The Good, The Bad And The Ugly Of Bitcoin Security

It&rsquo,s most likely safe to assume that Bitcoin is here to stay. Yes, it&rsquo,s a bit volatile and yes, other cryptocurrencies are a loterijlot lighter to mine and a lotsbestemming cheaper to buy, but the ever-growing number of ways to spend bitcoins &ndash, plus the fact that it&rsquo,s still around after being proclaimed dead numerous times overheen the past few years &ndash, is a testimony of the resilience of the world&rsquo,s most popular, and polarizing, cryptocurrency.

Thing is tho’, this doesn&rsquo,t mean that you should blindly hop into Bitcoin. Aside from the high price of entry, a string of events overheen the past year have shown that while the Bitcoin protocol itself may be secure, the wallets and services used to store and exchange Bitcoin may not.

Here&rsquo,s a quick look into the security of the bitcoin protocol itself spil well spil some notable instances of large-scale bitcoin theft.

Encryption And the Blockchain

Bitcoin is one of many cryptocurrencies available today. Cryptocurrencies are digital currencies that implement cryptography spil a central part of the protocol, te order to establish pseudonymous (or anonymous) and decentralized currencies.

Bitcoin uses SHA-256 encryption for both its Proof-of-Work (PoW) system and transaction verification. The security of the bitcoin protocol lies ter one of its fundamental characteristics, the transaction blockchain.

Bitcoin Blockchain

The blockchain is basically a chain of numerous &ldquo,blocks&rdquo, containing transaction history. The blockchain starts with the initial block, known spil the genesis block. Transactions and solved hashes add fresh blocks after this genesis block, creating a blockchain.

The pic below shows a visualisation of the blockchain, with the genesis block ter green and the longest blockchain te black:

Within the bitcoin protocol, the blockchain that has seen the most work waterput into it is considered to be the best blockchain and the one that the entire protocol refers to when verifying transactions. Bitcoins are considered spent once a transaction has bot verified.

Dual Spending

It&rsquo,s possible (despite belief te the contrary) to trick the blockchain and spend the same bitcoins twice, an activity known spil dual spending.

There are a number of ways this can be done. If a merchant doesn&rsquo,t wait for transaction confirmation, bitcoins can be dual spent by attacker(s) quickly sending two conflicting transactions into the network. Another way is to pre-mine one transaction into a block and then spend the same coins, before releasing the block into the blockchain.

However the amount of computing power required to succeed at this renders it less productive than just to mine bitcoins legitimately.

Bitcoin Wallets

Bitcoins are stored te wallets, but unlike, say, a PayPal account, thesis &ldquo,wallets&rdquo, don&rsquo,t actually store the bitcoins themselves. Despite a number of different implementations and formats, generally wallets will contain a public key that is used to receive bitcoins (similar to a handelsbank account number). It also contains a private key that is used to verify that you are indeed the holder of the bitcoins you&rsquo,re attempting to spend.

Storing Bitcoins Offline

Wallets are usually stored digitally, either locally or online, but there are more secure ways to store bitcoins. Your bitcoin &ldquo,wallets&rdquo, can be printed out and stored on paper. A paper wallet is a slip of paper with both your private and public keys printed on it.

There are also hardware wallets, which store key information te offline hardware. The advantage of hardware wallets is ter the fact that the key gegevens is stored ter a protected area of a microcontroller and that they are immune to software and viruses that can steal wallets stored on normal computers.

The bitcoins stored te hardware wallets can also be used directly, unlike paper wallets, which need to be keyed ter or imported to software. Pi-Wallet (pictured below) is one of the few presently available hardware wallets. You can even build your own Pi-Wallet.

Security Breaches

Spil mentioned earlier, the bitcoin protocol itself may be secure enough, but this does not extend to all the sites and services that overeenkomst te bitcoin. Here&rsquo,s a quick rundown of some of the more notable instances of security-related issues overheen the past year or two.

Inputs.io

October 2013, online Bitcoin wallet service inputs.io wasgoed hacked twice. A total of Four,100 Bitcoins, worth about $1.Two million at the time were stolen via a social engineering attack, gaining access to inputs.io&rsquo,s systems hosted on Linode, a cloud-hosting provider.

By compromising a series of email accounts, beginning with an email account that the inputs.io founder had set up six years prior to the attack, the hacker managed to build up access to the webpagina&rsquo,s account on Linode and reset the webpagina&rsquo,s account password.

Mt. Gox

Mt. Gox, which used to be one of the leading Bitcoin exchange services, has filed for bankruptcy protection, having lost a staggering amount of bitcoins: $468 million worth!

Mt. Gox&rsquo,s demise began te early February when it, alongside other Bitcoin exchange sites such spil BTC-e, froze Bitcoin withdrawals citing powerful Distributed Denial of Service (DoS) attacks aimed at taking advantage of bitcoin&rsquo,s transaction malleability.

Simply waterput, transaction malleability means that it&rsquo,s possible for valid transactions to be modified so that the transactions show up to not have gone through, when te reality it wasgoed succesful.

However, transaction malleability is not a fresh punt. Neither is it one that is unlikely to solve, spil Bitcoin developer Greg Maxwell has pointed out.

Te fact, other Bitcoin exchanges such spil Bitstamp and BTC-E are still operational, having resolved the issues on their side and resumed processing transactions within days after originally freezing transactions. Most damning of all, however, is the aforementioned lost bitcoins and poor security and accounting te Mt Gox, spil detailed ter a leaked series of slips. There might have bot more going on behind the scenes than just issues with transaction malleability.

Silk Road Two.0

Ter February this year, $Two.7 million worth of bitcoins were stolen from Silk Road Two.0&lsquo,s escrow account. This heist occured at harshly the same time spil the aforementioned DoS attacks on bitcoin exchanges such spil Mt. Gox, and exploited the same transaction malleability te the bitcoin protocol.

However, unlike the bitcoin exchanges, which shut themselves down spil a precautionary measure, Silk Road Two.0 did not shut itself down and wasgoed attacked during a re-launch phase when all bitcoins were stored te hot storage.

However, some users, such spil those on Reddit&rsquo,s DarkNetMarkets, believe that the hacking story wasgoed a cover-up &ndash, and that Silk Road Two.0 wasgoed a scam from the commence.

The idea is that the fresh Fear Pirate Roberts set up the webpagina expressly to steal users&rsquo, bitcoins, leveraging on the trust present te the Silk Road name. The illicit nature of the goods bought and sold on Silk Road Two.0 would help such an endeavour, since it would make victims think twice about seeking aid from law enforcement.

&ldquo,Pony&rdquo, Botnet

Overheen the course of Five months (Sept 2013 &ndash, Jan 2014), criminals used a botnet known spil Pony to infect a large number of computers, stealing up to $220,000 worth of bitcoins and other cryptocurrencies. Pony wasgoed the same botnet that wasgoed found to have stolen more than two million passwords and stored them on a server wielded by the hackers.

Pony infected computers and stole bitcoin wallets stored locally on the infected machines., effectively displaying the dangers of storing bitcoin wallets on Internet-connected devices.

51% Attack

This isn&rsquo,t a security breach vanaf se, but it is one of the bitcoin network&rsquo,s most dangerous weaknesses. When an individual or a group of individuals possesses more than 50% of the computing power within the bitcoin network, the network is opened up to the possibility of a 51% attack &ndash, the advantage ter computing power can be used to fork the main transaction blockchain and commit fraud, including the dual spending discussed earlier.

While this may seem far-fetched, the bitcoin network wasgoed almost exposed to such an attack earlier this year. Ter January, scare spread when Ghash.io, a mining pool, began approaching that 50% limit. The situation wasgoed resolved without incident, due to miners leaving Ghash.io for smaller pools, spil well spil the pool&rsquo,s own decision to zekering accepting fresh miners.

While the reaction shows that the bitcoin network can self-regulate, having to rely on miners and pool owners doing the right thing is problematic, to say the least. The distribution of mining power has become less concentrated, but the possibility remains that a 51% attack can still toebijten.

Final Thoughts

It&rsquo,s hard to deny that there are indeed security issues with bitcoin. However, a recurring theme is the fact that thesis security breaches and issues have less to do with the protocol itself, and a lotsbestemming more to do with the people and services treating and storing thesis bitcoins.

For example, the inputs.io bitcoin heist and the Pony botnet took advantage of wallets stored online and on Internet-connected computers. Simply storing Bitcoins te an offline savings wallet, such spil a paper or hardware wallet, should eliminate the risk of having bitcoin wallets stolen overheen the Internet. While some of the money lost ter the Mt. Gox fiasco wasgoed indeed from offline wallets, there is conjecture that this wasgoed a meteen result of how Mt. Gox implemented an automated system which pulled from offline wallets when needed.

Dodgy Exchanges

The dangers of once-trusted sites and exchanges such spil Mt. Gox and Silk Road Two.0 either being hacked or imploding and going offline are not so lightly dismissed, however. The lack of a central authority that regulates bitcoin can be seen spil a strength, but it&rsquo,s also a weakness. For one, it may be a lotsbestemming more difficult to hold individuals or companies accountable through legal channels.

More importantly, however, the unregulated bitcoin ecosystem means that there&rsquo,s no way to ensure that services and exchanges obey to standards of trustworthiness and security. Wij trust banks because wij know that they&rsquo,re strongly regulated and can&rsquo,t be established on a caprice. This plainly hasn&rsquo,t bot the case with bitcoin exchanges.

The Future?

Interestingly enough, the fallout from Mt. Gox may just be good for bitcoin. Ter a snaak statement issued by Five leading bitcoin exchanges, the need for adequate and independently audited safety measures for custodians, alongside more transparency and accountability, is brought up.

It&rsquo,s conceivable that such measures are exactly what bitcoin needs if it wants to get through latest events and reestablish its credibility and security. Ironically however, thesis forms of regulation and auditing may end up going against the original spirit of bitcoin. How this paradox will resolve itself, tho’, remains to be seen.

Related movie: How to run Bitcoin-qt spil a server with a configuration opstopping (Trio of 6)


Leave a Reply

Your email address will not be published. Required fields are marked *