Recent bitcoin thefts may appear to be a security threat that could potentially invalidate the cryptocurrency, but proponents argue that it’s the stability of the digital exchanges where the thefts have occurred that are more at risk.
If U.S. dollars were stolen from Bank of America, explained Jon Matonis, a payments industry veteran who evangelizes for the bitcoin currency on his blog The Monetary Future, the security and validity of the bank, not the currency, would be called into question. It’s the same dynamic with recent incidents like the theft of 24,000 bitcoins—worth approximately $250,000—from the popular bitcoin exchange Bitfloor.
“The thing that a lot of people are getting wrong in media, when you see these hacks on exchanges it’s not the bitcoin currency that has been made insecure or diminished in any way…it’s the network exchange operator and security networks,” Matonis says.
Bitcoin is an international digital currency defined by its lack of a central issuing authority. Consumers use digital exchanges to move money instantaneously to others across the bitcoin network.
When the currency was first introduced three years ago, the anonymity of bitcoin transactions was what first intrigued users, many of whom used the currency to buy drugs via secure exchanges. Bitcoin has since proven itself outside the drug market, with the virtual tender’s value stabilizing at approximately $11 to $12 per bitcoin and its consumer base growing to an estimated 740,000 users worldwide in 2011.
But because the movement is still new and relatively unknown, many exchanges are understaffed and unable to fully fund security for the platforms. This creates uneasiness in the marketplace about using the alternative currency
Bitfloor, the fourth largest exchange dealing in U.S. dollars, temporarily suspended operations after the theft earlier this month, but is now back online. Founder Roman Shtylman says he intends to pay victims back.
Shtylman agrees with Matonis that these hacks don’t compromise the validity of bitcoin.
“Financial systems are all constantly under attack,” Shtylman says. “The entire U.S. bank system is based on top of a money transfer technology which does nothing to protect your account from being attacked or overdrawn.”
“No matter how good your money printing is, users will always be able to pass off some amount of bills as counterfeit,” he continued. “Credit card companies spend fortunes combatting fraud and just trying to make sure only you are using your funds. The system is broken.”
But digital currencies like bitcoin have advantages over hard currencies and credit cards, Shtylman says. Bitcoins can’t be counterfeit and transferring bitcoins can be done without a middleman. There are no overdrafts and consumers’ funds are completely within their control.
“Exchanges, just like banks, are not impervious to theft,” says Shtylman. “In many ways, security in the digital realm is harder than the physical. Your attackers can be anywhere and can attack much more often.”
Shtylman and Matonis believe the skills and processes to combat digital currency theft will emerge over time and help promote acceptance of the currency.
In that same vein, a group of entrepreneurs, advisers and funders have launched the Bitcoin Foundation, which will work to promote acceptance of the currency. The group aims to help Bitcoin users and software developers exchange information more easily about the technology.
The foundation has set a series of goals for 2013, including hosting a Bitcoin conference in Silicon Valley next spring, publishing a set of best practices for businesses that transact in bitcoins, and creating a certification process for Bitcoin businesses.
“My hope is that the Bitcoin Foundation will be the organization that focuses and unlocks all of your energy and talents towards promoting Bitcoins, protecting them, and increasing their legitimacy through standardization,” Peter Vessenes, the group’s executive director and the founder of the Seattle start-up CoinLab, wrote in a letter posted on the foundation’s website. “We can help solve or mitigate these problems as a community.”
So how do bitcoin exchanges create a safer environment?
Currently, most exchanges are hot wallets, meaning they’re connected to a server running a live connection to the bitcoin network. Most exchanges prefer hot wallets for customer service reasons.
“People want to add and take out [bitcoins] on a 24/7 basis,” says Matonis. “They don’t want to be subject to normal banking hours.”
But hot wallets leave more room for security exposure by hackers. Matonis believes, like banks that have teller drawer cash and vault cash, exchanges should have a mixture of hot and cold wallets, the latter essentially being a computer in storage.
Whereas now users can take out large lump sums of bitcoins, Matonis believes the system would be more protected if large numbers of bitcoins took time to process through the bitcoin host.
Matonis is convinced top-notch security experts who work for big banks and brokerages like Wells Fargo and Chase could secure the networks, but most bitcoin exchanges are non-profits and don’t have the money to hire experts.
Shtylman runs Bitfloor out of an office in New York. As the only employee and stakeholder, he doesn’t have the money to pay a security expert, especially since he’s decided to pay back the users who lost bitcoins during the early September hack.
“The exchange is bootstrapped with my time and funds,” Shtylman says.
Shtylman says most news stories focus on the negatives of bitcoin, so by paying back victims, Shtylman hopes to push the currency forward in a positive way and gain user’s trust.
But the payback isn’t going to be easy. Because the currency’s transactions are irreversible, the stolen bitcoins cannot be retrieved and returned. And there isn’t a chargeback feature, like what’s available for credit card purchases.
“The irreversible nature shifts the power balance somewhat to the merchant,” Matonis says. “But it’s those cash-like features that drive bitcoins popularity. Bitcoin isn’t going to make every other payment method irrelevant, it’s just going to give people another choice.”
For security purposes, some bitcoin exchanges are implementing the use of intermediaries or escrow agents. These agents hold the bitcoins from the merchant until the buyer received the purchase and is satisfied with it. Matonis says banks could fill the role as escrow agents for bitcoin exchanges.
But for Matonis, the most important security step lies with the bitcoin network. As the focal point for the open-source technology surrounding the currency, the network needs to do a better job providing exchanges with more detailed security standards. “Right now, its figure it out on your own,” he says.
Those strategies will develop over time, says Shtylman, but since bitcoin is still new and relatively unknown, most exchanges will have to learn the hard way.
Brian Browdie contributed to this report.