Adoption of Security and Privacy Measures in Bitcoin Stated and Actual Behavior

Abstract

Bitcoin is a digital monetary system that functions without any central authority and pre-assumed identities among participants. Contrary to a popular belief, Bitcoin is not inherently anonymous or secure. In this article, we survey security and privacy risks in Bitcoin and related countermeasures. We also examine self-reported and actual adoption of important security and privacy measures, based on an online survey with 125 active Bitcoin users and an extensive analysis of all Bitcoin transactions through the years from the beginning until June 2017, collected from the public transaction ledger (blockchain). According to our user survey, the knowledge about some of these measures among Bitcoin users is relatively high. However, others are not well known. Both studies show an extremely high adoption of single-use or fresh addresses, but a lower adoption of the remaining measures, as well as instability in case of stealth addresses, and stagnation for pay to script hash (P2SH) and multisigs. Furthermore, P2SH is used almost exclusively for multisigs. Our findings suggest that existing protection mechanisms require further usability improvements and user awareness should be strengthened to increase adoption. Against this background, our work can also serve as a methodological guideline for long-term adoption studies.