Bitcoin’s biggest security problem? The UX
This October marked the twelfth anniversary of Satoshi Nakamoto’s bitcoin whitepaper. In that short time, bitcoin has transformed the way we think about money, but it’s still a long way from mass adoption.
In my mind, there’s no question that UX has always been the biggest single obstacle to bitcoin adoption. But not in the way you might think.
UX is a slippery term: it means different things to different people in different contexts. With bitcoin, for example, UX extends far beyond the intuitiveness of individual exchanges or wallets. Since we’re talking about people’s investment, security is a — the — crucial consideration in any discussion about UX.
Bitcoin suffers from a usability problem that can’t simply be fixed with a new interface. This isn’t a technical error but a human one: the assumption that it’s safer to store coins with an exchange instead of keeping custody yourself. This can’t be fixed with a new UI; it requires a revolution in the way we think about bitcoin security.
In the early days, poor UX didn’t really matter, since bitcoin platforms were mostly used by traders and speculators who had the technical chops to navigate complexity. But when ordinary people started dabbling in bitcoin, a host of exchanges and trading platforms focused their attention on developing “consumer-grade” user experiences. Ironically, this was the moment where bitcoin’s UX problems really began.
Where did it all go wrong?
It’s not like we didn’t see this coming. The world’s first highly-publicized hack, of Mt Gox in 2014, saw 24,000 people lose everything. But in the six years since, we’ve continued in the wrong direction on security. There’s not enough space to detail the number of exchanges that went bust, got hacked or, like OKEx in October 2020, lost access to customers’ keys after the single employee in charge of them was detained by law enforcement.
In the first half of 2020 alone, Ciphertrace found that investors lost $1.4 billion worth of crypto, much of it from exchanges that suffered hacks or, sickeningly, committed fraud against their customers. What’s going wrong?
Instead of making it easy and intuitive for everyone to hold their own keys, the industry has focused on delivering a consumer-friendly, “full service” experience where they control every aspect - including key custody.
That may be a good starting point for the first-time user, since it stops them making very basic security errors. But it still leaves you vulnerable to a range of threats, both from within and outside the exchange.
In spite of these well-publicized catastrophes, our industry hasn’t yet turned its attention to developing a standard solution to this gaping, fundamental security flaw. In large part, that’s because it suits platforms to have their customers keep their coins on-exchange.
Making security simple
Early bitcoin UX efforts focused on superficial issues and dismissed the deep problem of helping users own their private keys. They figured that solid UX for users to control their keys was an unwinnable battle and took personal key management education and design off the table.
While that’s understandable, we believe it was a mistake. The whole ethos of bitcoin is built on the idea of empowerment: to be your own bank, to control your own savings, and to take charge of your own financial destiny. But in trying to make UX more seamless for non-technical customers, exchanges and custodial wallets have (perhaps unwittingly) discouraged self-sovereignty and opened the door for third party risk. And it’s hard to imagine a worse experience than losing every satoshi of your investment.
Approachable end-user control of private keys is the holy grail of solving bitcoin UX, and it’s one the industry has largely sidestepped.
So while many new bitcoin users face a steep learning curve, they are not learning that old security models don’t apply. If you lose your keys, for example, you can’t just hit “password reset” - your coins are gone forever. This, in part, explains why exchanges are so keen to own the whole experience, including custody.
But sacrificing security in favor of ease-of-use is a false choice. We should not underestimate the challenge, both from a technical point of view and in terms of educating the coin-buying public about why self-custody and their personal key management is so important. But it’s well within our industry’s capabilities, if we only give it the priority it demands.
Security news delivered to your inbox
Casa regularly reports and analyzes the newest hardware wallet vulnerabilities, as well as larger changes in the bitcoin, security, and personal privacy landscape. Want to stay in the loop? It’s free to join.