Casa Blog - Bitcoin Security Made Easy

As technology advances, the world of privacy and security changes with it. The end of the year is a good time to reflect on recent trends and the personal steps you can take to stay as secure as ever.

Here’s a look back on many of the headlines that shaped 2021 and the underlying themes to watch for in the years to come.  

#5 — Dear Hacker: DeFi platform pleads with thief to return $600 million

Wooden-blocks-spelling-help
Several DeFi projects found themselves exposed in 2021 due to poor key management.

2021 was the year decentralized finance (DeFi) protocols took off, and many projects with lax security practices found themselves watching hackers take off with funds.

The most eye-opening example came in August when cross-chain platform Poly Network had about $600 million in assets stolen in a breach. The platform responded by tweeting an open letter asking the perpetrator to “establish communication” and “work out a solution.” The desperate plea worked, and the project recovered the lost funds.

🔑 Key Insight: Don't expect a hacker to have mercy on you. While this story had a happy ending, it's important to remember the value of a robust security model predicated on self-custody.

#4 — Coinbase accounts hacked, drained during IPO

When Coinbase issued its initial public offering in April, the move was seen as an indicator of bitcoin and crypto going mainstream. But behind the scenes, the exchange struggled to protect customer accounts.

Coinbase revealed last fall that attackers had exploited the company’s SMS account recovery process between March and May and stolen from about 6,000 customers. Though Coinbase reimbursed affected customers, 2FA settings continued to be a problem for the exchange. About 125,000 customers received false notifications in August that their 2FA settings had been changed.

🔑 Key Insight: Exchanges are honeypots for hackers because they hold the keys to large amounts of bitcoin. In this Twitter thread, Casa CEO Nick Neuman explained why exchanges will continue to be targeted and self-custody is the best way to protect your bitcoin.

#3 — Meta's terrible, horrible, no good, very bad year

Old-Facebook-logo-horizontal
For Meta, 2021 brought even more scrutiny over data privacy and security practices.

If any business is ready to ring in the new year, it’s the company formerly known as Facebook.

Meta began 2021 amidst growing calls for governments to break up Big Tech. In April, phone numbers and personal information for more than 500 million users were published online for free.

A few months later, a whistleblower claimed on “60 Minutes” that Meta prioritized profit above user safety when it came to combatting hate and misinformation. The next day, a router configuration change knocked Meta offline for six hours, along with other company apps.

Then, a FBI document revealed that Whatsapp, Meta's popular messaging app, makes user data easy to obtain with a subpoena or warrant.

🔑 Key Insight: Meta’s recent controversies illustrate the risk when centralized entities have so much data. As companies rush to define the “metaverse,” keep a close eye on data retention policies. As we like to say at Casa, don’t collect what you can’t protect.

#2 — Colonial Pipeline hit with ransomware attack, authorities recover bitcoin

Ransomware took center stage in May when Colonial Pipeline was hit with a massive attack disrupting the oil and gas supply chain through much of the United States.

Hacking group DarkSide was reportedly behind the attack and requested a ransom of 75 bitcoin. The Department of Justice announced in June that it had recovered most of the bitcoin, leading many to wrongly speculate that authorities had managed to crack the private key encryption behind bitcoin.

🔑 Key Insight: Even hackers can do a poor job of protecting their private keys. Casa CEO Nick Neuman discussed three potential scenarios with Vice where authorities could obtain a hacker’s private key and recover a ransom paid in bitcoin.

#1 — Bitcoin network activates Taproot upgrade

Tree-with-underground-roots
Activated in 2021, Bitcoin's Taproot upgrade is a welcome boost to privacy with Bitcoin transactions that will help the network continue to grow.

While price action and adoption dominated headlines, 2021 was an important year for the bitcoin network, which received its first major upgrade in four years: Taproot.

Activated with little controversy, Taproot was an important technical upgrade for bitcoin. The release implemented Schnorr signatures and will provide the network with improved privacy and lower transaction fees. With Taproot, it will be far cheaper to spend from a multisig wallet.

What is the Bitcoin Taproot upgrade?
What does Taproot mean for Bitcoin, and how does it affect your wallet?

🔑 Key Insight: Like the rest of the industry, Casa is working on Taproot-enabled implementation, and although there are some technical details left to work out, we are excited for this next step in bitcoin development.

😅 Give yourself peace of mind

Exchanges and hardware wallets are single points of failure. With Casa Gold, you can protect your bitcoin with multiple private keys for increased security and peace of mind.

👉 Try it free for 30 days.

Stay in the know on bitcoin security

The Casa Security Briefing provides a weekly update on recent developments in the ever-changing world of bitcoin security, digital privacy, and online sovereignty.