Bitcoin Wallet Security Is A Lie
9 min read
So, you have decided to ignore that Bitcoin and cryptocurrencies are a Ponzi scheme? You decided to succumb to the sirens’ song and want a share of the virtual pie for your retirement? Creating a Bitcoin wallet is the first step to pour more money in the system and maintain the scheme alive, your are right.
In this post I will relate my experience in creating a Bitcoin wallet, give you arguments on how I based my choices and try to explain how idiotic its whole security principle is.
I will also give you my thoughts from an lambda end-user perspective, because not everyone is versed in the IT lingo.
Chosing the Right Bitcoin Wallet
The website choose-your-wallet is your first pit stop in this process. They offer an up-to-date comparison of wallets based on their platform and OS availability. You will have to dig to find out if the code is open-source, though.
By using this website, the first thing that popped up to me was the ability to access the wallet on different platforms. I firstly pre-selected the wallets that offer at least a desktop and a mobile experience (whatever that means). I am not going to be serious about Bitcoin, so the hardware wallets were already out of the question.
Hardware Bitcoin Wallet
Hardware wallets such as Trezor are small devices that store your keys and offer different options such as using a weak PIN and/or send transactions.
They are costly and uncrackable, so don’t lose the passphrase that you wrote on that flying piece of paper!
I laughed my ass off when I read this story: I FORGOT MY PIN’: AN EPIC TALE OF LOSING $30,000 IN BITCOIN and so should you!
Also, I am not a security freak as I have extensive experience on what is possible to achieve in this matter: the end user is always the weakest line of defense. I also watched the movie Takedown (2000) which relates the story of the American hacker Kevin Mitnick, further proving that humans are easy to fool. Finally, the whole purpose of Bitcoin being anonymity (no matter what Mr. Pearson says), I did not want hosted key services such as Coinbase. Therefore, hosting the wallet was desirable. choose-your-wallet itself not being sufficient enough to make a sound decision, I had to read more information from other sources. I concluded that I only wanted to trust local, open source solutions. Even if I don’t read the code. In this matter, Green Address was the best choice.
Green Address Review
On the security side of the transaction, they offer 2of2 and 2of3 validation methods: they (the 3rd party) also must validate my transactions (without much details on how it is done). This seems to improve the security quite a bit?
On the other hand, I have now a trust relationship involved with this 3rd party. So, I downloaded the 40Mb Windows application. I had a hard time figuring out why the app version was different from the desktop version, and I did not like having to download it from Github. It is all but professional.
I also did not like seeing warning messages in the background of the wallet creation window, that I could not read entirely.
After setting up my email, I was strongly commended to create another 2-factors authentication. Installing another app being out of the question, I chose the phone messaging solution.
Finally, after setting up a pin, I was able to access the wallet.
For backup and storage purposes, I will just use my Veracrypt virtual disk and create a text file containing all the information needed:
- passphrase
- password
- wallet url
All I need to remember is the access pin code for my device once it is set up. And also trust the encryption associated with a mere 4 digits pin… Also, to keep an easy, fast and almost “portable” access, I installed the 9Mb Google Chrome extension. That’s where everything fell apart with utter confusion.
Green Address Confusion
First, by launching the Chrome app, I realized that it was exactly the same as the Windows app, which I promptly uninstalled. Then, I tried to connect to this Chrome app wallet. They asked for the full passphrase, which I copied and pasted, but then asked for a login/password which I never set. I was confused. I clicked cancel, and instead of clicking on the Login button, I clicked on the login icon just on the right side of the passphrase input form. Then I was asked for the pin code, it was kind of a relief. I clicked cancel anyway, and what do you know? I got connected to my wallet anyway.
It turns out that the PIN created for the Windows app was not required because the PIN is set different for each device where your credentials are stored!
Finally, by wandering in the settings, I found an option to encrypt the passphrase by setting up a weak password. Whatever that means, it was an option so I did it.
I was then given another QR code picture that I still cannot save, and a new mnemonic passphrase, a longer one.
- What does that encryption option even mean?
- What is this QR code for?
- How do you store it?
- Do you actually need to store it?
- Which passphrase should I use to connect to the wallet now?
- How is this related to any encryption at all?
This does not make any sense to me. To know more, I read their FAQ and looked at their blog and did not like what I saw. Read for yourself and try to tell me what you understood. Or not.
Send Bitcoin at What Rate?
Now, for the fun part: I chose to send BTC, and entered the amount of 1 mBTC. There is an automated refresh for the current conversion rate, and it showed 1mBTC=$6.85 at first. Then I refreshed and it changed to 6.81, then I waited a minute, and it changed to $6.82. The $US amount in the right box did not change so I had to input 0, then 1mBTC again to see the real value to the cent. 2 days later, the rate fell down to $6.31:
So, here are the problems is see here:
- When I send 1 mBTC, which rate does apply? The value in $US in the right box?
- If someone requests an amount in $US via Bitcoins, is this a problem when the rate changes right after the transaction?
- What are the fees?
There are 4 different fee levels, plus the “instant” level, plus the custom level where I actually input a value in satoshis/Kb??
What is a low value, what is a high value? Transactions can take anywhere between 10 seconds and 90mn, or even days. Which fee is acceptable for which?
What determines the Bitcoin transaction times?
The two main factors influencing the transaction time are:
- The amount of network activity
- Transaction fees
The more transactions that the network needs to process, the longer each transaction takes. This is because there are only a finite number of miners to process each block and there are a finite number of transactions that can be included in a block.
Miners on the Bitcoin network prioritize transactions by the fee that they receive for confirming them. Therefore, if you pay a higher fee, a miner is more likely to process your transfer which decreases the transaction time.
Alright… the more you pay the faster it is processed! I still have no clue about what is a reasonable price.
A website called blockchain.com (sponsored by who?) gives the median transaction time on the network in “real” time:
So… when it shows 30 minutes, what priority is that for??
Also, I am not sure it is linked to this particular wallet, but the whole setup process was utterly confusing. I need to read a lot of literature to understand what’s really going on and this is not something anyone can, nor should ever do.
Bitcoin Wallet Security Is A Lie
In conclusion, doing any action on any wallet system available requires a lot of concentration and attention to details. It also requires a military organization because the passphrase is provided instead of being chosen, which totally defeats the purpose of any security attached to these wallets.
Hence, no human being can remember such a long list of words and it has to be written down somewhere, or stored on an encrypted system protected by… the last line of defense again: a weak personal password!
This does not make any sense at all. I already have a mnemonic passphrase of 60+ characters that I use for my Veracrypt encrypted drive, which totally defeats any brute force attempts. My only weak point is the encryption cypher itself and the limited number of bits (256) available to me via this Veracrypt software. I do not see how normal (non IT) people could handle that. They would rely mostly on hardware devices for which they will write the passphrase on a piece of paper, which they eventually will lose. Or they will just forget it and lose everything as well.
No one in their right mind would accept that idiotic system.
Conclusions
It was not the purpose of the exercise but my point is that without trust, we are doomed.
I trust my bank and my tellers. I trust them because of the liability associated with the contract passed between the bank and myself. The government is also involved in case the bank is deficient. If I did not trust anyone, I would hide my paper money under the mattress as we did a century ago. With cryptocurrencies, you are liable to yourself if you lose the funds. No one can hack your wallet, but it’s way easier to lose the password.
What’s the point in having a crack-proof safe with only one key that is easy to lose?
What’s the point in having a crack-proof safe which only key you have to store in another safe?? Are you out of your mind?
Worst, you also have to keep in mind that your trust in Bitcoin actually relies on a system developed by anonymous amateurs, who have no accountability whatsoever in your losses. In other words, instead of relying on a global system of trust made of banks backed-up by governments who all are accountable for their actions, you now rely on some anonymous developers which code (when it is open source) you did not even read because well, you cannot unless you are a PhD! How better for your security is this system?
Please review the coincontrol.cpp module used in version 0.16.2 for me:
// Copyright (c) 2018 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <wallet/coincontrol.h>
#include <util.h>
void CCoinControl::SetNull()
{
destChange = CNoDestination();
m_change_type.reset();
fAllowOtherInputs = false;
fAllowWatchOnly = false;
m_avoid_partial_spends = gArgs.GetBoolArg("-avoidpartialspends", DEFAULT_AVOIDPARTIALSPENDS);
setSelected.clear();
m_feerate.reset();
fOverrideFeeRate = false;
m_confirm_target.reset();
m_signal_bip125_rbf.reset();
m_fee_mode = FeeEstimateMode::UNSET;
}
Is it OK? Do you validate? Because I think the call arguments to gArgs.GetBoolArg needs to be escaped to prevent a buffer overflow via the unprotected DEFAULT_AVOIDPARTIALSPENDS constant. No? Yes? I don’t know, you tell me…
Don’t Make A Fool Of Yourself
Relying on cryptocurrencies with such a level of distrust towards anyone but yourself, and the total absence of liability for the systems you use is just enough to relegate the use of these currencies to the dark web, where you really need to be anonymous.
What is the point in being anonymous when buying a pizza? What is the point in being anonymous when paying for a DISH monthly fee? First, for these transactions you cannot be anonymous anymore, because you have to prove to the provider that you paid, don’t you? That links you to the transaction, rendering the whole purpose of anonymity completely useless.
I don’t understand this hype around the cryptocurrencies unless you want to make up money and find people fool enough to buy it, which is the definition of a Ponzi scheme.
