Bitcoin VulnerabilityThis is the approved revision of this page, as well as being the most recent.
Bitcoin is potentially vulnerable to several types of attack
Wallets are poorly protected against theftEdit
Wallets are not encrypted by default. For this reason, they are easy targets for criminals. Although the latest versions of Bitcoin clients contain codes for protecting wallet data, the user must switch on this code manually.
A new wallet can be compromised with and old password via back-upsEdit
Old passwords as well as a copy of a wallet can be easily retrieved using a restoration programme (for example Apple Time Machine): the current wallet and password can retrieve an old wallet and code. This is why frequent password changes do not guarantee complete security.
Resolving the problem Creators of cryptocurrency should alter the system so that changing the wallet password automatically creates a new wallet with a new password, and the funds transferred automatically to a new wallet. At the same time as the creation of a copy of the wallet, the old wallet and password become unusable. Additionally, users who have only basic experience in the subtleties of wallet creation are not able to retrieve their cryptocurrency data and are going to lose Bitcoins.
Tracing the history of financial transactionsEdit
Tracing the history of financial transactions can be used to identify an address. It must not be forgotten that Bitcoin is not a completely anonymous payment method.
The hacker can try to flood the network with nodes under his control, and other users will only be able to connect to blocks created for the fraud stunt. How does this occur?
- The attacker blocks transactions of other users by disconnecting you from a shared network;
- The attacker connects you just to the blocks created by him in a private network. Transactions will still appear because of this. These transactions are also going to resend money (double spending);
- The attacker can see all your transactions with the help of a special programme.
Denial of Service (DoS) attacksEdit
Sending a large amount of ‘trash’ data to the node which checks transactions can make its work more complicated. Bitcoin contains integrated protection against such attacks as denial of service, but today, this type of attack is becoming more and more difficult to block.
For example, the Bitcoin Satoshi client 0.7.0 blocks all suspect nodes and transactions, prohibits doubling of transactions, controls the appearance of a DoS attack, catches criminals in the system, corrects errors, etc. The latest version of the 8th Bitcoin Satoshi client possesses the capability to capture transactions (more than 100 kilobytes) and return information to its layout in the memory and on disk.
Slowing down timeEdit
Hackers attack the network and slow down time within the network, which makes it difficult to transfer data and messages between users, update information on the network and allow participants of transactions to form and fix blocks and chains.
Despite the fact that transactions are signed for on Bitcoin, this signature does not cover all information hashed to produce a transaction hash. In fact, there exists the possibility of exchanging transaction parameters so that the hash will be changed while the signature remains the same. On this basis, attacks can be organized while external services are rechecking the funds. In a primary transaction, the identifier is replaced; the money has reached the recipient but it is then made known to technical support that the primary transaction never arrived. Consequently, technical support can resend the funds.
This function of the Bitcoin protocol is not considered vulnerable as it has been known since 2011 and potentially be eliminated by verifying primary transactions.
Illegal data in the block chainEdit
In certain countries the transfer of certain data is considered illegal. Such data can be entered in Bitcoin transactions. This in turn can cause problems with the law. Each node has rules which prohibit deliberate entry of nonstandard data but a small ‘fault’ interrupts the network here and there.
Security problems and bugsEdit
Bugs can cause instability in protection of the system. For example, information must be sent to the node within a very short period of time. If this does not happen due to a bug, the chain lacks the necessary information and incorrect data has begun to spread within the network, etc. All this risks causing the network to stop working for several hours. Modern versions of Bitcoin clients are created bearing in mind the need for them to respond to bugs and correct errors in a timely manner.
Break-up of hash functionEdit
The algorithms for calculating hash function, SHA-256 and ECDSA, are considered to be such that they are impossible to break with current computer power. Large-scale production of quantum computers in will increase the risk of breaking function data. In such a case, a Bitcoin hash function can be replaced with similar, more complex one.
Increase in user numbersEdit
The Bitcoin network will reach a point of an influx of users. But if each user starts using special programmes to conceal their IP addresses (which are available to all other users), the network will not work.
Possible problems of segmentation and loss of transactionsEdit
Difficulties can be encountered with the division of blocks and nodes as well as confusion with transactions leading to certain ones being lost. Bitcoin developers track the possibility of such problems appearing and create special codes which prevent such difficulties in the network.
Hijacking of the network by hackersEdit
If hackers capture half the power of the computer (the so-called >50% attack), they can make a dent in functionality: integrate blocks with ‘dirty’ transactions, initiate double spending, eliminate mining experts, block transactions, etc. However, hackers will never perform the following operations:
- Cancel a transaction;
- Stop a transaction being sent;
- Change the number of coins needed to create a block;
- Spontaneously create coins from nothing;
- Send coins which do not belong to them.
Spam transactions and ‘dummy’ transactionsEdit
Hackers can send users false transactions making the system’s work more complex. Sending ‘dummies’ is a possible way of creates intermittent errors in system function.
No problem whatsoeverEdit
Generation of surplus addressesEdit
The number of addresses does not influence network function. It can create traffic on the hard disk or take up central processor resources of a certain user’s computer.
Generation of blocks with diminished complexityEdit
Criminals can hypothetically create a chain of false blocks with diminished complexity. These nblocks will be valid for the network but their chain will not be able to connect with other chains in the network as the other nodes can verify that it is a bogus block (see proof of work). The network blocks these fraudulent blocks.