Simple Security Best Practices for Bitcoin Users and Investors

One of the biggest stories to hit the Bitcoin space in months was the theft of 119,756 BTC (valued at ~$70 million USD) from Bitfinex this week. For those that aren’t familiar with the story, a great re-cap was published on CoinDesk within 24 hours of the break-in. (Obviously, if you’re reading this far into the future, the public’s understanding of the hack has likely changed.)

The attack brought to light a lot of questions about the security of Bitcoin exchanges and online wallets. As I’ve previously written, a lot of these questions arise from the tension between the trust one necessarily places in third parties to secure users’ Bitcoin holdings and the notion that Bitcoin, as a system, is built around the principle of trustless-ness. In light of the repeated failures of trusted third parties to maintain security, it’s likely that there will be more scrutiny of Bitcoin wallet providers and renewed interest in self-managed Bitcoin security.

Here are some suggestions for Bitcoin users looking to beef up their own security. Continue reading “Simple Security Best Practices for Bitcoin Users and Investors”

The Risk Of Trusting In A Trustless System

Discussing the risks and challenges of trust in the Bitcoin ecosystem.

Note: In light of the security breach at Hong Kong-based Bitcoin exchange Bitfinex, in which 119,756 BTC valued at approximately $70 million USD were stolen, I decided to share an excerpt from my undergraduate thesis. My thesis was about economic, social and computational centralization that was catalyzed by the Chinese Bitcoin community, and I may share other parts of it here at some point. It is copied verbatim from what I submitted to my supervising professor, so there may be allusions to prior sections of the paper that aren’t present in this post. I did my best to avoid the dry language of academic writing.

Please leave a comment or contact me privately if you have any feedback to share.


Trust, Centralization And Other Risks With Bitcoin

As I alluded to in the section about embeddedness, Granovetter helped to cement in the social science literature the role trust and social connections play in the formation of economic relationships. In somewhat simplified terms, the theory suggests that actors in an economic system will preferentially create economic relationships with actors they trust.

This creates an interesting theoretical and rhetorical tension with the fundamental concepts of Bitcoin. It is easy to think of trust as a prerequisite for “safe” economic interaction, but trust also carries its own set of risks. Trust is also a prerequisite for trickery and subterfuge. It’s out of this atmosphere of mistrust that central elements of Bitcoin’s technical architecture emerged. The programmatic way in which new currency enters the Bitcoin system reflects Satoshi Nakamoto’s mistrust of central banks and their ability to will economic value into and out of existence. The decentralized nature of transaction verification eliminates the need for a centralized, trusted third party to act as a clearinghouse for transactions. The fact that transactions are pseudonymous means that bitcoins can be treated as an electronic version of cash, which in conventional currency systems is used to facilitate fast, anonymous transactions. Nakamoto states in the opening paragraphs of the original Bitcoin paper that the irreversible nature of a Bitcoin transaction means that merchants don’t have to trust that customers will not maliciously dispute or “charge back” transactions, like they can do with credit cards.

The information security community has this saying, “Trust, but verify”. Well, why risk trusting when verification becomes trivially easy? The highly transparent nature of the central blockchain ledger removes the necessity to trust that a transaction occurred; verifying is as simple as using a blockchain explorer to look up the transaction-id or either Bitcoin address involved in the transaction. The fact that Bitcoin’s codebase has been open source effectively since day one of its existence means that any sufficiently knowledgeable person can audit the code to verify that there are no hidden back doors or other features that could facilitate malfeasance.

In these ways, Bitcoin’s architecture is anti-trust or “trustless”. In a very direct way, the very reasons that users cite for “trusting” Bitcoin stem from the trustless design of the protocol. If the trustless nature of Bitcoin is maintained by a decentralized network of miners and service providers, then it holds that that trustless-ness is corroded when the system becomes more centralized. So, the common narrative that Bitcoin is some pure, apolitical, trustless medium of exchange is at least severely flawed if not outright false. The economic and social centralization of Bitcoin has created a system that is rife with trust issues. Continue reading “The Risk Of Trusting In A Trustless System”

Questions for Blockchain Experts

Here are a sample of questions I’d ask any blockchain expert today…

A couple of weeks ago, I had a back-and-forth email exchange with one of my favorite podcasters (also Chicago-based!). They were going to interview the author of a recently-published book about blockchains and the potential of blockchains to change the way business records, transactions, votes and other interactions are executed and recorded, and this person requested my input on questions for the interviewee. Unfortunately, the questions I posed came just a tad too late. However, the few questions I wanted to ask this blockchain expert are currently relevant and worth asking of anyone who claims expertise in blockchains and cryptocurrencies, so I decided to share them here on this blog.

Here are a sample of questions I’d ask any blockchain expert today:

  • Bitcoin has been called “The Internet of Money” or “The Email of Money”. Well, both email and the Internet are basically just a collection of core protocols, just like Bitcoin. One could argue, correctly, that the core protocols of email and the Internet haven’t fundamentally changed since their creation, and that their relative stability has led them to become great platforms to build on. Is the rapidly-changing nature of blockchain tech, and strife over Bitcoin’s protocol design, hindering blockchains‘ broader and sustained adoption as another core protocol?
  • In your opinion, what are the relative merits and drawbacks of closed/private blockchains like Stellar or Ripple? Is there a use-case for them, or is he an advocate only for open blockchains like Bitcoin?
  • (Keeping in mind that open blockchains like Bitcoin are most secure and resilient when they’re decentralized…) To what extent does he think that Bitcoin is centralized? Are there any risks created by centralization in each of Bitcoin’s three core economic areas: mining, exchanges and financial services?
  • Investors like Marc Andreessen seem to be staunch believers that the potential of blockchain tech is inextricably linked to Bitcoin. This is to say, he’s a skeptic of blockchains that don’t build on top of Bitcoin in some way. Are startup investors right to be leery of companies that build on a blockchain and mining infrastructure other than Bitcoin’s?
  • What are his thoughts on Distributed Autonomous Corporations (DACs) and how should startup investors think about companies aiming to build them?

Continue reading “Questions for Blockchain Experts”