Security is of the utmost importance when it comes to money, but how does one define security in Bitcoin? Traditionally, securing one’s savings has meant handing it over to a bank, but Bitcoin security requires quite a bit more personal responsibility — at least on an optional basis.
Different people have wide-ranging responses to the question of whether Bitcoin is a secure alternative to the legacy banking system. Those who love the idea of taking responsibility for their own financial sovereignty view Bitcoin as the most secure monetary system that could ever exist. On the other hand, there are also plenty of people who have stories of losing tens of thousands of dollars (or more) when they threw out an old laptop or left some bitcoin on an exchange.
Let’s take a closer look at Bitcoin security and figure out whether it’s possible for the digital asset to be stored safely by most users.
The One Time Bitcoin Was Hacked
There have been countless reports in the media of Bitcoin being hacked over the years, but effectively none of these hacking incidents had anything to do with the base protocol layer. In fact, the Bitcoin network has only been “hacked” once.
In August 2010, someone created billions of new bitcoin out of thin air. The transaction that created these new bitcoin was valid under the consensus rules at the time, but the valid nature of this transaction was unintentional.
As the Bitcoin Wiki explains, “This was possible because the code used for checking transactions before including them in a block didn’t account for the case of outputs so large that they overflowed when summed.”
A soft-forking fix for the error, which is now known as the value overflow incident, was released within five hours.
It should be noted that this incident occurred only a year and a half after the original Bitcoin client was released. Practically no one was using Bitcoin at the time, and a single bitcoin was trading for pennies on Mt. Gox.
No other bugs of a similar severity have been exploited since then, and it should be noted that no users lost funds during the incident.
As the Bitcoin network has grown, the consensus-related codebase has been thoroughly reviewed by many more developers (both friendly and adversarial). As the bitcoin price goes up, so does the effective bounty for finding a bug in the consensus code. At this point, it’s extremely unlikely that there is some bug as bad as the one exploited in 2010 still lurking in the code.
Having said that, the consensus code has not reached the point of ossification. This means changes are made to the code every now and then, which could introduce new bugs.
Exchange Hacks and Other Custodial Failures
The vast majority of the Bitcoin hacks reported in the media have to do with exchanges or other situations in which users hand over the private keys associated with their bitcoin addresses to a third party.
The bankruptcy of Mt. Gox is the most well-known example of this problem, but there have been many other exchange hacks throughout Bitcoin’s history.
These days, the most widely used exchanges tend to be much more professional and secure. However, slip-ups still happen from time to time due to the difficulties associated with securely storing large amounts of bitcoin. For example, Binance was recently hacked for roughly $40 million worth of bitcoin. Having said that, the exchange had policies in place to ensure none of its users lost any funds.
In addition to implementing best practices and providing at least partial insurance for users’ funds, exchanges are also now looking at technical protections against hacks. Specifically, the Arwen protocol and the Lightning Network are two options that allow users to trade bitcoin without handing over custody of their coins to the exchanges.
Another area where hacks are quite common is in the realm of darknet markets. This is due to the fact that users are effectively trusting an anonymous entity with custody of their bitcoin while they do business on the market. Multisig integration has been somewhat helpful in curbing the issues with darknet market hacks and exit scams. However, it is extremely difficult to implement a perfect solution when anonymous, trusted third parties are involved.
Bitcoin and Personal Responsibility
At the end of the day, the key difference between Bitcoin and the traditional financial system comes down to personal responsibility. In terms of online payment systems, most people are used to platforms on which transactions are reversible. But these are also places where it’s at least somewhat likely that user credentials will be stolen and used for fraudulent purposes at some point in the future.
In addition to reversible payments, traditional online payment accounts are also subject to seizure, closure and other types of financial censorship. For example, plenty of PayPal users have dealt with situations in which their funds have been seized or their accounts have been closed for a variety of reasons (e.g., Alex Jones, cam girls, Gab, WikiLeaks). In the world of fiat currency, it’s possible for financial institutions or governments to block access or seize funds from any user at the drop of a hat.
Even with the lackluster options that have been available up to this point in terms of keeping one’s bitcoin holdings secure, many people have decided to turn to the cryptocurrency because it was impossible for them to use traditional online banking options. In other words: There are trade-offs associated with using traditional options too — if they’re even able to be used at all.
Improvements to Bitcoin Security Are Ongoing
Having said that, there are plenty of improvements in the works in terms of helping users safely interact with the Bitcoin network. Hardware wallets have come a long way since the first TREZOR was made available for pre-order in 2013. Additionally, secure enclaves are becoming increasingly available and usable for mobile bitcoin wallet developers. Casa is perhaps the most advanced bitcoin storage solution for those who are able to afford the associated costs.
In terms of the Bitcoin protocol itself, further improvements are always ongoing. For example, we’ll see better security through smart contracts that create additional requirements before funds can be spent. MIT Digital Currency Initiative co-founder Jeremy Rubin recently offered a draft Bitcoin Improvement Proposal (BIP) related to this concept (source). As mentioned previously, the eventual ossification of the base network layer will also offer peace of mind in terms of making sure new bugs are never introduced into the protocol in the future.
Still, a certain level of personal responsibility will always be necessary when using Bitcoin as it was intended. This is an inherent cost associated with decentralization and financial sovereignty.
This is a guest post by Kyle Torpey. Opinions expressed are entirely his own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.