Cryptocurrencies, especially Bitcoin, have been a hot topic in recent months. While Bitcoin is standing out as perhaps the most successful cryptocurrency, there are a wide range of security concerns emerging, as the currency can be vulnerable amid transactions or potentially attacked within its online storage pools and exchanges. In fact, recent discoveries have indicated that Bitcoin is not fully secure against attackers who are attempting to steal from the “honest” Bitcoin participants (known as “miners”), sparking major research on the topic of cryptocurrency security.

Here’s a basic and brief overview of Bitcoin, cryptocurrencies, and what to know about the growing security concerns surrounding this new cultural wave.

What Is Bitcoin and Cryptocurrency?

Bitcoin is viewed as the first successful employment of cryptocurrency, which relies on cryptography to produce “currency” and authenticate related transactions. While there were several attempts as far back as the 1990s to create forms of digital money, the concepts of Bitcoin were first introduced in early 2009 by a researcher using the pseudonymous name, “Satoshi Nakamoto.” Claiming he never intended to invent a currency, Nakamoto said he created a “Peer-to-Peer Electronic Cash System,“ with the main purpose of inventing what several others failed to create before digital cash. Perhaps the most important part of Nakamoto’s invention was that he discovered how to build a decentralized digital cash system, which goes against the standard system of a centralized server keeping record of the balances to prevent double-spending.

How Does Mining Work?

Controlled by the users of the currency around the globe, cryptocurrencies—namely, Bitcoins—require confirmation from miners before being sealed/confirmed. If a transaction is unconfirmed, it is considered “pending” and can be counterfeit. Once confirmed, the Bitcoin can no longer be forged or fabricated, making it part of an unchangeable record of proven transactions in what’s known as a blockchain. (More discussion on blockchain’s relevance to cybersecurity coming in future articles.) In other words, miners take transactions, confirm them, and then distribute them throughout the network, requiring every computer, or node, to add it to its database. As this process occurs, miners are rewarded with a token of the cryptocurrency—Bitcoins, for example.

Security Concerns with Cryptocurrencies

While still not fully understood by most people across the world, it is important to know that many banks, governments, and worldwide organizations are aware of cryptocurrencies, and they are studying and evaluating their use and emergence as a viable currency on an ongoing basis. While the Bitcoin we know today was built on the proof-of-work principle that transactions can be securely processed on a decentralized peer-to-peer network, without the need for a central collection institution, the mining and transaction processes are not entirely secure. In fact, conspiring participants can impose upon of the flaws found within the process.

Here are five key security concerns that can lead to potentially harmful attacks and threats with the use of cryptocurrencies:

    1. Selfish Mining— This allows a sufficient size pool of “selfish miners” to gain revenue larger than its ratio of mining power, which forces “honest miners” to spend their cycles on blocks that won’t make it to the blockchain.
    2. Double Spending— This allows an attacker to successfully make more than one transaction using a single coin, which invalidates the “honest” transaction.
    3. Wallet Software/Distributed Denials of Service Attacks (DDoS)—“Wallets” are client-side applications used to manage Bitcoins and transactions of Bitcoins from/to the client and can be accessed online or via download. Online wallets are more vulnerable to DDoS attacks since they need encryption and are backed off-line.
    4. Acquiring Greater Than 50% Computing Power— This is when any conspiring user acquires more than 50% of the computing power in mining process, which can also lead to other attacks.
    5. Timejacking— This happens when an attacker announces an inaccurate timestamp while connecting to a node for a transaction, altering the network time counter and deceiving the node, which can cause double-spending.

While the networks of cryptocurrency are still in development, threats to the mining process are looming, and it’s important for individuals and organizations to not only be aware of this phenomenon but to also be prepared in the event of an attack, and to understand how this new form of currency could be manipulated for illicit gain. Contact us today to learn how LBMC Information Security’s team is uniquely equipped to handle the most technical of IT security assessments.