Bitcoin is big business. Despite its use in high-profile criminal endeavours like the infamous Silk Road, popularity of the cryptocurrency – developed by pseudonymous engineer Satoshi Nakamoto and driven by armies of ‘miners’ devoting computing resources to verifying transactions – is on the rise. Entire markets, from payment processing to the sale of mining hardware, have been born on its back, and it’s now entirely common to see mainstream companies accepting Bitcoin as a payment method.
It’s hard to ignore the negative headlines, though – the stories of online Bitcoin exchanges losing millions of pounds in funds to malicious attacks, untrustworthy staff, or simple incompetence.
For businesses accepting Bitcoin directly, rather than through a payment processor which automatically exchanges the cryptocurrency for fiat currency, it’s an undeniable risk, which only increases for those holding larger quantities of Bitcoin in an effort to benefit from its rapidly increasing value.
Enter the Ledger HW.1.
The Ledger HW.1 is one of a new breed of Bitcoin-specific security devices dubbed ‘hardware wallets’. Where traditionally a Bitcoin wallet takes the form of a file on a computer protected with a passphrase, the Ledger HW.1 stores the private key associated with the wallet on a tiny USB dongle similar to those used for FIDO U2F two-factor authentication.
The HW.1’s security comes from more than physical abstraction, however: the dongle also contains a security co-processor which handles the job of actually signing transactions, meaning that the wallet’s private key is never exposed to the host operating system.
This, its creators claim, means that – in theory at least – you could carry out Bitcoin transactions on a computer liberally infested with malware, including keyloggers and screen-grabbers, and still be entirely protected from any harm.
The HW.1 costs €18 (around £16, $20) for a single dongle, or you can purchase bundles and get them cheaper with bulk discounts.
The HW.1 packaging includes the dongle itself, which you punch out of a credit card-sized block of plastic and fold in half with a click, and a printed plastic security card which acts as a second authentication factor. If you get sick of looking up letters and numbers on the card for each transaction, this can be replaced with a smartphone app. However, sadly, in testing we found the app, which should pop up a notification when authorisation is required, was too unreliable for daily use.
The desktop software itself is provided as a Chrome app running within Google’s browser and supporting any operating system on which Chrome can be installed. The on-boarding process is quick and easy, asking the user to pick a four-digit PIN and to write down a series of ‘recovery words’ on a bundled informational sheet.
These words allow the wallet to be regenerated onto a replacement HW.1 should you lose or damage your original, and represent the device’s weakest link. When you’ve recorded the words, the card should be sealed away in a safe and treated with the same care you would furnish upon a stack of banknotes to the value of your Bitcoin hoard.
Once set up, the software works like a standard online Bitcoin wallet – you can receive Bitcoins to a constantly-cycling address, send Bitcoins, and view the details of any transactions you have made. All of these features only operate with the HW.1 inserted into a USB port, and sending Bitcoins requires the security card or smartphone app as a secondary level of authentication.
Enterprise users can use multiple HW.1’s to enable ‘multisig’ authentication on a wallet for improved multi-user security, requiring several keys to authorise each payment, while a final trick up the HW.1’s sleeve is the ability to act as a two-factor authentication (2FA) dongle via the admittedly uncommon blockchain-powered BitID system.