Bitcoin is rife with idealism; wild, frivolous idealism that can be wholly energizing, intoxicating, and invigorating, but as is far too often the case, taken advantage of. Intentionally. A frequent point of idealism, despite chants of “DECENTRALIZE DA WURLD” and the clear opportunities for butthurt, is in bitcoin wallets.
Perhaps because of their delusions of digital security, Bitcoiners still aren’t making high-entropy paper wallets. It’s a lot of work, granted, but tripping over each other to host your coins on some unproveni crowd/VC-funded start-up is about as decentralized as the Board of Governors of the Federal Reserve. And I couldn’t sworn that we were trying to avoid that kind of thing.
Which brings us to the latest Wired pump piece on idealist-chomping multisig fucktards BitGo:
When you sign up for a BitGo wallet, the company creates three keys: one that’s stored by the company’s servers, one that’s encrypted and stored on its servers, and a third that you print out and put somewhere safe.
So this company, founded by the two not-particularly-trustworthy-looking doods (seen below), is holding 2-of-3 keys. Sorry, they’re holding one and “their friend” is holding another, which is totally kosher because they only need 2-of-3 to spend your coins. Oh wait, no… that means you’re cut out… that doesn’t work at all.
And are they seriously storing one key unencrypted and one key encrypted?
If you forget your password or somehow lose access to one of the other two keys, the third can still keep your bitcoins secure.
That doesn’t keep your coins secure at all. How do you lose access to one of the other two keys when they are in effect holding 2-of-3? You only have one to lose!
To spend your bitcoins, you need access to two of these three keys.
Wrong again. To spend your bitcoins, they need access to 2-of-3 keys, which is exactly what you’re handing them on a silver platter.
Anyone can use the BitGo wallet, but the company sees a real opportunity in building bank-like services that let companies put corporate controls over their bitcoins. On Tuesday, BitGo introduced a suite of wallet services that let businesses limit how many bitcoins a user can spend without corporate approval, and control digital currency spending in other ways.
Awesome! Spending restrictions! Also known as capital controls! I’m sure there will be a market for this with the Argentinian government at the very least. Also, super uncool.
Typically, you would spend bitcoins by logging into your BitGo account and then using your phone to get access to a second key.
Ah, the impenetrable fortress that is your phone. Except for the giant holes in phone security that punks like Nic Cary from Blockchain.info walk through when they give your 2FA code away, or when your phone gets baseband hacked. Y’know, but other than that it’s totally safe. Like, bank safe.
The icing on the cake, from BitGo’s own website, is a slight re-phrasing of Wired’s coverage. The truth between who holds the third key, BitGo or “BitGo’s friend,” is probably intentionally obtuse:
We hold one key, you control a second key, and a third key is held as a backup with a trusted party. If a single key is compromised, your Bitcoin can’t be stolen. This makes our wallet virtually hack proof.
So to recap: trusting a stranger and “their friend” is “virtually hack proof.” Even if we grant them this tall tale, we’re left with a wallet implementation that’s far from theft/scam proof. The opportunity for collusion is open, disgusting, and creates clear incentives for abuse. If BitGo gets off the ground, it can only end in flames.
And yes, CTO Belshe is a former Googler who diddled about with Chrome. Who knows, maybe he even had something to do with the Easywallet.org search hack?
___ ___ ___
- “Unproven” may also be “new and exciting,” but that doesn’t mean it’s earned your trust. It means the opposite. Some former Googler saying “we’re more secure than traditional banking” is always and everywhere a wallet inspector’s promise. So for the love of God, stay the fuck away from these guys. [↩]