Look for bitcoin hacks

Security and hacking in the blockchain

“It feels like… like falling off a building. You see the ground coming closer and you have the feeling that you are about to die. Mt Gox went from being an interesting project to - I would say - a nightmare. Every day I dealt with banks, governments and people I didn't even know existed before ”. (Mark Karpeles, CEO of Mt. Gox, looking back on the 2014 hack of the stock market to the BBC)

It was the biggest hack to date in the still young history of crypto currencies and cost investors a total of 850,000 Bitcoins (current value approx. 6.8 billion euros). The fall in 2014 of Mt. Gox, the largest Bitcoin exchange at the time, dampened the digital euphoria surrounding Bitcoin & Co. At the same time, he made clear the risks that can determine the digital transaction business.

In the case of Mt Gox, it is a matter of dispute whether the attacker obtained external access to online wallets and private keys or, according to Japanese authorities, was largely an insider. In any case, Mark Karpeles always rejected the latter. He recently expressed himself again to the online community with great regret and stated that he wanted to forego the 160,000 Bitcoins (approx. 1 billion dollars) to which he was entitled after the bankruptcy of the company had been settled.

Nevertheless, he still faces up to 5 years imprisonment. To date, the case has lost none of its explosiveness. The bankruptcy process is ongoing. Hacker wallets keep popping up who want to exchange stolen Mt.Gox coins at other trading venues. However, their anonymization makes personal assignment difficult.

What are the greatest dangers of manipulation and how can I as an investor best protect myself from it?

The security risks of digital currency systems and their underlying technology are largely as follows:

  • Theft of private keys and thus manipulation of the signature of digital transactions or redirection of values ​​linked to such transactions
  • Hacking of the proof-of-work network through monopoly of computing power (51% critical mass)
  • Transfer Trojans
  • Software bugs
  • Networking problems
  • Provider hacking / attack on online wallet services

Private key theft and provider hacking

The interlocking of public and private keys is the linchpin for a validated transaction within the blockchain. In the course of this, the public key in the mining network validates the transaction that user XY previously commissioned with his private key by means of a signature. After a transaction on another public key, the value linked to it can only be used by the owner of the corresponding “new” private key.

If, for example, you succeed in infiltrating a system by hacking your computer and spreading ransomware, you quickly have a very "hot wallet" with almost total loss. Most online providers, e.g. Blockchain.info, protect themselves and their customers with numerous security and cloud-based features to prevent this from happening. You can be absolutely sure if you use "cold storage" methods (e.g. USB drive, paper wallets, hardware wallet). Although these are more cumbersome in daily use, they ultimately protect the private keys from online hackers. Good providers combine "hot & cold storage" methods.

Hacking the proof of work network - proof of work vs proof of stake

We have already learned in Part 1 of the basic article that more than 50% of the mining network is involved in solving cryptographic puzzles in order to encrypt and thus validate transactions. If, for example, other miners are hindered by the scattering of mining malware, hackers can gain access to increased energy reserves in order to ultimately obtain a quasi 51% monopoly on which transactions are validated where.

Closing this vulnerability can mean shifting priorities from proof-of-work to proof-of-stake processes. This significantly shapes the difference between public blockchains (Bitcoin) and permitted blockchains (e.g. Ripple).

In principle, permissioned blockchains can limit the audience as well as the individual roles in which it is allowed to shape. The text of the chain can be subject to restrictive access and those who can validate transactions are selective (those with the greatest stake!). Proof-of-stake procedures have the advantage that, in the event of misuse, they result in a considerable loss of reputation and an immediately associated loss of value for those responsible in the network. Nobody cares.

It's human to err - transfer trojans - software bugs and networking problems

Transfer Trojans aim to determine cryptocurrency accounts on the infected computer and, as soon as these are to be served in the context of a transaction, to replace them with their own account formats in order to redirect transactions accordingly.

Every written program, whether SDL or not, reveals its effectiveness in the application. Bugs are by no means a tragedy, but part of the development process, which is further optimized by fixing the bugs. However, this real-time testing at the ultimate expense of the user can be further minimized through more white-box security testing.

The connection of blockchain technology-based systems with external systems builds the bridge over which the hacker can walk precisely at their interfaces. With the help of smart oracles that are docked at these interfaces, the developers try to contain the problem.

Depending on their respective use, we differentiate between software and hardware oracles, for example. Oracle software feeds the blockchain, e.g. with the online data required for the respective purpose of the application. They are integrated into the blockchain as part of a smart contract. But here, too, the principle of trust in the external provider of the smart solution rules.

Worst case scenario - how do I get my key back?

For lawyers, the Bitcoin universe is still a far-reaching terra incognita that needs to be defined and regulated in the interests of the user. Since Bitcoin does not physically exist and is also not represented by a certain amount of data, its actual value is only the sum of the key pairs in a wallet. These only form an asset through the shape of their market value. It has not yet been legally defined how this asset should be allocated. Is the key pair decisive or the entry on the blockchain? - Since Bitcoins in the blockchain cannot be accessed without the private key, the private key has therefore been defined as the relevant reference object in terms of property law.

As the owner of Bitcoin, you are currently only legally protected if you, in possession of the private key, can dispose of assets linked to the Bitcoin blockchain. There is therefore no legal claim against hacked online wallet providers in the event of Bitcoin losses, as these are usually generously protected by their terms and conditions and designated security measures!

The legal classification of some of the new business areas that have arisen and will arise through blockchain is still in its infancy. It makes use of different references to contract law, property law and property law or the right to own data. As long as there are no binding agreements here, you should therefore secure your keys using cold storage methods! (see Dipl.-Jurist Johannes Seitz, Legal Tribune Online, January 2018)

Here you will find all the basic articles about the blockchain

BitCoin, Blockchain & Co. - On the trail of digital gold

We introduce the topic of BitCoin and BitCoin Mining and dare to take a look at the future of blockchain technology. We will shed light on the details and the downside of Bitcoin mining and give a first insight into trading in coins.

The blockchain - nature and effect of a technological child prodigy

Ever since the founding consortium added value to the first 50 coins on the “Genesis Block” in 2009 and the subsequent boom in crypto currencies, the underlying technology, the blockchain, has been on everyone's lips. What exactly is behind it and which areas of the economy and society will it have a lasting impact in the future? We want to get to the bottom of these questions.

Secret Tokens and Keys - How Does Cryptography Determine Bitcoin and Blockchain?

In our third section of the Crypto News series, we want to give the topic of cryptography within crypto technology the space it deserves. What is cryptography anyway? How do cryptographic encryption mechanisms work in the blockchain? Are my details safe?

If you don't dare, you can't hope for anything - insights into trading crypto currencies

Trading in crypto currencies has long since changed from insider trading to an attractive market for investors of all kinds. What needs to be considered between exorbitant profit promises and total loss in order to participate successfully, we want to shed light on with the introduction of a few maxims for action.

Blockchain nodes - definition and functionality of nodes

In our introductory texts on Bitcoin and Blockchain, we have already presented the core of the internal functioning of the P2P crypto networks. What it exactly means as a user aka node to actively help shape such a network and what differences it makes whether you appear as a miner or validator, we want to discuss in more detail below.

Kathleen has been writing for Unternehmenswelt magazine since 2018. Her main interests are new ideas and concepts, disruptive technologies and sustainable entrepreneurship. Kathleen previously worked as an editor for the social startup scene, various foundations and communication agencies.