Much has been done in our industry to make sure bitcoin users can hold their bitcoin securely. We work to make sure that even the most unlikely attack scenario becomes unfeasible for an attacker.

Yet, there is one part of a user's journey, where security hasn’t been pushed to a standard that we would describe as “secure”.

Exchanges

To acquire bitcoin, most users nowadays use centralised exchanges, such as Coinbase, Kraken or Bitstamp. They create an account, go through a KYC process, make a bank transfer and purchase their first Satoshis.

Because they don’t want to trust the exchange with their money, they withdraw their money to their own hardware wallet.

The current withdrawal process

During the withdrawal process, most exchanges ask the user to provide the amount of bitcoin to withdraw and a bitcoin address to withdraw to. The user uses their hardware wallet to create a new bitcoin address, copies the address to the exchange interface and compares that it matches the one shown on the hardware wallet display before clicking on ‘Withdraw’.

The usual withdraw process on exchanges

Some exchanges will then require the user to confirm the withdrawal via an email confirmation or a 2FA code. Once the user has confirmed the transaction, the exchange will send the bitcoin to the provided address.

Why it’s unsecure

The user knows what address they sent to the exchange, but how do they know what address the exchange actually received? Is it really sending the money to the correct address?

On a compromised host device, an attacker can inject his own bitcoin address

A malicious browser plugin or a different kind of virus could easily pretend it’s sending the correct bitcoin address to the exchange, but actually send a bitcoin address that’s controlled by an attacker to the exchange.

It's enough for the browser plugin to automatically replace the bitcoin address that is sent to the exchange in the background, while still displaying the address the user has pasted. Because most browser plugins automatically update in the background, the chances of a malicious update are reasonably high.

An inconvenient solution

To confirm that the exchange has received the authentic withdrawal details, the user should confirm them on a second device. Since most exchanges don’t include withdrawal details like amounts and addresses in the email for privacy reasons, the user needs to log in for a second time on the second device and verify that the information in their account matches the one on their hardware wallet.

Confirming your address on a second device is easy with the Pocket widget

Unfortunately, because it’s so cumbersome, most users won’t do this. On some exchanges it’s even impossible to withdraw your coins in a secure way!

For this reason, the Pocket Bitcoin widget within the BitBoxApp offers a fairly straightforward way to confirm your bitcoin address “out of band”. You receive a confirmation email that contains a link to Pockets website. This link will show your withdrawal bitcoin address and is easy to open on a second device, like your phone.

But even with this more convenient implementation of the Pocket withdrawal process, most people will just open the email on the same device and not double check the address on a second device.

A convenient solution

So how could we make this process more secure and at the same time more convenient?

Of course by using cryptography!

Communication

What if our hardware wallet could communicate directly with the exchange without the ability of anyone tampering with the information? This type of secure communication is very common nowadays, with end-to-end encryption being standard in most direct messaging apps, VPN services and even the website you are browsing on right now.

Encryption

If the user's hardware wallet can encrypt their withdrawal address (or even xpub) in a way that only the exchange can decrypt it, the user can be sure that nobody can tamper with it. By storing an exchange's pubkey in its firmware, the hardware wallet can create an encrypted message that contains all data the exchange needs for the withdrawal.

The contents of the encrypted message

Now the exchange just needs to prove to the user that it has indeed received the correct address. For this, the hardware wallet includes a random secret in the encrypted message sent to the exchange. To prove that the exchange has received the correct address, it presents the decrypted random secret to the host device.

An attacker cannot learn the secret ahead of time because he does not know the private key that is able to decrypt the message. Only the exchange has this key.

The message is encrypted to make sure the host device cannot learn its contents

To avoid a man-in-the-middle attack, the encrypted message also needs to include the account of the user, for example their email address. Otherwise the attacker could just use his own exchange account to learn the secret and display it on the victim's computer.

Verification

Instead of verifying a bitcoin address, the user verifies the secret and email

To securely withdraw bitcoin from the service, all the user has to do is compare the decrypted secret on the website with the one displayed on the hardware wallet and check that the email address shown on the hardware wallet is their own.

Conclusion

Of course, such a withdrawal protocol has to be built, standardised and implemented by both exchanges and hardware wallets. We want to use this blog post to gauge interest in such a protocol not only from users but also bitcoin exchanges and brokers.

If you are interested in making self custody more secure for your customers or have feedback on this idea, please reach out to us!


Frequently Asked Questions (FAQ)

Why is the current withdrawal process from exchanges considered insecure?
The process is vulnerable to attacks where a malicious entity can replace the bitcoin address provided by the user with their own, leading to potential loss of funds.

How can a compromised host device pose a threat during withdrawal?
On a compromised device, a malicious browser plugin or virus can replace the user's bitcoin address with one controlled by an attacker without the user's knowledge.

What is the "inconvenient solution" to ensure secure withdrawal?
Users should confirm withdrawal details on a second device. However, this method is cumbersome and often skipped by users.

How does the Pocket Bitcoin widget enhance withdrawal security?
It allows users to confirm their bitcoin address "out of band" by sending a confirmation email with a link to verify the withdrawal address on a separate device.

What is the proposed "convenient solution" for secure withdrawals?
Using cryptography, a hardware wallet can communicate directly with the exchange, ensuring the information isn't tampered with during the withdrawal process.


Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!


Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.