Most bitcoin service providers currently use one single company for all their CDN and DNS services: CloudFlare Inc. Based in California, CloudFlare has access to all HTTPS traffic from multiple bitcoin services. Worse, CloudFlare also receives unencrypted traffic from these sites. This can provide internet black hats with the chance to attack all these bitcoin sites from one location.
What’s the problem?
The use of one centralized network security company is simply irresistible to hackers and even government agencies looking to snoop around. If CloudFlare was hacked, bitcoin users would risk losing their hard-earned funds, losing access to their accounts or having their private information stolen/leaked. On a larger scale, use of bitcoins would diminish as users lose trust in the online currency.
Bitcoin services at risk:
At the moment, the majority of bitcoin sites use CloudFlare. This includes bitcoin sites like:
A number of things can be done to salvage the situation:
- One, bitcoin sites should seek to use diverse providers for their network security. This will spread the risk and reduce the fraud incentive.
- Two, developers should create better tools for end-consumers to manage their accounts in a safer way.
Already, browsers like Tor are providing bitcoin users with safer ways of accessing their accounts without exposing their IPs. Coinkite is a bitcoin service using CloudFlare that offers a more advanced onion service.
Image from Techcrunch.