A man showed up at a trash heap in Wales last month with an unusual request: he needed help finding a hard drive he had thrown out weeks earlier that held the cryptographic key to 7,500 bitcoins, currently worth over $6 million.
James Howells is unlikely to ever be reunited with that digital cash, and he’s far from alone in having lost a fortune in the math-backed currency. Pioneers of Bitcoin are in high spirits due to the currency’s rising value and the friendly reception it has received from U.S. regulators (see “Regulators See Value in Bitcoin”). But the ease with which bitcoins can be lost or stolen remains a barrier to mainstream adoption. And no obvious remedy is in sight.
The problem is caused by the design of the software that underpins Bitcoin. It uses cryptography to allow people to exchange funds securely without trusting each other or needing a third party to oversee the trade. But individual collections of bitcoins are secured using an alphanumeric private key that is impossible to recover or reset if lost or stolen, and is near impossible to memorize.
A private key resides in a simple text file called a wallet file and looks something like this: E9 87 3D 79 C6 D8 7D C0 FB 6A 57 78 63 33 89 F4 45 32 13 30 3D A6 1F 20 BD 67 FC 23 3A A3 32 62. If someone else learns that key or copies your wallet file, he or she can spend your bitcoins; if you lose your key or wallet file, Bitcoin’s cryptographic design makes it impossible to regain access to your bitcoins.
“The hackers figured this out really quickly. I think this is a really bad thing for the bitcoin ecosystem,” said venture capitalist William Quigley at the Future of Money conference in San Francisco on Monday. He believes that bitcoins can’t become more than a plaything for speculators unless tools and companies appear that make it easier to manage and safeguard a bitcoin wallet.
It’s a concern echoed by other bitcoin investors and entrepreneurs, including Steve Kirsch, a software entrepreneur turned investor. He has converted over $1 million into bitcoins over the past six months and has struggled to keep them both secure and accessible. “I think that all of the existing mechanisms are problematic.”
The easiest way to manage bitcoins is to leave them with a company providing exchange services between virtual and conventional currencies, where they can be accessed by logging into a website. Even if you lose your password, it should be possible to reset it and recover your wallet. But Kirsch believes this option is the least safe.
“If you have any amount in any of the exchanges today, you’re a fool,” he says. “An attack on your computer could steal all your bitcoins.” Such attacks are not unusual. In April, for example, users of Mt.Gox, the oldest and one of the largest bitcoin exchanges, were targeted by malware that stole their login credentials. Exchanges have themselves been directly targeted by thieves who have compromised their systems and made off with bitcoins.
People who choose to store their bitcoin wallet on their own computer can also be targeted by malware or other attacks. One of the earliest high-profile heists in the crypto-currency world occurred in 2011, when a person identifying online as allinvain complained that their computer had been compromised and 25,000 bitcoins removed. That haul was worth $500,000 at the time and would be valued at many millions of dollars today (see “Crypto-currency Security under Scrutiny”).
Such hazards have led many people to instead keep their bitcoins in a wallet on a computer or memory stick not attached to the Internet—an approach dubbed “cold storage.” Sometimes they add additional protection by using encryption software to secure the wallet with passwords. “I keep most of my bitcoin offline in software called Bitcoin Armory, but it’s very inconvenient to access,” says Kirsch, who bought an extra laptop to store bitcoins on.
Cold storage comes with its own problems, as became all too clear to Howell when he figured out he had thrown his bitcoins in the trash. Jered Kenna, co-founder of bitcoin exchange Tradehill, says cold storage is the best approach today, but he acknowledges that it’s all too easy to get wrong. “I wouldn’t want my mom trying to make an encrypted backup of her bitcoins,” he says. “I have friends that are cryptography experts who have accidentally lost coins trying to protect them.” One programmer Kenna knows lost 7,000 bitcoins that way, a sum today worth almost $7 million.
People running bitcoin companies are also wrestling with how to secure the digital wealth. Kenna’s company, like many others, keeps most funds in cold storage with stringent access protocols, while maintaining a smaller “hot wallet” online for day-to-day business. In regulatory filings with the SEC this summer, Cameron and Tyler Winklevoss said they had a system of safety deposit boxes in banks around the country to safeguard the bitcoins held by their investment trust.
However, holding bitcoins offline slows down how quickly exchange services can operate. Kirsch once tried to transfer funds out of popular exchange Coinbase only to have to wait two hours while the company reshuffled funds between online and offline storage. “It doesn’t have to be that way,” Kirsch says. He is working with a company to create software that makes it easier to control a bitcoin wallet with minimal risk of loss and theft, but he won’t say how close to completion the project is.
Kenna says the lack of tools to make securing and managing bitcoins easy is hindering the currency’s adoption for payments and other commerce, and that no clear solution seems to be on the horizon. Even so, he remains confident that the potential for making money by selling such services or software means they will soon appear. The total value of all the bitcoins in circulation stands today at more than $11 billion. “This is a tremendous business opportunity,” Kenna says.