Jameson Lopp: Bitcoin Users are Their Own Worst Enemies in Terms Of Security


Despite the deep correction the cryptocurrency market has suffered throughout 2018, its capitalization is still holding above $200 billion while leading exchanges are securing deals worth hundreds of millions of dollars every day and institutional investors are looking for a better infrastructure around the industry to take part in the revolution.

Not much has changed on the criminal front either with scammers still running fraudulent tokensales and Ponzi schemes stealing millions from inexperienced investors.

Hackers are still breaking into exchanges, performing DoS-attacks and hijacking DNS servers of popular wallets, or blackmailing and extorting cryptocurrencies from regular users.

Neither should one forget about the ‘traditional’ criminals who prefer good old violence to convince people to part with their hardware devices stuffed with hard earned crypto.

So if you think that with declining prices malicious actors are losing interest in cryptocurrencies, you are probably wrong.

ForkLog spoke to Jameson Lopp, a well-known bitcoin developer and leading security expert, who is also known for his work at BitGo and Casa. We discussed such issues as security of private keys, bitcoin scaling and the importance of Satoshi’s white paper to the further protocol development as well as what cryptocurrency users should always take into account security-wise.

ForkLog: Let’s talk about your career. How did you come to Bitcoin? What was the reason for you embracing it? What projects do you work on?

Jameson: I was doing back end web development a couple of years ago and came across Bitcoin at some Slashdot.org article, I don’t remember exactly which one. I had heard about it before, but dismissed it as most people tend to do. At some point I noticed that Bitcoin wasn’t dying as I had expected. That’s why I started looking into it.

My initial foray into Bitcoin was just going and getting some coins on MTGOX which was a very difficult and involved process itself. When I was playing around with it, I realised that I wanted to learn more about how it actually worked. That was some documentation at the time, but not really a lot on the low level protocol.

So I decided to fork Bitcoin Core to collect a batch of statistics from a Bitcoin node. I called this project Statoshi. That really helped me to understand what was going on inside the full node. Over the years full nodes have become a fairly important piece of the scaling debate and the general evolution of crypto assets and blockchain technologies. This concept is about allowing users to validate the state of the system without needing to trust anybody.

A few years after I started exploring the full node side of Bitcoin, I went full time to Bitcoin space and started working for BitGo where I was basically running the back end infrastructure, running all the different crypto nodes and writing services that were ingesting blockchain data and indexing it to make it available to the rest of the wallet platform that was built around it.

That gave me even more insight into the challenges of running and maintaining nodes and how different nodes in different networks tend to operate and have their own unique issues. I’ve written a fair amount about those experiences and this has actually resulted in my perspective changing on the scaling debate around the 2015-2016 time period.

ForkLog: It is a well-known fact you were one of the biggest proponents of the UASF soft fork last summer. At the same time your previous company was among those who initially supported the controversial New York Agreement and actively pushed for SegWit2x. Did this cause any disagreements within the team?

Jameson: Oh yes! I lost count of how many hours of debates we were carrying on at BitGo even within the management team. I think the primary problem with that approach was that it was mostly CEOs and founders of companies coming together and making decisions themselves. They made a kind of assumption that they had an ability to represent other sets of users.

It turns that Bitcoin is not really a democracy, because while you can claim that you represent people if you provide them with certain services, but you can’t actually enforce any type of representation. It’s very easy to upset users and have them rebel and leave. This is a nature of permissionless systems.

ForkLog: Why was SegWit2x cancelled? Some say many of the people who wanted bigger blocks saw Bitcoin Cash as an optimal solution. What do you think was the true reason behind the last minute decision to call it off?

Jameson: I think we will never really know all the stories. I’m fairly certain that there were various private mailing lists and private discussion groups that were centered around SegWit2x. I doubt we will ever see those people come forward and leak all the transcripts.

I personally believe that Bitcoin Cash did take most of the wind out SegWit2x sails. Bitcoin Cash was a bit more extreme, because it was aimed to basically remove any block size limits and have an unlimited onchain scaling, whereas SegWit2x was more like a compromise. I think it left the bad taste in the mouth of the people on both sides. You can argue that may be a good thing, because some people say that the best compromise is when both parties are unhappy.

Once Bitcoin Cash forked, they proved it could be done. We always knew that a hardfork can happen, but nobody had gone through with it before. It basically created a new schelling point for people who wanted to do unlimited onchain scaling and no longer wanted to be limited by having the argue with people who had a very different views. I think that a lot of these people thought they would be able to get more accomplished toward their own goals if they didn’t have to constantly argue with people who they viewed as trying to hold them back.

ForkLog: Bitcoin Cash supporters think that onchain scaling represents initial Satoshi’s vision while offchain scaling is a wrong solution and a kind of treason to whitepaper. What do you think about such claims?

Jameson: I think it’s partially true, because you can find quotes from Satoshi that support larger block sizes and onchain scaling, you can also find quotes where he talks about offchain scaling and essentially payment channel technology. He spoke about privately updated transactions between two parties without broadcasting it to the network even before the technology was invented. That is a fundamental idea around payment channels and offchain scaling.

I think that Satoshi would like to see Bitcoin develop in every way possible to become a global currency. I think that is the main goal of the community regardless what side you are on in the scaling debate. We all just want to make the system available to as many people as possible. I guess we just have different timeframes and different visions for tradeoffs we’re willing to make in order to get there.

ForkLog: Should white paper only define the way Bitcoin evolves?

Jameson: I think it’s a kind of backwards way of doing it, because the white paper was actually written after the first implementation was coded up. Really I think the best way to get an understanding of a timeline around how it happened was my article for CoinDesk that was entitled “Nobody Understands Bitcoin“.

I went through the history of how Bitcoin protocol was initially developed. If you look into the first couple of years of development, you realise that Satoshi didn’t know everything and he was actually learning along the way. He made a number of changes to the protocol after it had been released. Some of them were implemented in contradiction to the white paper itself like the longest chain rule, for example.

I don’t think the white paper was ever meant to be some sort of founding specification that can never be deviated from. It seems to me that this is an open community project and it’s going to evolve in an organic way. No one can dictate that certain parts of the paper must always be adhered to. It’s going to be a dynamically evolving project. Who knows how it’s going to look in 10 or even 50 years?

ForkLog: In one of your recent blog posts you say you have no proof that the SWAT incident that took place at your home last fall is in any way related to the scaling debate. Does this mean you concede such a possibility could exist and that people with, let’s say, different opinions could go as far as threatening your life and the lives of your family?

Jameson: It’s certainly possible, it’s just hard to speculate on it. I have been putting a little more effort into trying to crack down the people who did it, but I doubt that I or anyone will ever find them. Without actually finding them and asking, it is all speculation. The only thing we really know is that they wanted to scare me for some reason. Maybe it was something money related, maybe I had said something that upset them.

We’ve already seen a number of types of attacks happened as result of the debate. Usually these attacks took place online. It could have been something as simple as threats on social media or something more sinister like Denial-Of-Service attack.

We saw something of those happened around 2015 when a number of Bitcoin nodes were hit with DoS-attack. I actually had my home internet connection get completely flooded and become unusable for several hours. This is the way it goes when a lot of money is on the line. Some people may take a very drastic action.

ForkLog: Many users are targets for physical attacks and “traditional” criminals. If we don’t trust third parties to hold our keys, we have to keep them safe by ourselves. Then some gangs come to our home to force us to part with them. Does it mean that we still need some third parties, some crypto banks to secure our crypto?

Jameson: I think this area needs a lot of improvements. This is actually a reason why I switched from working at BitGo to working at Casa earlier this year. I believe that there are a lot of people out there who now have far more wealth in crypto-assets than they’ve ever anticipated needing to secure.

A lot of them are just paralyzed with fear because they don’t want to screw up or become huge targets, so a lot of them just leave money at these new crypto banks with the logic being that there are entire teams of security experts who are devoted to keeping those private keys safe. They figure the keys will be safer with that third party than with someone who isn’t going to spend time and resources to figure out all the security issues around key management.

I think that there is a pretty good demand out there for products that make it easier and basically lower the bar for the level of efforts they have to put to secure these things. That’s why at Casa we provide financial services without actually being a bank or having control over these keys.

So we’re thinking about all possible failure scenarios and attacks, and trying to build best practices around key management into the application itself. All that users should have to do is to follow the instructions in our software without needing to dig through thousands of educational resources.

ForkLog: If Casa doesn’t hold keys, who is in charge?

Jameson: In our case a user has four out of the five keys and the idea is that most of the user’s keys are going to be on a dedicated hardware like Trezor or Ledger that can provide a lot of security around each key itself, but the total security of the system is going to be due to the redundancy of how many keys there are and keys’ geographic separation. This is the way to reach better-than-bank level of security by making the situation when there is no single point of failure anywhere within the wallet.

ForkLog: Does it mean that in order to access my wallet I must have five keys?

Jameson: So when you create a vault with us it’s three out of five multisig with one set of keys on your phone, another one that Casa keeps offline for a recovery option, and three hardware devices. The idea is to keep the phone and the hardware devices in different places where they are not susceptible for an attacker grabbing them or for any type of natural disaster loss like fire or flood to destroy multiple devices at once.

You should have a level of redundancy and robustness that you are unable to have with any single key or any single device solution. The tradeoff of course is that it becomes harder for you to actually spend coins, because you need to move potentially a very far distance to get access to them. That’s the kind of tradeoff that you have between convenience and security.

ForkLog: According to Chainalysis about 4 million bitcoins have been lost. It was not due to hacks or thefts, but due users losing their private keys. It’s about 20% of bitcoin supply. Do you believe that users are their own worst enemies?

Jameson: I think so.. It seems like other than situations where a large exchange gets hacked because it’s high profile target, most users who lose money are losing it simply because they don’t have good IT practices.

Even sophisticated technical people like myself often ignore some IT practices, because it’s so boring to make backups and distribute them around to make it robust against different types of failures. A lot of these data management practices are decades old and boring.

Nevertheless I think that crypto security stuff is handled pretty well by hardware devices. It’s just the backup practices that still create vulnerabilities.

ForkLog: How secure are solutions like Xapo’s bunker in Switzerland?

Jameson: It seems to be pretty secure to me. The tradeoff of course there is once again you are trusting third parties, because they are holding your keys as a custodian. While I think that such solutions are strong against environmental failures or even probably physical attackers, then next question comes down to how secure they are against insider attacks. I’m not familiar with their internal policies for preventing an employee from comprising keys. I think there is a collusion possibility, but I’m pretty sure that they are using sufficient number of security policies, including multisig. However we don’t know this for sure, so we basically trust them in this regard.

ForkLog: It seems to me that they scan clients’ fingerprints to grant them access to keys. What do you think about using biometrics to secure digital wallets?

Jameson: Biometrics generally is not considered as a great security solution. If someone gets access to your biometrics, the consequences may be catastrophic. I heard they have a more sophisticated solution that also checking if the hand that is touching the screen has a pulse. It seems like a nice improvement, but a bigger question for me would be its assumed susceptibility to a single person who can steal the data. Even if one employee can’t carry out a successful intrusion, a larger collusion within the company may still be possible.

ForkLog: How can you explain the problem of social engineering in terms of thefts in the digital world?

Jameson: Well, the risks are very low and the rewards are very high, which is why we’ve seen a lot of more sophisticated social engineering attacks happening.

We’ve developed these awesome hardware security devices, which are secure against almost any type of physical attacks. So naturally an attacker is going to find the weakest point in the system. If you’re using a hardware device, the weakest point is basically you and your brain getting tricked into doing something you don’t actually want to do.

Social engineers are like brain hackers, who are trying to find a right combination of words and actions in order to get a human to undertake some action that is detrimental to themselves.

ForkLog: Some radical skeptics say KYC/AML procedure is a scam and attack against bitcoin essence. What do you think about this?

Jameson: This is more on the privacy front and you can definitely consider KYC/AML stuff to be detrimental, because once an attacker knows that specific coin address belongs to you, he can start tracing around and potentially identify your financial activities.

It seems to be more like a nation state level attack, where you could have law enforcement authorities or tax agencies trying to identify people to force them to give a bunch of their assets up. But it’s not a common type of attack.

I think the real question comes down to our ability to develop enough privacy technology that could allow you to buy bitcoin on an exchange with KYC policy and hide all subsequent transactions after withdrawal. I think the best defense we can have is a privacy technology incorporated into the protocol so that it is enabled by default.

ForkLog: What is the future for private key security? How can you explain the concept of crypto castles?

Jameson: It really all comes down to fulfilling the idea of being your own bank. We want people to be able to manage their private keys without actually understanding everything that is going on under the hood. It basically becomes a usability problem.

I think that building blocks to secure your keys and keep them safe from both attackers and natural loss issues are already out there, now we have to figure out how to put a nice UX around them.

That is what we’re trying to do in Casa, taking a lot of knowledge that we’ve been building and discovering over the past 10 years to create the software with that in mind to be able to train users and guide them around the best practices.

The concept of crypto castles comes down to a multilayer strong and robust solution with using different types of defences like the watchtowers (automated alerts), the gatehouse (wallet software), the bridges (simple duress kill), the stone walls (multisig) and the moat (air gaps) to keep you safe.

Jameson Lopp was interviewed by Nick Schteringard.

Follow ForkLog on Twitter and Facebook!

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , ,