There’s no denying that the popularity of cryptocurrencies is increasing. While some are only dipping their toes into the crypto world by investing a little, others go all in. Either way, users end up keeping their savings in the cyber world without being aware of various threats.
Many investors are known to keep significant amounts of money on a computer or a phone not knowing about malware that could be used to extract data. Falling victim to such attacks can result in major financial losses.
When dealing with malware, many users are aware that one of the ways to prevent it from infiltrating into their device is implementing various cybersecurity solutions. But what actual security measures can be taken to prevent hackers from getting on investors’ devices?
To answer this question and discuss cybersecurity, we invited Douglas Bakkum, the Co-Founder and CEO of Shift Crypto, a company that offers secure crypto storage solutions.
Introduce us to Shift Crypto. What would you consider your biggest milestones throughout the years?
Shift Crypto is a privately held company based in Zurich. We have an international team of specialists across engineering, crypto security, and Bitcoin development that develop the BitBox products and manufacture them here in Switzerland. Our mission is to empower individuals to easily get started in the emerging Bitcoin and cryptocurrencies ecosystem. To do this, we equip users with simple and secure hardware & software products that enable financial sovereignty.
The BitBox business started 7 years ago when I co-founded a company with Jonas Schnelli, a well-known Bitcoin core maintainer. We launched our initial product, the BitBox01 hardware wallet in 2016 (aka Digital Bitbox) with all the fanfare of a single Reddit post. Despite that, word-of-mouth support helped to get BitBox01s sold to customers in about 100 countries. We've since grown the team, launched the second-generation BitBox02 hardware wallet 2 years ago, and created the BitBox App to simplify the user experience and, importantly, enable the BitBox02 with Android devices in addition to the standard desktop operating systems.
Can you tell us about your BitBox wallets? How does this technology work?
The concept of a hardware wallet is simple: Never let your cryptocurrency private keys touch your computer or mobile phone, where they could be seen by hackers or malware. Whoever can see a private key can use it to unlock and steal your coins. Therefore, keeping the keys secure is of paramount importance.
Hardware wallets, perhaps better named a keychain, look like simple USB memory sticks, but they are miniature single-purpose computers packed with a variety of security features. A collection of private keys are generated onboard a hardware wallet during setup, using multiple sources of high-end entropy (aka randomness), and never need to leave the device.
BitBox hardware wallets have been on the market for several years, and every enhancement and security improvement has led to the BitBox02 being available today. We believe it has a superior security model using a dual-chip approach whereby a general-purpose microchip runs logical operations using open source code and secure chip upgrades security in a trustless way.
For beginners to the space, the BitBox02 is a great solution. The BitBoxApp guides users through every step while getting up and running takes less than two minutes. The detailed screen shows all relevant information for easy verification. And there are no clunky buttons: our touch sliders allow intuitive and efficient operations, like confirming a transaction or verifying a receiving address. The in-app guide answers common questions, while the BitBox takes care of the security aspect.
In the case of a lost or broken hardware wallet, can anything be done to recover the funds?
Yes, for sure. These days, cryptocurrency wallets provide backups following a de facto standard that allows one to recover a wallet in such a case, even across different wallets. Typically, the backup is a list of 12 or 24 words that represent a random number called a wallet "seed" from which all private keys can be derived. During setup, the BitBox02 saves the seed to a micro SD card plugged directly into an onboard slot on the hardware wallet (or optionally displays the word list to be written down on paper). To recover a wallet, plug in the micro SD card into a new BitBox and start it up (or alternatively type the word list into the BitBox or a different wallet).
Do you think the pandemic influenced the way people perceive the crypto landscape as a whole?
I think so. Broadly, some people had some extra time on their hands and limited options on where to spend their time, and so had a chance to take a look and learn more about the space.
But more concretely, the subsequent financial stimulus and supply chain bottlenecks appear to be increasing inflation throughout the world. Countries that previously experienced hyperinflation have had relatively strong adoption of cryptocurrencies by individuals with a goal to preserve wealth. Now, I heard from my aunt, who is retired in a rural part of the USA, that her financial advisor is suggesting allocating a part of her retirement funds in bitcoin. An original Bitcoin design goal was to provide a sound form of money with a fixed supply cap, specifically to avoid eroding its value through inflation. That rationale is now getting directly felt by a larger part of the world.
Since hardware wallets are a relatively new technology, there is still some confusion and myths surrounding them. What misconceptions do you run into most often?
There are many misconceptions that mystify cryptocurrencies and how to use them. I think the biggest misconception is that it has to be difficult to understand. If you ever used cryptocurrencies, making a wire transfer or even using credit cards for online payments now feels so last century.
Many of the concepts are new, but they have simple explanations. For example, one of the biggest misconceptions with hardware wallets is that you do not need to update a backup whenever you send or receive coins. This is because which coins are located where is public information, stored on the public blockchain (i.e. a very slow but immutable database). The wallet backup, or seed, is used to derive all of the keys a wallet will ever use. A wallet app just needs to probe the blockchain to see which of the keys have coins assigned to them.
Since a key is a random number, another misconception is that someone else could randomly pick the same key like me. As long as the wallet uses a good source of randomness during setup, this is computationally infeasible to occur because of the massive amount of possible keys. The number of possible keys is comparable to the number of atoms that exist in the observable universe.
Another important misconception is that “gone is gone” when it comes to cryptocurrencies. People have gotten used to being able to reverse a credit card transaction, or resetting a forgotten login password. However, if you mistakenly send coins to someone, only the recipient can send them back, which is a side effect of a blockchain being censorship-resistant. If you forget a password, you are locked out and would need to recover your wallet from a backup.
In your opinion, what are the most serious threats surrounding digital assets?
If you don't use a hardware wallet, then you may be keeping your coins either on an exchange or on a "hot" wallet on your computer or phone. Keeping any significant amount of money on a computer or phone is a bad idea given malware vulnerabilities that could extract data or manipulate the display are frequently reported.
People, therefore, tend to feel more comfortable keeping money on third-party websites such as exchanges. However, this can also be dangerous as you will still need to protect your login details, which like a hot wallet, is typically done on a phone or computer. Furthermore, accounts have been drained after SIM swap attacks. Within exchanges themselves, billions of dollars of cryptocurrencies are lost every year through hacks and exit scams.
If you do use a hardware wallet, in our experience the primary danger is user error, for example, losing a backup or forgetting a password that encrypts or derives a wallet.
What tips would you give for people who are new to the crypto space?
For those not yet in this space, jump in and start to learn. Bitcoin solved what had been considered an unsolvable scientific problem that unlocked the ability to create an "internet of money". This will profoundly impact the world. It is not a question of "If?" but "When?", and whether that is Bitcoin or another cryptocurrency or one not yet invented is beside the point. Just being aware of the space will have value.
For those newly in the space, educate yourself on the basics. Invest only what money you're ready to lose. One mistake many newcomers make is to look for “the next Bitcoin”. Be careful as more often than not, choosing cryptocurrencies (or any financial bet really) with a get rich quick mindset will lead to losing your shirt.
Remember that hardware wallets are widely considered the safest way to store your coins. That said, don’t trust anyone who claims their product or service is unhackable. Anything can be hacked. The goal of a security product should be to make it too costly (in terms of money or time) to be worth the effort to attack, while continuously paying attention to ways to improve.
Talking about the future, what cybersecurity solutions do you think will rise to the top in the next few years?
I see pushing more and more security to the "edges" as a positive trend. Hardware can play a role as it is the ultimate edge device, for example, with Yubikeys for passwordless authentication and hardware wallets for cryptocurrencies. I see this also being useful for future P2P communication apps to avoid backdoors placed in the software to decrypt messages.
In general, I believe that advances in cryptocurrency security will push the forefront of security innovation because they require strong security schemes due to their design. Unlike fiat transactions, cryptocurrencies are designed to be irreversible, hard to trace, and hard to freeze, providing convenient get-away cars for thieves.
And finally, what’s next for Shift Crypto?
A common saying is that there is a tradeoff between security and usability. I believe that is a false dichotomy and consider our job as a company to fix such tradeoffs. Towards that end, we aim to give new people in the space a seamless and intuitive experience, from buying their first bitcoin to long-term storage, and that is where we are focusing our efforts next. We want to empower our customers by making it easy to take part and offer educational content to grow together along the way.