Monday, May 2, 2016

BitGo Bitcoin wallet review

hp

 Important info

    Wallet Type:  Web
    Verification:  Trusted Server
    Multisig:  Yes
    Open source:  Yes
    Privacy :  Basic
    Crypto supported:  bitcoin
    Vulnerability to malware:  Secure
    Private key stored:  both client and server side

Pros

    Market's leading multisig wallet, providing tech to leading exchanges
    Bitgo instant allows instant settlement of bitgo addresses
    Very user friendly for such a robust solution

Cons    
    No native apps
    While HD, each separate wallet requires it's own seed

Summary
Bitgo is our pick for the top wallet on the market. Their multisig solution was a game changer in the market for hot wallet security, and is the reason why many of the products reviewed in these pages - bitfinex, bitstamp, Kraken and Shapeshift, as well as debit card solution e-coin to name five - have turned to bitgo for the protection of their client funds.

The bitgo solution provides exceptional web wallet security while maintaining an ease of use suitable for mainstream bitcoin users. Most people don’t want to think about security, they just want to know it is being handled, and they want it handled in a way that doesn’t detract from usability and instant access to funds.

Bitgo delivers on the above in a relatively user-friendly format. The product has been described as delivering bank-grade security in an industry that has been plagued by security breaches. Bitgo emerged at a time of great uncertainty in the bitcoin market, as multiple, large heists of customer funds shook confidence in the network’s ability to protect itself from hacks; it is reassuring to see companies like bitgo deliver solutions that move the industry forward.
 

Bitgo wallet

Each individual wallet created on bitgo is HD, meaning that all the addresses generated within can be restored from the initial seed. The wallet seed is backed up automatically upon creation of the account to a pdf paper file, which is meant to be stored safely offline. However, unlike armory, each wallet requires a different backup file, as they each utilize a different key.

Each wallet also requires its own encryption password. Users are told, as the password is being written, how long it would take a cracker to brute force the password. Interestingly, it would have taken my normal password, which consisted of uppercase, lowercase, symbol and numbers about five hours to crack. Users will need to either remember multiple passwords or record them offline.


createwallet 

There are a number of security features offered such as two factor authorization and an address whitelist, which allows payments only to addresses included on the list. The latter feature is available only using the bitgo enterprise solution. Along with the address whitelist, the enterprise solution allows flexible multiple-signature settings, per transaction and daily spending limits, and shared wallets. For additional security, it is recommended to use the chrome file extension bitgo app.

Of course, the multiple signature functionality is what makes bitgo unique. Each bitgo wallet is set with a default two of three key signing requirement. One key is held client side, another on the server side by bitgo and the third, a backup key if either of the other two keys are lost, is meant to be stored securely offline by the client. After the client signs, bitgo runs the transaction through a risk management process, checking any number of different parameters to ensure that the requester is actually the client. Depending on risk level, bitgo can take any number of different actions to secure or confirm the transaction.


insidewallet
 

Following the January 2015 bitstamp hack, bitgo was picked to completely overhaul the bitstamp wallet security architecture. The solution integrated - the same as above, only with bitstamp holding the first key instead of the client - has set a new benchmark in exchange hot wallet security.
 

BitGo Instant

For those who thought BitGo was resting on its laurels, here comes BitGo instant. BitGo instant allows the instant settlement of BitGo generated transactions without destination sites having to wait for confirmation on the blockchain - which can take 10 minutes, and sometimes more, to appear. This is facilitated by BitGo’s multisig technology; as transactions must always be signed by BitGo, who can then ensure that previously signed coins are not double spent. BitGo instant transactions, then, are guaranteed by BitGo with a cryptographic stamp, and should clients not receive the funds transacted BitGo will compensate losses.

It has been claimed that the most immediate beneficiaries of BitGo Instant would be active bitcoin traders, who can instantly transfer funds to multiple exchanges for trading, and thus easily take advantage of arbitrage opportunities. However, the applications for such a service are myriad; it is not difficult to see how this could revolutionize bitcoin e-commerce, as merchants would no longer have to concern themselves with network confirmations prior to accepting a payment as settled. And we are quite confident that Bitgo has a number of use cases for this technology, and it will be super interesting to see how it unfolds over the coming months and years. If the service really does take off, it could have an impact on the blockchain size debate as companies guarantee transfers off chain. Sort of like these “quicker settlement” sidechains people have been talking about.

The service is free for users up to one bitcoin tranfers; transfers about one bitcoin will incur a fee of 0.1%.
 

Mobile

The site is responsive, but bitgo would benefit greatly from producing ios/android apps designed specifically for mobile use. As is, login is difficult, and the design is not developed for fat fingers.
 

Bottom line

Client side risks are mitigated by the bitgo key. Server-side risks are mitigated by the client key. The wallet is stored online, allowing for instant access. And the wallet is user-friendly. It seems bitgo has checked all the boxes. For users that would like bank-grade security without the hassle and inconvenience of cold storage, bitgo is your best option.

1 comment: