Attack on Bitcoin erodes payment status


By Mohiuddin Ahmed and Paul Haskell-Dowland

With all the talk about bitcoin becoming mainstream, and some experts’ predicting it could replace gold as a reserve asset, it is timely to consider how secure and anonymous Bitcoin transactions really are. Recent events in China and the US have eroded the value of Bitcoin and the idea of ‘anonymous’ payment transactions.

Unlike normal money, which is backed and valued by the government that prints it, bitcoin is run independently and has nothing backing it, meaning that its value is determined by the number of its users, that is, demand. This means that bitcoin can be worth anything from a few hundred dollars (as it was back in 2017) to over US$60,000 in April 2021, before falling back to around US$30,000.

China’s ban on bitcoin mining in recent times has limited its broader acceptance as a payment form. Bitcoin in June fell below $30,000 for the first time in more than five months, hit by China’s crackdown on the world’s most used cryptocurrency. Bitcoin has lost more than 50% of its value since its April high (subsequently partially rebounding). China has told banks and payments platforms to stop supporting Bitcoin transactions. That follows a recent government order to stop Bitcoin mining in Sichuan province. That takes out a huge level of demand for the currency, now and in the future, given China is the world’s second largest economy, set to become the biggest in coming years.

It is also a myth that bitcoin payment processes are infallible, secure and can’t be compromised. This was highlighted recently when the US Justice Department traced and seized a large proportion of the bitcoin ransom that a major U.S. pipeline operator paid to a Russian hacking collective (DarkSide) after it shut down the Colonial Pipeline. An FBI taskforce in essence scammed the criminals, and gained access to about 63.7 bitcoins, worth around US$2.3 million. That drove down the price of bitcoin and its status as being anonymous and secure was undermined.

Bitcoin itself is secure. It is encrypted and backed by the blockchain system; blockchain is basically a chain of multiple “blocks” which are an anonymous transaction history (a distributed ledger). In simple terms, the blockchain starts with an initial block and transactions are added through new blocks, creating a blockchain. But the infrastructure which enables transactions isn’t necessarily secure.

If you hold bitcoin yourself, it is as fallible as the computer on which you hold your software wallet, containing the digital currency. Bitcoin ‘miners’ or owners hold private keys which are used to access their bitcoin, similar to the passwords on our bank accounts. Generally, wallets will also contain a public key that is used to receive bitcoins (similar to a bank account number). If hackers can access our bank accounts, they can steal money from these software wallets by discovering these keys.

Digital currency owners may have the option to use multi-factor authentication for transaction verification; hence these accounts are attached to either an e-mail address or mobile phone number. Cyber-criminals can potentially compromise these – with many instances of digital currency owners having their coins stolen or obtained through fraud. Even the alleged creator of bitcoin, Dr Craig Wright, under the pseudonym Satoshi Nakamoto, apparently had his PC hacked in 2020, with encrypted private keys to two addresses stolen, enabling the criminals to steal substantial quantities of Wright’s bitcoin.

Many bitcoin exchanges and online wallets have also suffered from security breaches in the past and such services generally still do not provide enough security to store bitcoin or other cryptocurrencies. If you own bitcoin, you should choose your bitcoin exchange and wallet software very carefully, because it is susceptible to hacking depending on the security of the software and exchange platform. Of course, making it too secure can be problematic too as Stefan Thomas discovered when he locked himself out of his hardware wallet (a highly secure storage device) – holding bitcoin worth $328m at today’s value! .

This highlights the fallibility of the bitcoin system. Bitcoin is based on a proof-of-work mechanism and any party with malicious intent (and sufficient resource) can put together enough computing power to hamper the integrity of the transactions or cause network disruption. Bitcoin uses blockchain for keeping track of the transactions and if cyber criminals can control more than 50% of computing power in the blockchain network, then bitcoin transactions can be manipulated. This is called a 51% attack, a well-known potential risk that could destroy the bitcoin system.

Bitcoin is not necessarily safer than cash in a bank account and this will hinder its acceptance as a viable form of payment, something Tesla chief Elon Musk might have realised when it said in May that it wouldn’t accept bitcoin for car payments, reversing an earlier decision. He attributed that decision to climate change concerns and the rapidly increasing use of fossil fuels for bitcoin mining and transactions. The huge carbon footprint of bitcoin will also hinder its broader acceptance as a payment form.

Moreover, without proper regulation, digital currencies will create more chaos and could make financial crime easier. There are also on-going challenges for tax officials to determine how to tax payments being made via digital currencies. Financial crimes such as tax avoidance on capital gains held by crypto investors or miners becomes easier due to the relative anonymity of transactions. As it is now, shell companies dealing with crypto currencies are yet to disclose profits or losses incurred, hence governments are being deprived of tax. There are even ‘commercial’ services to allow bitcoin to be laundered – although they are not as effective as advertised.

While bitcoin can be ‘tracked’ to various extents, there are other cryptocurrencies that are effectively untraceable. This provides protection for buyers/sellers for legitimate purposes BUT it also provides anonymity for those seeking to misuse, steal or hide activities. All of this will undermine bitcoin’s progression to being a common form of payment in the way that cash or credit cards are today.

About Paul Haskell-Dowland
Associate Professor Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University, where courses include the accelerated and 100% online Master of Cyber Security. Paul is a regular commentator on cyber issues featuring in local, national and international media (newspaper, radio and tv) and has more than 20 years’ experience in cyber security research and education.

Dr. Mohiuddin Ahmed

Dr. Mohiuddin Ahmed  is a Lecturer of Computing and Security discipline in the School of Science. Mohiuddin Ahmed has made practical and theoretical contributions in cyber security and big data analytics for several application domains. His research has a high impact on data and security analytics, false data injection attacks, and digital health.