Stop calling Bitcoin hacks, “Bitcoin hacks”

Occupy Mt. Gox
Occupy Mt. Gox

They’re exchange hacks, they’re wallet hacks, they’re service-provider hacks. It just so happens that bitcoin was stolen. To call these breaches “Bitcoin hacks” is like calling the SWIFT hack a “US dollar hack.” Obviously the USD did not get hacked; only the central bank does that.

Bitfinex was an unregistered Bitcoin exchange with over $150M in custody. Rumor has it they’re based in Hong Kong, owned by a parent company in the British Virgin Islands, with a management team spread all around the world. The only listed contact information is an email address and a Twitter handle.

What did you think would happen?? Go ahead, drop your life savings into a southeast-Asian bank you found on the internet and see how well that works out for you.

Securing tiny electronic files from leaking – keys – pushes the bounds of known computer science. –Jeff Garzik, Co-Founder of Bloq

The fact that Jeff Garzik has trouble keeping his keys in his pants is not a fundamental flaw of Bitcoin, or even of known computer science. The frequency and magnitude of Bitcoin losses reflect the fact that users are giving full custody of their funds to irresponsible third parties.

Bitcoin’s underlying technology is fine; the problem is that people do dumb things on top of that underlying technology. Of the fifty largest Bitcoin-related thefts, only one can be definitively attributed to the protocol*. Everything else was caused by a higher-level breach, most commonly an unauthorized server access. You know, the same thing that happened at JP Morgan Chase in 2014.

Preventing data leakage isn’t a matter of pushing the bounds of computer science, it’s a matter of responsible access control. This is a problem faced by every industry in every part of the world. A Bitcoin service provider is a financial institution, and should be held to the same level of scrutiny one might employ when selecting a financial institution.

Bitcoin rarely gets hacked. Bitcoin only fails when we expect digital bucket shops to provide the bulletproof security of a private Fort Knox.

*In 2013, an inadvertent Bitcoin hard fork temporarily enabled users to double-spend their money. Only one such attack was conducted, and the attacker later returned the money. This is the only “Bitcoin hack” on a Bitcoin service provider (that I know of).

See Also:
The Wretched, Endless Cycle of Bitcoin Hacks –Bloomberg

One thought on “Stop calling Bitcoin hacks, “Bitcoin hacks”

Leave a Reply