I have to confess that I just don’t get Bitcoin and the other cryptocurrencies.
I don’t mean the cryptographic part of it, I do understand how it works. And Silk Road and its replacements demonstrate the utility. But I don’t get why so many people use it the way they do. Cryptocurrency today seems to be a commodity traded on sketchy exchanges and not an actual currency. It was intended to be non-centralized and let anyone pay anyone else in a trusted but non-traceable way. But people have flocked to banks and third-party exchanges with disastrous results.
Mt. Gox was founded in mid-2010 and was handling 70% of all Bitcoin transactions by 2013. But in February, 2014 Mt. Gox suspended trading, closed its exchange, and filed for bankruptcy in Japan. 744,408 Bitcoin worth about $375 million have been stolen through transaction malleability vulnerabilities which went unnoticed for a significant length of time.
Flexcoin closed the following month with a terse statement, “On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.”
Also in March, Poloniex lost 12.3% of its stored Bitcoin, providing some details as to what went wrong. It wasn’t a flaw in the cryptocurrency itself, it was a flaw in the design of the transaction interface.
Even the intentionally silly cryptocurrencies get hacked. Doge Vault lost about 280 million Dogecoin (worth about $55,000 at the time) out of a total of 400 million. A spokesman for Doge Vault reported, “It is believed the attacker gained access to the node on which Doge Vault’s virtual machines were stored, providing them with full access to our systems. It is likely our database was also exposed containing user account information; passwords were stored using a strong one-way hashing algorithm. All private keys for addresses are presumed compromised; please do not transfer any funds to Doge Vault addresses.”
A study in April, 2013 found that out of 40 virtual currency exchanges that had been established on the Internet, 18 had gone out of business, 13 of those with no warning, five after being hacked. Four more remained open after suffering major breaches.
Why were people banking their cryptocurrency in third-party operations? This sure seems like a job for a dedicated air-gapped system running a trusted operating system, with encrypted backup stored cheaply in Amazon’s highly resilient Glacier cloud storage service as I described here and here.
I suppose the attraction of cryptocurrency on-line banks is related to why so many people don’t take full advantage of security mechanisms in IaaS cloud offerings. Doing it yourself can be difficult. Meanwhile I’ll continue to entertain the conspiracy theory that maybe Bitcoin was just a scheme to get the world to build a SHA-256 Rainbow Table.
Learning Tree’s System and Network Security Introduction course will teach you about cryptographic hash functions and Rainbow Tables. But no guarantees you’ll make heads or tails (har!) of common uses of cryptocurrencies.