Bitstamp’s recent hacking woes suggest that security in the bitcoin world seems to be getting worse, rather than better. Whether it’s down to external attacks, or internal irregularities as alleged at Mt Gox, it’s clear that something has to change.
When bitcoin wallet Blockchain experienced its own security problems in December, decentralised cryptography expert Emin Gün Sirer noted that the standard security practices among technology companies would not stand up in the bitcoin world.
Too much was at stake, he said. Social media companies may hold pictures of your pets, but your bitcoin account holds something more valuable. It seems reasonable that the cryptocurrency world should be held to a higher level of account than, say, Twitter (although a hacked Twitter account can still have pretty devastating results).
“We certainly need better security practices, as we have seen from the constant stream of spectacular failures of bitcoin exchanges,” he told CoinDesk more recently. “These services have been failing at the rate of one major failure every two months, leaving many distraught people in their paths.”
So, if we accept that companies holding real live funds for customers should have higher security standards, what should those standards be?
If bitcoin companies shouldn’t be looking to the general technology sector for their security, then they’ll need to look elsewhere. Perhaps the banking industry might be able to offer some sage advice. Banks have been valiantly trying to stop hackers from pilfering their customers’ data for years. Could bitcoin companies learn something from them? Given JP Morgan Chase’s recent losses, maybe not.
The JP Morgan Chase hack was undeniably bad, but there’s a key difference between that and a hacked bitcoin account. JP Morgan customers lost personal information, but not money. If a hacker targets your bitcoin account, your funds are gone.
Former digital forensics investigator Michael Perklin is president of the CryptoCurrency Certification Consortium (C4), which has developed a certification for cryptocurrency professionals. He argues that bitcoin companies must go beyond even banks in terms of security:
“If someone breaks into a bank and someone edits their database to say ‘Now I have a million dollars than I have before,’ or they wire transfer funds out of the bank to go to another bank – then all of that is traceable and reversible.”
Conversely, he argued that on-blockchain bitcoin transactions aren’t, as some exchanges and other bitcoin services have found to their cost.
“With bitcoin, once you’ve taken the keys and transferred them someone else, there’s no way to get them back without relying on traditional law enforcement,” he warned.
If bitcoin companies can’t look to Silicon Valley or to banks, then where can they look? Perhaps to themselves.
“It’s high time for the exchanges to realize that they are in this together, that a perception that bitcoin is insecure hurts the entire ecosystem, and it’s in their best interest to establish practices (like the use of strong databases, multisig wallets, real-time proof of reserves, and trustworthy computing) for the entire industry,” Sirer said.
One area where exchanges could improve is software development, argues Charles Hoskinson, cryptography expert and former CEO of Ethereum, who is now working on an educational project around cryptocurrency.
“Exchanges need to clean up their acts and create a standards body for proof of solvency, along with smart contracts to regulate behaviour and restore trust, he said, adding that many exchanges are startups with limited resources. “That’s the other problem, which is that the software is pretty crummy.”
Building secure software is difficult. In 2003, Microsoft froze its entire development cycle for months, and effectively retrained its developers from the ground up to write more secure code. It began outlawing functions in different software libraries, forbidding its developers to use them.
Microsoft even designed a whole process, called the Security Development Lifecycle (SDL), to create software that was bulletproof (or, at the very least, contained fewer holes than the average lump of Gruyere).
Software development alone is not enough, however (and in Bitstamp’s case, it isn’t entirely clear where the vulnerability lay that allowed hackers to steal bitcoins from the company). There are other issues to consider, too, including infrastructure management. Elements such as change control and security patching are crucial for the operation of a secure environment.
Internal processes must also get better, experts say. Performing suitable background checks on personnel responsible for keys is one example, argued Perklin.
The good news is that some of these secure processes can be hard-wired into the technology used. Multi-signature technology is a good example. You may vet your senior executives responsible for accessing private keys, but having a system that requires several of them to authenticate a transaction would help to minimise, if not entirely eliminate, the risk of corruption and blackmail.
If they don’t get their heads around this, the danger for organisations holding peoples’ cryptocurrencies is that they end up having someone else regulate it for them. Too many big thefts may draw interest from policymakers who may take matters into their own hands.
“If there are enough customer complaints, regulators might just be compelled to step in with their usual heavy-handed approach,” said Gun Sirer, adding that he hoped the industry pulls itself together before that happens. “I’m in favour of getting the industry to clean up its own act.”
There’s certainly enough money floating into the bitcoin community to pay for some grown-up programmers. CoinDesk’s State of Bitcoin report in January documented venture capital investments in bitcoin reaching $433m, and $335m of that happened in 2014. That’s a lot of salaries for technical security leads.
Search image via Shutterstock