Bitfinex hack shows how bitcoin’s blockchain can be a liability

Bitfinex hack shows how bitcoin’s blockchain can be a liability

Published: Aug Four, two thousand sixteen Trio:09 a.m. ET

Some say community should find a compromise that permits for the reversal of fraudulent transactions

JosephAdinolfi

Bitcoin’s blockchain is often touted as a revolutionary step forward for network security. But Tuesday’s theft of almost $68 million of customers’ bitcoins from a Hong-Kong-based exchange demonstrated that the currency is still a big risk.

Bitfinex, one of the world’s largest cryptocurrency exchanges, has yet to release any details on how it was hacked.

But massive bitcoin BTCUSD, +1.33% security breaches like the one at Bitfinex and the attack that bankrupted Mt. Gox in February two thousand fourteen highlight the need for the cryptocurrency community to find a compromise that would permit the so-called blockchain to be more limber so victims of theft can recover digital currency that has been spirited away by hackers.

The blockchain is the universal record of all bitcoin transactions. Each computer running the bitcoin software keeps a copy of the ledger encoded in its system. And every time a group of transactions are processed by bitcoin’s global network, they must be checked against each computer’s stored copy of the blockchain.

This digital ledger is both one of the largest assets of bitcoin-like currencies and one their largest liabilities. Because once a chunk of information has been added to the blockchain, it can’t be altered, and that makes it difficult to remedy thefts.

Tuesday’s hack of Bitfinex resulted in almost 120,000 bitcoins — presently worth about $68 million — being stolen from customer accounts.

Bitfinex hasn’t released any details about how the perpetrators pulled off the hack. The company was breached once before, in May 2015, but after that the platform switched to a fresh methodology for storing customers’ bitcoins

The security flaws that make these hacks possible aren’t inherent; instead, hackers exploit specific security flaws at cryptocurrency exchanges, said Charles Hayter, chief executive officer at CryptoCompare, a company that provides data and analytics about cryptocurrency.

“It’s not bitcoin’s fault. It’s the infrastructure around it,” Hayter said.

The idea of reversing pilfered digital currency by modifying the blockchain is enormously controversial. As recently as July, Ethereum, the world’s second-largest cryptocurrency, split into two separate cryptocurrencies after a group of developers proposed a software update that would roll back a theft of about $50 million in ether tokens in June.

Emin Gun Sirer, a hacker and professor at Cornell University’s Computer Science Department, proposed a compromise that wouldn’t involve altering the blockchain. He, along with two colleagues, designed what he called a bitcoin vault. The vault permits users twenty four hours to roll back any fraudulent transactions. But using it comes with a catch: Storing coins securely would require users to give up the capability to spend them quickly.

Many members of the bitcoin community remain vehemently against a rollback — an adjustment to the bitcoin software that would undo the fraudulent transactions.

After hackers stole more than $50 million ether tokens from a fund set up to help crowdfund projects built on Ethereum’s platform, its creator and a team of developers designed a “hard fork” — that is, a mandatory update to Ethereum’s software — that would essentially void the fraudulent transactions. A group of digital currency purists refused to update their ethereum software, creating two classes of Ethereum. The original version has been referred to as Ethereum “classic.”

It’s unclear if the traditionalists resistant to alterations to the blockchain software will ever adopt the fresh version of Ethereum, and that battle underscores one of the most nettlesome obstacles for broad adoption of cryptocurrencies.

Related video:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *