Vulnerability Management

The value of Bitcoın

We'd better get used to it: Bitcoin, once considered the currency of underground dealings – malware, drugs and even contract killers – is here to stay, in one form or another. A cryptocurrency – a peer-to-peer form of digital money that uses cryptography to ensure transactions can remain anonymous – Bitcoin has long been favored by individuals with a penchant for privacy.

Bitcoin first hit the scene in 2009 courtesy of the enigmatic Satoshi Nakamoto – whose identity, despite a much ballyhooed Newsweek story, still largely remains a mystery. Despite its vague origins, Bitcoin has become the most popular and most valuable of several cryptocurrencies, so much so that every incarnation spawned since, including Litecoin, Peercoin and Dogecoin, is referred to as an altcoin.

“Sadly, though, most altcoins do not offer anything new. They are all built on Bitcoin,” says Christian Decker, a researcher with the Distributed Computing Group at the Swiss Federal Institute of Technology in Zürich (ETH Zürich) who has written papers on Bitcoin and vulnerabilities presented by the system. “Altcoins have no place unless they really improve on what Bitcoin has to offer.”

Being first to the party certainly has its advantages. Namely, Bitcoin developers and users just flat out have a lot more experience with the cryptocurrency technology. And the currency has weathered the storm, surviving flaws and vulnerabilities (read: transaction malleability) and withstood exchange-side meltdowns (Mt. Gox). 

At this point, even if the Bitcoin “brand” disappears, its footprint is indelible.

“I do believe that in some form Bitcoin will be successful, whether it is in the current instance, an evolution of it, or a completely new system based on it,” Decker said. “Research and industry are continually working on improving Bitcoin so that it can be used more securely and easily.”

Securely and easily are the essential traits, especially with a technology in its infancy, and with a mainstream society that has relied – heavily – on a paper currency, banking and overall financial system that has worked almost seamlessly at least as far back as the Renaissance. 

But, invariably, things change. A world moving toward a more paper-free society –greener, if you will – is evidence of the value of change. But the value of Bitcoin is measured in more than just its modern, paperless approach and simplicity in enabling direct and private transactions. It has an actual dollar value – albeit one that fluctuates wildly.

In January 2011, Bitcoin was worth next to nothing. Six months later it was worth $32. More than two years after that it peaked at $1,151. By April 1, Bitcoin's value had dropped to about $486 – and that's no joke. Up and down it has gone, and though it continues to fluctuate, it is hard to ignore how financially valuable Bitcoin has become.

“It's here to stay, at least for a handful of niche demographics,” says Mike Hearn (left), a former developer with Google who now focuses on the development of Bitcoin. “I certainly hope it will become more mainstream, but of course, there are lots of very hard challenges that must be overcome for this.”

Hearn cites low transaction costs, an open platform for innovation, predictable inflation and decentralization as Bitcoin's greatest strengths. But, conversely, he says, the currency has great weaknesses; namely, it is highly vulnerable to government intervention and is incredibly easy to steal.

The latter sets off alarms, in particular for those who lack technological savvy. It definitely proves a hindrance when trying to catapult a cryptocurrency into the mainstream. Although defenses against thefts have evolved – becoming stronger every day – Bitcoin wallets and exchanges are still prime targets for virtual thieves.

In a Bitcoin exchange, where people trade other currencies for the Bitcoins, the cryptocurrency purchased is stored in an owner's digital wallet for use in transactions. Users can sign on with any number of wallet vendors that offer various services, or they can take a more manual role in handling their virtual finances. Typically, wallets are accessible across different platforms, including computers, tablets and smartphones.

Secure manual maintenance of a Bitcoin wallet takes more effort, requiring the use of encryption, creating backups, encrypting those backups, using multi-signatures and, as with all technology, keeping software updated. Users must also apply some common sense, which means not keeping all Bitcoins in a single, ready-to-use wallet. As a general rule of thumb, users should only make available whatever Bitcoins are needed – the rest should be stowed away in an offline wallet, known as cold storage, where it is less likely to be compromised in an attack.

“I spend a lot of time wondering about denial-of-service attacks on the network, and centralization of money in large wallets in general,” Hearn says. “I'd like to see people relying on [Bitcoin banks] less heavily.”

Letting a “bank,” a provider of Bitcoin storage services, take care of a Bitcoin stash is a bit of gamble, particularly at this unruly stage of the cryptocurrency game. Not only must users rely on a company and its security offerings for the safe storage of their virtual finances, but without general cryptocurrency regulations in place, most companies are not properly prepared to compensate users if a theft does occur. 

"Bitcoin is still rather complicated and the regulatory uncertainty is keeping it back."

– Christian Decker, researcher with the Distributed Computing Group at the Swiss Federal Institute of Technology

And, both big and small banks are equally at risk. Take Flexcoin as an example of how a small company can founder in the blink of an eye. In March, the company, which touted itself as the first Bitcoin bank, said an attacker stole 896 user Bitcoins – which at the time equaled just under $600,000 – by exploiting a number of flaws. Flexcoin said it had no resources or assets to recover from the loss and, as a result, shut down within 24 hours of the theft.

Now consider Mt. Gox, which up until the end of February was the largest Bitcoin exchange in the world. Plagued by ongoing problems, including sporadic trading shutdowns, the Tokyo-based exchange recently filed for bankruptcy in Japan, and later in the U.S., after announcing it lost 850,000 Bitcoins – nearly half a billion dollars at the time. About 750,000 of those Bitcoins belonged to users.

Although Mt. Gox later announced that 200,000 Bitcoins were recovered in an obsolete, old-format wallet, the theft was ultimately blamed on attackers who were said to have exploited a flaw in the software algorithm that underlies Bitcoin.

That flaw is known as transaction malleability, which, broken down very simply, is a variation of a double-spending issue that involves making a transaction, then quickly modifying it and making it again. If the modified transaction is confirmed first, the real transaction ends up disappearing from Bitcoin's public ledger, known as the block chain. It later can be reported as having never gone through, and the coins are sent again.

Decker does not believe transaction malleability ruined Mt. Gox. Along with colleague Roger Wattenhoffer, he studied Bitcoin transactions, including double spending and transaction malleability instances dating back to 2013, for a recently published research paper titled “Bitcoin Transaction Malleability and MtGox.” Although incidents may have transpired prior to that date, Decker learned that 1,811 Bitcoins were involved in attacks prior to Mt. Gox ceasing withdrawals, and that less than 25 percent of those attacks were successful.

Decker and Wattenhoffer concluded that only about 386 Bitcoins could have been stolen as a result of malleability attacks targeting Bitcoin exchanges. So what really happened? There are many other theories, some including hacks that took place long ago, as well as contentions by hackers accused in the Mt. Gox incident that the exchange's CEO Mark Karpeles was involved.

“Bitcoin is still rather complicated and the regulatory uncertainty is keeping it back,” Decker says. “Regulating Bitcoin is necessary in order to protect the users and give Bitcoin the much needed legality required for a large-scale adoption. Bitcoin could survive even if banned, but it couldn't achieve its full potential.”

However, Hearn takes the opposite stance. New legislation and regulations are much more likely to hurt Bitcoin than help, he says. “The biggest problems come from simple incompetence, which you can't regulate against, and fraud, which is already illegal.”

Regardless of its shaky history, Bitcoin has experienced a huge rise to prominence in three short years, though it is hard to say if it will continue to experience that same kind of upswing over the next three years. Perhaps legislation will pass and security improved enough for it to see mainstream adoption – or maybe it will plummet or just dissolve altogether following an uptick in new vulnerabilities and attacks. Either way, it will be impossible to overlook the value and impact the cryptocurrency had, at least for a while. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.