BITCOIN IS LESS VULNERABLE THAN YOU THINK

Superman had kryptonite. Achilles had his heel.

The 1927 Yankees led by Babe Ruth and Lou Gehrig, often considered history’s greatest baseball team, had trouble beating the sixth-place Cleveland Indians.

Standard Oil got too big for its own good and had to be split up.

Investment banking giants Lehman Brothers and Bear Stearns, which once controlled over $1 trillion in assets and featured some of Wall Street’s sharpest minds, succumbed to greed in the subprime mortgage crisis.

The rating agency Equifax, which boasted of its ability to safeguard individuals’ financial information that it shares with clients, left a gap in its cyber defenses, allowing hackers to access data for 143 million customers. Hewlett Packard, IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, and Computer Sciences Corporation, all companies at the forefront of tech innovation, have been victims of cyber espionage, allegedly from China’s Ministry of State Security.

Even gold, a naturally occurring element—AU, number 79 on the periodic table—that no other naturally occurring substance can obliterate, has a weakness if you consider that its price fluctuations stem from macroeconomic events and historical susceptibility to scams. In 1869, war hero Ulysses S. Grant saw his presidency scandalized after his brother-in-law and two acquaintances influenced his decision to stop selling gold, a practice he had used to pay off the country’s enormous Civil War debt, so that they could corner the gold market. Grant sniffed out the scheme shortly after it launched, but by that time it had sent gold prices plunging from about $160 an ounce to under $140 in what became known as Black Friday. The drop sent the stock market into a tailspin and led to an investigation in which the revered leader of the Union army was exonerated but at the cost of at least part of his good reputation.

Everyone, everything, and every organization, the biggest and smallest, fictional and nonfictional, in every aspect of life has a weakness. They’re all susceptible in some way to attacks or other events that can harm them. This vulnerability is part of the human condition. To be sure, some are more vulnerable than others.

The Grant episode and a few others notwithstanding, gold has largely operated above the fray because of its imperviousness to destructive forces. To be sure, it can be molded into different shapes, but the basic composition that makes it valuable is unchangeable. Gold is a naturally occurring element, as opposed to being a compound, composite, or alloy made of other things. In this regard, gold is uniformly the same everywhere in the world. Superheat gold and it merely melts or turns into another shape. It is extremely dense, and thus heavy, making it hard to counterfeit using lighter substances. In its lengthy history as a store of value, it has been largely resistant to dramatic price swings and misdeeds. It obeys no single authority. Gold is the best physical example of a decentralized asset class. Anyone can find gold, and anyone can own gold.

I suppose Ian Fleming, the creator of James Bond, understood gold’s timeless properties best in Goldfinger, where the aptly named villain, Auric Goldfinger, doesn’t even try to steal the world’s largest store of gold, but rather aims to contaminate it with radiation that will last 58 years and boost the value of his own supply. Bond fans remember the dirty bomb stopping seven seconds before it exploded.

This chapter considers whether Bitcoin is vulnerable, and I’ve indirectly already answered the question. It is vulnerable. But in this regard, it bears another similarity to gold, the asset to which it is most compared.

Coming from a Bitcoin evangelist, this may seem sacrilegious, but part of being a good advocate is offering an honest appraisal. Paint too rosy a picture and people start to doubt. Describe something that has blemishes and it becomes believable.

Bitcoin is not perfectly secure because in life, nothing ever is.

To be sure, Bitcoin, like gold, comes closer than any object of value to being invulnerable. It cannot be demolished, wrecked, or ruined—not because it’s a physical element—rather because there is nothing to destroy, unless you count a paper or hard drive wallet, but even then, a savvy bitcoin investor would otherwise know their key or have proper backups. Bitcoin itself doesn’t physically exist in a single location. There is no coinage or legal tender. And the system itself does not depend on a single person, company, or institution. Bitcoin is not open to a single point of attack that could compromise its entire existence. Rather, the Bitcoin “system” is spread out across the whole world over the entire internet, encompassing hundreds of thousands of machine nodes, and many millions of users and their computing devices. How would you destroy or turn off something like that?

Its vulnerability, to the extent it exists, comes from individual errors or inaction resulting in loss of funds. If wallet holders share their private key or do not follow certain safety precautions, it could lead to the loss of their bitcoin. It’s worth pointing out that even in a scenario of coin loss, the bitcoins themselves have not disappeared, as there will always be a maximum of 21 million bitcoins. Bitcoin is also vulnerable to a foul-up by one of the many service providers that form Bitcoin’s growing infrastructure. Such mistakes are often the result of individual misdeed, or more often misjudgment, such as a manager failing to address a gap in a company’s defenses or not reacting quickly enough to a new threat. These are all understandable problems.

EVERYTHING IS VULNERABLE

No industry or system can ensure that all its participants are ethical, capable, and intent on following the right practices. If someone robs a bank in Utah, or even if there’s a larger cyber event such as the data breach of JPMorgan Chase involving over 70 million customers, do you indict the whole banking industry? Or if there’s questionable behavior, such as the Wells Fargo scheme to charge people for services they hadn’t requested, or the 2020 lawsuit alleging that Bank of America, Wells Fargo, JPMorgan Chase, and US Bank reshuffled Paycheck Protection Program loans to prioritize those businesses likely to make money—does that mean the whole industry is rotten? The lawsuit, which was still pending at the time of publication, was among the latest blows to the banking industry’s reputation. However, I can assure you that the day after the filing of the lawsuit, banks nationwide operated as usual, just as they have following other stressful events. A well-documented 2014 study published in Nature magazine found that banking culture fosters dishonesty,¹ and yet banks didn’t start shuttering. (To be fair, a 2019 Berlin-based study called the earlier report into question.²)

Airlines and trains continue to operate even after crashes. The automobile industry survives recalls, not to mention ongoing concerns about its negotiating tactics. The reason is because they are fundamentally sound and continue to provide valuable products and services.

I suggest approaching Bitcoin the same way. The industry has had problems just like any other industry, particularly in its early stages of development. But observers should not misinterpret those issues as a profound problem with Bitcoin itself. The mechanisms that went into the creation of Bitcoin are every bit as solid today as they ever were. And those mechanisms should not be conflated with the wider ecosystem of trading and custodial services offered by a variety of firms. While some of these firms have had issues (and likely there will be more issues in the future), these difficulties should not be used to undermine Bitcoin or other cryptocurrencies, as they themselves are fundamentally sound.

It bears repeating here that the term Bitcoin encompasses two distinct parts of the Bitcoin universe. Bitcoin with a capital “B” describes the overall platform that sends the cryptocurrency into the world at regular intervals and enables investors to hold and trade it. Bitcoin with a lowercase “b” describes the unit of the currency. But this is irrelevant to the issue of vulnerability, unless you consider the companies that service Bitcoin part of the capital B, the Bitcoin system. But this would be an error. Bitcoin is no more responsible for Bithumb’s, Binance’s, or some other major exchange’s security breaches than the Federal Reserve is for the bank robberies or the breaches of Goldman Sachs, Deutsche Bank, or another banking or financial services firm—big or small. Find an industry or any movement that’s grown large enough that doesn’t have problems, and I’ll tip my hat to you. It doesn’t exist. In any industry, problems come with scale. As more players whose movements cannot be controlled or monitored establish a foothold, the chances for issues increase.

THE GREATEST PROTECTION

Of course, some people believe that Bitcoin’s decentralized nature opens it to multiple points of attack. They postulate that without a central authority, Bitcoin has no sheriff for protection. Theoretically, any participant can strike Bitcoin. In my view, these people are reflecting their own biases toward traditional, centralized systems, conveniently forgetting their vulnerabilities.

Decentralization is the greatest protection of all. It eliminates a single target that can bring down an entire system. Bitcoin has no central computer system managed by an IT department that can be attacked. There are no unscrupulous contractors that might be engaged who could unlock a control tower, giving them access to someone’s information or even assets. With Bitcoin, there is safety in the herd, with everyone potentially available to watch for something that doesn’t add up.

Think of trying to break into a bank vault with a few hundred thousand people watching you try to crack the combination. Every transaction must add up, with no duplicates allowed, before miners can add it to the public ledger—the blockchain. And miners will continue to participate in increasing numbers because of the bitcoin rewards they can receive. Bitcoin is a self-reinforcing system.

Bitcoin was purposely designed this way, creating a positive self-reinforcing cycle. As it proves itself impervious to serious attacks, Bitcoin becomes more valuable, convincing more people to participate, which widens the circle of potential observers, making it even more secure, and, in turn, more valuable. Or to put things more simply, the greater the global mining hash power, the more secure Bitcoin becomes. To the chagrin of governments and regulators worldwide, Bitcoin has now become a de facto standard as the global digital currency. Ask anyone who understands the industry.

Bitcoin’s components, taken together, create an almost impregnable firewall against evil intent. It is nothing short of a scientific breakthrough in its preventative, self-healing qualities and ability to grow stronger as the network expands. To claim that Bitcoin is insecure is to attack scientific logic.

I say “almost” because as I pointed out at the beginning of this chapter, nothing is perfect. The one small opening that Bitcoin leaves is the so-called 51 percent attack, in which malicious miners assume control of over half of a cryptocurrency network’s computing power, in order to attack it by slowing down or censoring transactions. This attack was successfully used in 2016 against two lesser-known cryptocurrencies, Krypton and Shift. But the likelihood of a group reaching a similar outcome against Bitcoin’s enormous network is less than miniscule. It would take an enormous effort to coordinate such an assault, which is particularly difficult given the number of mining groups and their global spread. I would consider a 51 percent attack a vulnerability in the way that a giant meteor might be a threat to earth. Possible? Yes. Likely? No.

Yet perceptions are hard to shake. The various cyber incidents involving service providers have left the false idea that Bitcoin is more vulnerable than traditional currency. Bitcoin was not the vulnerable piece in those cases. Rather, it was the centralized service providers that got into trouble. We even see people blaming Bitcoin for events beyond its control. For example, in July 2020, Bitcoin critics and casual readers were quick to blame Bitcoin for a Twitter hack, partly because of the distorted headlines of some of the world’s most respected media outlets, including the New York Times³ and BBC. The headlines used the term “Bitcoin Scam,” although the event exploited weaknesses in Twitter security to access the accounts of Barack Obama, Bill Gates, Kanye West, Elon Musk, and other global figures to trick people into sending more than $120,000 in bitcoins on the false pretense that they could double their money. The Late Show host Stephen Colbert, a keen and witty observer of cultural issues, used the term “bitcoin bandits” in his opening monologue a day after Twitter discovered the breach. Even the respected publication Wired misrepresented the hack, describing it as a Twitter Bitcoin hack, although Bitcoin itself was not hacked and it was not responsible for the breach.

Police later arrested a 17-year-old hacker for what cybersecurity experts described as a commonplace, amateurish scheme that could have involved nearly any cryptocurrency to defraud Twitter users. Bitcoin just happened to be his choice, an innocent bystander in the caper. (Have you noticed that for online hackers, Bitcoin is always their target of theft, or the payment of choice when they ask for ransom? Why is that? Bitcoin has some truly great features, and even hackers appreciate them.)

But the incident offered yet another reminder of Bitcoin’s challenge in overcoming preconceived notions about its vulnerability. After reading the Times’ typically well-detailed account of the hack and other stories, I wondered if the headline writers were conveniently playing to public biases or were reflecting their own while looking for a catchy turn of phrase. Perhaps both.

Sometimes I call Bitcoin’s struggles to overcome misconceptions about it the Mt. Gox syndrome. The massive theft of bitcoins deeply affected those who were following it around that time. (Some of the Mt. Gox account holders who lost their bitcoin life savings gave up on Bitcoin entirely.) But in subtle ways it has affected people who have become interested in Bitcoin years after Mt. Gox. They have heard that Bitcoin is vulnerable with Mt. Gox as the most prominent example.

Yet Bitcoin should no more be defined by Mt. Gox than other strong, vibrant industries should be defined by the stains they’ve suffered. Looking at this another way, Wells Fargo had about $1.5 trillion in assets under management as the first stories broke about its attempts to defraud customers. It is now closing in on $2 trillion and has more than 70 million customers. The overwhelming majority of its clients never lost faith in the bank, at least not enough for them to choose another bank.

Too many people also conflate weaknesses in the ecosystem with Bitcoin itself. This confusion reflects people’s uncertainty about the role of companies serving investors. It may partly stem from the very names of these organizations, which often incorporate all or part of the word Bitcoin. If something sounds like Bitcoin, isn’t it Bitcoin? Well, no.

And as I’ve already mentioned, the keepers of fiat systems don’t help matters by amplifying unjustifiable concerns at every opportunity and creating obstacles at the regulatory level, or in other ways. They hope to make people fearful by highlighting Bitcoin’s alleged weaknesses. Look closely at what they are saying and you’ll find a fictional tale. My hope is that Chapter 2 will help clarify what various players in the Bitcoin infrastructure do and how to use them safely.

Deconstructing the misconceptions about vulnerability will undoubtedly take time. It will require an understanding of people’s concerns about Bitcoin and patience to explain logically why they are wrong. It will also require clear messaging and ongoing belief in people’s desire to learn about something that can benefit them.

Some evangelists have perhaps overlooked these principles in their haste to wax poetic about an asset in which they’ve invested large parts of their lives. They would rather describe why Bitcoin is great and how its price will increase—all the while assuming that listeners will be swept up in their enthusiasm. This spirit is common to all entrepreneurs, and anyone involved in Bitcoin in the early days fits into that category.

I know that I can sometimes speak fast and cover a lot of ground in my conference presentations as I try to win converts. So, I’ve tried to think of myself more as an educator, modeling my approach after the teachers I liked best at Lawrenceville and Stanford, and the communication styles of my favorite managers over the years.

They were clear, concise, and meticulous in how they shared information. They treated all questions respectfully, keeping in mind that sometimes people need extra time to grow comfortable with the material, and that a teacher’s goal in the end is to ensure that everyone understands the material. They were willing to repeat information. So, I’ve kept these principles in mind in my interactions with people who harbor doubts about Bitcoin’s security.

I repeat what has become a mantra: Bitcoin is more secure than any other financial platform. I show how there is safety in numbers and that the various hacks stemmed from issues with individuals and companies, rather than with Bitcoin itself. I remind my listeners that traditional institutions have their own gaps and have been victims of some of history’s greatest cybercrimes, and that they endured nonetheless. This is a point that all Bitcoin evangelists have made to the media to dispel their doubts. As I’ve already said in this chapter, a hack of Goldman Sachs or a robbery at Bank of America doesn’t mean the US dollar has been compromised.

Are more breaches of Bitcoin service providers likely? Yes. Could yet-to-imagine hacking schemes occur in the future? Absolutely.

As industries and movements evolve, so do the bad actors looking to grift off them. The Bitcoin industry undoubtedly has its share of people who are tracking it with the hope they one day might be able to steal from it.

But they face a steep climb. Bitcoin’s vulnerability is nothing less than a fiction, a myth that will disappear as its popularity and participation grows.