Cryptocurrency has been one wild ride over the last few months. As recently as December of 2017 we saw Bitcoin rise to heights of nearly $20,000 a coin, only to crash and settle at around half that value. Despite these roller-coaster months, though, Bitcoin and other crypto assets are here to stay, thanks to the overall robust nature of the market.
Of course, this doesn’t mean that you shouldn’t be learning some very important lessons from crypto’s historic performance — other than putting all your eggs in one basket, that is. No, an even more critical lesson that Bitcoin and the cryptosphere, in general, can teach us is how crypto-centric web security can be compromised so easily. Blockchain technology isn’t necessarily the problem here; it’s us and how our behaviors expose ourselves to high levels of security risks when it comes to our crypto investments.
Crypto is Inherently Secure
Bitcoin, like every other cryptocurrency, is inherently secure. This is because the underlying blockchain ledger technology is tamper-resistant by definition. However, it’s important to understand not just the way this built-in security works as well as its limitations.
The key is cryptography. A blockchain uses encrypted algorithms for security; for example, Bitcoin uses a 256-bit encryption method known as SHA-256. The encrypted packets that this algorithm creates are used for security such as mining and transaction verification. Other blockchains use encryption methods that function similarly, which is why most of these blockchains are relatively high security — it takes so much to break the 256-bit encryption that it’s just not worth the effort — usually.
The Glitch in the System
Of course, just because spoofing a blockchain is difficult doesn’t mean it can’t be done. There is one specific method, but it’s not exactly a productive one, and neither is it common at all. Enterprising and patient individuals can exploit a “double spending” loophole to skim crypto assets from legitimate currency transfers that involve tricking the system into spending the same cryptocurrency twice.
There are two common tactics when it comes to double spending. The first is to find a merchant that accepts Bitcoin or some other cryptocurrency but that doesn’t wait for transaction confirmation before finalizing. Spending crypto first with this merchant and then initiating another transaction somewhere else before the first one is confirmed allows for the double spend. The second method, meanwhile, is done by mining a block for a ledger before releasing it to the blockchain, which can provide coins that can, technically, be spent before release. Thankfully, it’s become so resource-intensive to mine Bitcoin and other crypto assets that this method is incredibly rare.
Other Investment Security Issues
With double spending becoming harder to pull off by the day, this means that blockchain security still remains relatively high. However, this also means that the only point of vulnerability isn’t the system itself but where it interfaces with a human element. In other words, we are the biggest problem — and the biggest risk — when it comes to Bitcoin and blockchain security.
Because humans make mistakes, there’s no lack of ways that coin holders can inadvertently compromise their accounts. The majority of these issues stem from misguided personal decisions to store investments in low-security digital wallets. Any unsecured wallet, especially ones that are web-based, is at high risk for being breached; the 2013 inputs.io hack, for instance, led to in excess of 4100 BTC being lost to scammers. Online wallets can also be targeted by DDoS attacks, which bankrupted major exchange Mt. Gox after attackers stole more than $400 million in the digital currency. Social engineering attacks can end up with user passwords or login details stolen from even the most cautious of investors. These attacks are only going to become more sophisticated as time goes on.
Wallet Safety is Job One
There’s a powerful, and expensive, lesson to be learned from how human error is responsible for so much lost crypto wealth. It’s straightforward: keeping your Bitcoin in online, web-based digital wallets is about as wise as skydiving without a parachute. The convenience factor of using a web-hosted wallet certainly makes it easier to check your investments from anywhere, but that same ease of access entices hackers and criminals to try their luck in prying that online wallet of yours open using their digital tools.
There are better, more secure methods if you want to keep your crypto assets safe. Keeping your crypto storage option on a local laptop or desktop is a first good step. A removable USB drive might be an even better one, as you can keep such a device in a location that, as long as you don’t forget where you put it, keeps it away from prying eyes. You can even go one step further and print out your information as a “paper wallet” that can be stored in a safe deposit box, though the ephemeral nature of hard copy can be a disadvantage as well in certain situations.
Keep Your Ear to the Ground
In the end, there is one very important lesson to learn about how web security can be tightened when it comes to Bitcoin and cryptocurrency. That lesson is also very simple: when a system comes into contact with people, there’s the worst liability. Truly, in this case, we are our own worst enemies, especially considering how blockchain ledger technology, when left to its own devices, safeguards value better than Fort Knox.
However, if there’s one other universal truth, it’s that things are constantly in motion. The world and its technology are constantly changing, and it’s up to you to keep educated regarding new cryptocurrency security developments, web-based or otherwise. In the meantime, stay away from high-convenience but low-security crypto tools and services if you want your investments to stay secure!