How secure are cryptocurrencies?
An overview on some frequently asked questions about cryptocurrency cyber security
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.
Many of us in cyber security recall those early days spent musing or mining Bitcoins on deprecated servers as a way to save them from a lonely existence on a rack in the data center. It started as another form of tinkering, an experiment. But when I first heard of friends investing large sums into an actual marketplace of the stuff my reaction was as unintelligible as the ciphertext itself.
As with any technology that reaches critical mass, Blackpanda aims to address the security considerations top to bottom.
We believe that with great exposure comes great responsibility.
This series will introduce concepts related to security, privacy, and exploitability of blockchain technologies known as crypto.
What is crypto?
Crypto(graphy), as it applies to cyber security, always meant the concealment of data from prying eyes. In the modern dialect, “crypto” refers to a digital asset created and maintained by a distributed network of servers. Each crypto technology depends on the application of cryptography to authenticate transactions, establish the non-repudiation of the asset, which is how each unit derives value.
What is cryptocurrency in simple words?
Think of our current financial systems. Currency typically circulates through a country or union of countries as coins and paper bills. One source of truth, the US Treasury or the European Central Bank, will regulate the flow and enforce standards, security, and a transparent accounting of the bills and coins. In reality, most currency today occurs in digital form–credit.
How did crypto start?
Cryptocurrency first got popular in 2009 with Bitcoin being mentioned in a theoretical white paper published under a pseudonym. The author espoused the value of a peer-to-peer cash system.
We all know what became of this once-obscure proclamation. There are now close to 8,000 cryptocurrencies in circulation across the globe, with a total market capitalization that topped USD 3 trillion in November of 2021. This is because the anonymous alternative to cash appealed to both criminals and common consumers, which resulted in mainstream adoption.
Is crypto considered a security?
This is a commonly asked question and, while it may seem like a leap to go from a trendy financial innovation to foundational economic tools, it is important that we address it.
Aside from data protection, it is important to clarify another definition of security. Financial securities, like equities or bonds, are “instruments” that represent monetary value and facilitate exchange. You can trade securities just like you can trade a dollar for four quarters to make change for the parking meter (another analog technology replaced by digital payments, by the way). While you might think of cryptocurrencies as securities, they are traded on consumer platforms much like regular equity or foreign currency, the SEC has yet to classify or regulate Bitcoin or Ethereum as such.
Certainly a topical tangent worthy of additional reading, but it boils down to crypto’s value to investors and whether or not there is an expectation of profit.
Financial institutions and formal boundaries exist for traditional securities. Many conflate the definition of a traditional security for the mathematically proven asset that is a unit of cryptocurrency. Both have financial importance to individuals. Yet given how unmonitored these currencies are for their worth, Blackpanda continues to track the threat actors targeting both developers and individuals as part of our mandate to assist those in the event of an attack.
Why is cyber security an important consideration for crypto currencies?
The same way we expect a degree of reliability from traditional financial systems, we need the technology companies that run cryptocurrency platforms to win our trust as well. Though they take a completely different position on where or how that regulation happens, both crypto and traditional systems aim to prevent fraud, counterfeit, and theft.
Crypto systems opt for decentralized control. Each technology designs its own transparent method of authentication and verification at each stage of the blockchain. Meaning that for each operation performed on the ledger there is proof of the computation and action attributed to the individual performing it that is visible to all. This establishes security through the many eyes principle. This idea holds that the more visible something is, the more likely you are to find flaws. Collectively, this principle can improve the accuracy and quality of anything from data to open source software.
In this series we will focus on security as a theme across blockchain technology and its many applications. We will address attack vectors and predictions that will challenge the technology firms and exchanges powering crypto. We will also take the perspective of what security looks like to you, the crypto investor or consumer.
Interested in speaking to a DFIR specialist?