We found that managing bitcoins is still a major challenge for many users, as many of them do not apply sufficient security measures such as encryption and backups. We found that many participants were not even aware of security features provided by their used CMT (Coin Management Tool, RK). Two of the most widely used CMTs among our participants were webhosted solutions. About half of their users reported to use such solutions exclusively, while the other half also used local clients. Even though web clients ought to be a usable and convenient solution, they require a certain level of trust and shift the responsibilities of encryption and managing backups to a third party. We also found that 22.5% of our participants have already experienced security breaches and lost bitcoins. About half of them mentioned a self-induced error as the reason, which highlights that users find it still difficult to manage their bitcoins in a secure way.
The majority (77.6%) among those who lost bitcoins did not want to indicate whether they were able to recover their keys. Of those who provided an answer, 65% were not able to recover their keys. Overall, our participants reported to have lost about 660.6873 bitcoins. However, it must be taken into account that we did not ask when the coins were lost. Hence, interpreting this result we must take into consideration that the Bitcoin exchange rate is highly volatile and it is therefore hard to provide an overall estimation in USD. About 40% of our participants reported to have lost money due to a self-classified major security breach. 13.1% of our overall sample reported to have lost bitcoins in HYIPS (high-yield investment programs) and pyramid schemes. 7.9% lost money at Mt. Gox.
For the two most widely used web-hosted CMTs, about a third of our participants are unaware of whether their wallet is encrypted or backed up. In such a scenario, users shift responsibilities to a third party. Even though this seems to be a convenient and usable solution for non-expert users, it implies that the user trusts these third parties to take care of their security. About 50% of web client users indicated to use an additional local client to store their virtual assets. According to our results, users that have a higher number of bitcoins do not necessarily back up their wallets more often. Also, MyCelium users back up their wallets more often than others. Hence we conclude that backup motivation and respectively fatigue depend highly on usability and not on the number of coins.
We believe that our insights and suggestions are an important first step towards improving the usability of Bitcoin security. In order to guarantee secure interactions with the Bitcoin ecosystem to both expert and non-expert users, we must re-think the concept of Bitcoin management, since it is more than just the secure handling of secret keys. Bitcoin is a decentralized system where the interactions between peers and the propagation and verification of messages and data is important. If this aspect is ignored, Bitcoin would just consist of signed numbers without value.