Set-up a Hot Cold Wallet System

[DaDeus]

Hi,

I'm trying to better understand the Hot-Cold Wallet System  because I think it's very important to have a clear understanding of this topic.
There is no week without a new hack about an exchanger, service, game site ... where all bitcoins are stolen from the hot wallet.

I have made a lot of research about the hot wallet topic and found much informations, I want to share with the community.
But there are still questions I can't answer, maybe some user in the forum will help me.

The Hot-Cold Wallet System:
https://i.imgur.com/RoVPspF.jpg
Source: https://bitcoinsecurityproject.org/SecureApplicationArchitecture/


The hot wallet
The hot wallet is what your service will use to receive and send bitcoins immediately. If you are sending bitcoins to a user for a withdraw, it comes from the hot wallet on the server. A good hot wallet only keeps a small portion of bitcoins available. An amount that allows your service to run for a week or even a day without running out. Say your hot wallet was 5%-10% of your total funds, you'd daily or weekly add bitcoins or take bitcoins. If there are no bitcoins on the hot wallet, your service should come to a grinding halt. You cannot automate the filling of the hot wallet from the cold wallet, this is dangerous and is exploitable.
The benefit of this smaller balance on the server is that you cannot get robbed of all your funds suddenly.

The cold wallet
The cold wallet should not be in any way connected to the internet. It'd be best if only you had access to it. 90% of your funds should be kept here. The idea is that the attacker cannot access 90% of your funds electronically or automatically. You should manually be moving coins from the cold wallet to the hot wallet by yourself.
Source: http://bitcoin.stackexchange.com/questions/21998/how-would-you-store-a-bitcoin-wallet-for-a-small-bitcoin-exchange


Now we know how a Hot-Cold Wallet System theoretically works.
The next step is to decide how to set-up such a system. I have found three different ways to build a hot wallet.

1. Bitcoind client
Compile the bitcoind client for your server and use a encrypted wallet direct from your server (or separated wallet server).

2. Coinbase api: https://coinbase.com/docs/api/overview
You can choose different authentication methods: API Key, API Key + Secret or OAuth2 (https://coinbase.com/docs/api/authentication)
After that you can choose the permissions like send, request ... (https://coinbase.com/docs/api/permissions)

3. The Blockchain api: https://blockchain.info/api
If I understand it right, you can choose between API Key and API Key + Secret (https://blockchain.info/api/blockchain_wallet_api)

In my opinion the safest way is Coinbase OAuth2 + permissions. Am I right?
Are there other ways to set-up a hot wallet?

It would be great if someone who know the topic can help me to share the best way to set up a Hot-Cold Wallet System with the community.
It's in our all interest!

Thanks
DaDeus

[zaseb]

Here is the basic idea of a hot/cold wallet system:

Cold wallet:
The cold storage is done on an air-gapped machine, that is a computer that is not connected to any network. The private keys can be stored on this machine or on a paper wallet etc. The transactions are signed on this machine, the signed transaction is then moved to an internet connected machine where it is then broadcast to the network.

Hot wallet:
Hot wallet is usually kept on an internet connected machine. A small amount of BTC is kept on this machine, enough for day-to-day use. When it gets low it is topped up from the cold wallet.

I would not recommend using 3rd party API's to manage your hot wallet as it carries extra unnecessary risk. If coinbase were to get hacked you'd lose your BTC. If your machine is compromised oauth or 2FA won't protect you so it provides no extra security.

Those API's are only useful if for some reason you are unable to run a client or maintaining one is unnecessary for your use.

I recommend you take a look at the Armory Bitcoin client - https://bitcointalk.org/index.php?board=97.0

[DaDeus]

Hi zaseb,

thank you for the hot cold wallet description. This part is interesting: "The transactions are signed on this machine, the signed transaction is then moved to an internet connected machine where it is then broadcast to the network."
So I connect the cold wallet never ever to the internet, even if I make a transaction. That's fantastic!

"If your machine is compromised oauth or 2FA won't protect you so it provides no extra security."
Ok, that's a good argument. But if I have no security extras, why should I not use Blockchain.info?
They don't store my key and I can use features like, shared , sms, email ... transactions.
As you say, if I get compromised the hot wallet will be emptied, no matter what API I use.

I will have a look at the Amory Client. Do you have a set-up guide for a hot wallet?

Thanks
DaDeus

[zaseb]

if I have no security extras, why should I not use Blockchain.info?
They don't store my key and I can use features like, shared , sms, email ... transactions.
As you say, if I get compromised the hot wallet will be emptied, no matter what API I use.

Well, you of course need to have the private key in order to sign the transaction. I'm not familiar with the blockchain API (I must check it out) but if they don't store the private key, then you must have to store it. If you are signing the transactions on your machine and pushing the signed transactions through the API then there is very little risk, but if you are actually transmitting the private keys to them and letting them do the signing then that poses all sorts of risks such as man-in-the-middle attacks or blockchain directly being hacked.

Other problems with API's are of course if the API goes offline so does your service - in fact there was an outage over at Blockchain just a few days ago. Or if Blockchain were to get hacked an attacker could feed you with fake data which could cause you losses, for example, if you are using the Blockchain API to find out when a deposit happens it could tell you a payment to you occurred when it did not. It's generally a good idea to avoid relying on third parties when it is unnecessary.

Take a look at Armory. It is an entire hot/cold wallet system and should cater to most needs.

[DaDeus]

Blockchain don't store the private key:
Is it secure? Will another mybitcoin.com situation occur again?
Yes, it is, and no, we are protected from such situations as all of your private keys are encrypted with your password before leaving your computer. We do not hold a copy of your password, and thus are unable to view or spend your Bitcoins. You retain full control of your private keys, so your wallets can never be seized or blocked and can be imported into any desktop Bitcoin client.
Source: https://blockchain.info/wallet/wallet-faq

I really like the solution from Armory! I can use a hot wallet without the risk of a hot wallet. The only problem is, I have to sign my transactions manually. That means no instantly withdrawals, right?
So lets say I manually sign the withdrawals from my service every hour. Then I still have a withdrawal down time of 7 hours each day, in which I sleep.

But everything else on this solution is absolutely perfect. Thank you for sharing this zaseb.

[vit1988]

In my opinion the safest way is Coinbase OAuth2 + permissions. Am I right?
Are there other ways to set-up a hot wallet?

There is allways a server which needs access to the hot wallet and when this server is compromised it does not matter which wallet you use - the attacker can access it the same way... Running a bitcoind yourself reduces the possibility of a man-in-the-middle attack and makes you independent of a third party (MtGox also had a secure API btw.).
If you have skills + resources I'd say it's allways best to run a own client.

Blockchain.info - Think they are really convenient + trustworth and I used the API some time last year (then decided to run bitcoind as I love the fact to handle it completely on my own and am not incapable of action on any downtimes). Beware: in contrast to their online wallet where decryption takes place on your client side, when you use the API then you send your decryption password (in plaintext... okay it's a secure SSL connection but anyways...) and decryption takes place on their server.

[DaDeus]

A server down time and a man-in-the-middle attack are additional risks, that's right.

This is really interesting:
Beware: in contrast to their online wallet where decryption takes place on your client side, when you use the API then you send your decryption password (in plaintext... okay it's a secure SSL connection but anyways...) and decryption takes place on their server.

I didn't know that. Thanks for sharing this information.

I think Armory will be the best choice.  What system do you use on Satoshi-Karoshi for instantly withdrawal?

[vit1988]

What system do you use on Satoshi-Karoshi for instantly withdrawal?

Hot wallet: a bitcoind 0.8.6 @localhost holding an amout which would hurt but would not kill me if hacked.
Cold wallet: paper wallets (using blockchain.info android app to scan private keys)

[DaDeus]

OK thank you vit1988.
I will have a look in to your solution.
Your cold wallet system is very safe