Bitgo Review
The market owes a great debt to bitgo, whose multisig wallet solution has done much to enhance security for retail customers and exchanges.
- Bitcoin
- Ethereum
- Litecoin
- Bitcoin Cash
- Ripple
- Web
- Multisig
- HD
- Trusted Node
- Market’s leading multisig wallet, providing tech to leading exchanges
- Bitgo instant allows instant settlement of bitgo addresses
- Very user friendly for such a robust solution
- No native apps
- While HD, each separate wallet requires it’s own seed
Summary
Bitgo’s multisig solution was a game changer in the market for hot wallet security, and is the reason why many of the top products we review – bitfinex, bitstamp, Kraken and Shapeshift, as well as debit card solution e-coin to name five – have turned to bitgo for the protection of their client funds.
The bitgo solution provides exceptional web wallet security while maintaining an ease of use suitable for mainstream bitcoin users. Most people don’t want to think about security, they just want to know it is being handled, and they want it handled in a way that doesn’t detract from usability and instant access to funds.
Bitgo delivers on the above in a relatively user-friendly format. The product has been described as delivering bank-grade security in an industry that has been plagued by security breaches. Bitgo emerged at a time of great uncertainty in the bitcoin market, as multiple, large heists of customer funds shook confidence in the network’s ability to protect itself from hacks; it is reassuring to see companies like bitgo deliver solutions that move the industry forward.
Bitgo wallet
Each individual wallet created on bitgo is HD, meaning that all the addresses generated within can be restored from the initial seed. The wallet seed is backed up automatically upon creation of the account to a pdf paper file, which is meant to be stored safely offline. However, unlike armory, each wallet requires a different backup file, as they each utilize a different key.
Each wallet also requires its own encryption password. Users are told, as the password is being written, how long it would take a cracker to brute force the password. Interestingly, it would have taken my normal password, which consisted of uppercase, lowercase, symbol and numbers about five hours to crack. Users will need to either remember multiple passwords or record them offline.
There are a number of security features offered such as two factor authorization and an address whitelist, which allows payments only to addresses included on the list. The latter feature is available only using the bitgo enterprise solution. Along with the address whitelist, the enterprise solution allows flexible multiple-signature settings, per transaction and daily spending limits, and shared wallets. For additional security, it is recommended to use the chrome file extension bitgo app.
Of course, the multiple signature functionality is what makes bitgo unique. Each bitgo wallet is set with a default two of three key signing requirement. One key is held client side, another on the server side by bitgo and the third, a backup key if either of the other two keys are lost, is meant to be stored securely offline by the client. After the client signs, bitgo runs the transaction through a risk management process, checking any number of different parameters to ensure that the requester is actually the client. Depending on risk level, bitgo can take any number of different actions to secure or confirm the transaction.
Following the January 2015 bitstamp hack, bitgo was picked to completely overhaul the bitstamp wallet security architecture. The solution integrated – the same as above, only with bitstamp holding the first key instead of the client – has set a new benchmark in exchange hot wallet security.
BitGo Instant
For those who thought BitGo was resting on its laurels, here comes BitGo instant. BitGo instant allows the instant settlement of BitGo generated transactions without destination sites having to wait for confirmation on the blockchain – which can take 10 minutes, and sometimes more, to appear. This is facilitated by BitGo’s multisig technology; as transactions must always be signed by BitGo, who can then ensure that previously signed coins are not double spent. BitGo instant transactions, then, are guaranteed by BitGo with a cryptographic stamp, and should clients not receive the funds transacted BitGo will compensate losses.
It has been claimed that the most immediate beneficiaries of BitGo Instant would be active bitcoin traders, who can instantly transfer funds to multiple exchanges for trading, and thus easily take advantage of arbitrage opportunities. However, the applications for such a service are myriad; it is not difficult to see how this could revolutionize bitcoin e-commerce, as merchants would no longer have to concern themselves with network confirmations prior to accepting a payment as settled. And we are quite confident that Bitgo has a number of use cases for this technology, and it will be super interesting to see how it unfolds over the coming months and years. If the service really does take off, it could have an impact on the blockchain size debate as companies guarantee transfers off chain. Sort of like these “quicker settlement” sidechains people have been talking about.
The service is free for users up to one bitcoin transfers; transfers about one bitcoin will incur a fee of 0.1%.
Mobile
The site is responsive, but bitgo would benefit greatly from producing ios/android apps designed specifically for mobile use. As is, login is difficult, and the design is not developed for fat fingers.
Bottom line
Client side risks are mitigated by the bitgo key. Server-side risks are mitigated by the client key. The wallet is stored online, allowing for instant access. And the wallet is user-friendly. It seems bitgo has checked all the boxes. For users looking for a relatively secure online wallet, bitgo is a great solution.