Bitcoin Security

Couldn't a hacker simply modify the software?

One cannot simply modify the software to get around network rules... it just doesn't work that way. The actual rules and financial history is controlled by a decentralized P2P network, that's the only reason bitcoin is trusted. Even the people who created the software can't change the rules themselves because each and every person participating in the network decides the rules. You can think of it sort of like a system where the "majority rules", where the majority has the most hashing power.

The Bitcoin Protocol Rules enforce the security guarantees. The Bitcoin client (the software) is just a graphical interface that lets you interact with the Bitcoin P2P network. You can't simply hack the software and make invalid transactions, all transactions must be verified by the Bitcoin P2P network, all legitimate clients will reject illegitimate requests.

The basic rules or protocols of the network are hardly ever tweaked, but when they are a "hard fork" will typically occur, which means that the blockchain may split into two chains; those using the protocol before the tweak was made and those using the new protocol. Eventually the chain with the most hashing power will emerge victorious and the other will die out. Since "miners" have all the hashing power they also have the most power over what happens in the bitcoin network.

All transactions are governed by the people who participate in the network, which is mostly miners who contribute vast amounts of computing power to "solve blocks" and be rewarded with new bitcoins. It's important to understand that mining and securing transactions are part of the same process because the miners include transactions into the blocks they solve, and they're able to collect the transaction fees attached to those transactions by doing so.

This is also why it's important to have a high degree of decentralization, if certain mining pools get too much power they have a lot of control over the network and what changes are accepted by the network. This why we have decentralized pools such as p2pool; using this software instead of a centralized mining pool helps increase the security and health of the bitcoin network.

What about those bitcoin exchange hacks?

One must realize that bitcoin exchanges are 3rd party services. The security of such exchanges has no bearing on the security of the bitcoin network, the bitcoin network has never been compromised. There are some trustworthy and secure exchanges which have never lost any bitcoins to hackers. And the exchanges that are compromised continue to learn from their mistakes. A lot of people like to store their money on exchanges because they fear wallet stealing viruses, but it's probably a bad idea.

If you are questioning the cryptographic security of bitcoin just be aware that many banks and websites use the same technology as bitcoin and if the security of bitcoin was broken many banks and services on the internet would become completely vulnerable to attacks. Bitcoin isn't the only system which places a lot of trust in cryptography. But unlike bank systems which are hacked all the time, Bitcoin has never been hacked because it is open source and only gets stronger as it grows in size.

Could a hacker create fake bitcoins?

Actually it's not really possible to create "fraudulent" bitcoins. The blockchain holds the entire record of all transactions and due to the way new blocks are generated the identity of all coins in circulation can be verified by the blockchain. However, the attacker could attempt to alter the location of certain bitcoins by attacking the integrity of the blockchain, and it requires a lot of computing power to pull that sort of attack off.

So the obvious attack route would be to alter the actual blockchain because the network keeps track of what accounts hold what bitcoins by recording it in the blockchain. The majority of the network will decide what version of the transaction history is legitimate, meaning they will decide what version of the blockchain is the legitimate "main" blockchain. So just how much computing power is required to overcome the majority decision?

Well it should be noted that bitcoin is the most powerful computing network on the face of this planet (at the time of writing it was above 157 PetaFLOPS). In order to compromise the security of the transaction system and perhaps get "free" bitcoins, a "51% attack" would need to be carried out by an attacker so that they could edit the blockchain. However such an attack would require most of the supercomputers in the world, which is a clearly infeasible amount of computing power.

But what if the 51% attack did happen?

Although it is theoretically possible for an attacker to change the history of the blockchain in a 51% attack, what they can change during that attack is very limited. It would be completely impossible for the attacker to take anybody else's money. Two of the only things they could do is take back their own money that they very recently spent, and preventing other people's transactions from receiving confirmations. The older the targeted blocks are, the harder it becomes to change them.

Each block contains a hash from the last block, so it's like a chain of trust which gets more secure the further back you go. This is why it's important to wait for several confirmations, the deeper your transaction is in the blockchain the more certain you can be that the transaction was valid and wont become part of orphaned blocks. So in the event of a 51% attack it's really just the most recent transactions which are at risk of being altered.

A large mining pool could potentially gain the power required, but they would lose more than they would gain. Such an act would cause the value of bitcoin to drop and their stolen coins would be nearly worthless, thus all their efforts would be completely useless because they wouldn't get anything from it. They would also lose all their miners, a large source of their income. Furthermore, they must overcome all the technical hurdles which we have just discussed.

Such an attack would require a huge amount of resources and once the attack stopped the network would resume normal operation. Therefore such an attack would have very little benefit for the attacker and is unlikely to happen. Of course it would be naive to assume bitcoin is completely untouchable, but it is safer than any bank on Earth. Bank networks are hacked all the time, yet the bitcoin network has never been compromised.

Further reading:

Bitcoin Myths
Bitcoin Weaknesses
Double-spending Attacks

Page last updated on: 2014-03-15 17:08:24