An early bitcoin adopter has made a plea for bitcoin consumers to migrate to more secure bitcoin storage systems after having 750 BTC (about $280,000 at press time) stolen from him while on vacation.
Bitcoin entrepreneur Leo Treasure told CoinDesk his misfortune should serve as a cautionary tale for everyone. Whether they store bitcoins online, on hard drives or in cold storage, he implored users to switch to more secure multi-signature ('multi-sig') wallets as soon as possible.
Though he holds little hope of ever recovering his bitcoins and isn't expecting the authorities to help, he is following the lead of others who have suffered bitcoin-related crimes and promising 50% of the stolen amount as a reward to anyone who can help recover it.
Treasure, a former computer science student and bitcoin entrepreneur from Perth, Australia, told CoinDesk he was traveling in Bali and didn't think connecting to public Wi-Fi could be a security issue as his bitcoins were stored locally.
Once he synchronized the Bitcoin-Qt client on his MacBook, the 'sent' records confirmed the worst. A series of transactions leading to unfamiliar addresses had occurred from his wallet.
It was no small hack – the amount stolen represented the majority of Treasure's bitcoin holdings, leaving him with only small amounts stored elsewhere.
Treasure admitted that keeping such a large stash on his hard drive wasn't a good idea, but confessed to having the "could never happen to me" feeling of false comfort that precedes many a disaster, saying:
The year of multi-sig
In the article, CEO and co-founder of multi-sig wallet provider BitGo Will O'Brien wrote that despite Andresen's call over 99% of all bitcoins are still stored in single-signature addresses. Multi-sig addresses, he wrote are "the only viable solution for securing bitcoins".
Multi-sig bitcoin addresses are the result of Bitcoin Improvement Proposal (BIP) 16, which was created in 2012 and implements something called 'pay to script hash' (P2SH) technology.
Bitcoin addresses generated using P2SH begin with a '3' instead of the usual '1', and require multiple keys for their balances to be spent.
The standard model is to require two out of three keys to spend from a balance – of those keys, one goes to the user, one to the service (exchange or wallet) provider and another to a trusted third party. A user may choose to keep the third key in a safe place instead.
Therefore, the owner of the coins may access the balance even if the service provider is shut down or goes out of business (or is run by a malicious operator) and, just as importantly, a single device stolen or compromised by a hacker is not enough to steal the coins.
Developer Ben Smith, who created multi-sig bitcoin wallet and social payment system Ninki, agreed this technology would solve a lot of problems. He said:
Unfortunately, security is often something people don't consider until after suffering an attack, and popular services are moving slowly to implement multi-sig.
The local-storage wallet Armory, often favored by more tech-savvy and security conscious bitcoin users, has a form of multi-sig called 'Lockboxes'.
He was featured in the following Australian TV news report on bitcoin:
He had obtained the majority of his bitcoins by taking out a AUD$20,000 loan. According to a Perth newspaper article, his own stash was in the 1,000 BTC realm.
"Don't ever sweep cold wallets 'til you're absolutely sure there's no keylogger on your machine."
He said he "still believes in bitcoin" despite feeling initially despondent after the setback, and considers it much more viable than the current banking system. His work in future, he added, is now more likely to focus on developing and promoting security.
Treasure will be speaking about his experience at Perth's 'Bitcoin Australasia' conference on 8th November.
Theft image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.