Bitcoin software wallets and their security

Let’s talk a bit about cryptocurrency wallets, specifically Bitcoin software wallets and their security. When we mention cryptocurrency, we’ll primarily be referring to Bitcoin. Other cryptocurrencies work in a similar way, and if you’re interested in the specifics, you can look them up on your own

Despite the ongoing hype surrounding cryptocurrencies and blockchain as a technology, I feel like very few people actually talk about security. Everyone focuses on the various benefits of blockchain technology, discussions about mining, and the price fluctuations of cryptocurrencies, while security remains critically important — especially when it comes to money or decentralized property ledgers.

Below, we’ll go over cryptocurrency wallets and their security. The more I delved into this topic while writing this article, the more surprised I was that there aren’t more hacks and thefts targeting Bitcoin users. But let’s take it step by step.

What is a Cryptocurrency Wallet?

Let’s break down the terminology. When people talk about cryptocurrency wallets, they often mean two things:

  • A set of cryptographic keys that grant access to your coins.
  • Software that manages these keys and allows you to conduct transactions on the blockchain.

To avoid confusion, when referring to the set of keys, I’ll use the term “private key.” Of course, we all understand that a key pair also includes a public key, and there can be multiple key pairs.

For this discussion, we’ll focus on wallets as tools for managing, storing, and transacting with cryptocurrencies. Without a wallet, you can’t receive, store, or spend your Bitcoin or other crypto assets. A wallet serves as your personal interface to the cryptocurrency network — similar to how a bank account works for fiat currency.

In reality, the security of your crypto funds depends heavily on the wallet you use. And the security of the wallet itself largely comes down to how safely your private keys are handled.

Cryptocurrency wallets are classified as “hot” or “cold.” A hot wallet allows you to spend your funds at any time. A cold wallet is a hardware device that isn’t designed for frequent transactions, but you can still receive funds on it whenever needed. The simplest form of a cold wallet is a piece of paper with your private key written on it.

A hot Bitcoin wallet is an app, website, or device that manages your private keys. The most popular options are software wallets, including mobile and desktop apps, as well as web wallets.

Now, let’s take a closer look at each type and explore the potential risks associated with using them.

Wallet Requirements

The first thing to consider is the recommendations provided by Bitcoin.org regarding the security of different wallets. When downloading a wallet, you’ll be presented with six key requirements and an overview of which wallets meet them and which do not. Most of these requirements are directly or indirectly related to cybersecurity — meaning they also determine how safe your funds are.

Here are the key requirements:

Control Over Your Funds

  • Full Control: You have complete control over your funds. No one can freeze your account or take your money. However, this also means you’re fully responsible for securing and backing up your private key.
  • Shared Control: The wallet requires that each transaction be authorized by both you and a third party. Typically, you can regain full control of your funds using an initial backup or a pre-signed transaction sent via email.
  • Hosted Control: The wallet gives you access to your funds but stores an encrypted copy of your private key. This means your money could be at risk if you don’t use a strong password or if the service is compromised.
  • Third-Party Control: Your funds are managed entirely by a third party, meaning you have to trust the service provider and hope they don’t lose your money due to a security breach. Most online wallets today don’t insure deposits like banks do, and many have faced serious security issues in the past.

Personally, I wouldn’t trust the last two types of control at all. The idea of relying on a “strong password” doesn’t sit well with me — not because users struggle to create, enter, and remember truly secure passwords, but because keyloggers are still very much a thing.

Realistically, though, hardly anyone actually reads these warnings. And even if they do, few truly grasp just how many security risks are involved here.

Bonus: Control Over Your Funds

Despite the apparent simplicity and “casual” nature of web-based Bitcoin wallets, I’d actually recommend considering them first if full control over your funds is your priority. Take btc-wall.com as an example. According to the website, it is a non-custodial wallet. When you generate a new Bitcoin wallet, you receive a seed phrase, which serves as your private key. The app won’t ask you to create a password, enter a phone number, email address, or anything of the sort.

What does this mean? A wallet like this acts purely as a gateway to interact with the blockchain. There’s no way for a third party — such as the service provider — to interfere with your funds. Your seed phrase is your private key. You can use it to access your Bitcoin through any other compatible service if this one ever stops working. Your assets can’t be frozen by an administrator, lost due to a service shutdown, or stolen through a platform hack. This is what full control over your funds looks like.

The flip side? If you lose your private key or seed phrase, there’s no way to recover access to your Bitcoin — ever.

Transaction verification

  • Full verification means the wallet operates as a full node, validating transactions and processing them directly on the blockchain. No third-party trust is required for payment verification. Full nodes provide the highest level of security and play a crucial role in securing the network. However, they require significant disk space (over 145GB), bandwidth, and time for initial synchronization. 
  • Simplified or decentralized verification means the wallet connects to a random server from a list of available servers. This means you must trust these servers for payment verification. While more secure than relying on a centralized server, it’s still not as safe as running a full node.
  • Centralized verification means the wallet relies on a centralized server by default. This means you’re entirely dependent on a third party when it comes to transaction integrity—there’s no guarantee they won’t manipulate payments.

In my opinion, having all network participants run full nodes is both a cornerstone of blockchain technology and one of its biggest drawbacks. As the number of transactions grows—both relatively and absolutely—the size of a full node wallet will only increase. Storing multiple terabytes of data just to make a couple of transactions per day isn’t exactly appealing.
Alternative solutions come with clear security risks. The list of servers used for decentralized verification needs to be well-protected—otherwise, one virus could replace the entire list with a single compromised server.

And as for trusting a third party completely? I don’t even want to go there.

Crypto enthusiasts often argue that the traditional banking system works in a similar way. And they’re not wrong. But unlike crypto services, banks operate under strict regulations, and if a new security vulnerability arises, your funds are protected by insurance. In that sense, crypto still has a long way to go.

Transparency

  • Full transparency means the wallet’s source code is open, and its build process is documented. Any developer in the world can audit the code and verify that the compiled software doesn’t contain hidden backdoors. 
  • Basic transparency means the developers have published the wallet’s source code, allowing anyone to review it. However, you still need to trust the developers when installing or updating the wallet software. 
  • A remote application means the wallet is loaded from a remote server. This means you must trust the developers not to introduce vulnerabilities or lose your funds due to a security breach. Using a browser extension or mobile app can somewhat reduce these risks.

The topic of source code is a tricky one. The phrase, “Any developer in the world can audit the code” always surprises me. First, the developer in question needs to be proficient in the specific programming language used for that wallet—immediately narrowing down the pool of “any developer in the world.” Second, not every developer is a security expert or has experience writing secure code. As a result, only a very limited number of people are actually capable of conducting a full security audit of a wallet’s code. And most of them already have plenty of interesting things to work on besides reviewing yet another wallet. Even if one of them takes the time to do it, they’ll only be auditing a specific commit in Git. Meaning that assessing the real-time security of the code is a challenge.

Bitcoin.org mentions a “documented build process,” but what exactly they mean by that is unclear. Build integrity comes with its own set of issues. For instance, how do you verify that the wallet you downloaded was actually built from the correct source code? Let’s be realistic — very few people will compile a wallet from source themselves. The best you can do is check the hash of the downloaded installer against the one listed on the official website. And then hope the website itself hasn’t been compromised and that the hash is correct. Oh, and you also need to trust the developers, the people compiling the wallet, and the site administrators.

Security of the Environment

  • Two-Factor Authentication. The wallet can be used in an insecure environment. However, the service requires two-factor authentication, meaning that stealing your funds would require access to multiple devices or accounts.
  • Secure Environment. The wallet runs on a mobile device, where apps are generally isolated. This provides good protection against malware, although mobile devices are more likely to be lost or stolen. Encrypting your device and backing up your wallet can help mitigate this risk.
  • Vulnerable Environment. The wallet can be used on computers that may be exposed to malware. Increasing your computer’s security by using a strong password, keeping most of your funds in offline storage, or enabling two-factor authentication will make it much harder to steal your Bitcoin.

I like the way these requirements are worded. It seems like the developers are subtly hinting that your funds will be stolen. The only question is how much effort and time it will take. =)

Let’s take a closer look at this.

Using reliable two-factor authentication can indeed solve many cybersecurity issues. The key word here is “reliable.” And, of course, properly implemented. That part doesn’t always go smoothly. For example, blockchain.info still offers good old SMS as a second factor. Because, obviously, no one cares about recommendations like those from NIST in Special Publication 800-63B:

“[Out-of-band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”

We won’t go into too much detail about securing computers and mobile devices. Reading any serious cybersecurity report should be enough to draw your own conclusions.

The next two points aren’t directly related to the security of your funds, so I won’t dwell on them, but I’ll include them for the sake of completeness.

Privacy

  • Enhanced. The wallet makes it harder to track your balances and transactions by rotating addresses. You should use a new Bitcoin address each time you request a payment. The wallet does not share transaction data with other network nodes when sending or receiving payments. It also allows you to configure and use Tor as a proxy to prevent attackers or ISPs from linking your transactions to your IP address.
  • Basic. The wallet makes it harder to track your balances and transactions by rotating addresses. You should use a new Bitcoin address each time you request a payment. However, the wallet relies on central servers that can link your transactions together and log your IP address. It allows you to configure and use Tor as a proxy to prevent attackers or ISPs from linking your transactions to your IP address.
  • Weak. The wallet allows anyone to monitor your balance and transactions because it reuses the same addresses. It exposes limited information to other participants. Network nodes can log your IP address and later link all payments you have sent or received. Tor is not supported.

Even if you use cryptocurrency completely legally (though what “legal” even means in the context of crypto is a whole other question), extra privacy won’t hurt. And revealing your balance and spending habits? No one wants that.

Fees

  • Full Control Over Fees. The wallet allows you to adjust the fee after sending funds using RBF or CPFP. It also provides fee recommendations based on the current state of the network to ensure your transaction is processed on time without overpaying.
  • Dynamic Fees. The wallet suggests fees based on the current state of the network, but you can override these recommendations. This means the wallet helps you choose an optimal fee to get your transaction processed without overpaying while still giving you full control if you want to set the fee manually.
  • Static Fees. The wallet does not provide any fee recommendations based on network conditions. This means your transactions may take longer if the fee is set too low, or you might end up paying more than necessary.

Final Thoughts

All of these requirements sound very reasonable. In fact, this list could be expanded even further to improve security.

After carefully reviewing these requirements, you’d naturally want to find a wallet that meets as many of them as possible. And here’s where things get interesting. There isn’t a single wallet on Bitcoin’s official website that fully meets all these criteria.At best, you could go with Bitcoin Core or Bitcoin Knots, which would look something like this:

Or you might use Electrum, which would look like this:

The use of green coloring creates a false impression of full compliance. True compliance is shown in bold green. This design choice was clearly intentional, meaning the website creators decided to manipulate the average user just a little. Not exactly ethical.

We could stop here. By now, I think everyone has a pretty clear picture of how securely private keys are stored in cryptocurrency wallets. But let’s dig a little deeper.

Working with private keys using Bitcoin Core as an example

Let’s go a little further and see how private keys are stored and handled using software clients as an example. As we have already discovered, malware can obtain access to your wallet’s private keys. The question is how easy or hard it is to actually do so.

The first thing to look at is how Bitcoin Core does it. This process is pretty well described in Bitcoin’s own wiki. As you saw in the screenshot above, this client is labelled as one of the most advanced and satisfies most requirements.

Your wallet’s private keys are stored, along with other information, in a wallet.dat file in ‘bitkeys’ format. This file may or may not be encrypted =) By default, of course, nothing is encrypted. After all, you are a competent user and you will find the right button yourself. Only private key information is encrypted using the AES-256-CBC algorithm. In this case, the so-called master key – a random number – is used as the encryption key. The master key itself is encrypted on the key obtained from the passphrase using SHA-512 and the OpenSSL function EVP_BytesToKey. The number of rounds of encryption is determined by the speed of the computer at which the initial encryption takes place.

After that your wallet is used by the client in normal mode. This state is called ‘locked’. If at some point you need to get access to the wallet’s private keys, you need to enter a passphrase in the client GUI or use the walletpassphrase command in RPC. In this case the decryption of private keys will take place and the wallet will switch to the ‘unlocked’ state. In the first case it will be in this state exactly as long as it is necessary to perform a certain operation. In the second case, the time after which the wallet will return to the locked state is determined by the second parameter in the RPC request!

The code looks like this:

int64_t nSleepTime = request.params[1].get_int64();

pwallet->nRelockTime = GetTime() + nSleepTime;

RPCRunLater(strprintf(“lockwallet(%s)”, pwallet->GetName()), boost::bind(LockWallet, pwallet), nSleepTime);

This looks quite amusing. The average wallet user is unlikely to run a server—unless they accidentally open the wrong file. But an attacker…

The situation with the GUI and storing the passphrase in memory isn’t that simple either. The developers implemented a special class for handling such sensitive data—SecureString. And to be fair, they did a decent job. They even avoided common pitfalls like improper use of memset.

However, they keep it in memory longer than they should.

For example, this is how our GUI does it (slightly modified for clarity — curious readers can check askpassphrasedialog.cpp:154):

 case Unlock:

        if(!model->setWalletLocked(false, passphrase))

        {

            QMessageBox::critical(this, tr(“Wallet unlock failed”),

                                  tr(“The passphrase entered for the wallet decryption was incorrect.”));

        }

        else

        {

            QDialog::accept(); // Success

        }

        break;

}

return;

First, we will execute accept(), and only then our oldpass will be out of scope and cleanup will take place. It is clear that the more secure code will not be as beautiful as the less secure one. But we are working with money here, aren’t we?

In my opinion, this perfectly confirms my concern about the open source code of the wallet. Openness of source codes does not equal security.

P.S.

So is the security of Bitcoin wallets that bad? Actually, it all depends on your goals and requirements. There are definitely no completely invulnerable ones. For those who need maximum security, I will answer the following:

  • Yes, you can make some set of rules for using a cryptocurrency wallet, which will significantly increase the level of security of your funds. The convenience of use will of course suffer greatly.
  • Yes, there are clients that are much safer than the rest. The problem is that the others also exist and are recommended by the official Bitcoin website.

The purpose of the article is to draw the community’s attention to problems that need to be solved, not to turn anyone against new technologies.

I have nothing against cryptocurrencies or blockchain technology. But if we start working with new technology, we should do it in a technically competent way and not forget about cyber security.

Previous articleBitcoin Price Outlook – Bitcoin Continues to Grind – FX Empire
Next articleReview: Powerbeats Pro 2 tick all the boxes with heart rate monitoring, slimmer design, H2 chip, more

RELATED ARTICLESMORE FROM AUTHOR