lolloj - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Bitcoin exchanges maturing, but Bitcoin security still a concern

The Bitcoin market is maturing but security issues, such as private key management, persist. The Bitcoin Foundation gives the good news and bad news regarding Bitcoin security.

SAN JOSE, Calif. -- Bitcoin and its exchanges are maturing, but security risks are still a concern for the cryptocurrency.

Speaking at the IAPP Privacy Academy and CSA Congress Thursday, Patrick Murck, general counsel of the Washington, D.C.-based lobbying group Bitcoin Foundation, and Jason Weinstein, partner at law firm Steptoe & Johnson, discussed some of the ongoing risks as well as new technology to secure the cryptocurrency.

From the start, Murck said, Bitcoin was developed with cryptography; Bitcoin transactions are protected by a private key that only the owner knows. The owner must use his or her private key to sign and authorize any transaction.

But Murck stressed that contrary to popular opinion, the idea that Bitcoin exchanges are anonymous is a complete myth.

"You are about as anonymous using Bitcoin as you are surfing the Web," he said. "Generally speaking, when you have a global public ledger of every transaction that's ever happened associated with a piece of data, then you can correlate that piece of data with a whole bunch of other data."

Weinstein said a comparable equivalent would be if the serial numbers of the every dollar spent were recorded on a public ledger.

"You'd have to do a little more digging to find out I gave you that [specific] dollar," Weinstein said, "but the serial number of dollar I gave you would be recorded and out there for the world to see."

Another concern beyond privacy is the security of Bitcoin private keys, which protect the cryptocurrency from abuse. "Because the cryptography, it's very difficult and nearly impossible to counterfeit that actual transaction," he said. "When you think about what you're trying to secure with Bitcoin … the thing that's at risk is that private key."

If you keep a Bitcoin private key on your Internet-connection laptop, for example, or in the cloud, Murck said, you're creating an incentive for someone to break into your systems and steal the private keys and make unauthorized Bitcoin transactions.

And because Bitcoin isn't insured by the FDIC and there are no credit card companies or banks to protect users against fraudulent transactions, Weinstein said, Bitcoin owners have no way of recouping those funds once they are stolen.

Bitcoin security technology emerging

But there are a lot of solutions to keep those private keys safe, Murck said, including hardware "wallets" or Bitcoin safes. Murck showed an example of a Bitcoin safe called Trezor, made by Prague-based Satoshi Labs, which is a USB device that is air-gapped and conducts Bitcoin transaction authorizations offline.

"When it signs a transaction [with the private key] it happens completely on device, I need a PIN to access it, and without it being plugged into my laptop, I can't sign a [Bitcoin] transaction," Murck said. "No one can really hack this, no one has access to it, no malware can attack it, and it's never online."

Another Bitcoin security benefit, Murck said, is the increased maturity and professionalization of Bitcoin exchanges. In the past, he said, it would be common to see 16-year-old kids starting their own Bitcoin exchanges, only to see them hacked and lose 60,000 Bitcoins. But now more experienced professionals, from compliance officers at banks to security professionals at payment providers, are bringing Bitcoin services to market, he said.

"The incidents of hacks, lost Bitcoins, and all the drama of the past few years has substantially gone down," Murck said.

Still, Bitcoin security issues persist. Last month Dell SecureWorks issued a report showing that an unknown entity was repeatedly redirecting Bitcoin miners' connections to a hacker-controlled mining pools and stealing the profits, to the tune of $83,000 in just over four months. The hacking entity hijacked the connections by abused the Border Gateway Protocol for exchanging routing information between different networks.

Murck said he didn't know if there was any update on the vulnerability or how major Bitcoin exchangers were addressing it, but he did say he expected continued challenges and security concerns as the cryptocurrency grows and matures. "Stuff like that is going to keep coming up," he said. "As soon as you close one gap, another one is going to open up."

Next Steps

Is Bitcoin safe? Expert Michael Cobb reveals the truth about Bitcoin security and cryptocurrency. details how recent hacks have affected the value of Bitcoins.

Dig Deeper on Data security strategies and governance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.