How Hurricane Irma exposed a fundamental Bitcoin weakness

13 September 2017

Yesterday I got an email that said all my bitcoin was about to disappear. Hurricane Irma, it claimed, had damaged the servers of a company where my bitcoin was stored. There was a backup, but it would disappear soon, so I needed to move my money to the address provided.

Was it a scam? Yes, but I only knew that by getting geeky with the email headers. (Nerdnote: It originated in the Tor network and routed through a mail server in an offsite country.) But it was perhaps the easiest-to-believe email scam I’ve seen in my thirty years online. Why?

Because bitcoin sometimes just disappears.

This needs some explaining. When someone sends bitcoin, the transaction is recorded on a worldwide ledger. Practically speaking, it’s permanent: Nobody can go back to reverse the charges. That’s different from checks and credit cards, and the key to bitcoin’s excellent technical security.

(I talk about this in “How Bitcoin works”, a video from my Learning Bitcoin course. LinkedIn has allowed me to make that video available for free here.)

(Jonathan Reichental goes deeper in his course Blockchain Basics.)

But “secure” doesn’t always mean “safe”: Bitcoin transactions are also irreversible when you accidentally lose bitcoins. And that happens a lot.

I know this from personal experience, when my phone got wiped and the digital backup of my bitcoin wallet failed. (I fortunately also had a paper backup, an extra step few bother with.) People have lost bitcoin by upgrading a computer, losing control of a phone number, tossing old electronic junk, and dozens of other ways. Digital assets are incredibly fragile.

If you don’t want to access bitcoin through your phone, the other option is an “online wallet”. But such a wallet is only as good as the company protecting it. After the company Mt. Gox made over a half billion dollars of bitcoin disappear, online wallets don’t seem like a good idea, either.

Billions of dollars of bitcoin have simply vanished and will never be recovered.

So when I got that email, it seemed not only plausible that my bitcoin was at risk, but likely. A company having bad backup procedures? That’s the rule, not the exception. A need for action to “save” my bitcoin? Sure — consider this somewhat confusing blog post from Coinbase when a spinoff currency (“fork”) happened this summer. I need to shuffle money into a new wallet? It won’t be the first time.

So what can you do?

  • If you’re holding bitcoin on a computer or device, back up your wallet and test the backup periodically by restoring it in another location. A backup that doesn’t work isn’t a backup.
  • Store a minimal amount in online wallets. I know, companies such as Coinbase claim that your deposits are fully insured — and as I know and respect that company, I believe it. But anyone can say that, including crooks. And Coinbase provided no details when asked. Without those, “trust me” doesn’t fly.
  • Keep a written record of where you’ve stored your bitcoin, and “touch” it once in a while. Does that flash drive still work? Is your online wallet still in business? Has a phone upgrade made your bitcoin inaccessible?
  • Follow all the usual best practices for online security: Use good passwords, confirm questionable activities, and so on.

As for what the industry can do…

Well, not much. At least, there’s no reason to change bitcoin itself, as its irreversibility is as much its strength as its weakness. I predicted a growth of secondary bitcoin services such as fund-clearing and insurance four years ago; some have appeared to ameliorate bitcoin’s fragility, but I think more needs to be done in this area.

Bitcoin’s instability is bad for its users. But it’s also a business opportunity; whoever can solve it will reap great rewards.

Tom Geller is the author/presenter of the video course Learning Bitcoin and several others available through Lynda.com and LinkedIn Learning. He’s at tomgeller.com and tgprods.com, and on Twitter as tgeller.

Originally published at https://www.linkedin.com/pulse/how-hurricane-irma-exposed-fundamental-bitcoin-weakness-tom-geller

Cryptocurrency, Security