Bitcoin: your handy guide to digital pickpocketing

Bitcoin is the closest we’ve ever got to a workable digital currency, but its rapidly rising value through 2013 has attracted thieves as well as speculators — and despite its magic, it’s not invulnerable.

The more libertarian and anarchist ends of internet culture have long dreamed of a digital equivalent to cash — money that can be used to buy and sell goods and services online without having the transaction tracked by an intermediary like a fee-hungry bank, or credit card company, or a taxation-hungry government. But how do you create the digital equivalent of a banknote when, in the digital realm, anyone could make a perfect copy in an instant? Counterfeiting would run rife, and the currency would be worthless.

There have been various attempts to solve this conundrum using complex mathematics related to that used for encryption and secure digital signatures — hence the term “cryptocurrency” — but the most sophisticated came in 2009 when the bitcoin protocol was published by a person or persons unknown using the pseudonym Satoshi Nakamoto.

It’s impossible to explain here how bitcoin works in detail. But at its core is a public ledger of all bitcoin transactions, called the “blockchain”. Maintaining that ledger is a task shared by many computers around the world.

The fact that user X owns a certain balance of bitcoins is public knowledge, thanks to that ledger — although users are identified by their random bitcoin addresses, which act as pseudonyms. When user X wants to transfer some bitcoins to user Y, X signs the transaction with his or her secret encryption key and broadcasts the fact — and the network of computers does the crypto-math to confirm that it’s all legit, and the transaction is added to the ledger.

It’s actually more complicated than that. While each bitcoin has its own identity, just as each banknote has its own unique serial number, they can also be combined or split to make change. All this is recorded in the blockchain ledger.

As the chain of transactions has grown ever longer, the amount of computing power that’s being deployed to confirm new transactions has also grown massively, to the point where it’s now 256 times more powerful that the world’s top 500 supercomputers combined. But it’s worth it: anyone participating in the process is paid with more bitcoins.

But with all the crypto-math precautions, bitcoin users are still vulnerable to some good old-fashioned crime.

For a start, bitcoins can be stolen. A bitcoin “wallet” is just a file on the user’s computer, so hackers are able to just take a copy, along with their secret key, and start spending — especially easy of the wallet hasn’t been encrypted or password-protected. If someone’s got the secret key, then there’s no way to distinguish them from the real owner.

Some bitcoin users have used web-based wallet services rather than holding onto the bitcoins themselves — which means the wallets can be stolen in bulk, as happened to a young Australian known as TradeFortress. Similarly, any merchants could just make off with any bitcoin credit they happened to hold on people’s behalf, as seems to have happened in the massive Sheep Marketplace heist.

While it’d be theoretically possible to trace the bitcoins through the transaction ledger, that’s made difficult when the criminals use so-called “tumblers” — software that automatically splits and re-combines bitcoins at high speed through a large number of fake users, shuffling them so thoroughly it’s hard to see which bitcoins went where, or at least to figure it out before the crims have long since departed the scene.

None of these are problems with bitcoin itself. It’s digital cash, and just like regular cash it can be stolen and laundered. But it’s a new arena, and not everyone at the libertarian and anarchist ends of the spectrum are eager to bring in old-school law enforcement.

This article first appeared on Crikey.


Notify of
Inline Feedbacks
View all comments