Bitcoin Heist. Source: (multiple)

As some of you know by know, I have been a proponent of Bitcoins for some time. I believe that Bitcoin is a truly revolutionary technology and a harbinger of things soon to come.

At the same time, Bitcoin is also a nascent technology and as such has many rough edges that still need to be smoothed out. One of its most serious weaknesses is the security model. A prominent member of the Bitcoin community unfortunately learned this the hard way when over $500,000 USD in current value were stolen.

Currently, all wallets are stored on the hard drive in unencrypted form. This means that anyone with access to your hard drive can steal your coins. This is akin to walking around on the street with tens of thousands of dollars in your pocket. Anyone can mug you and take it all, leaving you with little to no recourse.

What makes this a particularly glaring flaw is that anyone with a copy of your digital wallet can not only steal your current coins, but all of your future coins as well. You see, your bitcoin wallet is really more like the keys to the safe. If someone copies your keys, they can access your safe anytime they want.

Bitcoin will soon feature encryption which should reduce the surface area of this sort of attack, but that won’t protect users if they’ve been using unencrypted wallets in the past and those managed to leak out with them unaware. They would have to transfer all coins to the new wallet, and ensure nobody was still using any of their old addresses.

This also still leaves the problem of keyloggers, trojans, and weak passwords. If your keys can be duplicated, and worse, can be used against your future coins as well, then you only have to fail once to be wiped out. That is simply not robust and not acceptable for any system which can store large amounts of value.

When it comes to the banking system, fraudulent transactions can be reversed and can be traced. Bitcoins are more akin to physical cash or bullion, which leads to many advantages such as decentralization and lower fees, but also leads to many disadvantages as people become responsible for their own security.

The reality is that most people are not security experts and most people do not run uber-hardened systems. If Bitcoin is to become a serious competitor then the infrastructure surrounding it needs to become more robust. I still believe that it is a truly revolutionary technology with great potential for disruptive change, and it has a great future for micropayments and other similar niches, but it is currently too easy for an average user to get hacked or otherwise lose all of their Bitcoins.

Posts of the week

This week I guest posted over at Super Frugalette, writing “Going for quality is the frugal way”. This post is about the ongoing choices we have to make between quality and cheap.

On to weekend reading!

Weekend Reading

Bitcoin
The economy
Investing
Miscellaneous
Personal finance
Carnivals

Have a great weekend, everyone.

Related Posts Plugin for WordPress, Blogger...

Get future posts delivered directly to your inbox!

About

Kevin has left the office, and he is currently fighting the rat race by working on his own business. He enjoys exploring unvisited places around the world and gaining new experiences. He believes that by properly managing our energy and time, we can learn to invest our lives wisely.

30 Comments Kevin on Jun 17th 2011

30 Responses to “Weekend Reading: Bitcoin Heist Edition”

  1. I had never heard about Bitcoin until earlier this week. I thought it was an interesting concept. One of the features of Bitcoin as I understood the article that I was reading was the security since I thought it was a 32 character password (? not sure if I am right since I am not tech savvy). Now I see that someone lost $500,000 worth! Unbelievable. I will have to learn more but am thinking that having all eggs in one place is not a good idea.

    • Kevin says:

      A Bitcoin is just about impossible to fake, but they are not impossible to steal… that’s the downside. Imagine a cash that was very difficult to counterfeit, but could still be taken from someone else’s wallet. That’s the situation we have with Bitcoins.

  2. Have you tried mining Bitcoin? How did it work out?
    I tried for a few days and it was just not fun. The computer spew out so much heat, it was making me uncomfortable.

    • Kevin says:

      I did back near the project’s beginnings back when it was still easy to do so with cpu mining. I didn’t take it seriously at the time though and I just ran it every now and then, so I certainly didn’t amass a stash like the guy in the story. In retrospect I should have been pumping those 24/7!

  3. Thanks for the link Kevin! I’m certainly not sold on the Bitcoin concept. It just doesn’t seem practical, and something else is going to be bigger and better, and leave them in the dust… that someone will probably be Google by the way things are going. ;)

    • Kevin says:

      Bitcoin is still a big experiment so it’s hard to say where things will end up, but it’s really great to see things progress and to see so much innovation taking place. In that sense there are no real losers since every iteration is a step forward.

  4. Every time I hear anything about Bitcoin, I think of you! I had never heard of it until I read about Bitcoin on your blog awhile ago.

    Thanks for the link, and have a really great weekend!

  5. $500K is a lot of money to have stashed in bitcoins. I don’t think I would be comfortable having $5K in BitCoins at this point in their development.

    • Kevin says:

      The early adopters are those with the largest balances since they mined Bitcoin when they were worth pennies and when there wasn’t much mining competition. Now these balances are worth millions and this is attracting hackers like flies to honey.

  6. Thanks for the mention. I hear Bitcoin has been having some problems of late.

    • Kevin says:

      Yep first there was the huge hack and then apparently millions in value were stolen on MTGOX. It’s been reported that the theft has been reversed save for $1000 USD, but at this time since not much information has been released it’s hard to say how many bitcoins and USD made it off the exchange before it was shut down.

  7. I’m not yet sold on Bitcoin, but could be interesting to watch the uptake. I guess I’m taking a wait and see approach like others.

    Thanks very much for the mention, have a great weekend!

  8. Hi Kevin, Just saw an article about this in Bloomsburg Businessweek magazine. Thanks for the info, very interesting. Clearly, the hacking risk seems kind of scary.

    • Kevin says:

      Internet security is going to become increasingly important as more and more of our lives move online! This is clearly being seen with the events at Sony and other places. I just hope that this isn’t used as an excuse to wrap up some dirty legislation in the guise of protecting internet users.

  9. Thanks for the mention! I can’t say I am sold on bitcoin but I find it an interesting concept.

    • Kevin says:

      I think it will continue to fill a niche so long as people continue to find it valuable. It needs more work before it’s ready for the mainstream, though.

  10. Forest says:

    Sad they lost that cash :(. I guess I will wait at least until bitcoin encrypts their cash but still very interested.

    Thanks for the link.

    • Kevin says:

      Encryption should be the minimum, but it only reduces the attack vectors, it doesn’t eliminate them. Also, since a wallet is really like the keys, just having a wallet out there in the wild is a risk even if it’s encrypted. After all, if the safe is valuable enough one can bring significant resources to bear against cracking the encryption.

  11. Thanks for the link Kevin. I appreciate it… though I think you might have been thinking of other things when you entered my blog name ;-)

  12. 101 Centavos says:

    Fascinating stuff…. Logical that that the solid encryption of Bitcoins themselves doesn’t extend to the individual “wallets”. Not very practical, but logical. If Bitcoin is to progress beyond curiosity, it will have to address these issues, and it sounds like they are being addressed.
    Thanks for the link.

    • Kevin says:

      Unfortunately the data has to be decrypted at some part of the chain in order for it to be read. It’s like having a set of keys to the safe… you need at least one copy! Encryption would not have helped the guy who was hacked because his computer was compromised… meaning the hacker would have had full access to his data and could have used a keylogger to capture his password.

      Something stronger will be needed down the road. I’m not sure what, but probably some form of two-factor or even higher encryption is needed, as well as confirmation for large transactions. This is impossible with a decentralized non-repudiable currency like Bitcoin unless you build infrastructure on top of it that supports it, but then you introduce counter-party risk by doing so.

      It’s still looking good for micro-transactions IMO but I’m not sure about keeping large stores of value in the system, especially not ATM.

      • Kevin says:

        Speaking of counter-party risk, the largest exchange MTGOX has been down for a couple of days now after a major break-in compromised everyone’s accounts and drove the market price to $0.01! They are currently auditing their systems and preparing for a rollback of the most recent trades.

  13. I guess I’m out of the loop, but I hadn’t heard of Bitcoin until I read your article. Thanks for enlightening me! Thanks for including my article too. :)

  14. Thanks for the mention, Kevin. Hope you’re well!