How safe is your cryptocurrency? Fact-checking crypto hacking
News of the latest cryptocurrency hacking saga frequently makes front-page headlines.
Granted, there have been cases of crypto hacks resulting in devastating losses. However, media coverage can make it seem as if cryptocurrency systems and technologies are at the mercy of any amateur hacker with 10 spare minutes on their hands.
The reality, however, couldn't be further from the truth.
Peering beyond the headlines, there's much more to this story than first meets the eye.
The facts on crypto hacks
A good place to start in establishing the facts around cryptocurrency 'hacks' is to explore just what such a 'hack' or attack might consist of.
Let's consider a few scenarios.
Scenario A: Network attack
Decentralisation is at the core of cryptocurrencies; they function independently of governments, banks and other third parties. This is possible thanks to blockchain technology, a completely decentralised and distributed online ledger system responsible for maintaining transaction records.
All this means that there simply isn't a central point in a blockchain network for hackers to target. There is no hub or server; there are no headquarters -- nor are there industry insiders to corrupt. Cryptocurrencies and the blockchain technology they use are decentralised. They are maintained by global user networks.
Decentralised blockchain technology relies on consensus to create transaction records. An entire cryptocurrency network is involved in confirming valid transactions and recording them correctly.
Hypothetically, if a network member -- or pool of members -- had at least 51 percent of the blockchain network's computing power, they could control the development of transaction records from that point. However, there are limits to what such an attack could achieve.
Such an attack could not:
- Create coins out of thin air
- Steal coins
An attack of this nature would allow attackers to control the development of transaction records for a time. However, this would only advantage attackers by allowing them to spend their own coins more than once. Given the exorbitant financial cost to operate enough nodes to gain computational control of the Bitcoin network, such an attack seems pointless.
If not an attack on the network, what about targeting individuals within the network?
Scenario B: Private address hacks
Cryptocurrencies are digital money kept secure by complex cryptography, and each address (payment destination) comes with a public and private pair of keys that make transactions possible. These keys are actually long pieces of mathematical information that work together to solve a complex maths equation, allowing the transfer of funds from one address to another.
Put simply, coins can only be spent if someone has access to the associated private key. The rules of maths on which the whole system is built won't have it any other way.
What's more, we're talking about complex maths that makes it simply impossible to guess someone's private key. Trickery and/or poor security practices are the only means by which an attacker could gain access to someone's private key -- short of the owner providing it.
If a user's private key is kept private, stealing funds from a private cryptocurrency address is mathematically out of the question.
Scenario C: Service and exchange hacks
Cryptocurrency networks cannot be attacked, and private addresses cannot be hacked; however cryptocurrency exchanges and services are legitimate targets.
This is because exchanges keep a portion of user funds -- the percentage varies -- online in 'hot' storage to make fast transfers possible. Exchanges also store user account passwords and private keys, and if these are not stored securely, user accounts can be vulnerable to hacking.
However, attacks on exchanges will also prove futile if stringent online security is the norm. Most exchanges, such as Cointree, encrypt user details many times over and keep the majority of funds offline in 'cold' storage -- far from the sticky fingers of would-be hackers.
Furthermore, it is widely advised that users use exchanges solely for the purpose of exchanging cryptocurrencies, and to then transfer coins back to a private account. Together, these measures protect against hacking attempts.
Crypto hacking: the verdict
Cryptocurrency hacking attempts are only as good as the poor security practices that they breach.
If cryptocurrency users choose their exchanges wisely -- and if all users keep their private keys private, hacking attempts will ultimately yield little coin.