Bitcoin is known as the very first decentralized digital currency, they’re basically coins that can send through the Internet. 2009 was the year where bitcoin was born. The creator’s name is unknown, however the alias Satoshi Nakamoto was given to this person. Bitcoin accounts cannot be frozen, prerequisites to open them don’t exist, same for limits on bitcoin mutual fund .
Advantages of Bitcoin
Bitcoin transactions are made directly from person to person trough the internet. There’s no need of a bank or clearinghouse to act as the middle man. Thanks to that, the transaction fees are way too much lower, they can be used in all the countries around the world. Every day more merchants are starting to accept them. You can buy anything you want with them. How Bitcoin works. You should explore bitcoin mining. It’s possible to exchange dollars, euros or other currencies to bitcoin. You can buy and sell as it were any other country currency. In order to keep your bitcoins, you have to store them in something called wallets. These wallet are located in your pc, mobile device or in third party websites. Sending bitcoins is very simple. It’s as simple as sending an email. Invest in bitcoin to get great returns.
You can purchase practically anything with bitcoins.Bitcoin Anonymity.When doing a bitcoin transaction, there’s no need to provide the real name of the person. Each one of the bitcoin transactions are recorded is what is known as a public log. This log contains only wallet IDs and not people’s names. so basically each transaction is private. People can buy and sell things without being tracked.
Bitcoin innovation. Bitcoin established a whole new way of innovation. The bitcoin software is all open source, this means anyone can review it. A nowadays fact is that bitcoin is transforming world’s finances similar to how web changed everything about publishing. The concept is brilliant. When everyone has access to the whole bitcoin global market, new ideas appear. Transaction fees reductions is a fact of bitcoin. Accepting bitcoins cost anything, also they’re very easy to setup. Charge backs don’t exist. The bitcoin community will generate additional businesses of all kinds.
What Makes bitcoin mutual fund So Interesting?A diagram of a bitcoin transfer
The bitcoin network is a peer-to-peer payment network that operates on a cryptographic protocol. Users send and receive bitcoins, the units of currency, by broadcasting digitally signed messages to the network using bitcoin cryptocurrency wallet software. Transactions are recorded into a distributed, replicated public database known as the blockchain, with consensus achieved by a proof-of-work system called "mining". The protocol was designed in 2008 and released in 2009 as open source software by Satoshi Nakamoto, the name or pseudonym of the original developer/developer group.
The network requires minimal structure to share transactions. An ad hoc decentralized network of volunteers is sufficient. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will. Upon reconnection, a node downloads and verifies new blocks from other nodes to complete its local copy of the blockchain.The best chain consists of the longest series of transaction records from the genesis block to the current block or record. Orphaned records exist outside of the best chain.
A bitcoin is defined by a sequence of digitally signed transactions that began with the bitcoin's creation, as a block reward. The owner of a bitcoin transfers it by digitally signing it over to the next owner using a bitcoin transaction, much like endorsing a traditional bank check. A payee can examine each previous transaction to verify the chain of ownership. Unlike traditional check endorsements, bitcoin transactions are irreversible, which eliminates risk of chargeback fraud.
Although it is possible to handle bitcoins individually, it would be unwieldy to require a separate transaction for every bitcoin in a transaction. Transactions are therefore allowed to contain multiple inputs and outputs, allowing bitcoins to be split and combined. Common transactions will have either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and one or two outputs: one for the payment, and one returning the change, if any, to the sender. Any difference between the total input and output amounts of a transaction goes to miners as a transaction fee.GPU-based mining rig, 2012 Lancelot FPGA-based mining board, 2013
To form a distributed timestamp server as a peer-to-peer network, bitcoin uses a proof-of-work system. The work in this system is what is often referred to as bitcoin mining. The signature is discovered rather than provided by knowledge. This process is energy intensive. Electricity can consume more than 90% of operating costs for miners. A data center in China, planned mostly for bitcoin mining, is expected to require up to 135 MW of power.
The rule of requiring a proof-of-work to provide the signature for the blockchain was Satoshi Nakamoto's key innovation. The mining process involves identifying a block that when hashed twice with SHA-256, yields a number smaller than the given difficulty target. While the average work required increases in inverse proportion to the difficulty target, a hash can always be verified by executing a single round of double SHA-256.
For the bitcoin timestamp network, a valid "proof-of-work" is found by incrementing a nonce until a value is found that gives the block's hash the required number of leading zero bits. Once the hashing has produced a valid result, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing the work for each subsequent block.
Majority consensus in bitcoin is represented by the longest chain, which required the greatest amount of effort to produce. If a majority of computing power is controlled by honest nodes, the honest chain will grow fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of that block and all blocks after it and then surpass the work of the honest nodes. The probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.Mining difficulty has increased significantly
To compensate for increasing hardware speed and varying interest in running nodes over time, the difficulty of finding a valid hash is adjusted roughly every two weeks. If blocks are generated too quickly, the difficulty increases and more hashes are required to make a block and to generate new bitcoins.
Bitcoin mining is a competitive endeavor. An "arms race" has been observed through the various hashing technologies that have been used to mine bitcoins: basic CPUs, high-end GPUs common in many gaming computers, FPGAs and ASICs all have been used, each reducing the profitability of the less-specialized technology. Bitcoin-specific ASICs are now available. As bitcoins become more difficult to mine, computer hardware manufacturing companies have seen an increase in sales of high-end products.
Computing power is often bundled together or "pooled" to reduce variance in miner income. Individual mining rigs often have to wait for long periods to confirm a block of transactions and receive payment. In a pool, all participating miners get paid every time a participating server solves a block. This payment depends on the amount of work an individual miner contributed to help find that block.
Bitcoin data centers prefer to keep a low profile, are dispersed around the world and tend to cluster around the availability of cheap electricity.A mining farm in Iceland
In 2013, Mark Gimein estimated electricity use to be about 40.9 megawatts (982 megawatt-hours a day). In 2014, Hass McCook estimated 80.7 megawatts (80,666 kW). As of 2015, The Economist estimated that even if all miners used modern facilities, the combined electricity consumption would be 166.7 megawatts (1.46 terawatt-hours per year).
Journalist Matt O'Brien opined that it is not obvious whether bitcoin is lowering transaction costs, since the costs are transformed into pollution costs, which he characterizes as "environmental spillovers on everyone else, or what economists call negative externalities."
To lower the costs, bitcoin miners have set up in places like Iceland where geothermal energy is cheap and cooling Arctic air is free. Chinese bitcoin miners are known to use hydroelectric power in Tibet to reduce electricity costs.Avalon ASIC-based mining machine ASICMINER ASIC-based USB mining device
A rough overview of the process to mine bitcoins is:
- New transactions are broadcast to all nodes.
- Each miner node collects new transactions into a block.
- Each miner node works on finding a proof-of-work code for its block.
- When a node finds a proof-of-work, it broadcasts the block to all nodes.
- Receiving nodes validate the transactions it holds and accept only if all are valid.
- Nodes express their acceptance by moving to work on the next block, incorporating the hash of the accepted block.
By convention, the first transaction in a block is a special transaction that produces new bitcoins owned by the creator of the block. This is the incentive for nodes to support the network. It provides the way to move new bitcoins into circulation. The reward for mining halves every 210,000 blocks. It started at 50 bitcoin, dropped to 25 in late 2012 and to 12.5 bitcoin in 2016. This halving process is programmed to continue for 64 times before new coin creation ceases.
Various potential attacks on the bitcoin network and its use as a payment system, real or theoretical, have been considered. The bitcoin protocol includes several features that protect it against some of those attacks, such as unauthorized spending, double spending, forging bitcoins, and tampering with the blockchain. Other attacks, such as theft of private keys, require due care by users.
Unauthorized spending is mitigated by bitcoin's implementation of public-private key cryptography. For example; when Alice sends a bitcoin to Bob, Bob becomes the new owner of the bitcoin. Eve observing the transaction might want to spend the bitcoin Bob just received, but she cannot sign the transaction without the knowledge of Bob's private key.
A specific problem that an internet payment system must solve is double-spending, whereby a user pays the same coin to two or more different recipients. An example of such a problem would be if Eve sent a bitcoin to Alice and later sent the same bitcoin to Bob. The bitcoin network guards against double-spending by recording all bitcoin transfers in a ledger (the blockchain) that is visible to all users, and ensuring for all transferred bitcoins that they haven't been previously spent.:4
If Eve offers to pay Alice a bitcoin in exchange for goods and signs a corresponding transaction, it is still possible that she also creates a different transaction at the same time sending the same bitcoin to Bob. By the rules, the network accepts only one of the transactions. This is called a race attack, since there is a race which transaction will be accepted first. Alice can reduce the risk of race attack stipulating that she will not deliver the goods until Eve's payment to Alice appears in the blockchain.
A variant race attack (which has been called a Finney attack by reference to Hal Finney) requires the participation of a miner. Instead of sending both payment requests (to pay Bob and Alice with the same coins) to the network, Eve issues only Alice's payment request to the network, while the accomplice tries to mine a block that includes the payment to Bob instead of Alice. There is a positive probability that the rogue miner will succeed before the network, in which case the payment to Alice will be rejected. As with the plain race attack, Alice can reduce the risk of a Finney attack by waiting for the payment to be included in the blockchain.
Each block that is added to the blockchain, starting with the block containing a given transaction, is called a confirmation of that transaction. Ideally, merchants and services that receive payment in bitcoin should wait for at least one confirmation to be distributed over the network, before assuming that the payment was done. The more confirmations that the merchant waits for, the more difficult it is for an attacker to successfully reverse the transaction in a blockchain—unless the attacker controls more than half the total network power, in which case it is called a 51% attack.
Deanonymisation is a strategy in data mining in which anonymous data is cross-referenced with other sources of data to re-identify the anonymous data source. Along with transaction graph analysis, which may reveal connections between bitcoin addresses (pseudonyms), there is a possible attack which links a user's pseudonym to its IP address. If the peer is using Tor, the attack includes a method to separate the peer from the Tor network, forcing them to use their real IP address for any further transactions. The attack makes use of bitcoin mechanisms of relaying peer addresses and anti-DoS protection. The cost of the attack on the full bitcoin network is under €1500 per month.Main article: Online transaction processing
Each miner can choose which transactions are included in or exempted from a block. A greater number of transactions in a block does not equate to greater computational power required to solve that block.
Upon receiving a new transaction a node must validate it: in particular, verify that none of the transaction's inputs have been previously spent. To carry out that check the node needs to access the blockchain. Any user who does not trust his network neighbors, should keep a full local copy of the blockchain, so that any input can be verified.
As noted in Nakamoto's whitepaper, it is possible to verify bitcoin payments without running a full network node (simplified payment verification, SPV). A user only needs a copy of the block headers of the longest chain, which are available by querying network nodes until it is apparent that the longest chain has been obtained. Then, get the Merkle branch linking the transaction to its block. Linking the transaction to a place in the chain demonstrates that a network node has accepted it, and blocks added after it further establish the confirmation.
While it is possible to store any digital file in the blockchain, the larger the transaction size, the larger any associated fees become. Various items have been embedded, including URLs to child pornography, an ASCII art image of Ben Bernanke, material from the Wikileaks cables, prayers from bitcoin miners, and the original bitcoin whitepaper.
The use of bitcoin by criminals has attracted the attention of financial regulators, legislative bodies, law enforcement, and the media. The FBI prepared an intelligence assessment, the SEC has issued a pointed warning about investment schemes using virtual currencies, and the U.S. Senate held a hearing on virtual currencies in November 2013.
Several news outlets have asserted that the popularity of bitcoins hinges on the ability to use them to purchase illegal goods. In 2014, researchers at the University of Kentucky found "robust evidence that computer programming enthusiasts and illegal activity drive interest in bitcoin, and find limited or no support for political and investment motives."Main article: Darknet market
A CMU researcher estimated that in 2012, 4.5% to 9% of all transactions on all exchanges in the world were for drug trades on a single dark web drugs market, Silk Road. Child pornography, murder-for-hire services, and weapons are also allegedly available on black market sites that sell in bitcoin. Due to the anonymous nature and the lack of central control on these markets, it is hard to know whether the services are real or just trying to take the bitcoins.
Several deep web black markets have been shut by authorities. In October 2013 Silk Road was shut down by U.S. law enforcement leading to a short-term decrease in the value of bitcoin. In 2015, the founder of the site was sentenced to life in prison. Alternative sites were soon available, and in early 2014 the Australian Broadcasting Corporation reported that the closure of Silk Road had little impact on the number of Australians selling drugs online, which had actually increased. In early 2014, Dutch authorities closed Utopia, an online illegal goods market, and seized 900 bitcoins. In late 2014, a joint police operation saw European and American authorities seize bitcoins and close 400 deep web sites including the illicit goods market Silk Road 2.0. Law enforcement activity has resulted in several convictions. In December 2014, Charlie Shrem was sentenced to two years in prison for indirectly helping to send $1 million to the Silk Road drugs site, and in February 2015, its founder, Ross Ulbricht, was convicted on drugs charges and faces a life sentence.
Some black market sites may seek to steal bitcoins from customers. The bitcoin community branded one site, Sheep Marketplace, as a scam when it prevented withdrawals and shut down after an alleged bitcoins theft. In a separate case, escrow accounts with bitcoins belonging to patrons of a different black market were hacked in early 2014.
According to the Internet Watch Foundation, a UK-based charity, bitcoin is used to purchase child pornography, and almost 200 such websites accept it as payment. Bitcoin isn't the sole way to purchase child pornography online, as Troels Oertling, head of the cybercrime unit at Europol, states, "Ukash and Paysafecard... have [also] been used to pay for such material." However, the Internet Watch Foundation lists around 30 sites that exclusively accept bitcoins. Some of these sites have shut down, such as a deep web crowdfunding website that aimed to fund the creation of new child porn.[better source needed] Furthermore, hyperlinks to child porn websites have been added to the blockchain as arbitrary data can be included when a transaction is made.
Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys. A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address. This method is effective because bitcoin transactions are irreversible.:57
One virus, spread through the Pony botnet, was reported in February 2014 to have stolen up to $220,000 in cryptocurrencies including bitcoins from 85 wallets. Security company Trustwave, which tracked the malware, reports that its latest version was able to steal 30 types of digital currency.
A type of Mac malware active in August 2013, Bitvanity posed as a vanity wallet address generator and stole addresses and private keys from other bitcoin client software. A different trojan for macOS, called CoinThief was reported in February 2014 to be responsible for multiple bitcoin thefts. The software was hidden in versions of some cryptocurrency apps on Download.com and MacUpdate.
Some ransomware demand payment in bitcoin. One program called CryptoLocker, typically spread through legitimate-looking email attachments, encrypts the hard drive of an infected computer, then displays a countdown timer and demands a ransom, usually two bitcoins, to decrypt it. Massachusetts police said they paid a 2 bitcoin ransom in November 2013, worth more than $1,300 at the time, to decrypt one of their hard drives. Linkup, a combination ransomware and bitcoin mining program that surfaced in February 2014, disables internet access and demands credit card information to restore it, while secretly mining bitcoins. Bitcoin is currently being used as the ransom medium of choice in the WannaCry ransomware hack hitting many buildings in Asia and Europe.
In June 2011, Symantec warned about the possibility that botnets could mine covertly for bitcoins. Malware used the parallel processing capabilities of GPUs built into many modern video cards. Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.
In mid-August 2011, bitcoin mining botnets were detected, and less than three months later, bitcoin mining trojans had infected Mac OS X.
In April 2013, electronic sports organization E-Sports Entertainment was accused of hijacking 14,000 computers to mine bitcoins; the company later settled the case with the State of New Jersey.
German police arrested two people in December 2013 who customized existing botnet software to perform bitcoin mining, which police said had been used to mine at least $950,000 worth of bitcoins.
For four days in December 2013 and January 2014, Yahoo! Europe hosted an ad containing bitcoin mining malware that infected an estimated two million computers. The software, called Sefnit, was first detected in mid-2013 and has been bundled with many software packages. Microsoft has been removing the malware through its Microsoft Security Essentials and other security software.
Several reports of employees or students using university or research computers to mine bitcoins have been published.
Bitcoins may not be ideal for money laundering, because all transactions are public. Authorities, including the European Banking Authority the FBI, and the Financial Action Task Force of the G7 have expressed concerns that bitcoin may be used for money laundering. In early 2014, an operator of a U.S. bitcoin exchange, Charlie Shrem, was arrested for money laundering. Subsequently, he was sentenced to two years in prison for "aiding and abetting an unlicensed money transmitting business". A report by UK's Treasury and Home Office named "UK national risk assessment of money laundering and terrorist financing" (2015 October) found that, of the twelve methods examined in the report, bitcoin carries the lowest risk of being used for money laundering, with the most common money laundering method being the banks.
In a Ponzi scheme that utilized bitcoins, The Bitcoin Savings and Trust promised investors up to 7 percent weekly interest, and raised at least 700,000 bitcoins from 2011 to 2012. In July 2013 the U.S. Securities and Exchange Commission charged the company and its founder in 2013 "with defrauding investors in a Ponzi scheme involving bitcoin". In September 2014 the judge fined Bitcoin Savings & Trust and its owner $40 million for operating a bitcoin Ponzi scheme.
There have been many cases of bitcoin theft. One way this is accomplished involves a third party accessing the private key to a victim's bitcoin address, or of an online wallet. If the private key is stolen, all the bitcoins from the compromised address can be transferred. In that case, the network does not have any provisions to identify the thief, block further transactions of those stolen bitcoins, or return them to the legitimate owner.
Theft also occurs at sites where bitcoins are used to purchase illicit goods. In late November 2013, an estimated $100 million in bitcoins were allegedly stolen from the online illicit goods marketplace Sheep Marketplace, which immediately closed. Users tracked the coins as they were processed and converted to cash, but no funds were recovered and no culprits identified. A different black market, Silk Road 2, stated that during a February 2014 hack, bitcoins valued at $2.7 million were taken from escrow accounts.
Sites where users exchange bitcoins for cash or store them in "wallets" are also targets for theft. Inputs.io, an Australian wallet service, was hacked twice in October 2013 and lost more than $1 million in bitcoins. In late February 2014 Mt. Gox, one of the largest virtual currency exchanges, filed for bankruptcy in Tokyo amid reports that bitcoins worth $350 million had been stolen. Flexcoin, a bitcoin storage specialist based in Alberta, Canada, shut down on March 2014 after saying it discovered a theft of about $650,000 in bitcoins. Poloniex, a digital currency exchange, reported on March 2014 that it lost bitcoins valued at around $50,000. In January 2015 UK-based bitstamp, the third busiest bitcoin exchange globally, was hacked and $5 million in bitcoins were stolen. February 2015 saw a Chinese exchange named BTER lose bitcoins worth nearly $2 million to hackers.
A major bitcoin exchange, Bitfinex, was hacked and nearly 120,000 bitcoins (around $60m) was stolen in 2016. Bitfinex was forced to suspend its trading. The theft is the second largest bitcoin heist ever, dwarfed only by Mt. Gox theft in 2014. According to Forbes, "All of Bitfinex's customers,... will stand to lose money. The company has announced a haircut of 36.067% across the board."
Thefts have raised safety concerns. Charles Hayter, founder of digital currency comparison website CryptoCompare said, "It’s a reminder of the fragility of the infrastructure in such a nascent industry." According to the hearing of U.S. House of Representatives Committee on Small Business in April 2, 2014, "these vendors lack regulatory oversight, minimum capital standards and don't provide consumer protection against loss or theft."
Bitcoin - Big Businesses That Accept Bitcoin
It begins with a text message from Verizon
Oh boy. Within seconds, I call the number and get this.“Hello, welcome to Verizon. Our offices are now closed. Our hours are between 8 and 11pm on the weekdays...”
I call again and repeatedly tap zero to try and get an operator. No dice. A minute later I get a duplicate text message.
I screenshot and tweet to Verizon Support.
Incredibly anxious minutes go by as I attempt to reach Verizon. I google “Verizon fraud prevention line” searching for a number to call and get nothing.NO PHONE NUMBER ANYWHERE TO BE FOUND
11:41 PM — Gmail signs out.
I’m completely in the dark.
11:42 PM—Coinbase password resets
My session cookie doesn’t kick me out yet so I watch this in real time.
11:34 PM—Coinbase New Device Confirmation
11:44 PM—1.18 BTC sent
11:45 PM—70.96 LTC sent
11:46 PM—16.03 ETH sent
Adios hopes and dreams fund 💸 —$8,000+ is gone in 15 minutes.The hacker deleted these emails but google recovered them
How on earth was I so blindsided?
Before we begin, its worth mentioning that yes, yesssssssssssssssssssss, I did not have enough protection around my Gmail account. I’ve used Google Authenticator before, for my personal account and for various work emails, but I stopped using it at a certain point out of convenience. I deeply regret doing so and you can certainly say, “HA, YOU HAD THIS COMING TO YOU DUDE, MY BITCOIN IS ON AN ENCRYPTED THUMBDRIVE IN A SECRET UNDERGROUND LOCKBOX COLD STORAGE FACILITY.” But there are many coin spectators out there with a similar vulnerability and, as more novices join, this vulnerability will only become more of a problem.
Of all the things that went down in the factors that lead to this hack, Verizon Wireless is what I was massively unprepared for. After talking at length with customer service reps, I learned that the hacker did not need to give them my pin number or my social security number and was able to get approval to takeover my cell phone number with simple billing information. This blew my mind and seemed negligent beyond all possible reason but it’s what they do. The main thing that struck me by the hack was the extraction speed possible in the current cryptocurrency ecosystem. $8,000 in 15 minutes is faster and more lucrative than robbing a suburban bank.
Why I was targeted
The best working theory for why I was targeted was this tweet I made last week about Coinbase.com. A friend of a friend was hacked on Coinbase and he had not heard back from anyone on Coinbases’s support team for multiple days. As a plea for help, he asked people to help get the word out on Twitter. I did, it got RTed a bunch, and to my incredible naiveté, I had no idea I was essentially attaching a “Rob me too” sign to my back.
And now, here I am. I tried to help someone get the attention of Coinbase for fraud, I got screwed, and now I’m trying to get the attention of Coinbase.com for fraud. The official Coinbase Support twitter has responded once, then a bot emailed, with a disclosure that it could be weeks before I get a single response to my question.
I have never lost money at anywhere near this scale before. I grew up in a family that is especially conservative when it comes to money and this hits on an emotional level that is hard to shake. Like many, I know that there are plenty of risks when it comes to cryptocurrency, it’s a gamble, but the one thing you don’t expect to happen is to be robbed in seconds on a site with a cleaner user interface design than Chase Bank.
I have no idea if I’ll be able to recover any of this money but I figure the one thing I can do with this feeling of rage/sadness is try and unpack the vulnerabilities so others get less screwed.
Things Verizon Wireless can do
- Add additional layers of scrutiny to any person calling in and requesting to ‘swap phones’. General billing information was sufficient to transfer my number and I was floored by this. It is insane that Verizon, and other wireless companies, haven’t made real efforts to counter this hack and even more crazy that they haven’t been sued for gross negligence.
- Make urgent text alerts actionable through SMS. If I received the original alert and was able to text a reply stopping it, or even delaying it, this entire hack would have stopped in its tracks. Instead I was told to ‘immediately’ call a number for Verizon that no one was there to answer.
- Make the Verizon Fraud Hotline accessible and visible to your customers. It took 45minutes of irate Twitter DMing before I was able to get the number I needed to contact a real person at Verizon. For anyone searching for this in the future, the number is 1-(888) 483–7200.
- Tell your customer what happened with their account. I spent a few hours with Verizon support being bounced from the Fraud Department to the Legal Department to the Consumer Support department. I got very little from anyone, they would not release details of the call unless I hired a lawyer to represent me.
Things Coinbase.com can do
Dear God Coinbase. Where do we even begin.
- Make enabling Google Authenticator a *requirement* for storing any coins on Coinbase.com. SMS 2FA is broken but deceptively secure, especially to new comers.
- Make a 24–7 fraud hotline available to your customers. Twitter and email are broken mechanisms for response when speed is of the essence.
- Significantly limit the number of new users you accept on your exchange until you have the support resources to cover them. You gained 400,000 users in 30 days, FOUR HUNDRED THOUSAND, and many of these users are extremely new to security.
- Put basic fraud protections in place when someone logs into an account on a new device then attempts to liquidate an account. A one hour delay could have stopped this hack in its tracks.
- Make the default modes for transferring coin significantly more paternalistic for new users.
- Create an insurance policy for personal accounts. Yes, this policy would be extremely vulnerable to fraud but this is your core competency, find a way.
Things you can do to secure your coins
In the wake of the attack, I reached out to friends with lots of experience in cryptocurrency and these are their tips.
- Don’t talk about Bitcoin Club. Don’t talk publicly online, with your real identity, about your trades or the exchanges. I know it’s too late for some (certainly for me!), and it shouldn’t be like this, but this makes you less of a target. Even if your coins are properly secured.
- If you are going to post on reddit, twitter, etc about cryptocurrency, use a far removed pseudonym.
- Use a separate, secret email for your coin accounts and do not forward the alerts to your personal email account.
- Use 2FA — SMS doesn’t count. I had no idea how easy Verizon and others make it for people to swipe your phone with basic information within minutes. Make sure you use GAuth or Authy or something else supporting TOTP tokens; consider a FIDO U2F device as well for your gmail account.
- If you insist on leaving your money on coinbase.com, then store it in their “vault”. This will give you a buffer of a couple days before any of your stuff can be touched, at least it won’t be gone immediately.
- Call your cellphone company and tell them you are likely to be targeted for social engineering. Request more scrutiny for making requests.
- Store your coins on a physical wallet. Technically, any money you have in an exchange isn’t yours — you simply have an IOU from the counter party. Best practice for keeping your coins safe is with a hardware wallet like the Ledger Nano S. This is only $60 or so and means that someone will need to physically enter a pin and confirm a transaction or steal your backup seed to access your funds.
I’m not giving up on crypto
I joined Coinbase.com in 2015, have had various positions of BTC over the years and have seen hype come and go. I think we’re nearing a real inflection point with adoption but we’re in a dangerous place as the cost of BTC/ETH skyrockets and noobs hit the market.
Four-hundred-thousand people have joined Coinbase.com in the last thirty days. This group has vastly different security needs and expectations than the original 400,000 who joined Coinbase in 2012. If this new group isn’t protected in aggregate, lawsuits will fly, financial lives will be ruined, and the dream that bitcoin will eventually hit $50,000 will become a dim fantasy. Check out the Coinbase reddit if you want an additional taste of what’s happening.
Despite this, I’m willing to bet that Coinbase, or someone else, will significantly evolve and eventually figure it out. Many of the problems that lead to my hack on Coinbase are addressable with more paternalistic software, fraud detection and an adept support team reachable 24–7. The beauty of the blockchain is that you can create a consumer offering on top of it that operates much more like a bank and it can exist next to an exchange suited for someone buying and selling huge, risky amounts each day.
It’s hard to understand how brutal it is to start over with this level of rapid financial loss unless you’ve been there yourself. The BTC I had in my Coinbase was collected over years and the ETH and LTC position were more recent. I blame myself for not doing enough security research and I also know that these openings are incredibly common for others. Unless huge changes happen, so many others are likely to get robbed and the reputation of cryptocurrencies, in general, will degrade. The only thing that’s really around to protect these newcomers is the cryptocurrency community itself. Please let my ample misery be a raw warning sign. Inform your friends. Don’t trust Coinbase defaults. Don’t think it won’t happen to you. Stop reading this and secure your coins right now.
Legal. Many have encouraged me to find a lawyer to work through some options in action against Verizon and Coinbase. If you know of a lawer or firm who might be good, please shoot me a DM (my DMs are open). I don’t have many resources to pursue this so any general advice would be helpful.
Class action lawsuit against Verizon and/or CoinBase.com. Apparently there is already a lawsuit in motion (am learning more about it). If you have also been affected by a similar situation at CoinBase, message me, so we can share stories.
Donations. Wow. Some very generous people in the bitcoin community have asked about donating to a tip jar or helping fund a lawsuit. This is awesome of you and massively appreciated.
LTC: LbZnJ8QWc581bm6iu6STpbKVq9RDv1Yqbd (currently at ~$250 USD)
BTC: 188itMZTQx1PcbuCdpjBkdBLUKjJRcdPoj (currently at ~$280 USD)
Hugggge thanks to @BTCXBTDEV.