Bitcoin’s Hidden Pitfalls and Dangers

By Tyler Cohen Wood

Last week brought news that Bitfinex, a leading Bitcoin exchange, lost an estimated $65 million due to a recent hacking incident. Bitfinex has stated that as a result, their users will lose 36% of their funds to make up for the losses incurred by the hack. Bitfinex is only one of the latest targets in hacks against a Bitcoin or online currency exchanges. Bitfinex has stated that they will eventually either reimburse users or offer stock options in their parent company to make up for the loss. Other exchanges have been forced out of business, leaving their users holding the bag. In the wake of the Bitfinex hack, people and businesses are getting concerned about the security and use of Bitcoins and other online currencies.

Bitcoin is an online digital currency that can be used to trade directly from person to person or from businesses or Bitcoin services like exchanges in order to purchase items. Subway, Overstock, PayPal, and many other legitimate companies accept Bitcoins and there are advantages to the online currency.  Bitcoin is the best known online currency, but it’s certainly not the only one.  Others include Litecoin, Peercoin, and Primecoin. 

How Does Bitcoin Work?

Bitcoins are most commonly purchased using regular currency in “exchanges” like Bitfinex.  Bitcoin is a decentralized currency, meaning there is no one holder of all Bitcoins, which sets it apart from banks and other “brick and mortar” financial institutions.  If an exchange gets hacked and the losses are substantial, users run the risk of losing either a percentage of or all their Bitcoin balance in an exchange, as could be the case for users of the Binifex exchange. Cyberattacks on exchanges occur fairly regularly.

Most users access Bitcoins using a “wallet”. The wallet is a user interface that shows a user’s Bitcoin balance, can create user account addresses, and also contains the secure encryption keys that authenticate each transaction. Transactions are verified by the Bitcoin network and kept in a public ledger which is accessible to all users, sort of like a public bank statement. This ledger is called a “blockchain”. The ledger only shows the account number and the transactions but not sensitive details about the user, such as real name, credit card info or email.

Once a number of transactions have been made the block is encrypted and moves to the next block in the chain. As more transactions are made, new blocks are added to the public ledger, like a chain, hence the name “blockchain”. A blockchain is shared by all users of the Bitcoin network, so it is difficult for a middleman to tamper with a transaction without everyone being able to notice the discrepancy. 

Keep in mind, the actual tally of coins or transactions is contained in the public ledger or blockchain and not stored in the actual wallet. Some Bitcoin experts recommend that a unique address should be used for each transaction to ensure the highest level of security. Most Bitcoin wallets will create a new address each time you initiate a transaction. 

Why Use Bitcoin?

There are advantages to using Bitcoin.  Bitcoins can be used in any country. Also, exchanges often do not charge service fees and if they do, such fees are usually nominal. Users can send Bitcoins from person to person, without having to go through a bank or other clearinghouse. Bitcoin accounts cannot be frozen by governmental agencies or other authorities. There is no minimum balance required to maintain an account and no other monetary limits apply. When a user buys or sells Bitcoins or makes transactions using them, the transactions happens usually within 10 minutes. Another perceived advantage of using Bitcoin is that it’s anonymous, but the true anonymity of Bitcoin users depends on several circumstances, such as the wallet used, Tor and information supplied such as a fake name or email account. You do not need to register an account with a particular Bitcoin exchange or give personal details when opening an account.

Scams

Hacking isn’t the only danger to using Bitcoin.  Like most other online businesses, scammers work in the Bitcoin realm as well.  Some better known scams are:

• In 2013, a New York man was arrested in the first federal securities fraud case involving a Bitcoin investment scheme.  It was a new take on an old scam—the criminal raised money from investors in the form of Bitcoins while promising incredibly high interest rates on investments, while in reality he was just repaying existing investors with new investors’ Bitcoins. 
• Fake Bitcoin wallet vendors seek to attract users by offering greater transaction anonymity than a legitimate wallet. But, if a user’s Bitcoin balance in a downloaded fake wallet rises to a certain level, the scammers steal the Bitcoins.
• Phony Bitcoin exchanges offer better credit card processing rates than competitors but never send users the Bitcoins they purchased at the reduced rates.
• Phishing schemes target and send links to people informing them that they have “won” a number of Bitcoins. The victim clicks the link and the hacker now has full access to their Bitcoin account.

It is critical that when using Bitcoin or any other online currency that you employ a security awareness mindset. If someone offers a spectacularly high return on a Bitcoin investment or very low transaction fee on purchasing Bitcoins, you should be suspicious. As with many things in life, if it sounds too good to be true, it probably is. 

Also, realize that when dealing with online currency accounts, you’re not guaranteed any reimbursement protection in case your Bitcoins are stolen.  The Bitcoin industry is not regulated like mainstream banks and investment companies are. 

As with any other online technology, make sure you educate yourself on the current threat vectors associated with that technology.  If you’re a business considering using online currency, make sure you and your employees know what you may be getting into.   And remember, there is no way to guarantee that your transactions will be anonymous.

For more information on how to stay cyber safe, check out our comprehensive, award winning security awareness program: https://www.inspiredelearning.com/catalog/courses/.