Security Measures in Blockchain Products
Cryptocurrency is a digitized currency based on a network that is distributed across various computers based on blockchain technology, a distributed ledger that records the origin and movement of a digital asset. The most popular cryptocurrencies, by market capitalization, are Bitcoin, Ethereum, Bitcoin Cash and Litecoin.
Cryptocurrency wallets are a digital wallet that store your private keys, keeping your crypto safe and accessible. They also allow you to send, receive, and swap cryptocurrencies like Bitcoin and Ethereum
Possible Security Threats
Vulnerable Wallets- A newly discovered vulnerability BigSpender allows a scammer to double-spend cryptocurrencies, Scammers can exploit this problem by sending the victim a transaction of some value but with minimum fees and asking for some goods or services in return, then cancel the transaction immediately or send that crypto asset with higher fees to another wallet they control.
Since the vulnerable wallets do not reflect in the user interface, cancelled or pending transactions the victim will see their wallet’s balance has increased and understandably believe the transaction to be complete.
Routing Attacks- As Cryptocurrency connections are routed over the internet in clear text and without integrity checks any third-party on the forwarding path can drop, modify, or delay transactions. An example of routing attack is Partitioning attack — a scammer aims at splitting the cryptocurrency network into at least two disjoint components such that no information can be exchanged between them.
To partition the network into two components, a scammer intercepts all the traffic destined to all the crypto currency nodes contained within one of the component and drops any connection to the other component.
Stolen Private Keys- On the blockchain, Instead of having a blockchain account tied to a real-world identity, it’s linked to a particular public/private keypair. The private key is used to generate digital signatures for transactions, while the public key can be used to verify them.
Hot wallets, which are always connected to the internet, have become an irresistible target for cybercriminals. In 2018 alone, hackers stole private keys controlling over a billion dollars worth of cryptocurrency from hot wallets, which despite being internally insecure are still used by many custodians to provide a pool of liquid assets.
Design solutions for improved security
Mnemonic Phrase- A mnemonic phrase is a group of words, often 12 or more, created when a new wallet is made to store your cryptocurrency. It is done in order to ensure you have offline storage and a back-up, all you need is your mnemonic phrase to recover all your funds.
But what if this feature can be an extra step in the user journey flow for completing certain transactions?
You need a product designer to improve your product for the user through researching and iterations, Especially in the blockchain world where security is important. The mnemonic phrase that was randomly generated for the user when creating a wallet could be required in order to complete specific transactions like sending crypto assets adding an extra layer of security.
Multi Signature Wallets- Multi signature wallets are cryptocurrency wallets that require two or more private keys to sign and send a transaction. The storage method requires multiple cryptographic signatures to access the wallet. Imagine a bank vault that requires more than one key to give access, That’s how multi signature cryptocurrency wallets work.
You are allowed to choose how many keys are required to open the bank vault as well as the minimum number of keys needed to unlock it (that is you could choose 2-of-4 multi signatory where 2 out of 4 keys assigned are required)
This feature could be implemented as the last resort of security as the scammer would need to have access to multiple keys belonging to co-signatories to complete a transaction.
2 Factor Authentication- Two-factor authentication, or 2FA provides an extra layer of security for your wallet. When logging in or performing a transaction you will need both the wallet password and a one-time passcode (OTP) generated by your chosen method of 2FA which could be through SMS codes, Email messages or you can incorporate third party apps like Google Authenticator.
You can also use voice biometrics, facial recognition, hand geometry, ocular-based methodology, fingerprint scanning, geographical location, thermal image recognition as a method of Multifactor Authentication
Cold Wallets- This is a cryptocurrency wallet that cannot be compromised because it is not connected to the Internet. The cold wallet stores the user’s address and private key and works in conjunction with compatible software in the computer. Cold wallets are offline storage facilities for cryptocurrencies, these wallets are not connected to the internet and are most secure from hackers.
Essentially organizations could offer cold wallet storage along with hot wallets such that the user can store larger amounts of assets offline and only transfer small amount of cryptocurrencies to hot wallets when needed.
Custodial Wallets with Insurance- With a custodial wallet, another party controls your private keys and assets. In other words, you’re trusting a third party to secure your funds and return them if you want to trade or send them somewhere else. With a custodial wallet every time the user buys an asset they are given an IOU by the crypto exchange which means the exchange owes them that amount of crypto asset.
Seeing as these exchanges own custody of your assets, full or partial insurance for assets could be designed and implemented such that the user pays a premium in crypto and is insured incase of hack or theft. This could be a deciding factor into more crypto users adopting a particular crypto product.
Crypto Security Standards
Crypto Currency Security Standard (CCSS) is a set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions. CCSS covers a list of 10 security aspects of an information system that stores, transacts with, or accepts cryptocurrencies.
Secure crypto wallets
Below are some of the most secure crypto wallets and some of the features they currently offer:
Exodus- Desktop and mobile wallet, Trezor hardware access; Exodus crypto apps, live charts, 100+ crypto assets, and 24/7 support
Electrum- Cold storage, add-ons supported, exportable private key
Opolo- Company-made hardware wallet, anti-theft protection, USB encryption, genuine device check
Mycelium- Bitcoin with advanced storage, spending and savings accounts; in-app exchange and trading, educational materials, inter-wallet operability
Cobo- Bitcoin-only firmware version available, self-destruct mechanism, finger print authentication
The importance of security cannot be over emphasized especially when it involves crypto assets, Crypto users naturally will choose the most secure wallet because of the insurance it offers. Crypto organizations/startups are encouraged to be empathetic when building products for users, where better than in implementing some of the top level security features discussed above.
With adequate user research, iterations and testing. It is easy to better understand the security needs and concerns of your users to design and implement the most optimal features into crypto currency products
If you are interested in building a more secure crypto solution, You can reach out to me through LinkedIn or send an Email
