Casa Blog - Bitcoin Security Made Easy

Are you scared of losing your bitcoin?

A little fear is healthy — it means you care about protecting your wealth. Owning bitcoin comes with some responsibility, and that includes actively preparing against security threats. In this overview, we’ll cover some common threats and some tips for protecting your bitcoin.

Before we delve into each individual threat, please note the best security practice is to protect your bitcoin with multiple keys, a practice known as multisig.

#1: Physical attack (theft, burglary, extortion)

We begin with the threat that makes the most headlines. Physical threats tend to scare us more than other security threats.

While bitcoin exists in cyberspace, keys are much more vulnerable in the physical realm, depending on how you store them. Someone can commandeer your phone. Burglars can break in and steal a hardware wallet. And some investors have been held captive and extorted.

Tips for preventing:

  • Avoid disclosing your physical location
  • Don’t talk specifics about your bitcoin
  • Don’t keep a majority of your keyset on your person or at your primary place or residence
  • Strengthen your home defense

#2: Accidental loss (Fire, floods, misplacing)

Accidental loss is an especially sneaky security threat. As humans, we rarely expect accidents to happen to us, and accidents usually involve some factors we don’t account for, like our own forgetfulness and clumsiness.

We’ve heard countless stories of investors who accidentally lost their funds. In the early days, people stored bitcoin on computers and hard drives and disposed of them without knowing what they did. Others may have stored bitcoin on a hardware wallet and lost the device in a move — out of sight, out of mind.

Then, there are more intense accidents, such as fires and natural disasters. The reality is if you store your key on a single point of failure, there are unlimited forms of accidents that can happen to your bitcoin.

Tips for preventing:

  • Don’t store your keys in one place
  • Pay extra attention to your bitcoin during major life changes
  • Don’t use a paper wallet

#3: Hacks

We live in an age where more and more communications are done online. It’s often less effort for a bad actor to try and hack you than it is to physically find you, and hacking allows attackers to target multiple users at once.

There is no one-size-fits-all hack. Rather, there are a variety of tactics they can use to compromise your key, such as spoofing, ransomware, and targeting your personal accounts, such as email or cloud storage. If your key is unencrypted and stored online or on an internet-connected device, it is highly vulnerable.

Tips for preventing:

  • Keep your keys in cold storage (offline)
  • Use strong passwords and house them in a password manager
  • Perform regular software updates on your devices
  • Don’t store your keys in browser extensions
  • Verify the authenticity of software downloads and firmware updates
  • Don’t use a secondhand hardware wallet

Read more about avoiding hacks below.

The Dos and Don’ts of Bitcoin Key Management
The internet is a dangerous place, especially when you’re protecting bitcoin. Jameson Lopp covers what you need to know to stay safe in a perilous environment.

#4: Phishing attacks

If malicious actors can’t get to you, they’ll try to get you to come to them. Phishing attacks are a sly tactic where a thief will contact you in an attempt to deceive you and steal your bitcoin or login credentials. These attacks can come across many forms of communication: email, phone, and even social media.

Generally, they’ll ask you to click a link, send them money, or share information, and they often use clever ways to entice you, such as astronomical investment returns, a funny social media post, or even an offer to send bitcoin to your address if you’ll just send them a little bit first. Don’t trust — verify.

Tips for preventing:

  • Don’t respond to unknown parties
  • Verify authentic requests “out of band” through another form of communication
  • Bookmark websites you visit frequently
  • Don’t send bitcoin to people you don’t know
  • Implement app-based two-factor authentication (2FA) on important accounts, not SMS text messages

#5: Insider attacks (Friends, associates, romantic partners)

When someone steals bitcoin, it’s often a crime of opportunity. They could be a friend, relative, or close associate. Sometimes, it’s just someone with access to your property.

The untrustworthy actor knows they can access your bitcoin, so they find an opportune time to snatch it out of greed or desperation. This could be as simple as slipping a device into their pocket. In extreme cases, they might incapacitate a victim to buy themselves time.

In all cases, the solution is simple: remove the temptation. Keep people honest by keeping your bitcoin under tight control.

Tips for preventing:

  • Avoid sharing specifics about your bitcoin, even with people you trust
  • Don’t leave hardware wallets and seed phrases lying around
  • Keep valuables and financial information under lock and key

#6: Device failure

Gadgets and electronic devices are helpful inventions, but even they don’t last forever. Hardware wallets can sometimes be defective, and the last thing you want is to be stuck with a bricked device and no bitcoin.

Tips for preventing:

  • Keep beverages away from electronic devices
  • Perform a health check every six months
  • Stay apprised on firmware updates
  • Use provided cables from device manufacturers
  • Back up seed phrases for single key wallets (optional for multisig)

Casa uses multiple devices to keep your bitcoin safe, and a little maintenance can go a long way. Learn how to properly maintain your devices below.

Bitcoin Security 101: Creating healthy environments for your devices
Casa’s Head of Security Ron Stoner outlines some simple tips for setting up secure environments for your devices.

#7: Custodial risk (Exchanges, lenders, third parties)

Not your keys, not your coins. One of the most fundamental security threats with bitcoin is leaving it in the care of someone else. Whether you leave bitcoin on an exchange, lend it out, or trust it with a custodian, the result is the same — you’ve given up control of your keys.

If you don’t proactively take self-custody of your bitcoin, the day might come when you won’t be able to. Exchanges could get hacked or go bankrupt. Lenders can make bad investments and lose your funds. And even custodians can lose bitcoin. All these unfortunate events have happened with bitcoin before. Don’t become another cautionary tale. Hold your keys yourself.

Tips for preventing:

  • Withdraw bitcoin to a set of keys you control
  • Distribute your keys across multiple locations
  • Don’t lend out bitcoin without reading the fine print
  • Use Casa as a recovery method and skip the custodian

#8: Inheritance planning

While none of us likes to think about it, death is an inevitable part of life, and it represents a major segment of wealth security. You need to have a clear inheritance plan to ensure your bitcoin transitions to your loved ones upon your passing. Unfortunately, some investors have struggled to find and recover bitcoin after the death of a loved one.

Casa’s inheritance planning provides you and your loved ones with clarity around succession planning to keep your wealth safe when it matters most. This program also ensures you retain control over your bitcoin in the meantime.

Tips for preventing:

  • Formulate an inheritance plan with Casa
  • Involve heirs, trustees, and attorneys (as needed)
  • Include your bitcoin within overall estate planning

Closing thoughts

If this list has you feeling paranoid, fear not. With a little bit of time and thought, you can stay ahead of these threats and give your bitcoin the self-custody it deserves.

Casa makes it easy to secure your hard money. Our security plans protect your bitcoin from single points of failure, so one lost key doesn’t mean lost bitcoin. Schedule a call to learn more about our self-custody vaults.

Stay in the know

Our Casa Security Briefing provides weekly updates about privacy, security, and other bitcoin news. Sign up below to receive future editions.