Are Consumer Bitcoin Balances Especially Vulnerable to Hacking?
Mike Belshe, co-founder at BitGo, explains the risks facing consumers who hold Bitcoin. He discusses storage, theft, payments and privacy, as well as the tools and techniques necessary to use Bitcoin safely.
Bitcoin is a powerful, new, virtual currency spreading rapidly around the globe. Proponents of Bitcoin herald triumphantly that Bitcoin will be the “future of money” and will “revolutionize the way we transact online”. Meanwhile, many of the headlines we read describe something different: a highly volatile currency susceptible to major, high-profile losses. Because the world has never had a currency like Bitcoin before, consumers are left with many questions about how to use it safely. Like all emerging technologies, Bitcoin has had its problems. By taking a few protections, consumers can avoid the pitfalls and be safe using Bitcoin.
The key to understanding Bitcoin is to understand that Bitcoin is cash. Just like cash, if someone takes it from you, it is gone. But also like cash, Bitcoin is generally anonymous; when you transact with Bitcoin, you don’t have to provide your ID or trust that the other party might steal from you later. Transactions are final and have no risk of recurring payments initiated by the other party.
Additionally, Bitcoin and cash can both be used in person-to-person payments. No other payment systems provide these features.
Now that we understand a little about Bitcoin, lets talk about how consumers can use it safely.
The first risk that most consumers face is in the process of buying their first Bitcoin. Buying Bitcoin is the same as any other foreign exchange, such as converting $100 US dollars into Euros (€). When making purchases, consumers should be careful that the seller is selling at a good rate with known fees. Consumers should know that there is no “true” price for Bitcoin. Furthermore, due to Bitcoin’s high volatility and relatively few exchanges, the conversion rate from fiat to Bitcoin can vary widely. Over time, as Bitcoin grows and more sources of exchange become available, the volatility will decrease. For now, consumers should research their options for exchange with several different sources before making their first purchase.
Keeping it safe.
As mentioned earlier, Bitcoin has been the target of several high-profile losses. While this seems bad, the hacks and losses were mostly due to growing pains of Bitcoin. In the beginning, the value of a Bitcoin was very low – almost zero. Because the value was so low, early adopters of Bitcoin did little to protect their Bitcoin, and they used services which they knew were not very “professional” services with their money. However, the price of Bitcoin grew very quickly and caught many of these early players off guard. Imagine if you gave your daughter a quarter every day to put in her piggy bank, You wouldn’t worry that someone would break-in to your house and steal her piggy bank. But would you give your daughter $1000 every day and still not worry?
The losses at Mt Gox and other sites were inexcusable. But the primary cause was that these sites were simply not built to store large amounts of money. So as the price of Bitcoin rose, they became instant targets for hackers around the world.
Bitcoin, like cash, can be used for in any type of payments. However, settlement of payments in Bitcoin is done via a data structure called “the blockchain”. Your Bitcoin Wallet software helps you communicate with the blockchain when you send and receive bitcoin. Generally, when you make a transaction in Bitcoin, it takes about 10 minutes for the transaction to “confirm” on the blockchain. This delay is not usually an issue when making payments online where there is time for the transactions to settle. However, when making in-person payments, consumers should use their wallets to wait for confirmation before assuming that a payment will go through.
The best attribute of making payments in Bitcoin is that all transactions are final. Like cash, once you’ve paid, the payment is complete. Unlike credit cards, you don’t have to trust the other party won’t use your credit card number to take more money than was agreed upon.
Bitcoin is not an anonymous payment system. However, it is pseudo-anonymous and it is very difficult trace who made a payment using the system. It is true that all transactions in bitcoin are recorded in the public ledger called the “blockchain”. However, these transactions are not recorded with any personal information about you, so tracing them back to you can be very difficult. For upstanding consumers, this is a great property, especially compared to credit cards. This past year, Target “lost” the identities of some 70 million of its customers that had paid with credit cards. The fact is the identities of those purchasing at Target with cash were not lost. And if Target had used Bitcoin, none of the consumers would have been at risk for identity loss.
New developments in Bitcoin have also helped improve privacy of transactions. A feature to many wallets is the notion of “deterministic” or “hierarchical deterministic (HD)” address management. “Addresses” are labels for your Bitcoin “account” where you can send and receive money. In the past, wallets used a single address repeatedly for your wallet. With deterministic wallets, however, a new address is created for every transaction you conduct. Consumers should seek wallets that support deterministic features to ensure that payments are always isolated and private.
While no payment system is completely private, Bitcoin does offer a much safer way to transact online than other systems we’ve used.
“Chargebacks” are an industry standard term known by merchants who accept credit card payments. Chargebacks occur to the merchant when someone uses a fraudulent credit card and
the credit card company “charges back” to the store for the lost value. When chargebacks occur, the merchant pays for the loss. The merchants then pass that cost back to the other consumers, leading to higher prices. Bitcoin, unlike credit cards, has “no chargebacks”, meaning that all transactions are final. As a consumer, this means that once you make a purchase with Bitcoin, it cannot be reversed. It’s just like you paid in cash, and in order to get your money back you’ll be at the mercy of the seller to do so. Because of this, consumers should remember the phrase, “caveat emptor” – to the buyer beware.
This sounds scary at first, especially compared to our existing payment system with credit. However as we shift from credit to Bitcoin based payment systems, this property of Bitcoin will drive costs considerably lower for merchants, which will, in turn, lead to lower prices. This is also the same feature of Bitcoin which makes it private for users.
One problem consumers do face is that of sending Bitcoin to the wrong address. When sending a payment in Bitcoin, consumers will be asked to send payment to another Bitcoin address.
Unfortunately, Bitcoin addresses are just big long numbers. When your friend asks you to send to a particular address, how do you know if it is really your friend sending that number? How does the consumer know if that number has been modified or tampered with between the time your friend sent it to you and the time you’re making payment? Consumers should always be suspicious when asked to make a payment to a number. Be careful to ensure that the number is correct by talking with the person as you are making payment. In the future, Bitcoin addresses will not be confined to just big long numbers and this problem will get much easier.
Bitcoin is a new type of payment system. It can be confusing to users because of its unique nature and high-tech roots. However, consumers should know that Bitcoin is to date, the only payment system that has never been hacked. Sure, Bitcoins have been stolen, but the core technology of Bitcoin has never been breached. With this new paradigm, consumers can expect to see lower prices in the future and the end of identity theft entirely.
Mike Belshe is co-founder and CTO of BitGo, a leading multi-sig Bitcoin security company.