Encrypted doesn’t mean hack proof, even for cryptocurrency

What if cryptocurrency… wasn’t?

Sounds like a terribly clever Black Mirror episode, I realize, but it’s a serious question that’s come up more and more in conversations about cryptocurrency: is it really safe? Security has always been the core offer of bitcoin, Ethereum and their digital kindred. It’s right there in the name. Cryptocurrency equals currency, encrypted. It’s supposed to be so good it can be bad, as in, the security is so tight bad people can do bad things and nobody knows about it.

But despite the rep for felon-worthy security, the plain fact is that blockchain isn’t invincible. When it comes to secure exchange of funds, blockchain-based cryptocurrency is still probably your best bet, but as with all things “best” does not equal “perfect.” Blockchain’s advantages over conventional cash are clear: there’s no hard currency to steal or lose, no middleman to get up to nefarious doings, and the records are cozy behind the apex of information security. That’s great, but it’s not everything.

How to keep the crypt part of cryptocurrency

That being the case, in my self-appointed role as AG Crypto Guy (Pulitzers, call me) here follow several ways nefarious folks can eff with your fat digital stacks, and what you can do about them.

1. Malware

It’s a classic. Early on, cryptocurrency was spared the plague of Russian threats and Nigerian princes for the same reason as Linux: not enough there to steal. After Mt. Gox and other frankly spectacular bits of fraud (the word “trillion” occurs in the Mt. Gox story, and it’s not hyperbole) that is, to say the least, no longer the case. Bad folks are writing programs based on the same tricks they’d use to swipe normal cash – Trojans that skulk in the guts of your programs, scooping up secure data, phishing attempts to get you to hand that data over voluntarily – aimed at your digital dollars.

Solution: Operational security. Sounds fancy when I put it like that, but for our purposes “operational security” just means “stuff that you do” as distinct from “stuff your computer does.” If you keep a substantial portion of your value in cryptocurrency, protect it as tightly as you would anything else worth having. Have strong, single-use passwords for each service you use your coins of choice with. Keep offline backups of your cryptographic credentials. Use a good VPN. Think of it as the equivalent of keeping your bank password out of your Smart Lock list, and not putting your PIN on a Post-It.

2. Botnet

The scourge of the new digital order. Seriously, who figured the robot apocalypse would come, not in the form of a deceptively soft-voiced computer overlord, but a houseful of mechanical morons? Well, except XKCD. And us. Anyway. The aforementioned bad folks are by no means especially bright, so they tend to be in favor of having other things do their thinking for them. As we put more and more computers into things, generally with less and less security, those people can make those computerized things do the thinking, and the hacking, for them. Hundreds, thousands or hundreds of thousands of dumb little computer brains can thus be put to work, crashing sites with overwhelming numbers of requests or brute forcing security information by inputting every possible option at the speed of Internet.

Solution: Get offline. Not entirely, obviously. That would rather defeat the purpose of digital currency. But the Mt. Gox folks got shafted because they kept their bitcoins in an online wallet, and through mismanagement, fraud or a combination thereof, they found themselves suddenly bereft of same. To avoid their fate, go with what cryptocurrency types call “cold storage”: keep your stash offline. No amount of digital malfeasance can reach data that isn’t connected to anything. When buying or selling on an exchange, restrict what you transfer to what you’ll use for that particular transaction, and use a wallet where you and only you have the public and private key. It’s only a little less convenient, and it’s safe as houses.

3. Scams

If the information revolution of the last four decades could be reduced to a single transcendent lesson, it is as follows: no digital solution, however elegant, fixes stupid. With something as new and deliberately opaque as cryptocurrency, it’s horribly easy to be stupid, and even easier for folks versed in the art of the steal to exploit same.

Solution: Learn. At least until we get a proper robot apocalypse going, this is something we h. sapiens can do that, as yet, our machine overlords can’t. Do the reading. Research different currencies and different exchanges before you lay out funds. Talk to people about their experiences before you invest. Nothing replaces legwork, digital or otherwise.

4. Hacking

Proper hacking this time, none of this faffing about with turncoat toasters or email con games. No code is perfect. Some bad folks, alas, are exceptionally bright, and will from time to time find holes they can exploit.

Solution: Zen. Or “s$%t happens,” depending on your cultural framework. Cryptocurrency isn’t perfectly secure. Perfect security isn’t a thing. It’s just more secure than normal currency, especially if you have a philosophical problem with banks, nations or both. People have been scamming people through the medium of exchange since the medium of exchange was barter. Cash is safer than barter. Cryptocurrency is safer than cash. That doesn’t mean it’s perfect, just that it’s as good as it gets. Execute on the solutions above, and with any luck your Robot Future Money should stay where it belongs.

#KeepItCrypt