A recent bitcoin scam was in progress until it was noticed that somebody’s wallet had been stolen. The software was a Trojan that deletes a bitcoin wallet and mails the copy to the scammer. Fortunately, the criminal’s stupidity allowed a bitcoiner to hijacked his gmail account and returned some of the stolen bitcoin to its rightful owner, although 30 bitcoins could not be recovered.
The victim in question learned from his loss. However, as the community grows, newbies will be caught unaware by scam attempts. It’s also worth noting that even the most security aware could lapse and forget that he should not just download software. After all, we’re all human beings.
Still, I believe that bitcoin clients could do better by addressing security concerns and making it easier for the average bitcoiner to secure their money. Here are some of the security proposals that are floating around in the bitcoin community:
- Bitcoin wallets should be encrypted by default.
- Bitcoin wallets should be split into saving wallet and spending wallet to limit the amount of damage that could be caused by trojan. This should also be default behavior too.
- An application should not be able to write, copy, and read a bitcoin wallet without user authorizing or without being notified.
- Backup should be built-in and obvious to users.
I think the forum community could aid in this process.
- There could be bitcoin security firms that download new software and place it in the VM, then observe what’s happening. Bonus point for analyzing the source code, posting security flaws, certification, and other practice that minimize security problems in the bitcoin economy. Of course, for proprietary software, they would need to pay high fees to the firm because the source code are not available for inspection.
- The source code for software that interact with bitcoin wallet should be open to examination. If not, avoid it like a plague. Use MD5 hashes to verify the integrity of files.
- A news source for bitcoin security would be useful in disseminating information to bitcoiners. The Bitcoin Weekly obviously could carry such publication, but new publishing organizations could pop up exclusively for security news.
- It should be a community norm for bitcoiners to spot-check potential risk and educate new bitcoiners about security. For example, if a new software or bitcoin platform like the website here is released by a new forum member, bitcoiners would swing in to warn others of potential risk.
I am sure these proposals have risks and flaws. For example, if a keylogger is smuggled in, a cracker now have access to the password needed to crack the system. If the user forgot his password, he would be unable to access any of his wallet.
There will be continuous loss of bitcoins due to fraud and security compromise, but we can minimize and educate people about securing their bitcoin. One less testimony about bitcoins getting stolen means that it will be easier for the bitcoin economy to succeed.