On March 1, web hosting provide Linode’s servers were hacked, resulting in a theft of 3000 BTC from Slush and, most severely, 43000 BTC from Bitcoinica. There have been two major Bitcoin heists before, one 25000 BTC theft in June and a 17000 BTC theft from the Bitcoin exchange bitomat.pl in August, resulting in the exchange being bailed out and acquired by MtGox. Security is a major issue in the Bitcoin community, and many are worried that if they want to carry out a significant portion of their economic activity in bitcoins their money will not be safe. Many traditional banking proponents see the theft in June and now this heist as clear indications of the inferiority of Bitcoin’s lack of reversibility and an effective audit trail, and it cannot be denied that incidents such as these do shake even Bitcoin proponents’ confidence in the system, but it is critically important that we do not fall into hysteria and exaggerate the consequences and instead approach the issue with a cool head. There are several reasons why this theft is in fact less consequential to the Bitcoin community than it might seem at first glance.
- Bitcoin’s security has gotten better between this theft and the one that happened six months ago, and will only continue to get better in the future. When bitomat.pl was hacked, the 17,000 of their Bitcoins that they lost represented all of their clients’ money, and MyBitcoin’s losses were equal to 51% of their total funds. Bitcoinica’s losses, though staggering to the average individual, were mild enough that they were able to reimburse all of their customers and continue running. They are upgrading their security following this incident and are working on a more secure, specialized server. Soon, innovations like multi-signature transactions will enter mainstream usage and increase security even more.
- Storing $220,000 worth of data is not something unique to Bitcoin. Businesses like Sony and Stratfor had to suffer much worse as their proprietary data was leaked by Anonymous, and there are many low-profile cases that do not make the news. A report by the Ponemon institute shows that the average cost of a stolen laptop is $49,246, including $39,297 due to lost or leaked data. We only pay so much attention to Bitcoin-related losses because the value is so clearly quantified and because Bitcoin business remains extremely open and community-oriented — normally, banks do not announce their robberies to the public because they do not want to be perceived as vulnerable and take a hit to their reputation.
- Bitcoinica is a financial services business and they have to deal with these kinds of risks in ways other businesses do not. It’s worth keeping in mind that such risks are not unique to Bitcoin — MF Global saw $1.2 billion, or roughly 100% of what was then its net worth (the derivatives broker has since collapsed), simply disappear without a trace. Bitcoinica, on the other hand, managed to remain solvent. For the average Bitcoin-handling business, such risks are much milder as all of their Bitcoins can be stored in cold storage as they simply need to accept money coming in all the time, not take it out.
- The little guy is secure. Bitcoinica has taken the entire 43000 BTC hit and the balances of individual Bitcoin users remain untouched. The ironic thing is, this is exactly how things work for the consumer in the real world. When your credit card gets stolen and the thief buys $10000 worth of goods with it, the bank refunds your losses and your balance remains untouched, just as happened here (although the consequences to the merchant who sold the goods are somewhat less pleasant). This is one of the key points of Bitcoin: Bitcoin does not force you to be your own bank. You can keep your bitcoins stored with a Bitcoin bank if that makes you feel safer, and as more and more average users begin to accept Bitcoin such services will begin to appear. There are already various options with as many levels of convenience and paranoia as there are types of smartphones. Freedom is superior to non-freedom not because people always prefer it no matter what the consequences, but because it allows the expression of a preference in the first place.