In light of the Bitfinex hack and other hacks, the bitcoin community faces the need to improve security and is considering various options, according to a Bloomberg article by Yuji Nakamura and Olga Kharif. The article suggests it may be time for some type of…
In light of the Bitfinex hack and other hacks, the bitcoin community faces the need to improve security and is considering various options, according to a Bloomberg article by Yuji Nakamura and Olga Kharif. The article suggests it may be time for some type of regulation.
The Bitfinex attack demonstrates the fact that the industry has not come up with a way to ensure security, despite improvements to bitcoin’s infrastructure.
Observers do not expect the investigations into the Bitfinex hack will reveal any insights on how to improve protection. What is more obvious is the community’s willingness to lay blame for the hack while discarding an industrywide solution.
Emin Gun Sirer, a Cornell University researcher, said bitcoin has a tradition of blaming victims for problems. He said the time has come for the community to stop shirking its responsibility.
Bitfinex levied a 36 percent price on all of its users, whether or not they were victimized individually by the hackers. Bitcoin’s price has suffered in reaction to the theft.
Security measures have improved over the years, especially following the 2014 Mt. Gox hack. Measures have included external audits, segregated accounts and two-factor authentication for securing logins.
Multi-signature security has been another improvement, whereby the private keys that attach to bitcoins split into several copies that hide in different locations. Multi-signature requires sign-off from a majority of the copies prior to enabling the bitcoin to move. Hackers must breach multiple systems to access the funds.
Bitfinex, however, used multi-signature technology, storing copies offline and with BitGo, a third party. BitGo’s CEO had claimed the security system made Mt. Gox type breaches impossible. Bitfinex said the hackers increased withdrawal limits without BitGo’s realization, while BitGo denied its systems were breached. The exchange has suspended its use of BitGo technology.
Jeff Garzik, a bitcoin developer, said multi-signature technology “raises the bar,” but it is not perfect.
Some bitcoiners claim existing technology can prevent hacks, but the implementation has to improve. One technique suggested is to store bitcoin in individual wallets rather than exchanges, which are often targets.
Peter Smith, CEO of Blockchain, a wallet provider, said storing bitcoin with a wallet gives the wallet provider control over the bitcoins, leaving customers subject to losing funds via cyber theft. The provider can impose a tax to cover losses, as Bitfinex has done.
Another solution is to punish thieves, as Ethereum did when $60 million in Ethereum was stolen this summer. The Ethereum community adopted a hard fork that pushed users to a new Ethereum version that did not contain the theft. This tactic proved controversial, however, as some argued that it violated Ethereum’s free market principles.
Some say the time has come for a type of regulation, be it self-imposed or with government assistance. To do this, the community will need to educate regulators so that innovation is not slowed down in the name of protection.
BitGo and others have begun working with auditors to standardize security measures for the industry. How this will be done remains unclear at present.
Trond Undheim, a former Massachusetts Institute of Technology Sloan School of Management lecturer, said bitcoiners are recognizing that regulation is needed.
Kay Van-Peterson, a Saxo Capital Markets strategist, was able to avoid exposing funds to loss through Bitfinex, but he nevertheless lost a tenth of his bitcoin investment due to the bitcoin price drop that occurred in response to the attack.
Featured image from Shutterstock.
Last modified: January 25, 2020 11:50 PM UTC