This article by has originally published at CoinCentral.com
Are you a Bitcoin Holder? Can Bitcoin be hacked? Any software can be hacked, but that isn’t necessarily a bad thing. Hacks make cryptocurrency more secure. After all, anything that doesn’t kill you makes you stronger, right?
Are you a Bitcoin Holder?
Do you hold Bitcoins in your wallet? Can Bitcoin Be Hacked? Get Hacked and Find Out!
Bitcoin Security: Bubble Boy and the Sewer Rat
Andreas Antonopoulos presents a lecture called “Bitcoin Security: Bubble Boy and the Sewer Rat.” In this lecture, he explores centralized systems as a “bubble boy”–a system created to be secure by isolating it from external forces. Eventually, the bubble bursts, exposing the system, and living in isolation prevented that system from building an immunity to attacks.
On the other hand, Andreas argues that open blockchains like Bitcoin are “sewer rats.” They live in the wild subject to untold hostile forces. Consequently, they build immune systems by necessity. Hacks happen, but the solutions serve to harden the system against future attacks.
As Andreas says at the end of the talk:
“All forms of cryptography can be broken. All forms of cryptography are eventually broken. That is a truism… including that currently behind Bitcoin, yes. The question again is time scale… We expect cryptography to be broken. We expect every system and subsystem within Bitcoin eventually to be weakened. What we need to do is 1) make sure that any such weaknesses are not systemic and complete. Then, 2) identify the weaknesses early enough to start addressing them so they don’t become systemic. The best way you do that is by existing in an open, collaborative environment where you learn about those weaknesses.”
Open up Your Code and Let the Sun Shine In
Like many cryptocurrency projects, Bitcoin serves as an open source project. And in open source projects, anyone can view the code. Just download the code and study it to find out if Bitcoin can be hacked! With a multitude of eyes looking at the code, the problems reveal themselves more readily, and programmers resolve the issues as people identify them.
Recently, a developer working on Bitcoin for the Digital Currency Initiative at the MIT Media Lab discovered a vulnerability in Bitcoin Cash. The Bitcoin holder and Bitcoin Cash communities generally get along about as well as the Road Runner and Wile E. Coyote, and with about the same results.
This vulnerability if exploited could have potentially destroyed Bitcoin Cash as a payment system from that point onward. The programmer acted honorably and, privately informed the Bitcoin Cash project of the flaw. They fixed the bug before anyone exploited it, and publicly disclosed the fix on May 7, 2018.
Smart Contracts (Or Not so Smart)
From a security perspective, smart contracts present one of the greatest challenges of the blockchain. Smart contracts are pieces of executable code to manage transactions, and they live on the blockchain. Since they live on the blockchain, they live forever. And since they live forever, any bugs or security vulnerabilities they contain also live forever.
Poorly designed and implemented the code in a smart contract can lead to enormous financial losses. The infamous DAO hack resulted from a poorly coded smart contract.
Hackers love complex code because bugs live there. Conversely, security loves simplicity. The Bitcoin community designed the Bitcoin Script language to be simple and limited purposely as a security measure.
Throw It Against the Wallet and See If It Sticks
Wallets own the responsibility of managing private keys since they provide storage for your private keys. Bitcoin holder uses an online wallet, and its private data lives on someone else’s server, subject to their vulnerabilities. But if you use a wallet on your hard drive, that drive might die. Offline hardware wallets provide the best security.
Against the Wallet
Storing crypto in online wallets invites attacks.
One way hackers do this is first, they obtain your email address and phone number, information readily available for most people. Next, they initiate a password reset for your account. Then they exploit vulnerabilities in the Signaling System 7 (SS7) telephony protocol.
Major cell phone companies such as AT&T and Verizon use this protocol. Using this protocol, the hackers intercept the authorization token the company sends to the victim’s account.
Having accomplished this, the hackers now access the two-factor authentication codes sent to the victim’s phone. With this, they access the user’s account on a system like Coinbase and access the victim’s funds.
What goes around comes around and ironically some crypto flaws bite back at the hackers.
Researchers from a number of universities including Princeton, Carnegie Mellon, Boston University, and MIT discovered a privacy defect in Monero. Contrary to Monero’s purpose, this flaw allowed someone to see the details of transactions and identify who made those transactions.
Final Thoughts – Can Bitcoin Be Hacked?
Software never ends, bugs infest software, and security vulnerabilities define a certain class of bug. Some hacks derive from cleverly manipulating the code. But some hacks disregard technology altogether.
In December of 2017, NiceHash suspended operations due to a hack that cost $64 million. NiceHash claimed the attack to be “highly professional” and included “sophisticated social engineering.”
Social engineering means nothing more than old-fashioned con artist shenanigans. Hackers use social engineering to convince people to give up their passwords, provide access, or give up other useful information.
Can Bitcoin be hacked? Let me count the ways. But every flaw discovered and fixed strengthens the system for the better.
Please write to us at firstname.lastname@example.org if you want to contribute any article for this blog. Your name will be featured with that content.
If you want to report any issue with the above content, write to us at email@example.com. We respect your suggestions.