Thanks to blockchain technology, cryptocurrencies are more secure than existing currencies, banks, and financial institutions. Transactions recorded in a public, distributed ledger are more transparent and harder to tamper with.
However, there are two sides to the coin.
Cryptocurrency transactions and blockchain ledgers do have some security weaknesses, but they aren’t necessarily the fault of the underlying technology. Actually, the structure of Bitcoin and its blockchain means there are aspects to every transaction that are virtually bulletproof from a security standpoint.
Bitcoin Transactions: Decentralized and Transparent
All financial transactions are recorded on a ledger. It’s a massive database of movement, details, and records. It’s how your bank knows how much money you have in your account. But whereas banks use a centralized ledger, Bitcoin and other cryptocurrencies use a distributed ledger. A distributed ledger is more secure than a centralized ledger. In the case of a centralized ledger, one company has complete control over it—no outsiders can see or edit its contents.
But what if someone hacks the ledger? Can we verify transactions? How can we be sure that banks are operating their ledgers honestly? When banks are audited, can we trust those third-party auditors?
In contrast, a distributed ledger (i.e. a blockchain) is decentralized. Not one person controls it, making it much more tamper-proof. The ledger is duplicated many times across several computers (or nodes) in a network, all of which are kept in sync. In the case of Bitcoin, there are more than 10,000 nodes, each tracking the ledger of Bitcoin transactions.
If someone tries to tamper with one of your Bitcoin transactions on a single node—for example, by increasing its value—the other nodes will reject the changes. Joe explained the blockchain ledger in more detail if you’d like to learn more about how it works.
What Is a 51 Percent Attack?
While the underlying blockchain technology will keep your Bitcoin transactions secure in theory, things are a little different in practice.
For example, proponents will point to the blockchain as Bitcoin’s biggest security asset. However, consider this: the nature of Bitcoin’s blockchain means anyone can join it and become a node on the network. But if anyone can join it, how can you be sure that a hacker conglomerate won’t add enough nodes to the network to wrest control of it?
After all, “only” half of the nodes in the Bitcoin network need to agree on a change for it to be rolled out across all the synced computers. Someone with that level of control could reverse transactions, spend the same coin twice, stop other miners from creating valid blocks, or block legitimate transaction confirmations.
In other words, any entity who controls at least 51 percent of the nodes on Bitcoin’s network can control the whole blockchain.
And worryingly, it’s not as far-fetched as it might sound. Indeed, it almost happened with the Ghash.io pool in 2014, and the near-miss called the entire integrity of blockchain security into question.
The community’s response was to immediately add more hashing power if any single entity gets near 40 percent. For large currencies—like Bitcoin—that should be enough protection (though some experts believe think someone with 40 percent control could still overcome the need for six-deep transaction confirmations).
However, smaller currencies are still at risk. As recently as June 2018, ZenCash suffered a 51 percent attack and more than $550,000 ZenCash was double-spent. In 2018, criminals also targeted Bitcoin Cash and Verge. Evidently, 51 percent attacks are becoming more common.
The Risks in a Bitcoin Transaction
The wallets where you store your Bitcoins also have their own transaction risks and security issues. The weaknesses fall into two categories: private keys and hot wallets.
Private Keys: Every Bitcoin wallet has two keys, a public key and a private key. The public key is kind of like a digital address and is what people use to send you funds. The private key is how you authenticate your transactions when you want to send funds. Quite simply, if you don’t have control of your private key, you don’t have control of your Bitcoin transaction.
We can illustrate this using email. For people to be able to send you messages, you need to share your email address with them (public key). But to access, view, and send messages from your account, you need your password (private key). If someone has your password, they can send emails without your knowledge. Similarly, if someone has your private key, they can send Bitcoin transactions from your wallet without your knowledge.
Hot Wallets: Bitcoin wallets come in two forms, hot wallets and cold wallets. Hot wallets are connected to the web and accessible online while cold wallets refer to offline storage.
If you use a hot wallet, any flaws in the app or exchange that hosts your wallet will leave you exposed and the blockchain won’t help you. If the wallet host is hacked, criminals can make unchecked Bitcoin transactions on your behalf and drain you of all your Bitcoins with no way to recover them. Remember, there’s no bank or centralized organization that’s looking out for suspicious activity on your account!
Smart Contracts: It’s also worth mentioning smart contracts, which aren’t available in Bitcoin but are available in the world’s second-largest blockchain, Ethereum. (It’s one of many differences between Bitcoin and Ethereum.) Smart contracts add additional functionality to the blockchain by letting users transfer assets between each other without the need for a middleman.
Here’s how Ethereum creator, Vitalik Buterin, describes smart contracts:
“An asset or currency is transferred into a program, and the program runs the smart contract code. At some point, it automatically validates a condition and determines whether the asset should go to one person, back to the other person, whether it should be immediately refunded to the person who sent it, or some combination thereof.”
But anyone with enough knowledge can write smart contracts, and thus they’re prone to human error.
The greatest example of this was DAO, the largest crowdfunding project in history. Hackers spotted a flaw and were able to steal more than $3.5 million of Ether. The Ethereum community’s solution was to rollback the blockchain to its pre-attack state, but this is not a viable long-term solution.
If we are to believe crypto advocates when they say that smart contracts will revolutionize the way we do business, issues like this need a long-lasting resolution. Failure to do so will lead to the integrity of all crypto transactions being called into question, which is the one thing a distributed ledger was supposed to help with in the first place.
And so, back to the original question: How safe are your Bitcoin transactions? As long as you follow basic crypto security principles, you should be fine. Don’t store money in hot wallets, don’t share your private keys, and don’t assume every single blockchain is immutable. That’s about the most you can do.