This is part of my live blogging from QCon 2015. See my QCon table of contents for other posts.

primary risk isn’t with the protcol; it’s with the security on the websites where trading takes place

hackers love bitcoin because have cash if can get into it

Identify theft

• a lot of people try to buy bitcoin with a stolen identify
• identity theft can be 100% virtual
• Most common way is to steal online banking password
• Or compromise your email
• One password rules your whole identity
• 7% of US resident ages 16+ are victims of identity theft in 2012. 85% involved use of existing credit card of bank account
• Only 7% of users lost over $100
• Payment companies have operational cost for reversals but don’t lose much. It’s merchants who eat the loss (when charge back within 60 days). If takes 60+ days, credit card user eats the loss.

Automated clearing houses not designed for internet. Hacked on after. That’s why we verify a bank account by verifying the amount of two small transactions.

Credit card is like private key. Everytime you use your credit card, it’s like handing over your private key.

Fraud detection is like wack-a-mole. Have to catch each instance of the problem. Fraud industry is like duct tape.

No incentives for bank and email to create better account security. They don’t take any loss and push liability to someone else.

Bitcoin

• Psuedonymous – don’t know who received bitcoin
• Peer to peer
• Irreversable – legacy payments are pull. Bitcoin is push so can’t redebit and never learn private key
• Instant

There’s theft – like with cash. It’s not identity theft; it’s like regular theft.

Risk moves to consumers and payment companies. For example, if have Bitcoin on computer and have malware, it can be stolen.

Many bitcoin hacks in past few years. Steal money directly. Don’t need to launder money.

Coinbase wallet architecture
Double moat model. Meant to be hard to get past the whole thing. Admin accounts have same security as user accounts have.

Assumptions and how address

• Passwords will leak
• Emails are compromised
• Users will be phished
• Computers will be left open and unlocked
• There will be social engineering

How address

• 2 factor on everything. Login, sending money, changing things. Send SMS message when sending money so on separate channel.
• Rate limit to minimize danger
• Device verification required. Must authorize to continue
• Added five minute delay on transfering money after changing password to avoid using that token to transfer money
• Optional vault with extra security features – time delayed withdrawals, alerts to two verified emails and confirm from both, SMS notifications, cancel at any time, banner reminders to enable,option for M-of-N management (3/5 people must authenticate)
• Train support really well on social engineering
• Multi-sig vault – only for technical users, key splitting architecture. cold stoarge as a service. three keys – user key, coinbase key and shared key that is encrypted key with password that only user knows. Need two of three keys to get access to bitcoin

Largest targets of phishing – paypal, google, yahoo, bank of america, wells fargo

Bitcoin aligns incentives between users, payment companies and merchants. Forces payment companies to design better security and educate users on how it works. The savings go to the users and merchants.

Q&A

• For passport story, how figure out who was who? A lot of looking at logs. Also confirmed by phone
• Can you take bitcoin back if theft? At moment of theft, can look at theft and see IP if leaked anything. Can’t get it back though
• How much training for support staff so don’t open something malicious? A lot! Training and setup. Support staff all on Chromebooks so can’t open zip file anyway.
• Can you go after attackers legally? Usually on a different continent with a different legal system
• Bitcoin price volatility. More steady in last 6 months than in past. [that’s not long to predict future]

Impressions: great last session of the day. Liked the real examples of attacks against their compmany. And how to prevent assorted issues. I thought it would be more about the blockchain, but this was interesting too.