Bitcoin Wallet Security:
Usage & Best Practices

A quick introduction to moderate to high security contracting.

Transactions are Digital Contracts

Enforcement via computer network, rather than human courts

Remember that Bitcoin transactions are just contracts. A simple example is a transaction which requires one signature.

  • PAYMENT CONTRACT


    Bob reduces his balance by 1,
    
and increases Alice’s balance by 1.


    Required Signatures: Bob

    Signed: Bob

This is an example of a Multi Signature Contract (m/n). The Bitcoin network will not recognize it as valid until signed by both required parties!

  • PAYMENT CONTRACT


    Bob reduces his balance by 1,
    
and increases Alice’s balance by 1.


    Required Signatures: Bob, Eve

    Signed: Bob

But what does a signature mean in Bitcoin?

  • PAYMENT CONTRACT


    Bob reduces his balance by 1,
    
and increases Alice’s balance by 1.


    Required Signatures: Bob, Eve

    Signed: Bob

    signrawtransactionwithwallet "hexstring" ( [{"txid":"hex","vout":n,"scriptPubKey":"hex","redeemScript":"hex","amount":amount},...] "sighashtype" )

  • Signatures are inputs

    There are many ways to gather input!
  • Vastly improved default security

    Ink signatures are easily forged.
  • Sovereignity

    Public, not private, infrastructure.

Not your keys, not your coins.

Best practices

Key Control

Possession is ownership

Custodial exchanges owe you a debt of cryptocurrency. Exit scams, identity theft (accelerated by AML/KYC regulations), and general cheating by exchange operators often lead to noobs getting rekt.

Unique Receiving Addresses

Use a new address every time

Address re-use makes it easy for attackers to break your privacy. If you're a merchant it's easier to perform refunds if you use a new address for each invoice, and in some cases co-mingling funds may be against industry rules.

Control the hardware

For broadcasting your own transactions

If you can’t broadcast signed transactions, you are powerless to spend your funds. How is your inability to broadcast a spend transaction any different from not being able to sign a transaction?

Control the hardware

To validate incoming transactions

If you rely on someone else to tell you what is happening on a network, you leave yourself open to attacks. DDOS attacks can make “block explorer” websites go down, ISP can attack/modify traffic, phishing sites can mislead you, etc. Be aware you may still be vulnerable to eclipse attacks even if you are using a full node to validate your transactions!

Follow the Reference Implementation

Why doesn’t Bitcoin core support recovery seed word mnemonics? Hardware wallets? Let rough consensus instruct your behavior/decision making, and enjoy the maximum safe feature set.

Take No Risk

Bitcoin Core is perhaps the most thoroughly reviewed code ever written, and pioneered deterministic builds. Be slow to adopt new features: unmerged code means insufficient review or a lack of consensus among experts. Every "layer" on top of this one only weakens security.

Open Source Only

Anyone can write or copy code, few can market and service the product. A brand (trademark/App Store name) is valuable, because it signals to the market the quality of your product or service. Peer review helps you find and fix bugs (for free!), so you should be very suspicious of anyone offering software which is not open source.