Can Bitcoin Be Hacked?
Table of Contents
- Bitcoin’s blockchain and network are extremely secure, and have protected a growing volume of wealth for over 12 years.
- Bitcoin is the only monetary system which has verifiably never allowed counterfeit currency to circulate.
- Several theoretical concerns do exist about Bitcoin’s future security. However, such threats would break almost all digital systems, not just Bitcoin.
As a new phenomenon, Bitcoin faces much skepticism. As an entirely digital method of storing wealth that is not backed by FDIC insurance or traditional institutions, users may also worry about vulnerabilities in cryptography or blockchain technology. However, the Bitcoin network has proven itself robust against both failures and attacks. The blockchain itself is economically and technically impervious to corruption.
Security Concerns of Bitcoin
Bitcoin is a relatively new technology, but in its twelve years of existence, Bitcoin has proven itself to be the most secure digital system in the world and the most reliable monetary system ever invented. Bitcoin’s blockchain has never been hacked, and zero counterfeit currency has ever been uttered on the network.
As with any software, Bitcoin is not perfect or infallible. Minor bugs do appear from time to time, and there exist theoretical security concerns that might threaten Bitcoin today or in the future. This article will examine these concerns.
Bitcoin User Security vs. Bitcoin Network Security
It is important to differentiate between the security concerns facing Bitcoin users and those facing the Bitcoin network and technology. Bitcoin users must carefully protect their private keys, passwords, and other sensitive information against attackers or loss.
However, the security concerns of the Bitcoin network include the security of the underlying cryptography, the robustness of the peer-to-peer network, and the hash rate of Bitcoin miners.
How Secure Is the Bitcoin Blockchain?
Bitcoin is both a blockchain database and a network of computers, called nodes, which communicate to build and update the database. The network includes hundreds of thousands of computers owned by an equally large, distributed number of people. Anyone is capable of joining this network with no qualification.
The database maintained by this open system has never been hacked. This is due to the fact that hacking one computer’s database is insufficient to corrupt every other computer’s database. In fact, the other computers in the network will automatically alert the compromised user that their database is corrupted and will either help them fix the error or cut them out of the network.
Even more impressive is the fact that a single computer with the valid blockchain can correct an infinite number of computers with invalid or out-of-date chains. The network does not follow the opinion of the majority, but rather the objectively most valid chain.
Double Spends and Counterfeit Bitcoin
One of the core features of Bitcoin is the strict control and transparency of the money supply and the ability to prevent double spends, wherein the same money is spent twice or a transaction is reversed after being considered final. These features are enforced by Bitcoin nodes, and if any of these rules were violated, Bitcoin’s reputation and reliability would be jeopardized.
One of the most popular concerns about Bitcoin’s security, called a 51% attack, could potentially cause a double spend. A 51% attack is an attempt by a Bitcoin miner or group of miners to replace or alter past Bitcoin blocks. By replacing one or more blocks, the attacker could effectively invalidate transactions that were previously settled and steal bitcoin.
As the name suggests, in order to ensure a successful 51% attack, a malicious actor would have to control at least 51% of the total computing power, called hash rate, of the Bitcoin network. This would amount to more computing power than all other members of the network combined. As such, 51% attacks require an enormous amount of money, energy, and specialized hardware. Satoshi Nakamoto, the founder of Bitcoin, outlined the mechanics and mathematics of a 51% attack on page 8 of the Bitcoin Whitepaper.
The Practical Difficulty of 51% Attacks
As the Bitcoin network has grown and the price has risen, so too has the hash rate of Bitcoin miners. This trend has continuously made 51% attacks more difficult to execute, making Bitcoin more secure. As Bitcoin’s price continues to rise, Bitcoin’s hash rate and security will continue to rise as well.
Bitcoin’s Incentive Model
In addition to the high cost of a 51% attack, Bitcoin provides additional incentives for miners to remain honest. Even if a malicious miner successfully executed an attack, they would crash Bitcoin’s price, devaluing the Bitcoin they have just stolen. The attacker’s Bitcoin mining equipment, called ASICs, which cannot be repurposed and are expensive, would also be rendered useless. These economic incentives, along with Bitcoin’s core design, have prevented a 51% attack from ever being successful against Bitcoin.
How Secure Is the Bitcoin Peer-to-Peer Network?
Bitcoin’s peer-to-peer network is completely open and decentralized. Tens of thousands of nodes from around the world communicate with each other to share transactions and blocks around the clock. This network allows anyone to join and view the Bitcoin blockchain.
Bitcoin nodes enforce the rules of the network, including its monetary policy and its double spend resistance. If a significant portion of Bitcoin nodes were taken offline, a malicious actor could effectively disrupt the transmission of blocks and possibly change the rules of the network, to change the monetary policy for example.
Denial of Service Attacks
For this reason, the security of Bitcoin nodes is paramount to the security of the network as a whole. When Bitcoin developers design new transaction types or introduce new features, they pay close attention to whether these features might make nodes vulnerable to Denial of Service (DoS) attacks which could take them offline.
This explains why Bitcoin Script is not Turing complete. If Script enabled loops, an attacker could create a transaction with an infinite loop, which would exhaust the resources of nodes trying to validate it. This would crash the nodes and remove them from the network.
Can Bitcoin Survive Without the Internet?
Bitcoin operates primarily over the internet, like most other digital services. Society could hypothetically be unable to access the internet, either because of massive technological failures or government interference, as regularly occurs in authoritarian countries. In such a case, almost every digital service, including the legacy financial system, would fall into chaos as well, not just Bitcoin.
If this were to happen, most miners and nodes on the Bitcoin network would lose communication with each other, and the network would be at risk of being unable to produce new blocks and broadcasting new transactions. However, the existing state of the blockchain would remain perfectly intact, as each node would continue storing the blocks they had before the internet was lost.
When internet connection returned or another solution was found, nodes and miners could resume broadcasting new blocks as before. Even if the blockchain had diverged in the interim, Bitcoin nodes have the ability to reconcile and agree on the objectively most valid blockchain to follow.
Bitcoin’s Alternatives to the Internet
The Bitcoin network also operates over networks other than the internet. Bitcoin blocks are broadcast over radio, mesh network, and even satellite. Developers are working on improving these solutions, making them easier to use, and thus making Bitcoin more robust and less reliant on internet connectivity.
How Secure Is Bitcoin’s Cryptography?
Cryptography is what enables bitcoin to be transferred from one party to another in a trustless manner. Specifically, Bitcoin uses a digital signature algorithm called ECDSA, which has remained unbroken for several decades. However, there is always the possibility of this scheme being cracked, allowing an attacker to forge signatures and spend bitcoin that does not belong to them.
Another security-critical cryptographic algorithm is the SHA-256 hash function, which is the random, one-way function behind Bitcoin’s Proof-of-Work algorithm, the Lightning Network’s HTLCs, and more. If a method were developed for reversing SHA-256 or breaking its randomness, it would allow an attacker to potentially steal funds on the Lightning Network and mine significantly faster than miners without such knowledge.
The result of either ECDSA or SHA-256 being compromised by a malicious actor would be disastrous for Bitcoin. However, these algorithms have persisted for many years, and are used by many systems outside of Bitcoin. If Bitcoin is compromised, many other systems we rely on would also be compromised.
If either algorithm was discovered to be insecure by a benign actor, the Bitcoin network could transition to a more secure set of cryptographic algorithms and continue operating, although this would be highly cumbersome for existing users.
One popular theoretical vulnerability to Bitcoin’s cryptography involves the implementation of a practical quantum computer. Quantum computers perform computation at the subatomic level, and achieve extraordinary efficiency and speed. While scientists have theorized about their power for several years, a practical implementation has yet to be invented.
If a single entity were afforded sole access to a quantum computer and chose to mine bitcoin, they would likely dominate the mining industry and have the capacity to execute a 51% attack on Bitcoin. Alternatively, a quantum computer could brute force the private keys of the wealthiest Bitcoin addresses and steal that bitcoin. In either case, trust in the Bitcoin network would be undermined.
The quantum computer argument against Bitcoin seems valid until we consider the rest of the economy. If a single, malicious entity produced a practical quantum computer, they could hack almost any system, not just Bitcoin. The entire financial system would be at risk in this scenario.
In fact, Bitcoin would actually be one of the safer systems, considering it uses a far higher level of entropy than a bank account or a credit card. A credit card uses 16 digits and a 3 digit security code, yielding an entropy of 10^19, while Bitcoin private keys use an entropy of 2^128 or roughly 10^38.