Does Bitcoin Solve All Our Security Concerns?
Ah Bitcoin, the supposed panacea of all things financial.
Even though I have been involved with it for some years now and am openly supportive of its ethos and potential, the truth is that Bitcoin has security issues like any other financial system.
It’s just that they exist in a completely different place to where people think they do. In fact, they don’t exist within Bitcoin at all. The problem is closer to home than you think.
The strength of the Bitcoin network
Recently I was in a small shop in my local town making a purchase of a phone case that was around ten pounds. Their credit card machine wasn’t working for whatever reason and they could only accept cash at the time. I made an inquiry about whether they would accept Bitcoin instead of cash (although I already knew the answer to that) and the shopkeeper responded with an answer that surprised me.
Although I often ask this question, I have yet to visit a retailer that will accept Bitcoin in it’s native form. That said, I have often used it via VISA debit cards for all sorts of goods and services, usually without them even being aware. In this case, since the card machine wasn’t available, this was not an option.
The usual answer, of course, is “What’s Bitcoin?” a sure indication of just how far adoption has yet to go, but on this occasion the shopkeeper was aware of it and gave a different reason for not accepting it.
Put simply he “didn’t trust it.”
This was interesting and I felt I needed to understand what he meant by it. Was he a Bitcoin savant and knew something I didn’t, or was it something else?
As I gently pushed him for clarification it became clear that his mistrust had come from mainstream media and centered around Bitcoin ‘being hacked’. What was the point, therefore, of accepting something that he could easily lose later on?
The fact is, of course, that Bitcoin itself has never been hacked, not once in its eleven year history. It is, without any doubt, one of the most secure networks that we humans have ever devised since we have been on the planet. And the reason? Bitcoin operates without any human intervention whatsoever and this is just as well because people simply cannot be trusted with financial transactions to any degree. The slew of fines that banks have been forced to pay over the years is irrefutable proof of this.
That said, it IS theoretically possible for the network to be hacked, but this is now so unlikely and so hard to do that you probably have more chance of winning the lottery every week for the next hundred years than this happening.
The theoretical premise is this:
Should a group of miners who collectively have more than 51% of the total hashing power collude together to disrupt the blockchain, they could force a new ‘fork’ of that blockchain that all other miners would then accept going forward, the so called, and appropriately named, “51% attack” scenario.
This would work because the new blocks this created would automatically be accepted by the remaining ‘honest’ minority as the correct chain that is in operation.
However, such an attack could not affect the security of private keys and signing algorithm, steal, spend or redirect Bitcoin or in any way change any past transactions or records of ownership. At best, it could only affect a few recent blocks or change the direction of new blocks. In other words, anything older could never be changed and no transactions prior to this could be annulled or reversed.
It would also only affect the attacker’s OWN transactions since a private key would still be needed to spend them. But it could be used, for example, where an expensive product is purchased using Bitcoin by the attacker who then immediately initiates the process and reverses the transaction, thereby gaining the product and keeping the Bitcoin they paid for it. It has to be carefully timed, because once a transaction has received six confirmations, it would be close to impossible to reverse it even with all the computing power that currently exists on the planet.
In reality, with the massive increases in hashing power over the last few years, it would extremely difficult for one operator to amass such power over the network, even via a mining pool. The only way this would be possible would be through a very well funded and totally synchronized covert attack, probably via a state sponsor. Arguably, however, it would be far simpler to hack existing banking systems if financial gain was the motive.
In addition, every day that goes past sees, on average, an increase in the hash rate that supports the network, meaning that the power required to successfully deliver a 51% attack increases all the time. It would also require those miners to act against self interest, since any block rewards gained would not be recognized by the ‘correct’ blockchain.
It really is very clever, and I think we can safely say that I wouldn't bother with any of this for a ten pound phone case transaction.
And nor, for that matter, would anyone else.
The fallibility of exchanges
But if we know this to be true, what are these incidences of ‘Bitcoin being hacked’ that we often hear about in the news?
This is, as is so common in the press, another case of the wrong words being used by the reporting parties. In the same way there is no such thing as a ‘computer error’, there is no such thing as a ‘Bitcoin hack’ except in the unlikely scenario described above.
The problem actually lays where the closed, dependable ecosystem that runs it meets the open and entirely fallible world of the human. As we’ve already seen, we’re not very good with money and consistently lose it through carelessness, steal it from other people and attach far too much importance to it in general. It makes us do weird things.
Even where Bitcoin itself has remained secure, there have been many exchange hacks, ie where it has been stolen from the main client accounts of Bitcoin exchanges. Some of these have been disastrous and resulted in the complete collapse of the exchange in question. Yet, in almost every case, the hack was avoidable if anything other than very basic security had been put in place.
Banks, of course, have had centuries to get their security up to speed, and they need to have a certain level of it to maintain our trust and continued use. Even so, they are not immune from hacks and trickery. Since Bitcoin is still so young, everyone, including exchanges, is still learning. This is why the mantra that so many Bitcoin users repeat over and over is so true:
“Not your keys, not your Bitcoin.”
In other words, if you don’t take care of your private keys yourself, the hackers will happily relieve you of it. And once it’s gone, all you can do it watch it move from wallet to wallet on the blockchain. You won’t get it back.
These days many exchanges offer compensation funds and new, super secure warehousing has been introduced by companies such as Bakkt to provide reassurance to institutional investors.
Will it be enough? We’ll see.
The human element
Just as we humans still manage to lose physical cash even having centuries of getting used to it, we do the same with Bitcoin.
I’m not talking about the millions of Bitcoin that have been lost forever through carelessness (although this is a factor), I’m talking about theft.
There’s two parts to this, what I call ‘willing’ and ‘unwilling’ lapses of security.
‘Willing’ security lapses are when people insist on giving their private keys to dubious companies on the internet in exchange for a promise that is simply too good to be true. The crypto world is still one not unlike the wild west, with charlatans, scammers and con artists using the relative anonymity of the internet to operate beyond the reach of the law.
In time, this will become much less of a problem, but for now, this is very simple to avoid with one simple reminder: never, and I mean NEVER, give your private keys to anyone. This is like giving a complete stranger your debit card and PIN number. There’s very few situations where this will end well.
‘Unwilling’ lapses of security are problems that will never go away as long as there are bad people in the world.
Think of it like this:
In the old days, stealing a car was easy. You’d break in, rip off the panel covering the ignition wires and splice them together. As time went on, alarm systems made this harder, but not impossible, for the best thieves. Later, when new tech introduced remote unlocking using unpredictable codes, stealing cars became almost impossible for all but the most talented thief.
Does this mean the problem was solved forever? Of course not. It merely moved the problem elsewhere.
If you want to steal a car and it’s too hard to fool a security system, what do you do? The easiest answer is to steal the keys and, as a result, thieves moved instead to breaking into a property or holding people to ransom to get them, something that no-one would have bothered with a decade or two ago.
It’s the same for Bitcoin keys. Since they can’t be broken and the network can’t (easily) be manipulated, the only answer for a thief who hasn’t managed to coax a set of private keys from a Bitcoin owner through ‘willing’ means, has no choice but to force them to do so under torture or threat of serious violence.
This has already happened, and people have even been killed for their Bitcoin keys. But of course, this has happened forever in one form or another. How many times have we heard sickening news stories of people tied up and threatened for their safe combinations? This is no different.
Where does that leave Bitcoin?
In terms of network security, we can almost completely eliminate any worries we may have about a concerted consensus attack, at least for the foreseeable future. Our phone case re-seller is not right to distrust it from that perspective.
However, as far as I can tell, we haven’t solved a single problem in terms of security when dealing with bad people. You simply WILL hand over your Bitcoin keys when threatened with violence in the same way you would a safe combination. And, worse, there’s no real way to get round that, now or ever.
But does that mean we don’t use cash so as not to make ourselves the target? On that basis should we extend this to Bitcoin as well, since it is a form of liquid currency? Of course not and, in fact, breakthroughs in hardware wallet solutions mean you probably have a slightly better chance of keeping your Bitcoin in such situations.
So, next time you are faced with a ‘trust’ objection from a non-Bitcoin user, remind them that the Bitcoin network is far more secure than anything the banking system currently has to offer.
They themselves, on the other hand, are likely to be the weakest link in the whole chain.
Oh, the irony.
Want articles and up to the minute analysis and opinion in your inbox? Why not subscribe to the ‘Bitcoin and Global Finance’ newsletter? Receive special offers and insider info, unsubscribe at any time.
If you enjoyed this story and want to know more, you’ll probably enjoy these pieces too:
Your Kids Will Use Bitcoin Before You Do. Here’s Why.
Global adoption will take time. But don’t doubt it’s coming.
Does the Recent Price Crash Spell the End for Bitcoin?
Simple market cycle — or does someone know something we don’t?