No, not asking if you own any Bitcoin. Or the IP address.
This blog is prompted by the Nicholas Weaver article “Risks of Cryptocurrencies” in the June 2018 Communications of the ACM.
He writes, rather misleadingly in our opinion:
“This was not because our Bitcoin was stolen from a honeypot, rather the graduate student who created the wallet maintained a copy and his account was compromised. If security experts can’t safely keep cryptocurrencies on an Internet-connected computer, nobody can. If Bitcoin is the ‘Internet of money’, what does it say that it cannot be safely stored on an Internet connected computer?”
Would you leave a gold coin lying around in the open? Lock that thing up in a safe or safety deposit box.
Bitcoin is not really the ‘Internet of Money’ so much as ‘Money in the Internet’. And the cryptocurrency was not on an Internet-connected computer. Those were the keys.
Your wallet holds one or more private keys, not cryptocurrency itself.
Key distinction (pun intended). The money doesn’t move off the distributed ledger. When it moves from one wallet to another what happens is the send process (that you initiate) changes which private key can access it. Namely the designated receiver’s key becomes the only one that works.
The graduate student’s indiscretion was in making a copy of the key that allowed the safe or safety deposit box to be opened by an unauthorized person. And then not properly securing it.
Where is the Bitcoin stored? Why in the distributed ledger, the blockchain, that is simultaneously existing in many places, but has a single verified history from the Nakamoto consensus protocol that committed it into the blockchain.
That is effectively the bank where all the safety deposit boxes are.
How do you get to your coin? With a key stored in a wallet, the private key. Visit your bank.
That key must be stored in a safe place. It can be in a hardware wallet (USB device typically) which is stored in a home safe. And then it has the same level of security as the gold coins in your safe.
Better, since you can keep another copy in another secure location (safety deposit box, for example).
The next best alternative is a pass phrase on a piece of paper again stored in a safe or safety deposit box.
There is no need for your private key to be sitting on the Internet.
If you use an exchange you can use their vault, or cold storage, option for most of your holdings. Then you are relying on their assurances that they are storing in offline devices.
When you do visit your Money in the Internet bank, do so from the privacy of your home, not from some insecure wifi cafe.
You go to the bank and take some gold coins out from your box and they are already less secure, but that is why they have guards at banks. And when you go out to your car with a couple of the coins, they and you are even less secure.
But we are used to doing that. We understand the procedures.
It’s just that there are new procedures that we have to get used to, with digital gold like Bitcoin. It’s rare to be physically mugged for Bitcoin.
Keep only moderate amounts of cryptocurrencies in exchanges with established security reputations, and modest amounts in mobile wallets.