The good and the bad sides of the Bitcoin network
It is ten years since cryptomorphs were introduced into our lives and their advocates have pointed to it as the safest form of currency. Although I take a similar view, over that time we have realized that even the best security systems are subject to failure. In this article, we look at the good, the bad and the dark (The Good, the Bad and the Ugly) of cryptomo coins based on the Bitcoin network.
Cryptography like Bitcoin uses cryptography as the basis of its protocol to create an unspecified, decentralised currency. In the case of Bitcoin, the SHA-256 encryption adopted both for its Working Proof structure and for transaction authentication.
The security of the Bitcoin protocol is provided based on one of its critical features? the transaction blockchain. When we talk about blockchain we should think of a number of blocks that have transaction records. The blockchain starts with the seminal block, which is also described as the genesis block. The creation of a chain of blocks occurs when transactions and hashes resolved add new blocks after the genesis block.
In simpler terms, the blockchain used to support Bitcoin records data about transactions, including the sender, recipient, the volume of Bitcoins transferred, as well as the transaction time. Thus, every 10 minutes all the transfers that occurred in this period are grouped in a block.
Bitcoin generation. In this process, the miners reach a consensus on which transfers are authentic, and then these are added to the network.
Within the Bitcoin protocol, the blockchain that has gone through the most Work is considered the best. Therefore, the entire protocol uses this blockchain as a reference for authenticating transactions. Once a transaction is validated, it results in Bitcoins expense.
Now, let’s consider a situation where there is malicious activity in the Bitcoin network, such as if an individual wants to spend Bitcoins that he does not actually own. In such a scenario, the transaction is cancelled and removed from the rest of the blockchain because the network of miners identifies the fraudulent nature of such a transfer.
If you are wondering what the difference is between the blockchain technology, the underlying platform for Bitcoin Freedom transactions, and the traditional techniques in use today, the answer is simple. Conventional approaches have a single point of failure, which means that malicious parties only need to infiltrate a central server in order to execute traditional attacks.
In contrast, in the blockchain the situation is different due to its decentralised nature. It eliminates the possibility of the network having a single point of failure/attack. Essentially, the devices that maintain the network function are distributed around the world. Therefore, if a single device is dysfunctional, all others will still support the network’s smooth operation.
As we have seen, the Bitcoin protocol is almost impenetrable when thought in isolation. However, the same cannot be said of the platforms and amenities that deal with Bitcoin transactions. Let’s see some examples:
This company operates as a Bitcoin portfolio service provider. However, at the end of 2013 the company was subject to two hacking incidents. Cumulatively, up to 4,100 Bitcoins with an estimated value of US$ 1.2 million were stolen.
This attack was executed through a social engineering attack that allowed hackers to access the company’s infrastructure hosted on Linode, which is a cloud hosting provider. By infiltrating several email accounts, including one created by the founder of inputs.io six years before the attack, the hacker was able to gain access to the platform’s Linode account and changed his password.
It was probably the biggest violation so far. She even forced this former leader of Bitcoin’s exchange services to file for a concordat after US$468 million coins disappeared from the platform.
The decline of Mt.Gox began in February 2017, when the company stopped withdrawals from Bitcoin as a result of heavy distributed denial of service (DDoS) attacks focused on capitalising on Bitcoin’s transaction malleability. Transaction malleability refers to a situation where transactions are changed to look like they failed, when in reality they were successful.
Although Mt.Gox cited the transaction malleability as the main reason for its collapse, internal company data that leaked showed that in addition to this problem, the service had weak security protocols as well as weak accounting procedures.
The situation at Mt.Gox was further impaired as other service providers, such as Bitstamp, were able to solve their transaction malleability challenge and resume operations within days of freezing transactions.
For about 5 months, between September 2013 and January 2014, cybercriminals used a botnet called ‘Pony’ to infect a considerable number of PCs. As a result, hackers stole $220,000 worth of Bitcoins.
To put it in context, ‘Pony’ is the same botnet that was discovered for compromising more than two million passwords and keeping them on a server configured by the criminals. ‘Pony’ infiltrated the PCs and stole Bitcoin wallets stored locally on the affected devices. This case illustrates the risks associated with maintaining Bitcoin wallets on devices with an Internet connection.
Although the 51% attack does not qualify as a security breach in the original sense of the term, it does pose the greatest risk to the Bitcoin network. If an individual or a group of people has more than 50% of the computing power within the network, it will be exposed to that type of attack. This is possible because the computing power advantage can be used to bifurcate the primary transaction blockchain and engage in fraudulent activities, such as double spending.
While the possibility of such an attack seems impossible, the Bitcoin network almost suffered such an attack in 2017. Bitcoin enthusiasts were nervous when the Ghash.io, which is a mining pool, came close to the dreaded 50% limit. However, the problem was solved quickly and efficiently due to the migration of miners from this platform to smaller pools, as well as the pool’s decision to restrict approval of new miners.
This case has been solved independently, which may suggest that the network itself can manage its risks, however, being dependent on miners and pool owners doing the “right” thing is problematic and brings insecurity to the system. Although the distribution of mining authority has declined in terms of concentration, the reality is that we are still subject to a 51% attack.
It is difficult to refute the notion that in fact the Bitcoin network has security problems. However, we can conclude that security breaches and challenges are related to the people and services that trade and store the Bitcoins, and are not a result of the protocol itself.
For example, theft performed on inputs.io, as well as the use of the ‘Pony’ botnet capitalised from wallets kept online on PCs connected to the Internet. On the other hand, although the loss incurred in the Mt.Gox scandal was in fact from wallets stored outside the Internet, there is general consensus that the problem was a direct result of the automated system adopted by the platform, which collected data from offline wallets.