Can Bitcoin Be Hacked?
Table of Contents
- Bitcoin’s database, the blockchain, is practically impervious to attack or corruption.
- Individuals can lose their bitcoin if their computer or wallet is hacked. Users can take a variety of steps to reduce this risk.
- Exchanges and brokerages offer to custody funds for users. This may offer increased security, but at the cost of privacy and censorship resistance
As a new phenomenon, Bitcoin faces much skepticism. As an entirely digital method of storing wealth that is not backed by FDIC insurance or traditional institutions, users may also worry about the weaknesses of blockchain technology. There are three main sources of concern: the failure of the Bitcoin network, the failure of the user, and malicious action by others, ie. hacking.
Despite the concerns raised, the Bitcoin network is robust against both failures and attacks. The blockchain itself is economically and technically impervious to corruption. Users, however, are prone to mistakes that can cost them their bitcoin due to negligence or forgetfulness. Malicious actors can also take advantage of users in order to steal their bitcoin. They do so not through any vulnerability of Bitcoin itself, but through traditional hacking and other fraudulent methods. In the case of Bitcoin, this can result in total and irreversible loss of user funds.
How Secure is the Bitcoin Network?
Bitcoin is both a blockchain database and a network of computers which communicate to build and update the database. The network includes hundreds of thousands of computers owned by an equally large, distributed number of people, and anyone is capable of joining this network with no qualification. Each computer stores the entire blockchain database.
With this in mind, the blockchain database has never been hacked. This is due to the fact that hacking one computer’s database is insufficient to corrupt every other computer’s database. In fact, the other computers in the network will automatically alert the compromised user that their database is corrupted and will either help them fix the error or cut them out of the network.
Even more impressive is that a single computer with the valid blockchain can correct an infinite number of computers with invalid or out-of-date chains. The network does not follow the opinion of the majority, but rather the objectively most valid chain.
Hacking the blockchain such that every computer in the network is affected would require an enormous amount of money, energy, and hardware. Satoshi Nakamoto, the founder of Bitcoin, outlined the mathematical difficulty of hacking a decentralized blockchain on page 8 of the Bitcoin Whitepaper.
In order to ensure a successful hack, a malicious actor would have to control more computing power than all other members of the network combined, a so-called “51% Attack” because the hacker would need at least 51% of the total computing power.
Currently, the collective computing power of honest actors, known as the hash rate, is extraordinarily high, performing 1.4E20 hashes per second. In order for someone to hack Bitcoin’s blockchain and reverse a transaction, they would need to produce at least 1.4E20 computations per second. Such an effort would cost an extraordinary amount of money. Hash rate is thus a direct measure of security for Bitcoin.
You can check Bitcoin’s hash rate here.
For users or investors, the risk of losing one’s bitcoin to a personal hack is far higher than the risk of a 51% attack on Bitcoin’s blockchain. Most individuals use a computer or mobile device to store their bitcoin. Any device that is connected to the internet can be hacked.
Activities such as pirating movies, browsing unsafe websites, and downloading files can all serve as vectors for a hacker to access a computer, and ultimately the bitcoin stored on that computer. Some users keep their bitcoin on an offline computer to minimize these risks. This is called cold storage, and is an advisable practice.
To understand where a user or investor is most vulnerable to threats, it is important to differentiate between the Bitcoin Core software and the private keys controlling a user’s bitcoin. Bitcoin Core is the software that allows a computer to connect to the network and download the blockchain. While Bitcoin Core also contains the ability to store bitcoin, most people use independent wallet software to store their bitcoin. The Bitcoin Core software, like any software, can be hacked, but since most users don’t store bitcoin in Bitcoin Core, it is not often targeted.
Hacking a wallet’s private keys, however, can be extremely lucrative. If a computer containing a Bitcoin wallet is hacked, a user could be at risk of losing their bitcoin. Wallets have various security features, such as encryption, meant to protect against a computer hack, but nothing is impenetrable.
Selecting a high quality wallet is an important step in protecting privacy and wealth. Most Bitcoin wallets are open-sourced, meaning anyone can download and edit them, so obtaining the wallet from a trusted source is imperative.
Cryptocurrency Exchange Security
Exchanges and Brokerages such as River Financial are institutions designed to facilitate trades and organize order books. Cryptocurrencies like Bitcoin enable Peer-to-Peer transactions. Thus, technically, if not legally, anyone can facilitate or operate a cryptocurrency exchange. This means quality and security can vary greatly between exchanges. Therefore, it’s imperative that individuals be critical and highly selective when choosing an exchange.
Behind an exchange’s website are wallets holding any cryptocurrency users have deposited. Unlike users, who can disconnect their wallet from the internet, exchanges are forced to keep some bitcoin in hot wallets in order to service user withdrawal requests. Having a bitcoin wallet directly exposed to the internet is a security concern, so exchanges must diligently protect their security. Exchange wallets have been hacked on many occasions, exposing users to enormous loss.
Some exchanges have partial insurance on their cryptocurrency holdings, but few, if any, ensure 100% of user deposits. Most exchanges keep a vast majority of their funds in cold wallets, affording them greater security. All the same, cold storage can still be compromised by employees or other security holes.
A secondary security risk for exchanges is government regulation. Governments may shutdown exchanges for a variety of reasons, including stated attempts to stop money laundering or even attempts to ban Bitcoin. Several exchanges have been forced to freeze or surrender user funds to local governments in the past, either permanently or until additional identifying information is provided. This risk is a direct consequence of exchanges controlling user funds. When a user controls their own funds, the risk of having funds frozen or lost is avoided, but at the cost of self-responsibility.
Economically and logistically, the Bitcoin blockchain is nearly impossible to hack and maliciously alter. Doing so would cost billions of dollars and months of preparation. However, hacking an individual’s wallet is far easier and more rewarding. Hackers can steal bitcoin by controlling a user’s computer or phone through malware or by posing as someone else and convincing a user to send funds to them.
Like users, exchanges can also be hacked or shut down by governments. Thus, it is considered a best practice to withdraw coins from an exchange and hold them in a personal wallet. Preferably, user wallets should remain disconnected from the internet as much as possible.