to need to take multiple steps to enact every trade. However, if that trader keeps 100% of their funds in a less-secure wallet (non-hardware, non-multisig, not to mention poor backup of the seed) — this is because they got greedy (wanted a higher trading balance) and “invested more than they could afford to lose”, or simply were too lazy to set up a proper cold storage.

The reality is that most people in the cryptocurrency space have more than a few hundred dollars worth of cryptocurrency. Some have tens of thousands of dollars, or even millions of dollars worth of cryptocurrency, and their security practices are grossly inadequate based on their situation, and when something goes wrong, they come to CipherBlade or ask law enforcement to try and do something about it. If hacking or SIM-swapping victims had implemented adequate security policies to begin with, they wouldn’t be in the situation they find themselves in. The majority of the cases of stolen cryptocurrency we see could have been prevented in under 90 seconds of preventative measures, such as not re-using passwords, setting up at least app-based 2FA (though a Yubikey is a fraction of a percent of their holdings), and proper storage of credentials — such as following the instructions during wallet setup which almost always clearly state things regarding seed phrases like “write this down and do not store a digital copy of this online”.

Particularly if an individual is investing or responsible for holding hundreds of thousands or millions of dollars worth of cryptocurrency, they need to take their security much more seriously, which necessarily means that it will not be as easy or convenient. Users need a proper setup, which should not include storing private keys or seed phrases in a word document on a computer or in a desk drawer. Anytime a user has a few thousand dollars of cryptocurrency or more, a hardware wallet device such as a Trezor or Ledger device is a worthwhile investment to properly secure funds. An investment of a fraction of a percent of the holdings’ dollar value, and an investment of a fraction of a percent of time spent on discussing trading strategy/other moon-lambo topics, put instead into procurement of a hardware wallet, Yubikey, and a very small amount of time following the instructions, would prevent loss in nearly every case of cryptocurrency theft.

Hardware Wallets

Properly set up hardware wallet devices are the best way to hold cryptocurrency securely because all private keys are held securely on the device and are never directly exposed to the internet or user. The transaction (which requires the private key) is signed on the device itself. Once signed, the transaction is then broadcasted; the signed transaction itself does not include an unhashed version of the private key itself. This often means a computer could be infected with malware and the private keys would still not be accessible; presuming, of course, the user followed the instructions regarding how to store the seed phrase. 

That being said, as secure as hardware wallets are, even hardware wallets have vulnerabilities. However, most of these vulnerabilities are related to how the user stores the backup seedphrase, which is necessary if the physical hardware wallet itself is lost or gets damaged.

We have never seen a case in which a hardware wallet was “hacked”, and the news that we see about hardware wallets being “vulnerable” often seems clickbaity; such breaches would require sophisticated equipment. The true vulnerability is the user.

What a Secure Setup Looks Like

Now that we’ve explained why different levels of security are appropriate for different individuals we’ll briefly describe what a few potential secure setups might look like for different types of individuals, that we feel would offer adequate security for individuals meeting that categorization, while also offering an appropriate level of redundancy. It’s also important to note these setups are just possible examples, and yes they still have flaws; there’s no such thing as perfect security.

Low-Security Setup

This hypothetical setup is suitable for an individual, Alice, that holds a relatively insignificant amount of cryptocurrency. The upper bound for an ‘insignificant’ amount of money to one person might be different than an insignificant amount to another given disparity in wealth and income, but as a general rule of thumb, we might such $1,000 USD or less may fit this categorization.

In this scenario, Alice has 3 cryptocurrencies she wants to store quickly and easily, so she chooses a multi-currency mobile, Trust Wallet, instead of using multiple wallets. She proceeds to create a wallet on her mobile device and writes down the backup seed phrase clearly on a piece of paper, and writes at the bottom ‘Backup Seedphrase DO NOT THROW OUT’. She does not write down the seedphrase in a word document on her computer and she does not take a photo of the seedphrase on her phone, since doing either of these things would severely compromise the security of the wallet. (Often times, when Sim-Swaps take place, or Google accounts are compromised, a breach of iTunes or Google Photos results in access to photos of credentials.)

After writing down the seedphrase, she stores it in a place where she keeps important documents but which other people do not have ready access to. A desk drawer is the most obvious choice and for that reason a poor choice – highly accessible and it could also easily get thrown out during cleaning. Instead, Alice elects to store the seedphrase in a locked filing cabinet inside a past tax return folder. If Alice was holding more cryptocurrency, we’d probably suggest a fireproof filing cabinet.

However, there’s still a risk that in the event the phone is lost or stolen, so she ensures her phone is passcode protected and she also puts a different unique secure passcode on the TrustWallet app itself which would be necessary to open the application. She also has a password for the Trustwallet app itself which is necessary to execute any transaction, view any private keys, or the backup seedphrase itself.

This setup still has plenty of vulnerabilities and risks, but many cryptocurrency users might be under the impression that this would be a sufficiently secure setup. And it would be adequate if they were in Alice’s shoes. Unfortunately, there are many investors are responsible for securing far more cryptocurrency than Alice is yet their setup is far inferior to this, with many additional vulnerabilities and attack vectors. And whether through their lack of knowledge concerning how to properly secure their cryptocurrency, or due to laziness, it comes back to haunt them.

This setup described here is relatively quick and convenient to set up, but at the same time suitably secure and redundant given the very quick setup.

Medium-Security Setup

This hypothetical setup is suitable for an individual, Bob, that possesses an amount of cryptocurrency that is significant enough that he wouldn’t want to lose it, however, he wouldn’t be distraught or experiencing financial hardship should he lose access to it. As a general rule of thumb, this setup may be suitable anytime the total investment is 1-2k USD on the lower and high 5-figures USD on the higher end, however, it will vary from person to person based on their overall wealth and non-cryptocurrency savings.

Bob is a digital nomad, has about $12,000 USD worth of cryptocurrency, and doesn’t have a secure physical location to store his mnemonic seed phrase(s). This puts Bob in a precarious situation and forces him to choose between a few less than ideal options:

  1. Only keep the seedphrase on digital devices such as his computer and USB drives. This is not ideal because hard drives have a high failure rate and electronic media is prone to damage, theft, and is susceptible to being accessed by non-authorized parties.
  2. Keep his backup seedphrase on physical paper which he keeps on him when he travels. When he’s in any given location, he’s forced to choose between keeping it on him where it’s prone to theft and loss or keeping it at his apartment or hotel, where it’s still prone to theft or loss, especially since he doesn’t have a safe.
  3. Keep his backup seedphrase in a safe or bank safety deposit box at his financial institution in his home country. While this is relatively secure, the cryptocurrency is not that accessible for Bob, as in many cases he would need to fly to the city the safety deposit box is located in if he wants to access the seedphrase; highly inconvenient.
  4. Store his backup seedphrase on the cloud, which is typically a big no-no as it’s a very easy target to compromise not just due to poor user setup, but also due to plenty of cloud storage security issues and data breaches.

Bob elects to utilize a two-pronged approach. He elects to create a couple of low-security hot wallets using MyCelium and Metamask so he can have easy access to some of his cryptocurrency for day to day transactions. 

He follows a similar mobile security setup as to what Alice did however he’s unable to store the seed phrase in the same way Alice did. Instead, Bob enters the seed phrase into a .txt file, names it DONOTREMOVE, moves it to a folder deep inside his computer where no one will accidentally stumble upon it if his computer is stolen. For added security, he then renames the file extension from .txt to .jpg. This way, if someone tries to open it, they’ll be met with an error and will likely move on. Bob knows he’ll have to change the file extension back to .txt every time he wants to access his seedphrase. Since his computer is statistically likely to either crash or become damaged or stolen in the next few years, he stores a copy of the seedphrase with the .jpg extension as a document on his phone which he transfers via USB.

Bob never keeps more than $1,000 in total in these hot wallets since he’s cognizant there are still many security risks. He keeps the bulk of his funds in a desktop wallet he generated with Electrum (BTC) and MyCrypto (ETH). When Bob acquires more cryptocurrency, he removes money from his wallets and sends it to Electrum & MyCrypto wallet-generated addresses. Bob tries to utilize and access his Electrum & MyCrypto wallets as little as possible; he only accesses it a couple of times a year when he needs to ‘top-up’ his hot wallets, and only does so from a secure environment while utilizing a VPN.

Bob is cognizant to not keep in wallet’s .dat file on his computer as it would give a hacker access to his wallet if they managed to guess or obtain the correct password as well. Instead, he copies the .dat file and applicable seedphrases to a folder, which he proceeds to encrypt with Veracrypt using a highly secure 24 character password he doesn’t keep anywhere else. Since the risk of forgetting such a password is high unless he utilizes it and enters it regularly, he uses 3 separate secure passwords he uses elsewhere and remembers them conjunction to create a long 24 character password he won’t forget but which others won’t be able to guess even if one of his passwords is compromised in a database breach.

After creating the encrypted Veracrypt container, Bob moves the folder inside it. The contents of this encrypted container are safe, highly secure and inaccessible to anyone without the password, so that even if someone were to get a hold of the encrypted container, they would not be able to access the cryptocurrency. 

He labels this encrypted container ‘backup’ without an extension. He then proceeds to email himself the encrypted container (a form of cloud storage) as a backup, which would typically be a bad idea, however:

  1. Veracrypt’s encryption, as well as his password, is very strong so funds are likely safe if someone were to get a hold of the container
  2. Bob has App-based 2FA enabled with (properly configured) Authy on his Gmail account (in addition to many other accounts), has the multi-device feature turned OFF, has a backup password set, and does not have a phone number listed on his Gmail account as a recovery method, making his Google account impervious to a SIM Swapping attack.

Besides storing the encrypted container on his email, he also stores it in a folder deep on his computer, just in case he were to lose access to his email.

High-Security Setup

This hypothetical setup is suitable for an individual, Charlie who possesses a substantial amount of cryptocurrency. While this setup should be considered advisable for anyone with low 5-figures USD worth of cryptocurrency, especially if constitutes a large portion of their savings, a setup like the one described is particularly important to utilize if holding a substantial amount of cryptocurrency, whether it’s in the mid-five figures, or 6 or 7 figures USD.

A high-security setup should almost always involve a hardware wallet such as a Trezor or Ledger device purchased directly from the vendor or an authorized reseller. In Charlie’s case, he has chosen a Trezor Model T hardware wallet as the backbone of his security setup. Hardware wallets are highly secure, much more secure than any desktop wallet because the transactions are digitally signed using the private key inside the wallet itself. The private keys never leave the device; only the broadcasted transaction does which includes a hashed version of the applicable private key. Furthermore, a hardware wallet is also arguably the safest way to generate private keys to begin with since it’s not susceptible to a man-in-the-middle attack unless the seed phrase was compromised from the very beginning due to a supply chain attack.

That being said, hardware wallets do have vulnerabilities, however, all reported thefts are related to the misuse, mistakes, or manipulation of the owner of the hardware device owner. We’ve had people come to us countless times telling us their hardware wallet was hacked. But in reality, in 100% of the cases, their hardware wallet was never hacked; the individual was. A hardware wallet is only as secure as the practices and setup employed by the person using it.

Charlie has ordered a Trezor Model T and did so directly from the Trezor website to mitigate the risk of a supply chain attack. When he received the package, he verified to the best of his ability that the package had not been tampered with and that the security seal was intact.

Charlie starts to set up his Trezor device in a secure location at home, and writes down the 24-word mnemonic seed, in full, using a pen and paper. He triple-checks to make sure he records everything down correctly. He does not take a screenshot, picture, or record the mnemonic seed on his computer. Charlie wants to have a second way to access this seedphrase just in case, so he writes down the first 12 words and the last 12 words of the seedphrase again on separate pieces of paper. He stores the first half of the seed in a safety deposit box at his bank, while he takes the half of the seed and types it out in a .txt file on his computer, and encrypts it using Veracrypt (like Bob did). Charlie emails himself the encrypted container containing half the seed, using a secure email he has app-based 2FA set up on, and which no phone number is tied to.

Charlie takes the original piece of paper containing the full seed, and stores it in a wall safe that he hasn’t told anyone else the existence of. Charlie always intends on accessing the seedphrase via the piece of paper in his safe when necessary but elected to store it in a second (secure) location as a redundancy, just in case of a fire, flood, or if a thief were to somehow steal the entire safe.

Charlie also creates a secure PIN for the Trezor device which he doesn’t utilize elsewhere and stores the device in his dresser under a pile of clothes when not in use. However, Charlie typically keeps a few hundred dollars worth of cryptocurrency in a (less secure) mobile wallets for day-to-day purposes.

Charlie also uses a password manager, 1Password, to create and securely manage all his important passwords so that it avoids password reuse and so that he also doesn’t forget his passwords, which are always at least 8-10 characters long, with lower case letters, upper case letters, numbers, and special characters that would otherwise be difficult to remember based on memory alone.

Inadequate Security Examples

  1. Taking a photo or screenshot of a seed phrase (risk of device theft, risk of unauthorized device access, malware, and risk because such photos are generally automatically backed up to the cloud)
  2. Not utilizing App-based 2FA (opting for SMS 2FA or no 2FA)
  3. Re-using passwords
  4. Using easy-to-guess passwords or passwords not containing an adequate amount of lower case, upper case, numbers, and special characters
  5. Not utilizing PIN numbers and passwords to access applications like mobile wallet
  6. Inadequate fragmented redundancy 

Conclusion

It may seem like a certain level of paranoia is necessary in order for an individual to safely secure their cryptocurrency. And that’s probably a fair assessment for highly secure setups. After all, the user bears ultimate responsibility for the custody of their assets; there’s no bank or insurance company to bail them out or reverse a transaction or recover their password for them. And this is a level of security most individuals are not accustomed to. People need to carefully assess how they’re vulnerable to an attack and how they could be compromised if someone were to know or discover personal information (e.g. email addresses, date of birth, social security number, passwords, etc… since you can assume some people already know this information about you and at least some of this information will eventually appear in data breaches – it already has for the vast majority of people reading this).

In the majority of cases, we’ve seen involving people having their funds compromised, their security measures were far poorer than Alice’s low-security setup despite having hardware wallets in many cases since they simply did not have a sound security setup. Whether or not they utilized a hardware wallet was a moot point as it did not improve their security.

How an individual elects to set up and store their cryptocurrency wallets ought to vary on a case by case basis. It’s about finding a balance between security and convenience based on an individual’s situation. And even if that individual chooses a quick and convenient option, they can still be far more secure than many cryptocurrency users out there if they tackle their security from the correct mindset by recognizing possible attack vectors, and taking proactive action to eliminate or minimize risks in a way that is both secure yet redundant. 

It’s also worth noting here that there’s a type of redundancy we haven’t incorporated into any of these hypothetical examples, namely death or incapacity of the owner. As you can probably guess, it’s extremely important to be set up properly when it comes to inheritance and estate planning for bitcoin and cryptocurrency. But at the same time, one needs to go about doing so safely and securely, which is why CipherBlade assists individuals and law firms by advising on secure setups for estate planning.