I have been covering many topics related to future technology of late. One topic that has been on my radar but that I have not given much thought to, are cryptocurrencies. Most are likely familiar with the topic through the most well-known variant (Bitcoin), though there are hundreds of more varieties. The phenomenon even has a home in popular culture in Mr. Robot (spoiler alert!), in Evil (E) corp’s attempt to switch the world over to E-coin (as opposed to the traditional US dollar) after the 5/9 hack.
This has been in my periphery for some years now, but I recently grew interested in it on account to 3 factors. Some interest was generated by various segments of The Majority Report which outline the technology’s libertarian roots. However, the major triggers were a combination of viewing a segment on the subject by John Oliver, AND hearing about the David Pakman show being robbed of a few grand in of cryptocurrency.
Both in the same week.
This is not the first time that a hacker has made off like a thief in the night with a bunch of coins. But you could say that it was the first time it hit close to home. If one can say that as a regular viewer of an online personality. Isn’t it interesting this online infrastructure has done for human relationships and interactions?
Anyway, John Oliver covered the topic in enough depth to satisfy the casual viewer, but not mine. I understand skimming over the black box stuff and getting straight to the meat of the issue (this seems to be driven almost solely due to popularity), but I need more. I love peeling back the shell and seeing what circuits lie beneath.
And so that is what I will attempt to do. Peel back the curtain on cryptocurrencies like bitcoin, as well as blockchain, the underlying mechanism that drives them. Blockchain in itself being something that I find myself increasingly running into (there are tv spots advertising the technology now!).
The obvious place to start is the underlying platform that is blockchain.
Simply put, a blockchain is a continually growing, widely distributed, and continuously updated list. The technology was invented along with bitcoin as a completely decentralized way to keep an ongoing ledger of the currencies use, but it could also be put to use in other areas (such as tracking shipments).
In the context of bitcoin, the ledger (along with various forms of cryptography) prevent the so-called double spending flaw of digital currencies. Since a bitcoin is nothing more than a digital file, copies could be made, thus (in theory) ending in an unlimited amount of currency. This glut of non-existent (fraudulent) coins can destabilize the currency by devaluing it (relative to other currencies).
One of the benefits of common and uncommon cryptocurrencies (expect both lists to change as the year’s pass) is the independent and fairly isolated nature of the framing that supports the respective systems. All necessary background data pertaining to past transactions involving the given currency are publicly available, a necessity due to the finite number of bitcoins in existence (the reason why a glut of fake coins would crash the value of the currency as a whole).
As it stands, not all cryptocurrency ledgers have (or likely, will) prove immune to attacks attempting to break the double-spend safeguards, as happened with Ethereum Classic earlier this year.
I should explain Ethereum. Like Bitcoin, Ethereum is yet another variety of cryptocurrency, forking off from what is now known as Ethereum Classic. There are 2 different types of fork (hard and soft):
1.) A hard fork results in 2 (or presumably, more) different and incompatible blockchains (and thus, 2 different types of coins). Ethereum Classic and Ethereum are a good example.
2.) A soft fork results in 2 different blockchains, but with the forking chain being compatible with the parent chain. For example, the SegWit fork in context to Bitcoin. 2 different blockchains, the same pool of coins.
Since the only requirement to creating a fork (hard OR soft) on any blockchain seems to be a good enough white paper, this would seem to make the whole of the system ripe with vulnerability. A malicious fork could net a whole lot of crypto to reward the efforts of the creator, and it’s not entirely clear that most adopters would know how to spot the deception. A completely understandable enigma given that the whole phenomenon is complex as it is.
Though seemingly an exercise in the theoretical, such attempts have been found in the context of the Ethereum blockchain.
From the look of it, the 2 forks seem to do what they are intended to do, but with the downside of sending users private keys to a remote server. A remarkable find given that this key is what users need in order to access the coins in their wallet. If it is compromised, the coins are as good as gone.
Fortunately for the average user, a fair number of organizations seem to be keeping a close eye on the crypto world, watching for these blockchain level scams. When it comes to everyday fraud though, it’s up to all users to be vigilant.
Though a different problem entirely, just as much grief can be caused by the loss of a private key. Whether it’s forgotten, lost or otherwise beyond your reach, so too are the coins held behind that key. If there is no way to retrieve the key, they are as lost as the cash stashed in the cabins of the Titanic.
It’s happened to many users before. Millions of dollars worth of coins lost to forgotten credentials or careless storage. However, this appears to be the first time a coin exchange (the crypto equivalent to a bank) lost its funds due to password negligence. An allegation that I don’t hesitate to use considering that Password managers exist. As much as they annoy me, they would be VERY handy given the circumstance.
As it turns out, the QuadrigaCX scandle was about much more than just password negligence. The guy also had very sticky fingers.
But I am getting a little lost. Possibly, reversed in terms of how I should be presenting this. Either way, back to the origins of crypto.
The most well known of all of them (and most valuable) is currently bitcoin (and has been pretty much since it’s inception and introduction to the market back in 2009). Despite the explosive popularity of the bitcoin whitepaper and the phenomenon that followed (which is now gaining enough economic power to catch the attention of those with a skeptical eye of anything outside of traditional investments), we don’t know who got the ball rolling.
Uh . . . what?! The Mark Zuckerberg of the digital currency world is STILL a mere blank avatar, even a decade out from the debut of his handiwork?
It would seem so.
The name floating around in the absence is Satoshi Nakamoto, his(?) digital pseudonym. From releasing his ongoing project with a cryptography mailing list in late 2008 and the first software (and coin release) in early 2009, right to handing the reins of the Bitcoin black box over to a fellow named Gavin Andersen in mid 2010, we still don’t know the identity of the person behind the pseudonym.
When it comes to obtaining Bitcoin for yourself, you have the choice of either mining for newly minted (well, newly released) coins, or obtaining coins already in the marketplace. Since it is a currency, it can be obtained in more or less the same ways (direct purchase, payment, wages, gambling etc), though the prices for direct purchase are WAY out of reach for many. As of today (August 12th, 2019), the value of 1 bitcoin is $11,374 USD. This is up from the $7,400.00(ish) that it was back in May of this year (when I started writing this).
As for mining, that is also generally out of reach of most of us. Being that it involves enormous amounts of computational power that only the most wealthy investors can afford. Such is the expense of Bitcoin mining that it has a carbon footprint (those servers have to be powered by something!).
Though Bitcoin is out of the reach of most people, there are plenty of other alternative cryptocurrencies that are both valued low enough to be accessible AND requiring of much fewer resources for their mining (such as Etherym and Monero). However, as with how all things involving the internet and anything valuable go, the nefarious are never far behind in their quest to hunt down ever more profitable vulnerabilities.
Enter, the crypto miner.
Though generally not nearly as profitable as ransomware deployed in the right environment (such as corprate, or more recently, municipal networks), crypto minors can become a significant source of revenue if deployed on a large enough scale. Given the wide variety of ways that these minors can distribute themselves, generating massive numbers is generally not an issue.
First, you have the obvious. Browser drive-by downloads.
However, these can be of limited use because any AV worth it’s salt should catch that almost instantly, and if not, certainly after a heuristics analysis.
Where things get complicated is when these minors (or a worm that it is bundled with) takes advantage of old unpatched vulnerabilities in all manor of internet-facing infrastructure. Set and forget devices such as routers and servers. Devices that are often issued patches when these exploits are found, yet devices that almost never actually GET updated in any way (if they don’t ship auto-update capable).
Unpatched older home routers that shipped with unknown bugs (or even idiotic default settings, leaving them far more open to the internet than most owners realize) have become notorious for enabling all kinds of exploitations (from mining to DDoS attacks). However, there is also no shortage of unpatched commercial equipment deployments out there that can easily be exploited for personal gain.
But I am once again, I am off course.
Not that you shouldn’t heed this advice, however (KEEP YOUR DEVICES UPDATED!!). It’s not just good security . . . it’s as much a part of everyday life as keeping your doors locked while you sleep.
This is second only to good password hygiene.
Along with keeping your software up to date, LOSE THE REPEATED PASSWORDS!!
There are many password managers on the market (free and paid) that allow the ease of use of only needing to remember 1 password (for your vault). Take the time to transition your now more secure passwords into a vault and you will have less to worry about if a service you use inadvertently spills your credentials into the wild.
You will only need to change 1 password (as opposed to ALL OF THEM).
It’s 2 relatively easy to implement changes in digital behaviour. But they serve to protect you from 2 growing areas of consumer exploit. Certainly, something to think about if you are considering getting into the crypto game.
I will now conclude this piece. So far, I have covered many downsides of this technology. It would seem, disproportionately so.
Given this, I will now look at some positives.
I think the most obvious one (as outlined by its many proponents) is the focus on the individual, along with the ease of cutting out the middle man in almost every transactional situation. Though offsite wallet storage options for coins exist, individuals can also opt to keep their coins stored on a computer, mobile device, or even a physical piece of hardware (generally connected to a USB port). Transactions of all types are promoted as being more straightforward, with less interference (and of course, fee’s) than one would face when dealing with a traditional banking or lending institution.
We will now pause to explain the concept of the cryptocurrency wallet. It is not quite what it sounds, though the name given helps to make the concept more digestible to the less technically literate. It is less a wallet that stores all your coins than it is a repository of your private key.
Though no coins are actually moved in any of these processes (I know . . . ), it’s all about tracking. In order for coins to change hands, the sender has to know the recipient’s public address (anyone that deals in crypto will have one). It’s a bit like an email address. In order to access these funds, coin owners also have their own personal private key. This is what gives them access to all of their coins, and thus needs to be heavily guarded against theft, loss or human error (OPPS! I forgot my key!).
Either way, I’ll let the Huffington Post’s Ammer Rosic explain some of the positives of cryptocurrency as viewed by its proponents:
How will cryptocurrency help you?
Fraud: Individuals cryptocurrencies are digital and cannot be counterfeited or reversed arbitrarily by the sender, as with credit card charge-backs.
Immediate Settlement:Purchasing real property typically involves some third parties (Lawyers, Notary), delays, and payment of fees. In many ways, the bitcoin/cryptocurrency blockchain is like a “large property rights database,” says Gallippi. Bitcoin contracts can be designed and enforced to eliminate or add third party approvals, reference external facts, or be completed at a future date or time for a fraction of the expense and time required to complete traditional asset transfers.
Lower Fees: There aren’t usually transaction fees for cryptocurrency exchanges because the miners are compensated by the network (Side note: This is the case for now). Even though there’s no bitcoin/cryptocurrency transaction fee, many expect that most users will engage a third-party service, such as Coinbase, creating and maintaining their bitcoin wallets. These services act like Paypal does for cash or credit card users, providing the online exchange system for bitcoin, and as such, they’re likely to charge fees. It’s interesting to note that Paypal does not accept or transfer bitcoins.
Identity Theft: When you give your credit card to a merchant, you give him or her access to your full credit line, even if the transaction is for a small amount. Credit cards operate on a “pull” basis, where the store initiates the payment and pulls the designated amount from your account. Cryptocurrency uses a “push” mechanism that allows the cryptocurrency holder to send exactly what he or she wants to the merchant or recipient with no further information.
Access to Everyone: There are approximately 2.2 billion individuals with access to the Internet or mobile phones who don’t currently have access to traditional exchange, these people are primed for the Cryptocurrency market. Kenya’s M-PESA system, a mobile phone-based money transfer, and microfinancing service recently announced a bitcoin device, with one in three Kenyans now owning a bitcoin wallet. (Let me repeat that again. 1/3)
Decentralization: A global network of computers use blockchain technology to jointly manage the database that records Bitcoin transactions. That is, Bitcoin is managed by its network, and not any one central authority. Decentralization means the network operates on a user-to-user (or peer-to-peer) basis. The forms of mass collaboration this makes possible are just beginning to be investigated.
Recognition at universal level: Since cryptocurrency is not bound by the exchange rates, interest rates, transactions charges or other charges of any country; therefore it can be used at an international level without experiencing any problems. This, in turn, saves lots of time as well as money on the part of any business which is otherwise spent in transferring money from one country to the other. Cryptocurrency operates at the universal level and hence makes transactions quite easy.
It should be noted that the author of this article is also the CEO of a company called Blockgeeks, an organization that looks to be specializing in courses covering everything one needs to know to get in the game of blockchain (and by extension, cryptocurrency). Not exactly a case of conflict of interest, but worth keeping in mind.
And now, the long-awaited conclusion. Almost.
As it stands right now, I am personally leary to embrace the technology as it exists today. Aside from the libertarian-leaning selling points of it spawning skepticism in my mind (as opposed to curiosity), I just don’t trust cryptocurrencies at the moment. I am far too risk-averse than to hedge my bets in an emerging market that is not only barely a decade old, but also a rife target for law enforcement due to its inherently lawless nature.
Can any government takedown Bitcoin, or any other digital currency? At the moment, no.
It reminds me of the grief that P2P programs like Limewire and Kazza brought to content heavyweights like the RIAA and the MPAA in the early to mid-2000s. Unlike the easily accessible public trackers of the BitTorrent protocol that would eventually replace these earlier platforms (such as Gnutella), decentralized filesharing made it much harder to take stock of all participants on the network. Such was the scope of the network that not all users would necessarily see all other users.
Though all of these protocols still exist to this day (it’s true!), they were eventually rendered obsolete by way of government actions eventually taking down all of the most publicly available access points to these networks (P2P programs). Not to mention the availability of legal options (particularly streaming, now).Though you can still peak into these networks, it’s not nearly as easy as it once was (nor will the pickings be as plentiful).
BitTorrent will eventually suffer the same fate. As governments both knock out the aggregation sites and issue warnings to copyright law-breaking offenders (by way of tracking their IP address VIA trackers). It won’t go away, but it will go out of favour. And then we will repeat the process again with the next technology (stream-ripping?).
The way that cryptocurrency is currently deployed is effectively a black hole for law enforcement. Many know this, and take full advantage of this anonymity for this very reason. Which is why it is going to be a prime target for future enforcement.
If I were to hypothesize how this may come about, I would guess that new and officially sanctioned cryptocurrencies will be developed (just as there are several different currencies in use worldwide). As these begin to pick up steam, the writing will be on the wall for people invested in the outlaw currencies, and they will go where the money is.
Like the Gnutella and FastTrack filesharing networks that preceded it, the accessibility of unregulated currencies will eventually become far too complicated for most to bother with. And as legitimate users depart, coin exchanges will have less and less cover for any illicit activities happening within their servers. Like the owners of torrent aggregation sites or the developers of P2P network access platforms (who technically don’t control how users utilize the service), they will too eventually no doubt bow to the legal pressure.
Cryptocurrency (and blockchain technology itself) is fascinating. And I have no doubt that it has a place in the financial landscape going forward. However, I would be VERY surprised if the cryptocurrency landscape as it stands today remains as it is for more than maybe 15 years. As much as libertarians love freedom, governments don’t like black holes.
In the time since this piece was first drafted, Mark Zuckerberg has jumped into the crypto marketplace with the release of Libra. At first, I thought that this may be Zuckerberg (and Facebook’s) reaction to reading the tea leaves (just as I just did). However, it is looking more like Evil corp’s E-coin as showcased on Mr. Robot. Nothing like beginning and ending on the same note.
Though it is being marketed as a way of getting the unbanked online, it’s hard to take a private entity at its word. Particularly if there are fears that the currency could end up becoming powerful enough to compete with legitimate currency.
That is a whole lot of consolidated power.
Crypto is not going away. It’s current form isn’t going to stay the same. The question now becomes, will the new form be any better than the current one?