As more demands are placed upon us, human nature naturally takes the path of least resistance, maybe starting to cut corners and eventually something bad happens. When running mining rigs producing £80.00 / $120 a day each, any impact normally means a financial loss.
When you look at how a typical mining infrastructure fits together, you get a high level architectural picture similar to the one on the right.
Reviewing the diagram, the picture becomes clear out of five potentially joined networks a Miners’ transactions flow through, there is only one where the Miner has full control. Beyond the Miner’s Local Area Network (LAN), the Miner has no control over any transactions and relies upon the trust of technology and others.
The question has to be asked, when you consider the integrity and availability of your mining empire, do you trust the systems and people you do business with beyond your own network?
Naturally, no one should trust the internet. The crypto currency development teams have done a good job of ensuring transactions are resilient and can’t be tampered with. In terms of confidentiality, we know the traffic may be monitored and recorded. But because no directly identifiable personal information is contained, other than maybe a source IP address, you can be assured your identity is safe.
As difficulty rates increase, the mining pool becomes one of the key components to the mining infrastructure. The question is, how well do you know the owner of your mining pool? Are you aware of how secure the infrastructure is where the mining pool resides? For example, what would happen if a disk drive containing the central wallet were to fail? Does your mining pool include protection against a Distributed Denial of Service (DOS) attack? There are some controls we can put into place such as using balanced pool settings within our mining software and only use supplied DDOS protected pool addresses.
The key question with the mining pool is what security controls are beyond what the eye can see? My worse fear for any Miner is that they’re unknowingly using a mining pool that resides in someones lounge or garage where they experience severe weather, resulting in the equipment becoming wet. The consequence to the Miner is the central wallet containing thousands of their coins has been destroyed.
The one thing that upsets me is when you see a mining pool that says, “If you don’t have a wallet address, sign up to Cryptsy and use one of their addresses provided”. There’s two things wrong with this. First of all, online currency exchanges sometimes are incorrectly recognized as an online wallet which is not the purpose it’s intended. Secondly you have no control over your funds and totally rely upon the currency exchange solution architects getting the design right first time. In the cyber world, risks are continuously changing and what was a secure design yesterday could be compromised tomorrow. You should always keep your crypto coins stored on your own network, where you can rest assured they are safely backed up. (You perform backups, right?)
When using the currency exchange, the key thing to remember is only to deposit funds when you need to exchange and withdraw everything once completed.
There’s a simple theory here. If you have a wallet with a thousand pounds contained, would you leave it with someone who has a shiny website claiming to be number one and has so much business they’ll still be there tomorrow ready for you to collect it. Plus, the website owner is on the other side of the ocean according to the address on their website. I remember back during the global banking crisis when it came on the news that banks in the UK who had been trusted for years were going into administration. Suddenly news reports came on screen showing hundreds of people queued outside waiting to withdraw their funds. These banks had been resident on the high street for so long, people naturally trusted they would be there tomorrow. What would happen if your online wallet provider turned off their website? Where would you start? People often out of convenience use online wallets as zero percent interest savings accounts without remembering what occurred back in 2009. I urge you not to use online wallets as savings accounts, simply store enough funds to get you through a normal day and keep everything else at home.
Quite simply there is no one size fits all, but I can offer you advice and guidance. When thinking about your network and miners, if you have only the one miner then can you put it somewhere safe like at the back of a cupboard. I used to keep mine in the attic until it leaked, so speaking from experience here! If you have many miners, would now be the time to consider using a datacentre? Many mining vendors are now providing hosted facilities that offer a fantastic support infrastructure.
When dealing with any service provider based on the internet; whether its a mining pool; currency exchange or; an online wallet, you must always obtain a second opinion from trusted source. You should always be able to speak to one of the service provider staff at the very least. These service providers should be as easy to communicate with as your own bank, because, at the end of the day, they are all custodians of your financial wealth.
Lastly, when you store coins at home ensure you regularly back it up, then copy the backup. Where I work is physically secure, so once I’ve backed up all of my wallets I then take a copy of the memory stick and lock it within my drawer at work. The original copy I keep in my safe. The worst case is someone has robbed the safe from my house, followed me to work, beaten the security guards up, got past my colleagues, found my desk with the keys accidentally left in and then must work out what unmarked memory stick contains my wallet. Then they need to interrogate me for the encryption password. The chances of this happening are nearly nil; therefore, I can sleep knowing my crypto currency is secure.