Bitcoin Box

A magazine dedicated to all things Bitcoin


The Bitcoin Security Challenge, Part I

author: Vitalik Buterin
published: 2011-06-23 19:08:36 UTC

Within two weeks of Bitcoin's sudden rise to new heights of popularity, Bitcoin has also begun to attract attention from certain less savory elements of society. No, I am not referring to people selling psychoactive substances that some governments do not approve of, or even the possibility of the Eastern European criminal underground using Bitcoin for their own purposes. There new individuals are the black-hat computer hackers intent on attacking Bitcoin users themselves. Here is an overview of what we have seen so far:

Technology review has called Bitcoin "an insecure economy built on a super secure currency", and this comment does accurately reflect the current state of Bitcoin security. It is widely known that MtGox originally stood for "Magic the Gathering Online eXchange", and a site originally intended for trading Magic cards is now, with some parts of the code minimally altered, serving as the center of an economy with a $60 million market capitalization. Other Bitcoin-related sites are, as we have seen, even less secure.

It is important to keep in mind that Bitcoin rose from obscurity into the center of the tech media over the course of merely a month, and the infrastructure has not had time to mature to keep up with the now much larger audience, but this is not an excuse for the state of Bitcoin security. People, including Bitcoin Box ourselves, have been complaining about this issue for months. If Bitcoin will, as its proponents hope, grow to become a significant force in the world market, this will not be the last or even the second last of its growth spurts, so Bitcoin security can no longer afford to be reactive and must instead be proactive. Bitcoin site operators must now prepare themselves for assaults not only by individual hackers with trojans and internet scripting vulnerabilities, but also by million-computer botnets and powerful underground organizations, potentially including those supported by hostile governments.

It is also important to keep in mind that Bitcoin itself has survived the crisis unscathed. Some consider the crisis evidence that Bitcoin is not resilient, and some even see this as the end of Bitcoin - the image of Bitcoin's "value" plummetting to 0.01 USD is being reposted on dozens of anti-Bitcoin articles as a symbol of doom and gloom for the currency, but there is a distinction between the institutions based on Bitcoin and Bitcoin itself. It is worth reiterating Technology Review's comment: "an insecure economy built on a super secure currency". The issue is that the Bitcoin economy has grown too centralized, with store prices being based directly on the MtGox exchange rate, and the perceived value of Bitcoin is also far too closely based on the exchange rate. Hopefully the crisis will convince stores to base their prices off of more stable markers, such as an average across multiple markets or a 7-day moving average, stabilizing the market, and perhaps even convince Bitcoin owners to see themselves as owning the potential to buy not only USD but also actual products. If this happens, then the greatest vulnerability of the Bitcoin economy, the centralization around MtGox, will be, if not removed, at least mitigated, and Bitcoin will grow out of the crisis stronger than before. And the market realizes this: the value of Bitcoin on other exchanges is staying stable at $12-$16 throughout the crisis, which clearly shows that Bitcoin is, despite the opinions of Doug Casey, a durable store of value - Casey himself was misled by the MtGox value plunging to 0.01, but Bitcoin clearly has value not just on a computer screen but also in the minds of its users, and that's what matters.

The security situation with Bitcoin is improving: there is a pull request for the Bitcoin wallet to be encrypted and require a passphrase to access. There is also the possibility of storing bitcoins in an online account at MyBitcoin or InstaWallet, although the security policies of these sites are unknown (edit: since the original writing, MyBitcoin has described their security policies in detail). There will be more secure options available, for those willing to give up control over their own wallets in exchange for peace of mind. "The big difference here is that people will have a real option," Patrick Strateman says. "Everyone has the options offered by the old system, plus they have new options as well. Even if many users turn to bank-like organizations to keep their bitcoins safe, it will still be possible to use the less controlled (if riskier) methods that prevail today". MtGox and some other exchanges are willing to work with governments to police the Bitcoin economy, and on top of cryptographic security (which, to partially exonerate MtGox, is not much better in the conventional economy) we may see some traditional regulatory protection. Bitcoin users are not forced to interact with the government; regardless of what any Bitcoin business does, the currency itself still has the option of pseudonymity and near-untraceability. Ideas to improve the state of Bitcoin security have existed for a long time, but what is important is that they are finally gaining traction. Hopefully, the Bitcoin community has learned its lesson, and will work hard to establish standards for security that respect the fact that once a criminal steals some Bitcoins he can immediately launder and disappear with them - standards much higher than even those used in the conventional financial world.

The next part of this series will discuss in detail the human element in Bitcoin security.

Random Articles

Bitcoin and Chinese Adoption

By: Kiba

Nefario thought of a bright idea of sneaking bitcoin into the classroom by proposing that bitcoin could be used as "toy money" to learn how business work without getting into terrible trouble. Exce...

Bitcoin in a Post-Scarcity World

By: James Stephenson

The price of a particular good or service is governed by supply and demand. The concept is a very simple one. If many people want to buy a limited good or service, then the people that are willing ...

Expanding the Bitcoin Economy - Legitimate Businesses and Food

By: Vitalik Buterin

The value of Bitcoin has recently shot up by over 50%, surpassing its previous high of $1.10 USD in February and bringing to an en...

blog comments powered by Disqus