One of the biggest advantages claimed for cryptocurrency is its security. The blockchain—the digital ledger that tracks the movement of every coin—can’t be hacked. Money can’t disappear from someone’s purse, never to be seen again. It’s possible to look at the records on the blockchain and see what happened to every coin from the moment it was mined to its current position. Here’s why cryptocurrency is still secure despite the hackers.
In theory, Bitcoin should be unstealable money. In practice, it hasn’t worked out that way.
As soon as digital currencies acquired a value, they attracted the attention of thieves. And those thieves were very clever and very effective. Robbing a bank usually means buying a balaclava and a gun, and risk being shot by a security guard. The theft of a digital coin can usually be performed in a thief’s bedroom using nothing more dangerous than a keyboard and an Internet connection.
But while the risk is low, the rewards can be huge. The 2014 robbery of Mt. Gox, then the world’s biggest cryptocurrency exchange, was worth $460 million. In 2018, thieves took $500 million of NEM from CoinCheck.
The biggest physical bank robbery, which took place in Brazil in 2005, was worth “only” $69.8 million. In 2019 alone, criminals got away with $4.26 billion worth of digital coins, according to one report.
That might suggest that the security of cryptocurrencies is overstated and that you’re better off stashing your cash in a metal box under the bed.
But it’s not so simple.
None of the hacks have taken place on the blockchain itself.
A few hacks have been the result of attacks on individual phones but most of the robberies have taken place on exchanges. An exchange is where people store their coins before transferring them in a transaction or converting them to fiat.
As far as thieves are concerned, exchanges are where the money is.
A hacker who can break into an exchange’s system and access user keys can do anything he wants with other people’s funds. And while the money the thieves make off with can’t be forced back—a blockchain doesn’t usually allow transactions to be undone—the money can be tracked.
The digital ledger keeps a record of the movement of every coin. Anyone can see where their money went after it was stolen out of the exchange. An individual can’t see who owns the public key their funds are associated with — but they can see the key itself.
That means that while victims can’t take their money back — they can freeze it.
After CoinCheck was hacked, the exchange identified and published a list of eleven addresses that held all its stolen coins.
Each of those addresses now carries a tag that says:
“coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.”
Developers then created a tool that enabled exchanges to automatically reject those coins.
So while the value of the theft might have been half a billion dollars, those stolen coins are now just about worthless to the scummy-scurrvy-dirty-rotten-cheating-[asswipes] who are thieves. The original owners might not be able to get them back but the thieves can’t move them either. It’s as though a bank had placed a special dye in its banknotes that turned them black as soon as they were stolen.
These events have a couple of implications for users of cryptocurrencies.
- First, all of us should be aware that despite the hype about cryptosecurity, it is possible to be robbed, so they have to be cautious.
- Second, keep your private keys safe.
- Only store online the amounts needed to make transfers and perform transactions.
- Private keys to large funds should be kept in cold storage so that they can’t be hacked. But users shouldn’t fear the loss of their coins. Unlike theater-goers with bulging wallets and expensive jewelry, individuals aren’t usually the targets of digital muggers looking to steal digital money.
- The weak links in the cryptocurrency system are the exchanges, not the blockchain or individuals.
- Cryptocurrency users should only use exchanges that carry insurance. When Binance was robbed of $40 million earlier this year, the company announced a “large scale security breach.”
- No Binance customers suffered personal losses because the exchange was able to draw on its emergency insurance fund.
The existence of insurance funds will become an increasingly important draw for people choosing an exchange.
The purchased insurance costs The Exchange money. Because The Exchange is putting up money for insurance, it will force The Exchange to pay even more attention to its security. Exchanges are working to make their systems harder to hack. At the same time, as blockchains freeze wallets that hold stolen funds — the rewards for a successful hack will shrink.
Cryptocrime won’t go away but it will become less of a threat, making cryptocurrencies increasingly secure.