The Troubling Economics of Digital Currency Security

Economics of Bitcoin Security

Since the first bitcoin exchanges and services appeared, we’ve talked about the importance of decentralized exchanges and applications. The rhetoric that spread was enthused by ever more validated fears of thefts, scams, hackers and the regulations that were choking the breath of innovation. White papers, blog posts, forums and tweets mapped out the coordinates of where this new frontier, an ideal place to build communities centered around a re-imagining of the social contract. Now, with services like ShapeShift, the launch of applications like Augur, and the recent funding of Open Bazaar by Andreessen Horowitz, we are beginning to see the hazy outline of this new territory peeking over the horizon.

But as we push more and more value into the nodes of the network and this new land approaches, we can begin to see the rocky shores, narrow cliffs, and perilous escarpments of this brave new world, brought about by the economics of these networks. It’s a problem faced by all decentralized applications, both cryptocurrencies and DAPPs.

There is an inverse correlation between the utility of a decentralized application and the integrity of its user’s computer.

Once a coin or DAPP gains substantial utility, many of the attributes that work in its favour begin to work against it. These attributes are its monetary value, the level of its adoption and its ability to anonymize or obscure transactions. There are inevitable and large-scale attacks to which we are fated. Hacker labs supported by either nation-states, local law enforcement or private interests will not be able to ignore the economic advantages of the attack vectors afforded by these applications. Law enforcement agencies and governments tasked with protecting aging social and economic structures by monitoring, charging and arraigning those who engage in suspicious activity will have to deter the anonymous protections provided by these applications as their growth proliferates.

The general public is becoming increasingly aware that their image of hackers is extremely myopic. The loosely coupled group of individuals, each sitting alone in a basement, communicating via IRC and deciding where their lulz will come from next are not the ones we should be concerned about. There are large, government funded, highly sophisticated organizations that coordinate large-scale attacks that can attack industrial control systems, turning nuclear power plants — and even space stations — offline.

If “Software is Eating the World,” it will need the enzymes to digest our governments, too. As governments evolvcloud-computing7-1940x1419e, they’re finding their futures will not be measured in guns and tanks any more than their presents are measured in swords and shields. Governments will need to become more and more like software startups, or software startups will begin to replace our government. The technological changes that are pushing digital emigrants towards these new cloud nations are also pushing them to change themselves. But here, the borders and peoples form an unwieldy abstraction. The laws on the old books are for a different age. The sword of justice that enforces them swipes ineffectually at ghosts and specters in this new environment, furtively hiding the exhaustion of those that wield it. The value of the goods here remain ineffable. The battle lines indistinct. It isn’t a case of bringing a knife to a gunfight; it’s that you may not even know you were in a battle until long after it’s over. A battle can be lost before you even knew you were in one.

If such organizations find themselves a target to extraordinarily sophisticated black hat actors, then the relative lack of these types of attacks on individual cryptocoin users come as a result of attacking individual users just not being worth it. The payoffs are too hard to predict, and few clear strategies are available. This limits the scope of theft to exchanges with a large amount of coins. But if the change in consumer sentiment to more decentralized exchanges or exchanges that don’t store users’ coins continues and early adopters inform later adopters to use decentralized services, the best attack vector then shifts to the long-tail of individual users. And if government agencies find themselves at a loss when dealing with this threat, and even organizations whose sole purpose it is to counter such black hat attacks aren’t immune. the average cryptocurrency user is less so by several orders of magnitude.

With every new wallet, miner and game installed, the target profile turns more opaque and defined. In the next few years, we should see creators of malware, spyware, and all other types of consumer viruses switching to focusing on these decentralized stores of liquid value. No longer would they be content with emails and profile data to send you advertisements.

 

The Goliaths

GoliathWith the increasing amount of value stored on the computers of the users of these products, we should see smarter and more sophisticated attacks taking place that are driven by greater economic incentives. The computer of the average consumer holds information, but the value and liquidity of breaching their computers has always remained intractable. Adware provides some economic incentive, but it’s too little to entice sophisticated attacks.

Banking passwords obtained through key loggers or phishing sites pose risks to the black hat. These risks are the accounting trail and audits that the traditional banking system uses to prevent such thefts. This raises the opportunity costs for any hacker. Even credit card theft is not without its complications. Credit card companies are well-established, and they have mechanisms in place to prevent and punish fraud, working hand in hand with governments that cooperate, leaving only those countries that don’t as safe havens and hack shelters.

But the value of data that can be gained from crypto enthusiasts is real, and extremely liquid. This affords all the value of a banking password with much less risk at turning that password into actual money. The more untraceable we make our coins and the more anonymous we make our exchanges, the more enticing the theft becomes.

 

The Davids

There are a lot of rules you can follow to prevent attacks, but it requires a lot of due diligence and can be burdensome. And if something becomes too hard to do, it becomes something that is rarely done. The rational course of action and risk/reward ratios between securing the coins you have and the rewards promised by some new decentralized application become muddy. The erosion of personal privacy over the last decade doesn’t show how little we value it, but that we as a society didn’t truly understand what was happening. People are becoming more and more aware, but until that time, they are exploitable.

Cryptocurrencies… the majority are traceable, and we’ve heard countless warnings to that effect. But try calling your local police department and telling them someone stole your Dash coins from your wallet. Once you’re done explaining to some beleaguered officer on the other end what exactly a Dash coin is, they’ll be as baffled and powerless to help you as if you told them someone stole your Spirit Stones in League of Legends. Their jurisdiction and powers can only touch the world of fiat. Our desire for all things decentralized, our libertarian ideas, and our brave new world carries with it more personal responsibility for the security of our property and that should not be taken lightly.

Altcoins and decentralized applications will require society to change the way we think about software.

With the negative perception amongst law enforcement and governments for the users of cryptocurrencies, and what I can only predict as being a lot of negative propaganda and fear over decentralized applications, the users of said software have the potential to run into similar problems faced by sex workers in countries where such occupations are deemed outside the bounds of law, where any and all manner of crimes against sex workers go unreported or unresolved as a result. This will have to change if we are to go forward.

The value of open source software will rise to the point where it becomes a necessity. The benefits of open source software have largely been touted for their security through consensus. Open source applications remain the most widely used applications for their security. Much more so in the world of cryptocurrencies, where any software that’s not open source is considered anathema. We should also see the growth of multi-sig and permission based authentication, where we must give our DAPPs permission for each type of action they can perform on the blockchain on our behalf.

There aren’t any easy solutions. This is a continual arms race. A slow process that requires a lot of education; an education that means assuming you’ve already been hacked. If the Eternal September brought with it an endless supply of new users still unaware of how to follow the etiquette of IRC, message boards and other early social networks, then cryptocurrency’s Eternal September will be even stranger, where committing a faux pas will cause you to lose more than just face.

More From Coins Source: