Security Threats to Cryptocurrency owners.
Are you the weakest link?
January 29 2024
One thing cryptocurrency advocates talk about when they explain blockchain technology is that blockchains present no single point of failure. By a "central point of failure," they mean that there's no single place that could be attacked to stop or maliciously modify the network. In practice, we observe that the central point of failure associated with a centralized database is pushed towards the user's end of the spectrum on a blockchain. In effect; by owning your own money, you become a central point of failurefor the security of your funds.
What's new about the responsibility of holding crypto assets?
Instead of a single shared point of network failure as there might be for a traditional database, a digital asset holder stores a private key to access their own funds — which presents its own new central point of failure. In traditional banking, users didn't have to worry much about theft of their funds stored in the bank, or an accidental payment. This is because banks work with consumers to issue chargebacks for unintentional transactions. In a blockchain-based asset scenario, however, users are fully responsible for the safety of their funds.
In effect, by owning your own digital assets, you become a central point of failure for the security of your funds.
What "owning your own money" really entails
The decentralized movement pushes the idea of owning your own money as one of the strongest selling points to adopting cryptocurrency. The key idea here is that instead of central authorities being able to decide an economy's monetary policies, the monetary policy is embedded into the original software for the blockchain and remains immutable forever. The key word in that last sentence is "immutable." Some argue that immutability is everything you could ask for in money because it establishes robustness. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.
As explained in our article about the increasing value of digital assets, billions of dollars of blockchain-based cryptocurrency have been lost to hacks or unfortunate occurrences.
Taking control of your own crypto wealth puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. This means your funds are at risk of being stuck on the blockchain forever.
Bad key management is by far one of the most common ways that cryptocurrencies are lost. If people need a "forgot password" option to recover 9-character passwords, it's hard to believe that people will be able to maintain a 48-character piece of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days and stored it on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $315M at the present $42,000 spot price.
Key management is difficult even for people that are technology-savvy — imagine how hard it is for people that aren't involved in technology on a daily basis! Since blockchains are immutable, that means there isn't any way to issue a reversal in the event that you lose your private key or send a transaction by accident. Chainalysis has estimated that between 17 and 23 percent of all bitcoins have been lost. These are all losses of cryptocurrency as a result of losing a private key.
20% of all Bitcoin is lost forever. That's many billions of dollars of value, and in fact, in 2018 alone, over $1.1B was stolen.
In case all of this wasn't enough perspective, consider the fact that about US$4.5bn in Ether is stuck on the Ethereum blockchain from the genesis block, presumably because the users that this Ether was airdropped to did not save their private keys.
It isn't just self-imposed threats that are risks to cryptocurrency holders. For insight to this next excerpt, we refer to the Ross Ulbricht legal case. In this case, Ross was given a life sentence for running an illegal "free market" online marketplace which subsequently became a haven for drug traffickers. When he was arrested, police seized all of Ross's Bitcoin holdings, which amounted to over $28M at the time. The reason police were able to seize his holdings so easily is that wherever he held his Bitcoin was a central point of failure — a central point of failure brutally exploited by the government.
Hackers pose one of the most serious threats to cryptocurrency holders. In 2017 alone, 13.7% of the entire world's population reported a hack of some digital asset — including both bank account balance and cryptocurrency. This asserts two key and important points. One, hackers are rampant and will relentlessly continue to hack consumers. Two, consumers are not effective at personal security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this would be far greater of a threat than it is right now.
Hacks are possible through targeted malware or virus attacks, or deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a chrome VPN extension was hacked and stole saved private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2mn from average consumers. And in February 2018, a MyEtherWallet DNS hack let hackers steal US$365,000 in a short timeframe from users accessing their Ether wallets.
Exchanges have not been left out of the fun — with numerous major exchanges seeing thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.
Overall, billions of dollars of value have been lost to major cryptocurrency hacks since the rise of the asset class.
"The Winklevosses came up with an elaborate system to store and secure their private keys. They cut up printouts of their private keys into pieces and then distributed them in envelopes to safe deposit boxes around the country, so if one envelope were stolen the thief would not have the entire key."
"How the Winklevoss Twins Found Vindication in a Bitcoin Fortune" by Nathaniel Popper, New York Times, December 19, 2017
Digital Custody offers better solutions
Because the valuation of the cryptocurrency market capitalization is increasing over time, there is a higher valuation of digital assets as a whole.Given the presence of security threats such as those discussed in this article, and the valuation of digital assets increasing quickly, our original thesis is further solidified. Digital custody — whether centralized or decentralized — is an important theme as the market moves on from the manic hype and begins to understand the major fundamental issues regarding digital assets as a whole.
Vault12 recognized this early on, and has been working diligently since 2015 to discover ways of maintaining decentralized custody of digital assets. Read our other articles for more insights into our understanding of digital custody.
Thanks to Blake Commagere.
Wasim is a serial entrepreneur with five exits, and an advisor in the fields of AI, blockchain, cryptocurrency, and encryption solutions. At Vault12, he led the private and public fundraising efforts, and focuses today on expanding the Vault12 ecosystem. His crypto experience began with AlphaPoint, where he worked with the founding team to launch the world's first crypto trading exchanges.
Previously he was a founding member of Voltage Security, a spinout from Stanford University, that launched Identity-Based Encryption (IBE), a breakthrough in Public Key Cryptography, and pioneered the use of sophisticated data encryption to protect sensitive data across the world's payment systems. Wasim serves on the board of non-profit, StartOut, and is a Seedcamp and WeWork Labs global mentor.
Wasim graduated with a Bachelor of Science degree in Physics and French from the University of Sussex.
Blake is a serial entrepreneur, angel investor, and advisor to several companies in the SF Bay Area. He has started seven companies and sold five of them. He regularly gives talks on subjects including Growth Hacking, Fundraising, and Psychology Management.
He created the social gaming category by building some of the biggest apps ever (over 50 Million players) on Facebook, including the iconic games Zombies, Vampires, and Werewolves. Blake also wrote and designed the first version of Causes on Facebook, which has over 120 Million users and has raised over $100 million for various charities. Blake graduated with a Bachelor's degree in Computer Science from Rice University.
Social Recovery Vault for Digital Asset Security + Digital Inheritance for protecting the future of money.
Backup and Inheritance for BitcoinVault12 Guard Explainer