It’s been called inherently worthless, ‘a ponzi scheme’ and the ‘mother of all bubbles’. But perhaps cryptocurrency’s main issue is not whether or not it’s destined to become a solely speculative asset, but whether it’s secure enough to ever be considered truly safe enough for the average punter to invest their life savings in.
Recent hacks affecting cryptocurrency exchanges like South Korean Coinrail and Bithumb to the tune of tens of million dollars apiece have been accompanied by hyperbolic headlines and spiralling price drops in Bitcoin and other cryptocurrencies.
But despite the mania, is there anything that makes cryptocurrencies inherently unsafe?
Part of the initial appeal of cryptocurrencies like Bitcoin was that the transparent, distributed blockchain ledger it was built upon, which was designed to eliminate the possibility of fraud by making a real-time, completely accurate ledger of transactions available to all who wished to see it.
But since these early glory days, whole industries have cropped up with the combined goal of undermining two major tenets of the currency - security and anonymity.
A shadow industry made up of companies eager to decode transactions on the ledger to reveal the identity of the transactor and their history of payments has flourished.
While simultaneously, hackers work to create algorithms that will target cryptocurrency exchanges in the hopes of haemorrhaging cash in their direction.
In the past six months, it’s estimated that $1.1 billion has been siphoned from cryptocurrency exchanges, thanks to instruments available for purchase in marketplaces found on the dark web.
According to 'Cryptocurrency Gold Rush on the Dark Web', a recent report carried out by Carbon Black, 'The available dark web marketplaces represent a $6.7 million illicit economy built from cryptocurrency-related malware development and sales.'
Although this malware primarily relates to ‘cryptojackers’ such as GhostMiner and Loap, which secretly mine cryptocurrency from computers without the owner's awareness, there is also malware geared towards hacking cryptocurrency exchanges.
Many a successful hack has compromised crypto exchanges, but are these risks innate to cryptocurrencies? “There are some risks that are just derived from the fact that this is a digital asset," says Sarah Meiklejohn, Associate Professor in Cryptography and Security at UCL and a member of the Initiative for Cryptocurrencies and Contracts.
"And like any digital asset you might accidentally delete it - you might throw away that hard drive with that really important word document on it, or you might forget the password to a really important account," she adds.
But it's true that some attacks have taken advantage of weaknesses in cryptocurrencies in a way that wouldn't be applicable to fiat currencies, for example by exploiting errors in their coding.
An early attack on Bitcoin exploited a loophole in the algorithmic code which caused it to keep repeating the same transaction over and over again - in this case, transferring large sums of cash into the account of the hacker in question.
This was a similar story for the hack of the now obsolete DAO, a smart contract built on top of the Ethereum blockchain. These incidents are rare, and immediately countered by an update in the protocol of the currency.
Instead, the vast majority of cryptocurrency hacks target not the underlying technology of the currency itself but the exchanges where these currencies are traded.
“These exchanges, they're not even banks. People are trading cryptocurrencies - they're kind of gambling sites in a way,” says Nicholas Gregory, a longtime cryptocurrencies entrepreneur and current CEO at CommerceBlock, an infrastructure company that provides a suite of blockchain solutions pegged to cryptocurrencies for traditional asset markets.
Meiklejohn similarly cites the lack of security afforded by these exchanges. “Most of the way we have our money is as a digital asset, right? I mean we're not storing cash under the mattress. So the idea is, aren't we running the same risks storing it with our banks?” she says. “And the answer is, well not so much because banks have really advanced fraud detection, banks really try to stay on top of the latest cryptographic standards and the latest techniques. So I would argue they're less vulnerable to these kinds of hacks and attacks just because it's an industry that's been around for a lot longer.”
It's true that many of these exchanges develop without adequate security or infrastructure in place, with some being run as startups by only two or three people. “It would be hard for them to have strong security because the whole nature of having your money on an exchange is that you can move it in and out of other cryptocurrencies relatively easy; at the click of a button you can buy, you can exchange your Bitcoin for say your Litecoin or your Ethereum," says Gregory. "But by that very nature it's going to be less secure.”
It’s for this reason, then, that 27 percent of cryptocurrency attacks are aimed at exchanges. And while most attacks are still aimed at Bitcoin - offering the promise of the most lavish returns - 44 percent are now targeted towards Monero, another cryptocurrency offering comparatively low transaction fees, non-traceability and privacy.
How to safely trade cryptocurrencies
A way around this vulnerability for owners of cryptocurrency can be to store their currency in a ‘cold’ rather than ‘hot’ wallet.
A hot wallet is one that’s connected to the internet, as any money held in accounts managed by crypto exchanges are.
A cold wallet, on the other hand, is an account which is not connected to the internet, for example in hardware wallets such as Trezor.
But of course, if you want to trade your Bitcoins, you must be connected to the internet. “I won't necessarily blame the exchanges, it's just because people are actually keeping it in these places so they can day trade, so they can actually move and have fun with their cryptocurrencies; swap them around to try and make small profits here and there,” says Gregory.
He highlights that there is also a potential trade-off between how secure and how user-friendly an exchange can be. “For example, now most exchanges support 2FA [two-factor authentication], which means when you log in, you then need to use your phone as a secondary log-in," he says. "But maybe in the future you'll see exchanges where when you log in, you have to use your phone and then some sort of hardware device. But there could be a cost there: people want exchanges to be easy to use. If they become too hard to use they may lose customers, so it's always that balancing act.”
So, most threats associated with cryptocurrencies can be placed at the feet of insecure exchanges rather than any issues endemic to these virtual coins. But there are still some growing threats that fall into the category of the latter.
All bitcoins are different based on their underlying protocol, but in terms of bitcoin, some worries centre on the fact that the currency has proved to be less decentralised than was initially hoped.
In fact, power over the currency's network has become concentrated in the hands of fewer entities than you might think.
This is due to the nature of bitcoin mining, where miners must carry out long computational tasks in the hopes of releasing tokens and gaining rewards for themselves.
As this task became more difficult, it made sense for miners to band together and form bitcoin mining pools.
“It's true that in almost all of the cryptocurrencies, basically two to five of the biggest mining pools could kind of take over, meaning they could have complete control over which transactions get accepted and which don't,” says Meiklejohn. "And it does have a lot of risks. For example, censorship - if I just decide that I don't like you, I don't like your transactions and I just don't include them. To even more sorts of malicious attacks."
Should Bitcoin traders be worried? "We haven't seen a tonne of evidence for that in the wild yet. Meaning we haven't seen examples of this malicious behaviour. Whether we will or not in the future is unclear, but definitely with the current state of these systems we certainly could.”
However, rather than these controlling entities turning malicious, hackers are increasingly exploiting this phenomenon of increasing centralisation.
One such form of attack is known as a ‘51 percent’ attack. These focus on cryptocurrencies where over half of the validation of transactions is carried out by one group, or mining pool.
For these currencies, there are not as many separate entities checking the validations so they are inherently less trustworthy.
If hackers can gain control over the computing power of this entity, they can prevent transactions from being validated on the network, and potentially siphon cash into their own accounts.
“The 51 percent attack is a real threat, which is why users should only trade in crypto that has substantial hashpower,” says Gartner security expert Avivah Litan. Hash power refers to the number of computer nodes (servers) that validate the transactions, so the more servers (miners) that are validating transactions, the greater the hash power in the network. This means it's less likely that the validation of transactions can be tampered with as there is no single controlling body on the network.