Simple Security Best Practices for Bitcoin Users and Investors

One of the biggest stories to hit the Bitcoin space in months was the theft of 119,756 BTC (valued at ~$70 million USD) from Bitfinex this week. For those that aren’t familiar with the story, a great re-cap was published on CoinDesk within 24 hours of the break-in. (Obviously, if you’re reading this far into the future, the public’s understanding of the hack has likely changed.)

The attack brought to light a lot of questions about the security of Bitcoin exchanges and online wallets. As I’ve previously written, a lot of these questions arise from the tension between the trust one necessarily places in third parties to secure users’ Bitcoin holdings and the notion that Bitcoin, as a system, is built around the principle of trustless-ness. In light of the repeated failures of trusted third parties to maintain security, it’s likely that there will be more scrutiny of Bitcoin wallet providers and renewed interest in self-managed Bitcoin security.

Here are some suggestions for Bitcoin users looking to beef up their own security. Continue reading “Simple Security Best Practices for Bitcoin Users and Investors”

The Risk Of Trusting In A Trustless System

Discussing the risks and challenges of trust in the Bitcoin ecosystem.

Note: In light of the security breach at Hong Kong-based Bitcoin exchange Bitfinex, in which 119,756 BTC valued at approximately $70 million USD were stolen, I decided to share an excerpt from my undergraduate thesis. My thesis was about economic, social and computational centralization that was catalyzed by the Chinese Bitcoin community, and I may share other parts of it here at some point. It is copied verbatim from what I submitted to my supervising professor, so there may be allusions to prior sections of the paper that aren’t present in this post. I did my best to avoid the dry language of academic writing.

Please leave a comment or contact me privately if you have any feedback to share.


Trust, Centralization And Other Risks With Bitcoin

As I alluded to in the section about embeddedness, Granovetter helped to cement in the social science literature the role trust and social connections play in the formation of economic relationships. In somewhat simplified terms, the theory suggests that actors in an economic system will preferentially create economic relationships with actors they trust.

This creates an interesting theoretical and rhetorical tension with the fundamental concepts of Bitcoin. It is easy to think of trust as a prerequisite for “safe” economic interaction, but trust also carries its own set of risks. Trust is also a prerequisite for trickery and subterfuge. It’s out of this atmosphere of mistrust that central elements of Bitcoin’s technical architecture emerged. The programmatic way in which new currency enters the Bitcoin system reflects Satoshi Nakamoto’s mistrust of central banks and their ability to will economic value into and out of existence. The decentralized nature of transaction verification eliminates the need for a centralized, trusted third party to act as a clearinghouse for transactions. The fact that transactions are pseudonymous means that bitcoins can be treated as an electronic version of cash, which in conventional currency systems is used to facilitate fast, anonymous transactions. Nakamoto states in the opening paragraphs of the original Bitcoin paper that the irreversible nature of a Bitcoin transaction means that merchants don’t have to trust that customers will not maliciously dispute or “charge back” transactions, like they can do with credit cards.

The information security community has this saying, “Trust, but verify”. Well, why risk trusting when verification becomes trivially easy? The highly transparent nature of the central blockchain ledger removes the necessity to trust that a transaction occurred; verifying is as simple as using a blockchain explorer to look up the transaction-id or either Bitcoin address involved in the transaction. The fact that Bitcoin’s codebase has been open source effectively since day one of its existence means that any sufficiently knowledgeable person can audit the code to verify that there are no hidden back doors or other features that could facilitate malfeasance.

In these ways, Bitcoin’s architecture is anti-trust or “trustless”. In a very direct way, the very reasons that users cite for “trusting” Bitcoin stem from the trustless design of the protocol. If the trustless nature of Bitcoin is maintained by a decentralized network of miners and service providers, then it holds that that trustless-ness is corroded when the system becomes more centralized. So, the common narrative that Bitcoin is some pure, apolitical, trustless medium of exchange is at least severely flawed if not outright false. The economic and social centralization of Bitcoin has created a system that is rife with trust issues. Continue reading “The Risk Of Trusting In A Trustless System”