Upcoming trends in the security of Bitcoin
Maredia from Lava concedes that there is room for progress. He recently introduced his solution which is expected to achieve the best compromise for mobile devices.
After a series of unusual events where mobile and hardware wallet users experienced losses, researchers finally deduced that seed phrases stored on LastPass servers had been infiltrated. As of a few months prior, the estimated losses in different cryptocurrencies exceeded 0 million.
A fundamental aspect of this phase has involved questioning pre-existing ideas about the global usage of Bitcoin. Novel practices are developing, and different cultures are employing the asset in a manner that defies previously set conventions.
A 2022 security exploit affecting the widely-used password manager, LastPass, served as an additional prompt of the vulnerable condition of an average individual’s security procedures.
“We should consider more thoughtfully as an industry about our usage since encountering a seed phrase when establishing a wallet for the first time can be very challenging for the user.”
Source: bitcoinmagazine.com
Current Casa CEO, Nick Neuman, in a discussion with Bitcoin Magazine, also expressed similar apprehensions as his coworker.
While there have been major improvements in the quality of Bitcoin products and applications, self-custody still poses a significant risk for those who are not comfortable with technology beyond their iPhones. Stories are continually reported of successful phishing attacks that target individuals’ funds by hacking into their wallet’s seed phrases.
Neuman continues to hold a positive view, indicating that there’s a noticeable move towards more pragmatic strategies, although he believes that Bitcoin products are trailing.
Since Casa introduced its seedless wallet approach years ago, there have been many advancements in Bitcoin products, yet only a few have followed its lead. Although self-custodial applications are stronger than ever, some introduced changes have added extra steps, complicating things for new users. It’s important to question whether extreme views on security have boxed practices into rituals that are unappealing for the average person.
“He noted that most individuals begin to doubt their capacity for self-storage when hardware wallets and seed phrases come into play. Some struggle to follow directions properly, whilst others tend to opt for using custodians.”
An important developing trend from this tumultuous setting is the revival of non-seed security frameworks, which adopt a fundamentally unique method to protect Bitcoin private keys. Advocates contend that prevailing security procedures are not fulfilling the anticipations of a growing user base. In conjunction with the evolution of custodial alternatives, the arrival of ETF products is raising worries concerning the possibility that future users will transition into more intricate self-custodial solutions.
“Examining typical reasons behind users losing their funds, it’s uncommon to encounter instances where mobile keys have been breached.” Instead, he suggests that it’s more probable users will improperly safeguard their backup seed phrase or inadvertently disclose it during phishing scams.
The future of security models without seeds
Prominent Bitcoin advocates have consistently urged the adoption of stronger security measures, particularly hardware wallets. However, a considerable number of market participants are yet to embrace this suggestion. Shehzan Maredia, the founder of Bitcoin financial service company Lava, observes a considerable separation between security product developers and a substantial portion of Bitcoin market actors.
This isn’t the first instance where security experts have blamed seed phrases for the complexities of self-custody of Bitcoin becoming mainstream. Jameson Lopp, an industry expert, has discussed the challenges of this security model and continues to openly express concerns about its drawbacks. Lopp’s enterprise, Casa, a multi-signature wallet provider, was partially established to tackle problems arising from conventional backup strategies.
“A significant number of wallets continue to make you save your seed phrase right off the bat, which ironically deters users from feeling at ease with keeping their own keys.”
Security specialists insist that private key content should always be kept offline. Nonetheless, Maredia proposes that secure spaces found in contemporary mobile devices are adequate to fend off the majority of attacks imposing threats to users today.
According to our study, feedback from early users suggests that the technology still needs to address crucial standardization problems.
The pattern indicates that businesses comprehend the dangers of managing confidential data on their own. Modern technologies like passkeys used in Coinbase’s fresh “Smart Wallet” provide intriguing options for upcoming products. Internet leaders like Apple and Google are endorsing passkeys in an attempt to substitute old-fashioned passwords with cryptographic keys associated with the user’s device and identity.
“We considered options such as passkeys, but concluded that they weren’t effective in securing crucial key materials like Bitcoins. These methods generally replace one piece of sensitive information with another, which is typically poorly managed in a password manager and can be effortlessly erased, even from iCloud.”
- Lava protects user seeds through a high entropy key housed on a separate server, where it gets encrypted and saved in a unique folder to avoid unintentional removal or unauthorized access. The process of authentication is carried out through a key server that imposes rate limiting by utilizing a selected PIN, without the necessity for account creation, enabling the preservation of privacy during daily activities. The system also uses the device’s secure enclave for key storage.
- Maredia anticipates that the developing protocol will adjust in response to requirements and risk profiles, with measures such as 2FA, withdrawal/spending caps, and pre-approved addresses already in progress. The adaptable upgrade configurations can meet specific needs.
- Critics contend that there are excessive risks associated with third parties, but open-source solutions such as Photon SDK and Lava Vault indicate that vendors and service providers who adopt similar standards can manage potential problems. Seeds continue to be essential elements, designed to be used in the future, confirming the ability to move between wallets and offering alternative solutions in the event of software breakdowns. They also advocate for multi-signature strategies with hardware devices and adhere to principles to avoid centralized failure points in handling private keys.
In the early part of January, Trezor, a well-known hardware wallet provider, stated they had concerns that confidential customer data may have been exposed due to a system breach in a third-party service provider. Subsequently, X users claimed they noticed an increase in phishing endeavors targeting their inboxes.
