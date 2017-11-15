The conclusion here is pretty obvious and based on some of Bitcoin's structural characteristics.

The present article will delve into bitcoin security. This is a very important theme, because common sense regarding bitcoin is that it’s an extremely secure form of currency. This idea comes because bitcoin is based on “military-grade” cryptography, and transacting it doesn’t require the holder of bitcoins to reveal any data which would compromise his ownership (private key), versus for instance sharing his credit card number and security code.

Moreover, lore has it that while bitcoin might have been involved in a heist or two, the actual protocol underlying it was never compromised. This message reaffirms the notion that we’re in the presence of a superior instrument, when it comes to security.

But what is reality? This article will cover the facts, from a bitcoin user perspective.

Two Levels

We could separate Bitcoin’s security debate across two levels:

How safe the protocol/technology is.

How safe the payments and exchange system built upon it is.

We can do this because not everything lives on the blockchain/miner system. The blockchain/miner system just issues currency and registers transactions since issuance. It doesn’t even register ownership. As a result, any attempt to steal bitcoins can either target the underlying system or the exchange/payments system built on top, or both at the same time, in an hybrid manner.

I’ll cover most issues and implications, though the theme itself is probably too lengthy for me (or anyone else) to cover. The reason it’s impossible to cover the theme thoroughly is structural. We’re covering vulnerabilities or risks which arise both from the underlying theory, and from its software implementation, both on the blockchain and off-blockchain (the payments system on top). When it comes to software, unknown unknowns (unknown bugs, for instance) are literally a certainty.

Let’s get to it, then.

How Safe Is The Blockchain?

The blockchain was literally conceived to impede the abuse of a distributed ledger system. Beyond the security afforded by cryptography, the main problem it sought to avoid was the problem of double spending. That is, the ability of an attacker to spend the same money two or more times. Generically speaking, it also sought to avoid the ability of an attacker to simply control the blockchain and do with it as it saw fit, reversing transactions, inserting bogus transactions, etc.

Thus, we could speak about at least 2 security challenges here:

To make sure transactions are valid . This is done by making sure the amounts being spent have unspent outputs before them within the previous blockchain. This is also done by checking for valid transaction signatures, that is, transaction signatures which were created with valid private keys. This solves the double spending problem by assuring that whatever bitcoins are spent weren’t so, before.

. This is done by making sure the amounts being spent have unspent outputs before them within the previous blockchain. This is also done by checking for valid transaction signatures, that is, transaction signatures which were created with valid private keys. This solves the double spending problem by assuring that whatever bitcoins are spent weren’t so, before. To make sure the blockchain being mined is the real blockchain. This is achieved by miners mining the longest available (valid) blockchain. Since to extend the blockchain is computationally expensive, the longest blockchain has “proof-of-work” that it was worked on the most. As long as more than 50% of mining computing power supports the valid blockchain, attacks are theoretically thwarted with a high degree of certainty (but not full certainty, mind you). Moreover, since directing computing power at extending the blockchain unleashes rewards (block rewards, transaction fees), this creates the incentive for anyone controlling enough computing power to also collaborate with the legit blockchain.

The above combine to create a near-certainty that all transactions being registered in the blockchain are valid, because:

They were properly signed.

They came from unspent outputs.

They are on the longest chain.

Can this intrinsic security be broken? Many approaches could be taken, including:

Guessing private keys, to sign transactions stealing bitcoin from their proper owners.

Creating transactions which are seen as valid (and are confirmed) by the network, but where the sender is informed the transactions were deemed invalid (and thus the bitcoin not spent).

Try to practice double spending which still circumvents the systems in place.

Try to get enough computing power to overwhelm the network.

Or just look for as-of-yet-unknown technical (implementation) or theoretical vulnerabilities.

In practice, there have been instances of some of these attempts working. For instance:

Guessing a private key for a given address with unspent outputs through brute force (testing all combinations) is very hard, because of the size of the key space. Thus, right now this attack does not look viable, computationally. Of note, though, it’s easy to find unspent outputs just by checking the blockchain. As a result, if ever computing becomes fast enough (say, using quantum computers), a brute force attack might suddenly become viable. At that point, unless the Bitcoin protocol is changed, all bitcoins (their ownership) will be at risk. Of note, if this attack becomes viable it will circumvent all existing defenses including cold storage. By “cold storage” meaning keeping the private keys offline (on paper, on computers not connected to the internet, etc).

(testing all combinations) is very hard, because of the size of the key space. Thus, right now this attack does not look viable, computationally. Of note, though, it’s easy to find unspent outputs just by checking the blockchain. As a result, if ever computing becomes fast enough (say, using quantum computers), a brute force attack might suddenly become viable. At that point, unless the Bitcoin protocol is changed, all bitcoins (their ownership) will be at risk. Of note, if this attack becomes viable it will circumvent all existing defenses including cold storage. By “cold storage” meaning keeping the private keys offline (on paper, on computers not connected to the internet, etc). Guessing a private key by dictionary attack . That is, just using common (even if millions or trillions of them) passwords, words, numbers to check whether they map to a valid private key/address with unspent outputs. This is a viable attack and is already practiced around the clock . Many vulnerable addresses have bots checking them in real time, and if any amounts are transferred into those compromised addresses, the accounts are emptied immediately. It’s impossible to establish just how many bitcoin have been stolen this way already. Of note, this attack circumvents all possible defenses (after creating the poor private key) including cold storage.



. That is, just using common (even if millions or trillions of them) passwords, words, numbers to check whether they map to a valid private key/address with unspent outputs. . Many vulnerable addresses have bots checking them in real time, and if any amounts are transferred into those compromised addresses, the accounts are emptied immediately. It’s impossible to establish just how many bitcoin have been stolen this way already. Of note, this attack circumvents all possible defenses (after creating the poor private key) including cold storage. Double spending within a time window . This attack simply takes into account that bitcoin transaction confirmation structurally cannot be instant (blocks including confirmations are generated around every 10 minutes by design). As a result, for any goods delivered instantly (digital), it’s possible to double, triple or “God know how many times spend”. This will work as long as the merchant relies on instant/quick fulfillment (that is, the merchant doesn’t wait for transaction confirmation – which can mean waiting for 10-30 minutes even paying a high transaction fee). Of note, just waiting for a single block to show confirmation (so within 10 minutes) is not enough. The block can end up becoming invalid because of the system's nature.

. This attack simply takes into account that bitcoin transaction confirmation structurally cannot be instant (blocks including confirmations are generated around every 10 minutes by design). As a result, for any goods delivered instantly (digital), it’s possible to double, triple or “God know how many times spend”. This will work as long as the merchant relies on instant/quick fulfillment (that is, the merchant doesn’t wait for transaction confirmation – which can mean waiting for 10-30 minutes even paying a high transaction fee). Of note, just waiting for a single block to show confirmation (so within 10 minutes) is not enough. The block can end up becoming invalid because of the system's nature. Getting enough computing power to overwhelm the network . This is currently a hard or impossible attack to perform. However, bitcoin will be at its most vulnerable during market crashes. At those points, it can become unprofitable for most miners to keep on mining, but it might simultaneously not be unprofitable to use the computing power to extract value from other people’s bitcoin or transactions. The incentive to mine “for good” could thus turn into an immediate incentive to mine “for evil”.

. This is currently a hard or impossible attack to perform. However, bitcoin will be at its most vulnerable during market crashes. At those points, it can become unprofitable for most miners to keep on mining, but it might simultaneously to use the computing power to extract value from other people’s bitcoin or transactions. The incentive to mine “for good” could thus turn into an immediate incentive to mine “for evil”. Using bugs in the protocol or protocol implementation . For instance, the transaction malleability weakness was supposedly used to steal ~7% of the entire bitcoin ownership from 2011 to 2014, through the Mt Gox exchange, ultimately leading to its downfall. This vulnerability existed within the software implementing the protocol.

. For instance, the transaction malleability weakness was supposedly used to steal ~7% of the entire bitcoin ownership from 2011 to 2014, through the Mt Gox exchange, ultimately leading to its downfall. This vulnerability existed within the software implementing the protocol. The unknown unknowns I . There is a large attack surface. Things as simple and theoretically as reliable as hashing or cryptographic algorithms might not be perfectly implemented, or even have theoretical failures of their own. There is precedent for these flaws being present in widely used cryptographic libraries, thus weakening the security of millions of otherwise safe devices and implementations based on them.

. There is a large attack surface. Things as simple and theoretically as reliable as hashing or cryptographic algorithms might not be perfectly implemented, or even have theoretical failures of their own. There is precedent for these flaws being present in widely used cryptographic libraries, thus weakening the security of millions of otherwise safe devices and implementations based on them. The unknown unknowns II. A system like bitcoin presents a static target for literally millions of intelligent hackers/theorists/mathematicians. Thousands upon thousands of different attack theories will be conceived and tested over time. If one is found by “the evil side”, attacks like that which happened to Mt.Gox can happen literally anywhere, at any time, and take anyone's bitcoin with it.

Remember, up until now we just touched the surface on what are the security threats emerging from the safest part of the bitcoin protocol. This is akin to someone hacking a bank or central bank to change the underlying records (their system of record) – not through hacking client transactions of compromising them, but changing the underlying records. As we will see later in this article, though, that’s where the similarities end. Check the "So, Bitcoin Is As Safe As Regular Digital Currency?" section to see why.

How Safe Are The Payment Systems Built On Top Of It?

When dealing with bitcoin, users don’t deal directly with the blockchain. Instead, they use off-blockchain services, including:

Wallets (which are simply software programs).

Exchanges (for buying and selling bitcoin versus other currencies and crytocurrencies).

Payment systems (for buying goods and services with their bitcoin).

Wallets will hold private keys to all your funds. They’ll be made safe using systems similar to those of banks and other deposit bearing institutions. Be them passwords, code-generating hardware, biometric safety, you name it.

Exchanges will also hold customer funds. Often, they will hold those in an exchange wallet with an internal system of record similar to a bank’s. That way exchanges can internalize transactions to make them fast and cheap (by not being committed to the blockchain, except when the trades touch external addresses, which can be retail customers but most likely other exchanges). Exchanges will also hold regular bank accounts as well as have currency liabilities.

Payment systems will be "indistinguishable" from Paypal. The bitcoin they hold, either in segregated wallets or a company wallet, will simply be tokens to be exchanged for currency as soon as the users buy something (with the balance from the user side being sold into the bitcoin market, so as to provide funds to pay the merchant).

Guess what? These are all unsafe. These have all been hacked and bitcoin stolen, over and over. At the very best, the most that these services can hope to be is as safe as those supporting regular digital currency (that is, dollars and euros, in a bank, in Paypal, etc).

That is so because these institutions' systems simply use the underlying blockchain as a system of record. Other that that, they face the exact same security challenges as any other financial institutions, in both securing themselves and their client accounts. And here I'm even discounting the regulatory pressure to implement proper security protocols at all levels, which won't exist with unregulated startups acting in a fast and loose hot market.

So, Bitcoin Is As Safe As Regular Digital Currency?

Yes would seem to be the answer, from what I said above (they'd be the same). But it isn’t.

You see, the problem here is that there a combination of bitcoin structural characteristic which changes things dramatically. That combination is:

Bitcoin transactions cannot be reversed . Once a bitcoin transaction is confirmed (committed to the blockchain) from one address to another, it would require the recipient’s willingness to sign a transaction to send the bitcoin back.

. Once a bitcoin transaction is confirmed (committed to the blockchain) from one address to another, it would require the recipient’s willingness to sign a transaction to send the bitcoin back. Bitcoin transactions cannot be censored . If a transaction bearing a valid signature (private key) and amount (existing in unspent form at the spending address) is sent to the Bitcoin network, the network will validate it.

. If a transaction bearing a valid signature (private key) and amount (existing in unspent form at the spending address) is sent to the Bitcoin network, the network will validate it. There is no nexus of ownership to bitcoin addresses or the bitcoin in them. They simply “exist”, and anyone with the right private key to an address can use the amount of bitcoin associated with it from anywhere.

Now, this combination has tremendous implications for a bitcoin user. As a non-exhaustive list:

You lose the private keys to your bitcoin. You lost the bitcoin . There is no way to get back your bitcoin, no way to claim a “lost password” to them (or the wallet they sit in). They’re simply gone.

. There is no way to get back your bitcoin, no way to claim a “lost password” to them (or the wallet they sit in). They’re simply gone. You misplace a single digit in a destination bitcoin address during a transaction. You lost the bitcoin . The transaction is valid because the signature is valid (it’s your private key) and the destination bitcoin address is overwhelmingly likely to be valid (because the address space is gigantic). There is no way to get those bitcoin back. Compare this to a banking transaction using a wrong IBAN (International Bank Account Number). A bank can reverse transactions or ask the receiving bank to reverse transactions. Moreover, the IBAN has "check digits", so if you misplace a digit you are already extremely likely to see the destination be deemed as invalid. With bitcoin, you can’t reverse the transaction and overwhelmingly the address will be valid as there are no check digits and there's an infinitude of valid addresses.

. The transaction is valid because the signature is valid (it’s your private key) and the destination bitcoin address is overwhelmingly likely to be valid (because the address space is gigantic). There is no way to get those bitcoin back. Compare this to a banking transaction using a wrong IBAN (International Bank Account Number). A bank can reverse transactions or ask the receiving bank to reverse transactions. Moreover, the IBAN has "check digits", so if you misplace a digit you are already extremely likely to see the destination be deemed as invalid. With bitcoin, you can’t reverse the transaction and overwhelmingly the address will be valid as there are no check digits and there's an infinitude of valid addresses. You get hacked. Someone manages to hack into your wallet account or your exchange account. He transfers the bitcoin away or spends them. You lost the bitcoin. There is no way to reverse the transactions. Compare this to what happens to a bank account, PayPal account or credit card. The transactions can most often be reversed. There can be insurance to pay for the losses. While the hacking can happen, the consequences are unlikely to affect you. Not so with bitcoin.

Someone manages to hack into your wallet account or your exchange account. He transfers the bitcoin away or spends them. There is no way to reverse the transactions. Compare this to what happens to a bank account, PayPal account or credit card. The transactions can most often be reversed. There can be insurance to pay for the losses. While the hacking can happen, the consequences are unlikely to affect you. Not so with bitcoin. You get social hacked. Same as you get hacked. You lost the bitcoin. With a regular digital currency or payments system, there’s the possibility of seeing the transactions reversed. Not so with bitcoin.

Same as you get hacked. With a regular digital currency or payments system, there’s the possibility of seeing the transactions reversed. Not so with bitcoin. Your wallet/wallet provider gets hacked. The bitcoin are transferred away. You lost the bitcoin. A bank, credit card provider or PayPal get hacked and it leads to your balance being stripped away? You’ll be getting that money back.

The bitcoin are transferred away. A bank, credit card provider or PayPal get hacked and it leads to your balance being stripped away? You’ll be getting that money back. Your exchange gets hacked. You lost the bitcoin. An exchange getting hacked is very likely to lead to the exchange going bankrupt. There is no FDIC insurance or any other such insurance scheme to pay you back. The only hope is that the exchange is strong enough not to go bankrupt, and then tries to make its customers whole over time. This actually happened to Bitfinex (the largest bitcoin exchange), which got hacked for $72 million back in 2016. Since bitcoin exchanges are very profitable businesses, Bitfinex managed to pay back its customers.

An exchange getting hacked is very likely to lead to the exchange going bankrupt. There is no FDIC insurance or any other such insurance scheme to pay you back. The only hope is that the exchange is strong enough not to go bankrupt, and then tries to make its customers whole over time. This actually happened to Bitfinex (the largest bitcoin exchange), which got hacked for $72 million back in 2016. Since bitcoin exchanges are very profitable businesses, Bitfinex managed to pay back its customers. To make things uglier, bitcoin stealing is structurally silent. At any second of the day, a validly-signed transaction sending your irretrievable bitcoin away might be getting confirmed. You'll never know it. The network does not generate any warning when your bitcoin are being sent away. There will be no "you spent X bitcoin" e-mail/SMS coming your way if the bad guys get hold of your private keys.

There is literally a never-ending list of events which lead you to lose your bitcoin or simply be conned. The main theme here is: if you get stolen on the current digital currency world, you likely have a way to make set things right afterwards, due to the ability to track and reverse payments. You get your bitcoin stolen? They’re gone.

So the answer, due to this, is clearly that bitcoin is not nearly as safe as regular currency.

A Funny Aside on Mt.Gox

A funny aside here. Mt Gox was treated as a regular bankruptcy. Since it still held some bitcoin and bitcoin has risen so much, its creditors (account holders, mostly), will get back their money (at bitcoin rates existing as of the bankruptcy filing). That is, account holders will get back their money but not their bitcoin. This was out of pure chance, though (bitcoin going up instead of down).

Even funnier, regular bankruptcy laws mean that Mt.Gox shareholders make out like bandits. Creditors are to receive their bitcoin claims at the rates as of bankruptcy filing. The bitcoin still held by Mt.Gox are so valuable now, though, that they’ll massively exceed those claims. This happens because claims were frozen at their monetary value (even by creditor’s demand, but also as a matter of law) as of the bankruptcy filing. Since the bankruptcy assets will be able to satisfy these claims, Mt.Gox shareholders won’t have to be diluted or wiped out, so they’ll keep control over the remaining assets after paying the claims.

Adding Insult To Injury

There’s yet another bitcoin particularity, when it comes to security, which is very interesting. I’d say it adds insult to injury. This particularity is that anyone can see, in the blockchain, where the stolen bitcoin went. The transactions are public for all to see, they just aren’t reversible and the person controlling the destination address isn’t known.

It’s like you knowing your car or bank account balance was stolen, knowing where your car or account balance went, exactly, and yet not being able to retrieve it.

This does add something else. When someone steals bitcoin or otherwise wants to obscure the origin of a bitcoin balance (thus stopping the ability to track the bitcoin from address to address), he’ll want to use a bitcoin mixing service. As a result, we could say that any bitcoin going to a mixing service is likely to have illicit motivations to it.

It’s then perhaps no coincidence that in a study on 2016 bitcoin flows (check included chart), mixing services appear as the first commercial origin and destination for bitcoin, after speculative (exchange) and system-related (mining) origins and destinations.

This curiosity tells us that illicit usages and stealing of bitcoin were somewhat dominant even as of 2016. Stealing bitcoin is likely to be a very large activity even today – profitable as it is.

Will The Real Bitcoin Please Stand Up?

There's a final security risk which cannot be underestimated. Due to its nature, there is no single point of control for bitcoin. Every time a large enough miner group wants to make changes to the protocol which aren't consensual, bitcoin tends to split into two blockchains. This will be the theme of a future article in the series, on Forks and Altcoins.

For instance, recently Bitcoin split into Bitcoin and Bitcoin Cash. Someone holding Bitcoin before the split would (subject to some constraints) have equal units of each of the 2 new currencies. But someone buying bitcoin after the split, would have just bitcoin.

So what's the security risk here? Well, imagine one day the "Bitcoin" (Bitcoin or Bitcoin Cash) you're in is deemed "not to be the real one". Well, in just a few days you could see the value of your bitcoin erode massively. This is not like being stolen, but overall it can end up producing nearly the same result as finding out those bank notes you just accepted were mostly fake.

This isn't just a theoretical possibility -- it nearly happened this past weekend, when Bitcoin Cash rallied massively and Bitcoin crashed from $7,300 to $5,500 in just a couple of days. It stopped, but it could have continued.

Conclusion

There is one major conclusion to be drawn here: when it comes to security, bitcoin is a very poor digital currency.

The combination of on-blockchain and off-blockchain activities which bring bitcoin into life can hope, at best, to match the security of existing digital currency (euros, dollars, etc). However, bitcoin’s lack of ability to reverse or stop transactions make it extremely unsafe for its users. Added to that, the lack of deposit insurance protection makes it un-safer still.

For someone caring about security, using bitcoin makes no sense. Sure, here there will be a plethora of comments saying “use a cold offline hardware paper brain wallet, and trade on a shady website so as not to go through an exchange” and whatnot. Well, might as well go back to bartering or using non-digital money, if you’re going around printing wallets and storing them buried in the backyard along with lists of 24 words to unlock whatever. We’re talking about regular usage by common people here, not survivalism.

One more aside here. You can have your bitcoin buried deep under the Alps on offline servers or reams of paper. Yet, if someone gets your private keys through a flaw in their generation or something, those bitcoin buried deep can still be stolen (transferred away from their addresses). No, bitcoin isn’t really like gold there. With gold, they’d actually have to get the gold. Worse still, the servers would still be there, untouched, and nobody would know the bitcoin were gone – a bit like Mt.Gox, which went for years being robbed.

For those wanting to know more about regular people losing their bitcoin -- even when they are well-informed on bitcoin's workings -- I recommend reading this article:

