Bitcoin’s here to stay – there’s no doubting that at this point. Despite the wild price fluctuations the cryptocurrency underwent in late 2017, and despite the fact that other blockchain-based digital currencies are much less expensive to both buy (and to mine), the primacy of the grandaddy of all cryptocurrencies is intact.
Aside from the dangers of not diversifying your investments, this resilient but controversial cryptocurrency does have plenty of things to teach us. One of the most important of these lessons is in web security – and how even though the Bitcoin blockchain itself is relatively secure, security problems exist between keyboard and chair; there are some serious security flaws in how coin holders have handled their investments, exposing themselves to needless levels of risk that could have otherwise been avoided..
To that end, we’ll be examining what kind of lessons can be learned from Bitcoin’s historical web security issues for 2018.
Bitcoin and Security
Like all cryptocurrencies, Bitcoin boasts high levels of built-in security because of its use of blockchain technology. This is common knowledge, but mechanics behind how this is accomplished can sometimes be murky. It’s important to keep in mind that in the case of cryptocurrencies, the protocol their blockchains use to create and establish these decentralized currencies is cryptography.
Blockchains use encryption; it’s as simple as that. In this case, Bitcoin makes use of a cryptographic algorithm known as SHA-256, so called because it generates 256-bit encryption packets. These packets are used both for verifying transactions and also the Proof of Work system used to verify mining activity on the blockchain. This forms the backbone for ensuring that the blockchain itself stays inviolate, keeping track of when and where Bitcoins are spent.
Double Spending – the Security Loophole
Because of a blockchain’s encryption, it’s commonly thought to be next to impossible to fool it. However, there’s one instance where this can occur — it’s extremely rare and it’s a highly unproductive method for skimming cryptocurrency from legitimate transactions, but in theory you can spend the same Bitcoins more than once. It’s known as double spending, and it’s capable of being done in a couple of different ways. One involves taking advantage of a merchant that doesn’t wait for confirmation on a transaction. It only works if someone spends Bitcoin at one of these merchants and then sends another, conflicting transaction somewhere else into the network before the first transaction is confirmed.
Meanwhile, the other method involves some chicanery with mining Bitcoins instead of spending them. Pre-mining a transaction into a block can provide a miner with coins that they can technically spend before they release the block into the blockchain to be added to the ledger. This is an even more rare occurrence, thanks to the high cost of mining Bitcoin to begin with; thankfully, it’s just more productive to run a legitimate Bitcoin miner, thanks to the ever-increasing amounts of computing power needed to mine a Bitcoin blocks.
With blockchain security so naturally high meaning that double spending is inordinately hard, this means that the Bitcoin blockchain itself is extremely resistant to any sort of tampering. However, the same cannot be said for anyone who actually possesses amounts of the cryptocurrency. In fact, thanks to the fallible nature of humanity, the only real security breaches are those created by our own lack of judgment.
There are a number of different types of security breaches that coin holders can fall victim to. Most of them are precipitated by storing cryptocurrency in digital wallets that were unsecured to begin with. This can take the form of a bitcoin wallet service like inputs.io getting hacked as it was in 2013, resulting in more than 4,100 Bitcoins being transferred from wallet holders against their wishes. It can also be in the form of distributed denial of service (DDoS) attacks against high-profile crypto exchanges, issues that have seen major exchange Mt. Gox declaring bankruptcy after losing more than $400 million in crypto assets. Future attacks of these types, and even more possible issues caused by individuals or groups stealing passwords and other information, are likely to continue into 2018 and beyond.
Keeping Your Wallet Safe
If there’s anything that can be learned from such security breaches, it’s a simple lesson indeed: using a web-based digital wallet service — one that’s connected to the internet — is perhaps the most dangerous decision a crypto investor can make. Using web-hosted digital wallets might be highly convenient if you’re engaging in trading currencies or making purchases with your Bitcoin, but it also makes it all-too easy for anyone with an internet connection to target that digital wallet provider and attempt a security breach.
An alternative that provides extra layers of security is, of course, to have your digital wallet on a local machine. Whether it’s a desktop, laptop, mobile device, or even a removable USB key drive, such a local wallet is infinitely more secure — provided you don’t lose access to the physical object and your private wallet key. A “paper” wallet that has the relevant information, including access keys, printed on it, acts in a similar manner, yet the fragility of a paper copy can sometimes work at cross-purposes to keeping crypto investments secure.
Examine the Past to Prepare for the Future
If there’s anything to be learned from Bitcoin and other cryptocurrencies when it comes to web security, it’s that the most vulnerable parts of any network are where they come into contact with human beings. The whole reason that the Bitcoin blockchain is so resistant to security breaches is because its operating rules are written in stone — it can’t be altered on the fly. By comparison, web-based wallet storage is designed to be interfaced with on nearly a granular level.
The problem is that using these web-based storage solutions, we’ve traded security for convenience. It’s a guaranteed recipe for disaster, but one that can be avoided with enough foresight — and by keeping the lessons of the past in mind.
Latest posts by Benjamin Shepardson
- What Bitcoin Can Teach us About Web Security in 2018 - March 23, 2018