Security Threats to Cryptocurrency owners

Published in
6 min readNov 19, 2018


One thing cryptocurrency advocates talk about when they explain blockchain technology to you is that blockchains present no single point of failure. By central point of failure, they mean that there’s no single place that you could attack to stop or maliciously modify the network. In practice, we observe that the central point of failure associated with a centralized database is pushed towards the user's end of the spectrum on a blockchain. In effect; by owning your own money, you become a central point of failure for the security of your funds.

Instead of there being one single point of failure for the network as there would be in a traditional database, a cryptocurrency holder stores a private key to access their funds — which presents its own new central point of failure. In the first scenario, users didn’t have to worry entirely about the theft of their funds stored in the bank, or an accidental payment. This is because banks work with consumers to issue chargebacks for unintentional transactions. In the second scenario, however, users are fully responsible for the safety of their funds.

In effect; by owning your own money, you become a central point of failure for the security of your funds.

What ‘owning your own money’ really entails

The decentralized movement pushes the idea of owning your own money as one of the strongest selling points to adopting cryptocurrency. The key idea here is that instead of central authorities being able to decide an economy’s monetary policies, the monetary policy is embedded into the original software for the blockchain and remains immutable forever. The part of that last sentence to pay close attention to is ‘immutable’. Some argue that immutability is everything you could ask for in money because it establishes soundness in money. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

Unfortunate occurrences

Taking control of your own crypto wealth puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. This means your funds are at risk of being stuck on the blockchain forever.

Bad key management is by far one of the most common ways that cryptocurrencies are lost. If people need a ‘forgot password’ option to recover 9-character passwords, it’s hard to believe that people will be able to maintain a 48-character piece of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days and stored it on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $60M at the present $8,000 spot price.

Key management is difficult for people that are technology-savvy as is — imagine how hard it is for people that aren’t involved in technology on a daily basis. Since blockchains are immutable, that means there isn’t any way to issue a reversal in the event that you lose your private key or send a transaction by accident. Chainalysis estimates that between 17 and 23 percent of all bitcoins have been lost. These are all losses of cryptocurrency as a result of losing a private key.

In case all of this wasn’t enough perspective, consider the fact that about US$4.5bn in Ether is stuck on the Ethereum blockchain from the genesis block, presumably because users that this Ether was airdropped to did not save their private keys.

Hostile actors

It isn’t just self-imposed threats that are risks to cryptocurrency holders. For insight to this next excerpt, we refer to the Ross Ulbricht legal case. In this case, Ross was given a life sentence for running an illegal ‘free market’ online marketplace which subsequently became a haven for drug traffickers. When he was arrested, police seized all of Ross’s Bitcoin holdings, which amounted to over $28M at the time. The reason police were able to seize his holdings so easily is that wherever he held his Bitcoin was a central point of failure — a central point of failure brutally exploited by the government.

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017 alone, 13.7% of the entire world’s population reported a hack of some digital asset — including both bank account balance and cryptocurrency. This asserts two key and important points. One, hackers are rampant and will relentlessly continue to hack consumers. Two, consumers are not effective at personal security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this would be far greater of a threat than it is right now.

Hacks could be possible through targeted malware or virus attacks, or deliberate compromisations. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a chrome VPN extension was hacked and saved private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2mn from average consumers. Early in February, a MyEtherWallet DNS hack let hackers steal US$365,000 from users accessing their Ether wallets in a short timeframe.

Exchanges have also not been left out of the fun — with numerous major exchanges seeing thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all comes to show that hackers do indeed pose a risk to cryptocurrency holders and cryptocurrency custody handlers.

It is estimated that almost US$2B has been lost to major cryptocurrency hacks since the rise of the asset class.

Overall, the valuation of the cryptocurrency market capitalization is increasing over time. This contributes to a higher valuation of digital assets as a whole. With such security threats discussed in this article in place and the valuation of digital assets increasing quickly, our original thesis is further solidified. Digital custody — whether centralized or decentralized — will be an important theme as the market moves on from the manic hype and begins to understand the major fundamental issues regarding digital assets as a whole.

“The Winklevosses came up with an elaborate system to store and secure their private keys. They cut up printouts of their private keys into pieces and then distributed them in envelopes to safe deposit boxes around the country, so if one envelope were stolen the thief would not have the entire key.”

“How the Winklevoss Twins Found Vindication in a Bitcoin Fortune” by Nathaniel Popper, New York Times, December 19, 2017

Billions of dollars of blockchain-based cryptocurrency have been lost to hacks or unfortunate occurrences.

20% of all Bitcoin is lost forever. That’s $20B, in fact, in 2018 alone, $1.1B has been stolen.

Vault12 has recognized this early on and has been working diligently to discover ways of maintaining decentralized custody of digital assets since 2015. In our next article, we provide more insights into our understanding of digital custody.




Personal Crypto Security: Protecting the future of money