Baltimore Struggles to Tackle Ransomware Attack as Hackers Demand $10,000 per Day

On December 14, 2017, BitPay announced a first step toward enforcing the payment protocol: All orders of the BitPay Card will require payments from Payment Protocol-compatible wallets, such as BitPay’s own wallet and a few others. This announcement came after an initial notice in November 2017, when BitPay first announced that BitPay invoices would soon require payments from wallets compatible with the Bitcoin Payment Protocol.

BitPay’s move has since been met with resistance by some wallet developers that don’t support the bitcoin Payment Protocol; some are suggesting that BitPay is abusing its leading position in the payment processing space and putting user security at risk.

“We absolutely do not support BitPay in aggressively using their dominant position of market share to bully wallet providers into supporting their business plans or bully users into a system that degrades their privacy and the fungibility of bitcoin as a whole,” stated bitcoin wallet Samourai in its blog post of January 2, 2018.

The bitcoin Payment Protocol (BIP70), proposed by Gavin Andresen and Mike Hearn in 2013, describes a protocol for communication between a merchant and their customer, “enabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.” A detailed explanation of the details of the payment protocol, written by Mike Hearn in Q/A format, is available on the bitcoin forum.

According to BitPay, the Payment Protocol will reduce user error in bitcoin payments, such as payments sent to a wrong address or with a transaction fee that is too low for fast processing by the bitcoin network.

“We answer thousands of customer support requests every month, and we see first-hand how these problems affect BitPay merchants and their customers,” notes BitPay, adding that if two wallets both “speak” Payment Protocol, the correct receiving bitcoin address and the correct sending amount are locked in automatically by creating an SSL-secured connection to the true owner of the receiving bitcoin address. Instead of cryptic bitcoin addresses, the protocol uses human readable identifiers, which are then mapped to bitcoin addresses.

“Our next step will be requiring Payment Protocol payments for all BitPay Card loads,” stated BitPay. “From there, we will move to require Payment Protocol for all BitPay invoices … We continue to work with other wallet providers in the bitcoin ecosystem to advance adoption of the bitcoin Payment Protocol. We’re encouraged by the response we have received. Widespread adoption of Payment Protocol will immediately improve the bitcoin payment experience.”

According to a list provided on the BitPay website, Copay, Mycelium and Electrum wallets, along with bitcoin Core, support Payment Protocol payments. “These true bitcoin wallets all already ‘speak’ Payment Protocol,” stated BitPay. “If you are using a non-Payment Protocol wallet or service to pay BitPay invoices, you will need to move your spending bitcoin to a wallet or service which can support Payment Protocol. We strongly recommend that you use a true bitcoin wallet for spending to avoid delayed transactions, but you will be able to use any service compatible with Payment Protocol.”

This list, however, is out-of-date. bitcoin Magazine reached out to several other wallets to verify their status.

“Our currently released app Airbitz does support BIP70 and has since 2015,” Paul Puey, Co-Founder and CEO of AirBitz (recently rebranded as Edge), told bitcoin Magazine. “Edge Wallet (currently in beta) will support BIP70 in a future production version.” BitPay currently lists Airbitz as not supporting BIP70.

Bread also has supported BIP70 since 2015, contrary to information supplied on BitPay’s list.

Security Concerns

One of the most outspoken opponents of this policy shift has been Samourai Wallet.

“We have to be very clear here,” Samourai stated bluntly in its recent blog post. “Samourai Wallet will not support BIP70 in our products, therefore, our wallet users will NOT be able to send bitcoin to QR codes generated by BitPay invoices, as they do not provide a valid bitcoin address.”

According to Samourai, BIP70 “remains largely unadopted by the majority of wallet and service providers” due to many security and privacy concerns, including the required support of legacy public-key infrastructure features with known vulnerabilities, such as OpenSSL and Heartbleed.

Indeed, the recent revelations about Meltdown and Spectre have created additional security concerns among some critics.

“Meltdown/Spectre greatly increase the risk of keys being stolen from memory,” James Hilliard, developer and MyRig engineer, told bitcoin Magazine, “since they are side-channel attacks that allow processes to spy on the memory other processes (wallet private keys generally have to go into memory at some point in order to sign the transaction).”

“We do share some of the concerns but do not feel as strongly as Samourai Wallet,” said Puey. “In the case of the acquisition of a payment QR code from a website, one is already trusting SSL public key infrastructure to know that a public address is from the owner. Adding BIP70 to that makes it no worse. However, if one is doing a peer-to-peer transaction between two wallets that are physically next to each other, there is no need to rely on an https server query to obtain a public address, and that process absolutely introduces more risk than necessary.”

Many bitcoin wallets, including Coinbase and Jaxx, don’t support BIP70 at the moment. Others, like Airbitz and its upcoming Edge, support BIP70 but less enthusiastically than BitPay.

Addison Cameron-Huff is President of Decentral, the company that develops the Jaxx wallet. Referring to BitPay’s statement that BIP70 does for bitcoin what secured web-browsing (HTTPS) did for the internet, he told bitcoin Magazine, “I think BitPay is overstating the case for BIP70. It’s also a bit misleading to refer to BIPs as ‘standards,’” adding that the “BIP” acronym stands for “bitcoin Improvement Proposal,” not “bitcoin Improvement Standard.”

“Not showing addresses is a big change in how people use bitcoin, and, as of January 2018, I think it’s premature to force this change ecosystem-wide, but BitPay is only insisting upon this for people who want to use BitPay,” continued Cameron-Huff. “We’ll see over the coming months how this change affects their user base and whether alternative payment processing firms win marketshare (or don’t). Ultimately, the cryptocurrency world is one in which the best products and proposals tend to win out in the market, and only time will tell whether this was a good decision for BitPay and more importantly: a good decision for the bitcoin community.”

“We have had multiple conversations with BitPay and have expressed our concerns with the BIP70 protocol including unnecessary complications that do not truly solve the problems presented,” said Puey. “We feel that extensions to the BIP21 spec could have been implemented that would have achieved the same goals that BitPay desired without the added complications, centralization or SSL security implications.”

“While we intend to continue supporting BIP70 we do NOT recommend that providers use it or require it to receive payment and instead pursue extensions to BIP21 instead,” concluded Puey. “We have experienced a multitude of issues with BitPay’s support of BIP70 including their own servers being unable to provide payment information through the provided payment URL causing wallets to fallback to BIP21-style payments if capable.”

Future Adoption

Bread wallet CMO Aaron Lasher told bitcoin Magazine that while Bread already supports BIP70, the company has plans to “make it work with BitPay in an upcoming release.” He emphasized that it will be important to maintain the wallet’s core functionality and ensure that its high level of privacy remains.

“Bread is a consumer-focused wallet, so we support anything at face value that improves or simplifies the user experience, provided we are able to maintain sufficient privacy and financial control on behalf of our users.”

Similarly, Cameron-Huff explained that while Jaxx doesn’t currently support BIP70, if BIP70 becomes an actual widely adopted standard, then Jaxx will enable it for users.

“We will be keeping an eye on this change with BitPay and other large blockchain ecosystem organizations,” concluded Cameron-Huff. “We are always looking to improve Jaxx but also have to balance this with not forcing changes upon our users or implementing hasty changes that might cause a negative experience for our 600,000 users.”

A representative from the hardware wallet Ledger told bitcoin Magazine, “We do not plan yet to support BIP70 directly in our wallet as it’d only make sense if we could offer an end-to-end support to the hardware wallet which is not doable yet, considering the complexity of this protocol.”

Ledger added that it might support it through a translating gateway later in the future while keeping users aware of the extra risks. Like Airbitz/Edge, the company expressed a preference for BIP21.

“Security wise, we also believe that BIP70 is not in a great state today (not supporting ECDSA certificates, duplicating standard PKI issues where users have to authenticate possible rogue certificates, possibly forcing public authentication cookies on users through specific outputs) and would appreciate if all payment providers could keep offering regular BIP21 URLs for interoperability.”