Security Threats to Cryptocurrency owners.
Are you the weakest link?
One thing that cryptocurrency advocates highlight when they explain blockchain technology is that blockchains present no single point of failure. By a "central point of failure," they mean that there's no single place that could be attacked to stop or maliciously modify the network. However, in practice, we observe that the central point of failure associated with a centralized database is pushed towards the user's end of the spectrum on a blockchain. In effect: by owning your own money, you become the central point of failure for the security of your funds.
Vault12 offers you a Personal Information security GPT to answer questions using our collected mix of expert articles. Try it here:
What's new about the responsibility of holding crypto assets?
Instead of a single shared point of network failure as there might be for a traditional database, a digital asset holder stores a private key to access their funds — which presents its own new central point of failure. In traditional banking, users didn't have to worry much about theft of their funds stored in the bank, or an accidental payment. This is because banks work with consumers to issue chargebacks for unintentional transactions. In a blockchain-based asset scenario, however, users are fully responsible for the safety of their funds.
In effect, by owning your own digital assets, you become a central point of failure for the security of your funds.
What "owning your own money" really entails
The decentralized movement pushes the idea of owning your own money as one of the strongest selling points to adopting cryptocurrency. The key idea here is that instead of central authorities being able to decide an economy's monetary policies, the monetary policy is embedded into the original software for the blockchain and remains immutable forever. The key word in that last sentence is "immutable." Some argue that immutability is everything you could ask for in money because it establishes robustness. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.
As explained in our article about the increasing value of digital assets, billions of dollars of blockchain-based cryptocurrency have been lost to hacks or unfortunate occurrences.
Unfortunate occurrences
Taking control of your own crypto wealth puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. This means your funds are at risk of being stuck on the blockchain forever.
Bad key management is by far one of the most common ways that cryptocurrencies are lost. If people need a "forgot password" option to recover 9-character passwords, it's hard to believe that people will be able to maintain a 48-character piece of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days and stored it on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $315M at the present $42,000 spot price.
Key management is difficult even for people that are technology-savvy — imagine how hard it is for people that aren't involved in technology on a daily basis! Since blockchains are immutable, that means there isn't any way to issue a reversal in the event that you lose your private key or send a transaction by accident. Chainalysis has estimated that between 17 and 23 percent of all bitcoins have been lost. These are all losses of cryptocurrency as a result of losing a private key.
领英推荐
20% of all Bitcoin is lost forever. That's many billions of dollars of value, and in fact, in 2018 alone, over $1.1B was stolen.
In case all of this wasn't enough perspective, consider the fact that about US$4.5bn in Ether is stuck on the Ethereum blockchain from the genesis block, presumably because the users that this Ether was airdropped to did not save their private keys.
Hostile actors
It isn't just self-imposed threats that are risks to cryptocurrency holders. For insight to this next excerpt, we refer to the Ross Ulbricht legal case. In this case, Ross was given a life sentence for running an illegal "free market'" online marketplace which subsequently became a haven for drug traffickers. When he was arrested, police seized all of Ross's Bitcoin holdings, which amounted to over $28M at the time. The reason police were able to seize his holdings so easily is that wherever he held his Bitcoin was a central point of failure — a central point of failure brutally exploited by the government.
Hackers pose one of the most serious threats to cryptocurrency holders. In 2017 alone, 13.7% of the entire world's population reported a hack of some digital asset — including both bank account balance and cryptocurrency. This asserts two key and important points. One, hackers are rampant and will relentlessly continue to hack consumers. Two, consumers are not effective at personal security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this would be far greater of a threat than it is right now.
Hacks are possible through targeted malware or virus attacks, or deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a chrome VPN extension was hacked and stole saved private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2mn from average consumers. And in February 2018, a MyEtherWallet DNS hack let hackers steal US$365,000 in a short timeframe from users accessing their Ether wallets.
Exchanges have not been left out of the fun — with numerous major exchanges seeing thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.
Overall, billions of dollars of value have been lost to major cryptocurrency hacks since the rise of the asset class.
"The Winklevosses came up with an elaborate system to store and secure their private keys. They cut up printouts of their private keys into pieces and then distributed them in envelopes to safe deposit boxes around the country, so if one envelope were stolen the thief would not have the entire key." -- "How the Winklevoss Twins Found Vindication in a Bitcoin Fortune" by Nathaniel Popper, New York Times, December 19, 2017
Digital Custody offers better solutions
Because the valuation of the cryptocurrency market capitalization is increasing over time, there is a higher valuation of digital assets as a whole. Given the presence of security threats such as those discussed in this article, and the valuation of digital assets increasing quickly, our original thesis is further solidified. Digital custody — whether centralized or decentralized — is an important theme as the market moves on from the manic hype and begins to understand the major fundamental issues regarding digital assets as a whole.
Vault12 recognized this early on, and has been working diligently since 2015 to discover ways of maintaining decentralized custody of digital assets. Read our other articles for more insights into our understanding of digital custody.
Vault12 offers you a Personal Information security GPT to answer questions using our collected mix of expert articles. Try it here: