Cryptocurrency security: how to safely handle your casino's bankroll
The most important part of a casino, money, has to be handled with precision and care. The smallest error can lead to disaster. We’re going to take a shallow wade into the otherwise deep topic of cryptocurrency security.
Why bother with cold storage?
It’s a good question. Wouldn’t everything be so much easier if casinos just let deposits and withdrawals flow through a single, central wallet, controlled by the admins? Well, no, far from it. It would be an impediment to both the user experience or the casino management experience. For “instant withdrawals”, the game server (which players interact with) has to be connected to the bitcoin wallet containing user funds (herein referred to as a “hot wallet”), so this wallet must always be online and connected. Usually, this server is provided by an online hosting service (because most casinos don’t run home servers, for reasons we can discuss some other time). This inherently comes with risks.
Most benignly, the hosting provider could get hacked, struck by a natural disaster, or face a power outage. There might also be attacks by insiders (employees at the hosting provider, perhaps), which can be far more dangerous, and harder to detect. As always, most servers are constantly being bombarded with brute-force attacks (a form of attack where malicious parties try multiple password combinations in order to gain access to your server). This rarely works: you don’t want to be one of those rare cases. Other than the server itself being accessed by attackers, there’s always the possibility of a hack, bug, or exploit in the casino itself. This was experienced by bustabit, where a bug in the web socket enabled users to see game results before the game ended. The hackers walked away with around 120 bitcoins (and not more, thanks to the hot wallet system, which didn’t keep a large proportion of the bankroll connected to the game server).
Whereas instant withdrawals are important to the user experience, some casinos may not really care, and may simply choose to process withdrawals manually. But, this means that the casino managers would have to be pretty hands-on and monitor withdrawals daily. This can be cumbersome, and certainly isn’t the ideal solution unless you’re a big organization with numerous trustable employees (the exchange BitMEX comes to mind). This is why the ultimate solution when it comes to cryptocurrency security is to have both a hot wallet and a cold wallet: a cold wallet referring to one that is completely disconnected from the Internet, and is handled manually by the casino operator(s). It’s the solution that allows for users to be happy (with instant withdrawals for the vast majority of players) and for casino operators to be happy (with withdrawal processing being mostly hands-off).
How should deposits be structured?
This is a key question. When a new deposit comes in, should it go directly to the cold wallet, or to the hot wallet first? The answer to this greatly depends on the currency the casino is using, but in this post, we’re going to be looking solely at BTC for ease of understanding. ETH is a topic for another day.
Casinos and exchanges tend to be pretty secretive about their wallet structures, so it’s hard to find documentation about the most popular method. We’ll start off with the method that bustabit uses: hot wallet first. Essentially, all deposit addresses are generated by the Bitcoin node connected to the game server. New deposits go directly to the hot wallet. From there, they are siphoned off to the cold wallet, either automatically, when the balance hits a certain threshold, at time-based intervals, or manually at the operator’s discretion.
This method is pretty good, because it tends to require a lot less owner intervention. Most casino activity in terms of number of transactions comes from small players making relatively small deposits or withdrawals. The hot wallet will be topped up with new deposits, depleted by new withdrawals, and this symbiosis can go on for a long time. It only gets problematic when someone makes a very large deposit, or wins a lot and requires a large withdrawal. In this case, the operator would need to intervene, either making a deposit to or a withdrawal from the cold wallet. Needless to say, there is a very major downside to this: reduced security. As mentioned earlier, since the hot wallet is connected to the server, a hack, malware, trojan, or any form of malicious interception can be dangerous to all of the hot wallet funds. This becomes even more scary if there’s an inside attacker, lying in wait for a big deposit to occur, and then swiping the funds.
The alternative to this is letting deposits go to cold storage first, and then the hot wallet. There is a pretty obvious security upside to this, which stems from the fact that large deposits are not immediately put at risk. All large deposits remain secure with the casino operator, and are only sent to the hot wallet when necessary. Since the cold wallet is an offline device (likely a TREZOR or Ledger hardware wallet) and not Internet-connected, it’s almost impossible for the funds to be hacked by a malicious operator as opposed to from the server-connected hot wallet. Then again, the hot wallet doesn’t have that beautiful, self-sufficient symbiosis. In normal day-to-day operations, hot wallets are met with only withdrawals and not deposits, since all the deposits are going to cold storage. This means the operator needs to be very hands-on, and needs to consistently top up the hot wallet every time it reaches depleted levels.
Which method is better?
From a security standpoint, allowing deposits to go to cold storage first is obviously better. This should be the norm for new casinos, since losing clients’ money is simply not an option. There should be no chances taken when it comes to investments and user deposits. This is especially true if the casino in question doesn’t have enough retained earnings or gross profit to cover a potential hack.
Eventually, as a casino grows bigger, the owners get richer and can cover more liabilities. Their time becomes more valuable (in a personal sense). Alongside this change, the bankroll grows bigger, and thus normal user deposits and withdrawals take up a smaller percentage than before. When this happens, it’s probably safe to move to a carefully controlled hot wallet-first system, like bustabit. The bustabit hot wallet only ever contains 100 to 400 coins at any given time, despite the bankroll being over 6,000 bitcoins, but it doesn’t require regular top ups. It goes without saying that the hot wallet capacity should be capped at a certain amount, and that the operator should never risk more than they are able to completely cover in the worst case scenario.