At Bitvest, we take security and transparency seriously. We use a Trezor (Cold/Hardware wallet) to ensure the best security for our players and investors. To demonstrate our commitment, we invite you to explore our overview on what we believe to be the most secure methods of storing user funds.
One of the most important factors in security is having as small of an attack surface as possible. Our method of storage and authentication allows us to securely send funds, and verify with 100% certainty that nothing has been tampered with, even if the device we are using to send funds were to become compromised. Since, our coins are stored on a hardware wallet (a form of cold storage); theft is nearly impossible. Baffled yet? These concepts are explained in further detail below.
There are two primary categories of bitcoin wallets. Hot Wallets, and Cold Wallets. Hot wallets are useful for holding a modest amount of coins and are a more convenient way of transferring funds, however, their connection to the internet allows a possible compromise, which makes hot wallets less secure than the alternative. We store a couple of coins in our hot wallet to allow instant withdrawals of up to a few bitcoins in size; the main advantage of a hot wallet. Hot wallets are usually the best for the average user, however, if you need to store more than a couple of coins, cold storage is a must.
Cold storage is the most secure way to store coins, this is accomplished by using dedicated hardware that is never connected to the internet. This makes it so any transaction sent from the wallet requires physical access to the machine, which makes any attempt at hacking the wallet effectively impossible. At Bitvest, we use a Trezor bitcoin wallet for this purpose. Trezors are one of the numerous hardware wallets built specifically to store bitcoins as securely as possible. We store 98%+ of the site's funds in cold storage.
A Man-in-the-middle attack (MITM) in our case, would be an attack where something between Bitvest and our computers change the address we see. For example, a user requests a withdrawal of 1 BTC to 1BitcoinAddress, but our computers were compromised to show 1HackerAddress. Without any protection in place, we'd have no way of knowing the address was illegitimate, and we'd be fooled into sending the coins to the false address presented to us on our computer.
To prevent this, we receive a signed “withdrawal request” from Bitvest’s server. It looks like this.
-----BEGIN BITCOIN SIGNED MESSAGE----- 0,1G2rWnbRBwq2t3sfwSNjzr5Dt4UhWZetnX,1.00000000,03-11-17 20:15:06 -----BEGIN SIGNATURE----- 1GtoXdWrx7cTUdUw4MW9yPoKzfzEtJhQfK H1xFCkGZkpjB3i/9MhKjFQDpXarlEb08mQ9HHf/PVtTdfAilRj7p9iAlLmyt36Fpq3z+on8FMGXSN5GNQ9JQ+ho= -----END BITCOIN SIGNED MESSAGE----- Note: This is a dummy request created on my Trezor to demonstrate how they appear. A real request would use the server's bitcoin address.
The withdrawal request contains the following:
With this information and the signature, we can securely verify the request on our Trezors. If our computers were to be compromised and any details were modified, our Trezors would alert us to the invalid signature; preventing the theft of any coins. You can read up on how and why bitcoin signatures work here to learn more.
Be one of the first to read our posts, and you'll receive a bonus code for the faucet!