Security Threats to Cryptocurrency owners
November 15 2021
One thing cryptocurrency advocates talk about when they explain blockchain technology to you is that blockchains present no single point of failure. By the central point of failure, they mean that there's no single place that you could attack to stop or maliciously modify the network. In practice, we observe that the central point of failure associated with a centralized database is pushed towards the user's end of the spectrum on a blockchain. In effect; by owning your own money, you become a central point of failurefor the security of your funds.
Instead of there being one single point of failure for the network as there would be in a traditional database, a cryptocurrency holder stores a private key to access their funds — which presents its own new central point of failure. In the first scenario, users didn't have to worry entirely about the theft of their funds stored in the bank, or an accidental payment. This is because banks work with consumers to issue chargebacks for unintentional transactions. In the second scenario, however, users are fully responsible for the safety of their funds.
In effect; by owning your own money, you become a central point of failure for the security of your funds.
What ‘owning your own money’ really entails
The decentralized movement pushes the idea of owning your own money as one of the strongest selling points to adopting cryptocurrency. The key idea here is that instead of central authorities being able to decide an economy's monetary policies, the monetary policy is embedded into the original software for the blockchain and remains immutable forever. The part of that last sentence to pay close attention to is 'immutable'. Some argue that immutability is everything you could ask for in money because it establishes soundness in money. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.
Taking control of your own crypto wealth puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. This means your funds are at risk of being stuck on the blockchain forever.
Bad key management is by far one of the most common ways that cryptocurrencies are lost. If people need a 'forgot password' option to recover 9-character passwords, it's hard to believe that people will be able to maintain a 48-character piece of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days and stored it on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $60M at the present $8,000 spot price.
Key management is difficult for people that are technology-savvy as is — imagine how hard it is for people that aren't involved in technology on a daily basis. Since blockchains are immutable, that means there isn't any way to issue a reversal in the event that you lose your private key or send a transaction by accident. Chainalysis estimates that between 17 and 23 percent of all bitcoins have been lost. These are all losses of cryptocurrency as a result of losing a private key.
In case all of this wasn't enough perspective, consider the fact that about US$4.5bn in Ether is stuck on the Ethereum blockchain from the genesis block, presumably because users that this Ether was airdropped to did not save their private keys.
It isn't just self-imposed threats that are risks to cryptocurrency holders. For insight to this next excerpt, we refer to the Ross Ulbricht legal case. In this case, Ross was given a life sentence for running an illegal 'free market'online marketplace which subsequently became a haven for drug traffickers. When he was arrested, police seized all of Ross's Bitcoin holdings, which amounted to over $28M at the time. The reason police were able to seize his holdings so easily is that wherever he held his Bitcoin was a central point of failure — a central point of failure brutally exploited by the government.
Hackers pose one of the most serious threats to cryptocurrency holders. In 2017 alone, 13.7% of the entire world's population reported a hack of some digital asset — including both bank account balance and cryptocurrency. This asserts two key and important points. One, hackers are rampant and will relentlessly continue to hack consumers. Two, consumers are not effective at personal security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this would be far greater of a threat than it is right now.
Hacks could be possible through targeted malware or virus attacks, or deliberate compromisations. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a chrome VPN extension was hacked and saved private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2mn from average consumers. Early in February, a MyEtherWallet DNS hack let hackers steal US$365,000 from users accessing their Ether wallets in a short timeframe.
Exchanges have also not been left out of the fun — with numerous major exchanges seeing thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all comes to show that hackers do indeed pose a risk to cryptocurrency holders and cryptocurrency custody handlers.
It is estimated that almost US$2B has been lost to major cryptocurrency hacks since the rise of the asset class.
Overall, the valuation of the cryptocurrency market capitalization is increasing over time. This contributes to a higher valuation of digital assets as a whole. With such security threats discussed in this article in place and the valuation of digital assets increasing quickly, our original thesis is further solidified. Digital custody — whether centralized or decentralized — will be an important theme as the market moves on from the manic hype and begins to understand the major fundamental issues regarding digital assets as a whole.
"The Winklevosses came up with an elaborate system to store and secure their private keys. They cut up printouts of their private keys into pieces and then distributed them in envelopes to safe deposit boxes around the country, so if one envelope were stolen the thief would not have the entire key."
"How the Winklevoss Twins Found Vindication in a Bitcoin Fortune" by Nathaniel Popper, New York Times, December 19, 2017
Billions of dollars of blockchain-based cryptocurrency have been lost to hacks or unfortunate occurrences.
20% of all Bitcoin is lost forever. That's $20B, in fact, in 2018 alone, $1.1B has been stolen.
Vault12 has recognized this early on and has been working diligently to discover ways of maintaining decentralized custody of digital assets since 2015. In our next article, we provide more insights into our understanding of digital custody.
Thanks to Blake Commagere.
Next Up From Vault 12
Wasim is a serial entrepreneur with five exits, and an advisor in the fields of AI, blockchain, cryptocurrency, and encryption solutions. At Vault12, he led the private and public fundraising efforts, and focuses today on expanding the Vault12 ecosystem. His crypto experience began with AlphaPoint, where he worked with the founding team to launch the world's first crypto trading exchanges.
Previously he was a founding member of Voltage Security, a spinout from Stanford University, that launched Identity-Based Encryption (IBE), a breakthrough in Public Key Cryptography, and pioneered the use of sophisticated data encryption to protect sensitive data across the world's payment systems. Wasim serves on the board of non-profit, StartOut, and is a Seedcamp and WeWork Labs global mentor.
Wasim graduated with a Bachelor of Science degree in Physics and French from the University of Sussex.
Blake is a serial entrepreneur, angel investor, and advisor to several companies in the SF Bay Area. He has started seven companies and sold five of them. He regularly gives talks on subjects including Growth Hacking, Fundraising, and Psychology Management.
He created the social gaming category by building some of the biggest apps ever (over 50 Million players) on Facebook, including the iconic games Zombies, Vampires, and Werewolves. Blake also wrote and designed the first version of Causes on Facebook, which has over 120 Million users and has raised over $100 million for various charities. Blake graduated with a Bachelor's degree in Computer Science from Rice University.
Social Recovery Vault for Digital Asset Security + Digital Inheritance for protecting the future of money.
Inheritance and backup for CryptocurrencyVault12 Guard Explainer
Vault12 Product Demo
Vault12 Digital Inheritance is the first solution to offer a simple, direct, and secure way to ensure cryptocurrency, NFTs, and other Web3 digital assets can be inherited by future generations.
Digital Inheritance enables investors to designate an individual or a mobile device as a guardian that will inherit their entire portfolio of digital assets (seed phrases,private keys, digital art and other secrets) inside a secure digital Vault once the time comes, eliminating undue risk and the need to continually update an inventory or issue updated instructions which result in privacy leakage.
Designed to be used alongside traditional hardware, software, and online wallets, Vault12 Guard helps cryptocurrency owners, professional crypto traders, and high-net-worth investors safeguard their digital assets without storing anything in the cloud or in fact, any one single location. This increases protection and decreases the risks of loss.
Note:The Vault12 Guard app is not a crypto wallet and does not hold cryptocurrency. Using a non-custodial approach, it is a Vault that safeguards your wallet seed phrase, private keys, associated files for NFTs, and digital art.
The Vault12 Guard app enables secure decentralized backups, and provides legacy inheritance for all your web3 digital assets, including NFTs, wallet seed phrases, secrets like keys, PIN codes, DAO project keys, and digital art.
Whether your digital art is suitable for a phone, or represents much higher resolution multimedia, make sure that you have backed up a copy in case the resource link is disrupted in the future. Digital art can easily be added to the Vault either via the mobile app or via the desktop utility. Once you have stored your artwork in your Vault, it will also benefit from inheritance once you activate that in your app.
As a creator, you can use Vault12 Guard to safeguard not just your NFT and crypto wallets but also your original digital artwork. Project creators will always have to deal with multiple wallets - inventory, treasury, as well as future royalty wallets.
Vault12 Guard safeguards your project assets, increasing protection and decreasing the risks of loss whilst ensuring that everything is ready to be passed onto future generations when the need arises. This is creative security.