A strong paradigm in Bitcoin is based on its supposedly absolute security, with its immutable and unhackable blockchain. Yet, we often hear about hackers in the Bitcoin world, with sometimes hundreds of millions of dollars stolen. What is it really like?
During 2018, there were numerous attacks on Bitcoin or other cryptoassets. The year started off very badly, with some NEM tokens stolen on a Japanese platform for more than $500 million. Unfortunately the lessons were not learned, as more than $1 billion was stolen during the year on multiple platforms…
But the most widely reported hack of cryptoassets is undoubtedly the one suffered by the MtGox platform at the beginning of 2014, which made headlines by reaching the news of most countries in Europe and the United States, and which involved an amount of 700,000 bitcoins.
These attacks have one thing in common: they exclusively concern online platforms on which investors store their cryptoassets.
What is the difference between a portfolio and a platform?
Storing Bitcoins, as we have already mentioned, is a misleading term. All the bitcoins, as well as the other cryptoassets, only exist on the Blockchain. The owner of a bitcoin actually only keeps a private key, the purpose of which is to authorise transactions of this specific bitcoin.
In the case where a person uses portfolios such as Coinomi or the Ledger Wallet, they directly control their private keys to spend the bitcoins. A potential hacker will therefore be forced to obtain the private keys of the portfolio, which may be difficult or even impossible, depending on the portfolio chosen, for a result that is at best random.
An online platform is of course a much more profitable target. These platforms handle millions of dollars worth of bitcoins and other cryptoassets on a daily basis, and they operate via standard computer servers. Investors put their Bitcoins on these platforms, which therefore possess the private keys to spend them. A hacker who gets his hands on these private keys is immediately able to recover all the bitcoins stored on the platform.
Another form of attack consists in hacking the platform’s removal system to make it believe in a legitimate cryptographic withdrawal, thus recovering funds belonging to many users.
Platforms are hacked, not the Blockchain
Hackers focus on the security of online platforms, whose software has been written by the employees of these platforms. The software that defines the Bitcoin protocol and the Blockchain, on the other hand, was only found to be defective once, in 2010, and the fault was quickly fixed, with no financial consequences.
One of the fundamental reasons that can explain the solidity of the protocol is the fact that it is open source: it is readable by anybody who want it. It may seem as a paradox to open such a software, but experience has shown that free softwares such as the Linux operating system is extremely stable and secure, with a large community working together on a daily basis to improve its quality and resolve any security problems.
Bitcoin is no exception to this rule, and a community of more than a hundred IT specialists is working to secure and develop it everyday.
So it is wrong to say that the many hacks that take place on online trading platforms question the security of Bitcoin or the Blockchain. It is only the software on these platforms that is defective and not the protocol itself. To make an analogy, it can be said that just because a bank is robbed does not mean that the security mechanisms for euro banknotes are defective.
It should be kept in mind that put your assets on an online platform can have advantages in terms of flexibility, but a huge risk occurs if the security of the platform is not 100% sure. Investors will always have to consider the alternative: using portfolios with private keys they keep themselves, a good use we explain at Coinhouse.