The list of bitcoin thefts is far too long. Over the past, almost, eight years, we can roughly estimate $1 billion or more have been stolen. Each time, there is devastation for the individuals involved and the wider community as bitcoin’s security is brought to the forefront. This is followed by a backlash from the wider media and public who have been keen to disparage bitcoin ever since the first major hack in 2011 when many dismissed it as insecure. But, is there a solution or are we forever to live with these far too frequent theft stories?
For bitcoin to function and have any value it needs to be traded and moved from a to b. That means it needs hot wallets. So-called hot because they are available to anyone with skill. In bitcoin’s case, the talent pool is the entire world. Sooner or later, therefore, the wallet will be stolen.
Most exchanges now do not even announce these hot wallet thefts, considering them as a cost of business. However, that leaves them vulnerable to insolvency or, if they are running on reserves, to a run on reserves. Of course, if the theft is too big, they simply close down their website, probably followed by lengthy and costly bankruptcy proceedings.
Professor Emin Gün Sirer, a hacker of 25 years with in-depth knowledge of bitcoin’s operation, together with Ittay Eyal and Malte Moeser, have proposed a solution he calls ingenious – Bitcoin Vaults.
They employ bitcoin’s inbuilt script system to create particular transactions that send your bitcoin to – in effect – a bitcoin saving account. The “account” has a recovery key that allows you to reverse a transaction, thus making theft impossible or, at least, very difficult.
The invention retains the irreversibility of transactions which is considered by many to be a feature of bitcoin as such unique transactions cannot be used when dealing with a merchant or other third parties because it would be clear that the transaction is reversible.
It would, therefore, be used only in exceptional circumstances, such as on a cold wallet, tremendously increasing bitcoin’s security while fully retaining bitcoin’s feature of irreversibility and immutability when transacting.
Although technically, at the expense of complexity in code, anything can be soft-forked, it is not clear whether this particular feature can be so implemented or whether bitcoin’s community is willing to do so. For ethereum, the feature can be implemented and has been carried out as a smart contract at the application layer, but, puzzlingly, the DAO did not employ it.
Had bitfinex used it, thousands of people would have retained their savings. Equally, had the DAO used it for storage, we would still be talking about how these decentralized organizations may replace CEOs or boardrooms.
Instead, in both cases, we are faced with a shaking of confidence because, once more, neither the community nor its actors paid any head to the utmost importance of securing digital currency in a way that is as good as impossible to steal, because, anything short of such standard and it is not a matter of if another big theft will happen, but only when.
Featured image from Shutterstock.