BITCOIN: dangerous disease or rejuvenating apple?

Today, it’s worth taking into account that the times, when bitcoin users could mine alone on their PC at home, even with a very good video card, have long passed. Required computer power are forcing people to join so-called mining pools that split new bitcoins proportionately among its members according to their personal power, or to buy special mining hardware, and more often – do both.

Mining hardware

Increased difficulties in mining have led to the development of many so-called forks – cryptocurrency, created on the basis of Blockchain, but with different variations. Litecoin is considered to be the most successful among them, but, on the whole, in terms of total market value and user confidence, bitcoin remains the absolute leader on the cryptocurrency market. The interest to forks is backed by a high volatility of cryptocurrency that allows in certain cases to get substantial profits without investing thousands of dollars in bitcoin infrastructure.

Bitcoin exchange rate has always been rather volatile: it should be noted that if a few years ago the price of a pizza was hundreds or thousands bitcoins (as of January 1, 2011 one bitcoin was 0,3 USD), with now one bitcoin being sold for more than 400 dollars on major exchanges (closing rate on March 21, 2016 was 411,42 USD). At its peak, the value of bitcoin exceeded one thousand dollars (December 4, 2013 the price of bitcoin hit a record of 1147,25 USD). At the very beginning, nobody took seriously bitcoin as money: many IT-specialists mined cryptocurrency more to study the issue, however, loosing at once their interest in it, the reason why many of them regretted afterwards - this was the case for a British man James Howells in 2013, who failed to find in a rubbish dump his notebook, which he had thrown away before his wallet on the HDD with 7,500 bitcoins, mined in 2009, reached up to 4 million GBP.

Bitcoin and other cryptocurrency users can be roughly divided into two groups - ordinary users, treating bitcoin as a payment instrument, and network members, who are maintaining and developing all the cryptocurrency system to the extent of their possibilities and motivations.

On the one hand, due to ultimate transparency of bitcoins and ease of its use, given the fact, that it was originally conceived as a completely digital currency, immediate threats to ordinary users are increasing. By its nature, bitcoin wallet is a single file which could locate on a PC, a phone, or a flash drive, and, as a plastic card, it can be opened via different devices, so a victim may not even suspect that its data is stolen. Moreover, to identify theft, a user must also be synchronized with the network, and in some situations it may take several hours or several days. Payment anonymity philosophy doesn’t absolutely comply with two-factor authentication for payments via mobile phones, which all plastic cards holders have long been accustomed to. Thus, to steal bitcoins, fraudsters don’t need, as for e-banking, to infect a user device with a specialized Trojan that could quietly intercept outbound SMS and send the verification code to the management server. It will be enough to steal a bitcoin wallet file, which may be at best encrypted. In addition, even if a user thought about security and set the password on its wallet, the system on a different computer or a flash drive may contain an old backup file, which an attacker could exploit.

As for cryptocurrency, it has nothing in common with cards, which, once stolen, are used by criminals to withdraw money (cybercriminals are obliged to share the income with others, who turn these cards into cash). The lack of linking to a specific bitcoin wallet does not allow a deceived user to demand justice in any way. No antifraud system, of course, can be applied as well to digital currency.

Bitcoin wallet

On the other hand, cryptocurrency has its advantages in the context of protection against online fraud. For example, a fraudster, who forced a user to pay for anything on its fishing site, will get as much bitcoins, as will be given inadvertently by a user. Unlike transactions with plastic cards, when the payment is carried out by one person, another individual can not get necessary information for further payments from someone else's wallet - basic operations are made in a distributed network, and the instruction for a transfer is given on a user's PC. This, certainly, means another danger for a user’s PC: cybercriminals are able to create Trojans designed to steal bitcoins from the accounts of the owners, and their number is increasing in proportion to the e-currency rate. Of course, people use less bitcoin than remote banking services through the Bank-Client systems using traditional currency, so these Trojans are now distributed less widely than a variety of banking Trojans, but nothing prevents virus writers from incorporating functions, aimed at bitcoins, into the infected programs when creating new versions.

However, there are special services for browser wallets offering users to store bitcoin online, thus protecting them from local threats. In fact, such services mean bitcoins transfer to a third party, which later will provide users with a possibility to manage resources via a browser interface. Of course, such a scheme supposes a certain convenience for a user (for example, eliminating the need to synchronize with the network), but the idea to hand over the complete control of money to an unknown person seems to be risky. As practice shows, many services are no more than a long-term fraudulent project, and at some point the owners will disappear in the network with all given to them bitcoins. Such a problem can not be fully attributed to cryptocurrency vulnerability. It is rather associated with the human factor: it’s naive to give control to someone on parole over anonymous digital currency, without having promises of profit in return (as with cash). The solution logical and easy - to administer independently your own bitcoins .

Obviously, nothing prevents any cryptocurrency exchange, to which users give traditional money, as well as bitcoins and numerous forks, to disappear the same way at some point, as happened many times. The collapse of the MtGox bitcoin exchange was the most notorious in 2014. However, to avoid this risk is practically impossible, as without exchange services, purchase and sale of digital and traditional currency, all the payment system will be reduced to transactions between people who know each other personally, and there will be no sense in cryptocurrency. In many cases, it is the laws of the market that help users, because for any stock exchange it is much more profitable to get interest from exchange trading than run away with users’ cash (apart from cases of blatant incompetence). It is not only the greed of owners that threatens exchanges - this is a business, like any other, and an ineffectively managed exchange can face a negative growth, be indebted and never get out of this hole. For months, users will be patiently waiting until problems related to money withdrawal will be resolved, while owners will be thinking what is easier and cheaper – to run away or to publicly repent. Of course, cybercriminals are following very attentively such exchanges, because only one successful hacking of a database can bring a hacker hundreds of millions dollars, while the exchange, as well as many other financial institutions, will deny hacking till the end, being afraid that it would be the last straw braking the camel’s back – so to say, not to loose its reputation and completely deprive of the chance to find the stolen money.

Mark Karpeles, the chief executive officer of bitcoin exchange Mt. Gox, center, is escorted
 as he leaves the Tokyo District Court this past Friday. Photo: Tomohiro Ohsumi/Bloomberg via
 Getty Images

One of the interesting variations of the bitcoin exchange is mining hardware exchanges. In our days, when bitcoins can be extracted only by means of expensive mining devices, hardware exchanges allow ordinary users to participate in maintaining and development of the network, without spending thousands of dollars on devices, interaction with customs and electricity. The cost of hardware lease differs on these markets according to supply and demand; therefore, you can earn money at the expense of a simple resale of the leased hardware. Of course, there are the same risks, as for cryptocurrency exchanges, multiplied by the fact that leased bitcoins are located on the exchange and not in the user's wallet during the transaction lifecycle, with the investment of an exchange owner in bitcoin hardware reducing a little for a user the risk of being deceived.

One of the major advantages of bitcoins was claimed to be payments without transaction fees. There’re no compulsory fees indeed, however, the possibility of paying for the speed of transaction processing in the network ( as well as subsequent distribution of the commission among the owners that help to carry out hardware transactions) does exist. Moreover, some Bitcoin clients, including those that are officially supported, involve the commission per transaction by default, and it can not be deactivated. The minimum fee is very low (less than 1%), but, given the fact that an inexperienced user is loosing his money along with the transaction, a few seconds instead of minutes do not justify it. Furthermore, there is always an opportunity to set up the commission manually and do it unsuccessfully  - it is a well-known case, when a user made a mistake in putting a coma in the wrong place, as a result, he gave 200 of 500 bitcoin to pay the fees, sending for free to an unknown individual 100,000 USD. However, at that day the owner of a node in the bitcoin network, who suddenly became wealthy, paid the money back to the fortuneless user, but it is, at least, naïve to look forward to human integrity and happy ending when such mistakes occur.

It is important to remember that, although Bitcoins are completely anonymous, all transactions, however, remaining completely public, unless you do not use a new payment address for each transaction, as well as you have a careless attitude towards the information, enabling to get you connected to the payment address. Therefore, you might be tracked theoretically. But this particular feature of the system can not account for vulnerability of cryptocurrency - it refers once again to the human factor. The protection against fast identification of a user in the network is very simple and does not require any special knowledges, even if it negatively affects the ease of currency use.

At the same time, there is another threat to cryptocurrency user anonymity. If an unknown fraudster obtained access to the whole user's Internet traffic, he will be able to detect outbound transactions that won’t comply with the inbound, so that will help him to determine the person who paid, but if necessary, the traffic can be carried out via Tor.

From the standpoint of blockchain, applied in bitcoin, it is only one scenario that might be dangerous. If fraudsters will take control of 50% of computing power in the network, then they will be able to influence current transactions - to cancel their own or to prevent getting confirmations of third-party transfers. This kind attack won’t allow a perpetrator to gain a more significant profit, as compared to the usual participation in the system, but it can seriously hinder the use of bitcoin for payments, while the attacker possessing more than 50% of computing power of the network. There was only one case in 2014 with Ghash.io, when a pool came close to getting 50% + 1 of power within the bitcoin network, and at that time the pool administration and ordinary users rapidly took the necessary measures for decentralization. As a result, the pool reached 42% of the total power capacity, today the situation, however, is more balanced.

Bitcoin mining pools

What does not exactly threaten bitcoins is a sudden inflation or deflation due to changes in the quantity of "coins". The complexity of mining is recalculated in case of changes in the amount of computing power, but a fixed number of new bitcoins remains unchanged, with the maximum being also clearly determined – that means we won’t see an infinite inflation by definition. The reduction of "coins" could reach critical level before users face any problems, as one Bitcoin can be split into 0,00000001 BTC (a so-called one Satoshi, in honor of the inventor of Bitcoin). There is no risk of generating address collisions – to be precise, it is very unlikely, as, given the world population on the planet, one person accounts for approximately 215^2x36 of possible options.

The real threat to users and (especially) to participants of the bitcoin network is a local legislation in their countries of residence.

Abroad bitcoin is considered as a payment instrument by many retailers.

In Russia, the future of Bitcoin is extremely uncertain. Thus, the Central Bank of Russia says that blockchain technology is very likely to find its place on the national financial market, and this might happen as early as 2017-2018. According to the Russian Finance Ministry, bitcoins represent a serious danger, especially if introduced in the real banking sector. The concerns of bitcoin opponents lie within the possibility it provides for terrorist financing and money laundering. At the moment, the legal status of bitcoin and responsibility for the production or use of the e-currency in this country are not determined, but there’s a high possibility that the constant rhetoric from high state officials on the prohibition of bitcoin in Russia will be turned into action.

In Europe, for example, bitcoins can be traded freely without any fear to be charged with taxes. At the end of 2015 the European Court of Justice (ECJ) ruled that bitcoin transactions relating to traditional currency are exempt from VAT. The ruling stipulates that bitcoin transactions should be considered in a similar way to transactions with currency, coins and banknotes, therefore, the former are exempt from taxation. The Court recommended all the EU member states to exclude cryptocurrencies from the scope of assets under taxation. While in the U.S., the government that has already introduced the law on cryptocurrency, determines its legal status quite clearly. Bitcoins are regarded as property there. While selling goods and providing services in exchange for bitcoins, a taxpayer makes a profit, calculated according to the rate of bitcoin to one dollar on the day of payment, income from bitcoin issuance are to be taxed. Volatility rate of bitcoin may incur additional tax liabilities for those who are paying with "coins" for goods and services - for example, obligatory corporate taxation.

The main risks for cryptocurrency producers are mainly linked with the human factor. Nobody can guarantee them that their mining pool will be available the next day, "caring away" into oblivion all the money, or the exchange, where they carried out currency exchange operations, won’t try to trick on them. There are also standard market threats, too obvious to cover this topic separately. Rate fluctuations, power consumption, settings and remote administration of computing hardware, as well as specialized software disruptions turn this hobby into a full-scale work, to be more precise, business, with digital currency living according to the ordinary market laws.

One shouldn’t be surprised that that there are people without any moral restrictions in this business that use malicious software to facilitate their work. Botnets, gathering a group of zombie computers, where each zombie mines bitcoins, are highly popular among cybercriminals. In some cases, the use of infected devices becomes more profitable than using botnets to carry out distributed denial-of-service attacks or to send spam email. Some professionally designed Trojans allow mining only during downtime of an infected compute, that’s why they remain undetectable for a long period; others just take as many resources as they could without hindering other processes on a computer to the extent that would arouse suspicions and, consequently, would make a Trojan disclose itself. For example, such was the case related to Trojan.BtcMine.737 virus, which was detected by Dr.Web last year. It could spread independently across the network, using for mining a third-party utility, detected  by Dr.Web Antivirus as a program belonging to the Tool.BtcMine family (its creator was selling it to cybercriminals for a commission of 2.5% from mined bitcoins).

But it’s worth mentioning that the lack of professionalism among cybercriminals is a very common phenomenon. One of the botnet operators gave an interview on terms of anonymity, disclosing that many of his "colleagues" have not yet graduated from high school, and do not know how to use bitcoin for financial transactions, and that they are very unwise (it, obviously, facilitates finding them), and do not pay attention to fine-tuning of their Trojans. As a result, for example, a video card, working at full capacity and used by an unprofessional creator or a user of Trojan, can simply burn out.

However, a "professional" botnet creator, who mines cryptocurrency, would switch at any time with pleasure to stealing something else from a victim's computer as soon as it would be more profitable. It is important to understand that cybercrime has long time ago become a real business, motivated only by profit. While bitcoins and its forks will have value and remain useful, they will be applied by criminals as well. This, however, does not mean that this instrument is flawed by its nature, as when you have an ax, you could do both – chopping wood or committing crimes that will inevitably bring punishment.

To find more news, subscribe to the BoW magazine: https://www.icpress.ru/en/catalog/currency/detail.php?ID=9262