In this article, we will discuss how bitcoin can be hacked.
Bitcoin [BTC] runs on blockchain technology, in fact, it is the first successful decentralized application of the technology which has been around for quite some time. Essentially, a blockchain is a secure way of database management. The transactions are recorded on a single unified ledger which avoids double-spending and mutation of the balances.
These transactions are verified across a distributed network of miners/nodes which are incentivized by Bitcoin [BTC] rewards. The second layer of security to the ecosystem is provided by cryptography. The public and private addresses are encrypted by a hashing algorithm (SHA-256 for Bitcoin). This encryption can be solved only by a hit and trial method which requires high computing power.
Moreover, each transaction is confirmed across a network of distributed miners. Hence, weeding out malicious nodes by the majority. These features shield the network against possible attacks on the blockchain. The technology has been secure and unaffected since its inception in 2009.
Theoretically, however, Bitcoins’ blockchain can be attacked in the following ways,
51% Attack
As mentioned above, Bitcoin [BTC] works on a distributed consensus of miners powered by the PoW (Proof of Work) protocol. This network of miners independently verify the transactions and reach consensus, weeding out the bad players in the process.
However, if an entity is able to gain control of more than 50% of the network’s total hash rate, it can make changes to the existing blocks, and even confirm malicious transactions. This is termed as the 51% attack which is precisely similar to what happens with the power of control for companies. Moreover, the larger the company or mining ecosystem, the larger amount of investment is required to take over the blockchain.
How much does it cost to conduct a 51% attack on Bitcoin?
Let’s assume the total hash-rate of Bitcoin at 100 M TH/s. Hence, to conduct a 51% attack, the attacker will need to control 51 Million TH/s of the network.
Even with the most efficient and new generation of miners in MicroBT’s forthcoming M30 series of Bitcoin miners, the MS30S++ and the MS30S+, the cost would be very high. The hardware alone would cost around $1.5-$2 billion.
Moreover, these attacks have an hourly cost, which as we see is very high. The cost will further increase post halving when the difficulty is increased. New miners could soon join the system to protect it from attacks. The hourly electricity cost of the attack is estimated at over $1.6 million.
Furthermore, As the attacks get rampant, the sell-off in the markets will increase, which will make the attack futile by dropping the price of the cryptocurrency.
Quantum Computing
Quantum computers are ushering a wave of computing which relies on quantum mechanics, rather than the original electronic bits or signals. The basis of all electronic transactions today is based on the storage and manipulation of two states of these bits 0 or 1.
Quantum computers, on the other hand, use qubits – or ‘quantum bits’ can have more states than just 0 or 1. These physical qubits are created using principles of quantum mechanics and superconductivity.
IBM, Google, and leading world universities like MIT are working on designing these computers which can theoretically even hack the Bitcoin blockchain. But that is for the future. Samson Mow, leading Bitcoin dev and Chief Strategy Officer of Blockstream addressed the crowd at the Litecoin summit saying,
“We’re at 53 qubits now but we would need about 3,000 and then another million to do something meaningful. In the time that we develop quantum computing ASICs will advance as well.”
Apart from developing compatible ASICs, there is also the argument of Bitcoin difficulty adjustment which occurs every 2016 blocks. Hence, if the systems are able to mine 2016 in a jiffy, the upcoming difficult adjustment would be equivalently large.
For most parts, the technology is still in the initial stages, and to build a larger scale of things it will require about a million physical qubits to stabilize and work efficiently, which hasn’t really been tested yet. The estimated time-frame for building such a system is at least a decade away. During that time, Bitcoin devs and proponents can be expected to build resistance to these systems or develop quantum ASICs which compete with each other.
Even Vitalik Buterin, the co-founder of Ethereum noted on the launch of Google’s first system, Sycomore, that ‘quantum computing’ is an experimental concept that has a long way to go before actual use. He tweeted,
My one-sentence impression of recent quantum supremacy stuff so far is that it is to real quantum computing what hydrogen bombs are to nuclear fusion. Proof that a phenomenon and the capability to extract power from it exist, but still far from direct use toward useful things.
Nevertheless, make no mistake, it is not just a theory, because the theory has been around for decades.
However, since 87% of the Bitcoins have already been mined, even if the quantum computers are able to crack the code, the increase in supply will only be momentary. If anything it will make Bitcoin verifications transfers faster and more cost-efficient in the long-run.
Reverse Engineering of Public Addresses
However, the threat is not only contained to mining, but also to the extent that one could recover a private key from the public key from cryptography. Hence, the first part of the quantum computer attacks would begin with individual keys rather than the entire network.
This process is called reverse engineering. It will seek to crack the encryption coding the private address from the public addresses. The public address can be obtained simply by exploring the open-source ledger. The list of top Bitcoin addresses includes exchanges with more than 100, 000 BTC in their cold storage, and even individual owners with around 30,000-100,000 BTC.
Reportedly, there are numerous Bitcoins [BTC] private keys which have been lost in the course of time. According to some of the best estimates, the total number is around 1.6 million bitcoins (or 7.61% of the total supply) which is significant for a scarce asset like Bitcoin. Hence, there is a lot of incentive to crack these individual addresses, which is easier than attacking the entire network.
How Can Users Protect Themselves?
The two attacks described above are the attacks on the blockchain itself, which are not likely with today’s technology. In the current world, users are more vulnerable to attacks on their devices, wallets and exchanges which serve the blockchain.
There have been numerous attacks on these service providers in the last 11 years. Beginning with Mt. Gox in 2013, space has been riddled with exchange and wallet related hacks. Nevertheless, while the blockchain itself is always protected against these attacks, the users or investors can take these steps to secure their funds.
- Not your keys, not your Bitcoin: Users must refrain from storing their cryptocurrencies on exchanges. The exchanges hold joint custody of their users and in case of theft or vulnerabilities within the exchange, the user stands to lose all their investment.
Hence, the user must use open-source wallets, cold storage on paper wallets, or hardware devices which make them the true owners of their Bitcoins, by holding the private keys or seed phrase. - 2FA Authentication: For trading purposes, if one must keep funds on exchanges, they should enable 2-Factor Authentication, and not only rely on email and password security.
- Separate email IDs: Users must use a separate email ID for exchange log-ins and remember to log-out regularly from these accounts.
- Update Passwords Regularly: Users must also update their passwords periodically within less than 3 months interval. They must particularly refrain from using public devices to log-in to exchanges.
Last but not least, there are various pyramid schemes, giveaway scams, and online mining scams which requires sending cryptocurrencies to a schemer. Since cryptocurrencies can be sent cross-border and provide better anonymity features, it becomes really difficult to trace these attackers, and even more difficult to retrieve the funds.
If it looks too good to be true, it probably is.
Subscribe to get notified on latest posts.