Cryptocurrencies are a new asset class that has been all the rage, drawing enthusiasts and sceptics alike. Traded on black markets and mainstream exchanges, their scope is wide. They became a speculative tool that has given some overnight riches, and driven others into massive debt. Some governments have attempted to draw up legislation to regulate it, while others have cracked down on its proponents. It’s the Wild West of the investment world. Here is a breakdown about what cryptocurrency is, and the risks to watch out for.
First, the Basics: Breaking Down What Cryptocurrency Is
You’ve probably heard of Bitcoin by now. It was the first cryptocurrency, and its success has spawned over 5,000 other variations, each with their target purposes, metrics and demerits. More keep popping up every other day.
Cryptocurrency by nature is a digital payment system. However, unlike the conventional modes that you’re used to that involve banks, this system relies on cryptography and peer-to-peer transactions that allow anyone on the planet to send and receive payments. It got its name because of the encryption that is used to verify transactions. The payments made are digital entries on an online database called a blockchain, that keeps a record of all transactions to have ever been made for that particular cryptocurrency. This blockchain is basically a public ledger. The nature of these operations gives the cryptocurrencies specific characteristics, including:
The accounts and transactions on the blockchain are not tied to real-world identities. However, the level of anonymity varies. For instance, transacting with Bitcoin is like an author writing under a pseudonym—and if anyone ever links the pseudonym to the author’s identity, then every transaction can then be linked to the person involved. On the other hand, with cryptocurrencies like Monero, transactions are far much more difficult to trace due to the use of ring signatures and stealth addresses which are primarily used to give the users privacy, even concealing the transaction amount.
Being digital assets, they are easy to move around. The cryptocurrency is stored in a digital wallet, from desktop and mobile apps, to hardware and paper wallets. They are the equivalent of your bank account, allowing you to receive, track and send the coins. The wallets contain the private keys, which are secret codes allowing you to spend the coins. Technically, the coins themselves don’t need to be stored, but instead it’s the private keys giving you access to the cryptocurrency. So basically, the wallet is an app that manages the private keys.
The crypto assets of the same type can be interchanged with each other, with equal value between them. i.e. 1 Bitcoin = 1 Bitcoin, in the same way as 1 dollar = 1 dollar. This enables the cryptocurrencies to be used as a medium of exchange.
Cryptography is powerful, all thanks to the magic of big numbers. The blockchain that a cryptocurrency runs on uses volunteers around the world, working together to encrypt the transactions. The users are assigned private keys, which allows the owner access to the cryptocurrency. The key is a long 256-bit string of random numbers and letters jumbled together. This is paired with a public address where the user can receive crypto payments from others. The public key is 256 bits as well, and the wallet address is 160 bits long. We’ll delve more into this later.
You know how you can issue a chargeback on your credit card and have the funds restored to your bank account? That can’t happen with cryptocurrencies. Once you make your transaction, there is no turning back. You cannot go and demand for your money to be restored, and no government or regulatory can force a transaction to be reversed.
Cryptocurrency Risks: Key Issues To Watch Out For
Loss of confidence
This presents a critical business risk. The worth of a particular cryptocurrency is determined by the value placed on it by market participants through the transactions made— a “willing buyer/willing seller” scenario. Unlike ordinary (fiat) currencies, they are not backed by any central bank. They are also not pegged to an underlying asset like gold or commodity, and neither do they come bearing seals of approval from national and international organisations. Loss of confidence—perhaps due to reports of fraud or systemic risks discovered in the particular blockchain may result in a collapse of the cryptocurrency’s trading activities, and a consequent drop in value.
An event that swept through the crypto industry was the crash of the BitConnect Coin (BCC), which dove by a staggering 97%, from its highs of $322 to lows of $6.09 in less than a day after the company behind it closed its lending and exchange company. The firm, which operated like the typical run-of-the-mill Ponzi scheme, had received cease and desist letters from the Texas State Securities Board and the North Carolina Secretary of State Securities Division, which led to it shutting down operations. These actions led to individuals taking monumental hits and families losing their life savings. The exit scam saw an estimated loss of around $250 million.
The cryptocurrency sphere is fraught with fraud. Criminal activity targeting individual users and entire exchanges are an everyday phenomenon. Hackers gaining access into crypto exchanges and draining user wallets, cases of personal computers being infected with malware to steal an individual’s cryptocurrency- reports are all around. Spoofing and phishing attacks are prevalent, bringing about the need to exercise more care when it comes to personal computer security systems.
Take the events that happened to one Eric Savics for instance. On June 12th, the Protocol Podcast host tweeted about how he lost his entire Bitcoin savings that had been accumulated over the course of 7 years. This was after he downloaded an imposter KeepKey app from the Google Chrome store and entered the seed phrase wallet. At the time of the loss, he had 12 bitcoin, worth over $110,000.
Cryptocurrency trading typically involves unregulated companies, many of which may have not implemented proper internal controls to protect the users—making them more susceptible to cyber-attacks compared to the regulated financial institutions. In 2019 alone, a record 12 exchanges were hacked, and $292,665,886 worth of cryptocurrency stolen, in addition to over 500,000 user logins. Even Binance, the world’s largest exchange by volume, fell victim to this, losing over 7,000 bitcoins after the hackers took advantage of a vulnerability in its hot wallet to obtain user API keys, 2FA codes and other bits the customers’ KYC data, which included photo IDs of 10,000 Binance users. The exchange shut its deposit and withdrawal services over a week as it beefed up its security protocols.
While the irreversible nature of cryptocurrency transactions is a strength, during cases of fraud it presents a huge operational risk. There won’t be an oversight body that you can call or email to reverse the transaction. Recover of stolen cryptocurrencies is difficult. When the private keys to a wallet are fraudulently obtained and the funds transferred, then the whole amount is considered to be forever lost to the owner.
Due to the large number of high-value crypto heists being witnessed, wealthy cryptocurrency investors are going to great lengths to secure their stash, including using cold storage devices that are housed in vaults and bunkers. Yes, not every cryptocurrency investor will be in a position to afford this level of security, but there are still steps they can take at a personal level to secure their private keys and ward off cyber threats.
Plain forgetfulness and human error
Having your cryptocurrency and lacking access to it because of blunders like spilling coffee on your hard disk and damaging it can be frustrating. Sometimes the risk is simple password amnesia. Forgetting where you stored your private key, or the pin unlocking that file you had jotted it down on—they can all result in the total loss of your cryptocurrency hoard. Well, there are some fortunate cases, such as 50 Cent who made some album sales back in 2014 that were paid in bitcoin—which he forgot, only to remember it much later. It turns out that he had received over 700 bitcoins for it, discovering the bounty years later, just in time to cash in millions of dollars.
$5 Wrench Attack
One of the reasons why crypto investors insist on privacy and using pseudonyms is the possibility of physical attacks. An armed robber with a $5 dollar wrench can access your bitcoin stash in minutes—he just has to beat the private key out of you. The louder you proclaim that you have bitcoin, the larger the target you make yourself, especially with the rising prices of the cryptocurrencies. In addition to maintaining strong privacy, separating the keys geographically with a multi-signature setup is beneficial. Give each key its own security controls in order to further limit the physical access. This is beneficial as it disincentives attackers, since it will take longer to get to the keys and increases their chances of getting caught in the act. It is also riskier for the attacker to kidnap you and ferry you around to different locations without attracting attention. Moreover, with keys stored in different locations, it will be impossible to simultaneously gain access. Having to first coerce you to reveal the locations creates a roadblock in their plans.
Ransomware and extortion
There is an increase in “big game hunting“. Basically, attackers are upping the ante from low-volume campaigns to high-return attacks. Here, instead of spending lots of time on millions of individuals on the internet, they focus their attention to a handful of businesses and organisations. These cyber-threats force companies to fork out millions in ransom due to their operations being disrupted, in order to save themselves from serious losses. Reports of a cyber-attack incident on a firm can be detrimental to the image that customers have about the business, and attract penalties due to breach-of-privacy and data loss. The attackers then use Bitcoin and other cryptocurrencies as the mode of payment of choice, given their anonymity and irreversibly.
Misplacing your private key
Lose your private key and you might as well come to terms with the fact that you’ve lost the funds forever. This is due to the sheer impossibility of cracking a private key. It’s such a long shot that it’s basically like counting to infinity— you never really get there. Why is this?
Let’s get back to the power of big numbers. As mentioned, a private key is a 256-bit number. So, the right key is anywhere between 1 and 2^256, which is 115 quattuorvigintillion (a 78-digit number). If we’re being specific about it:
2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
That’s a really big number: 1.158 x 10^77. For perspective: There is estimated to be 7.5 x 10^18 grains of sand on Earth. In the whole observable universe, there are an estimated 10 x 10^23 stars and 10^78 to 10^82 atoms.
Attempting to crack the key would be a wild goose chase, taking more time than is possible to wrap one’s mind around. Let’s draw from a user Coin-1, who crunched numbers on the possibility of cracking one address at a rate of 9 million bitcoin-addresses per second (approximately 223 BTC-addresses per second). Brute-forcing it would take 2160-23 = 2137 seconds—which is over septillion (1024) years, yet the universe itself is only 13.8 billion years old.
As such, it is paramount that you secure your private key. Once it’s lost, it’s irretrievable. Take the story of one James Howells for instance. The Wales IT technician accidentally disposed of his hard drive, which had the private keys to his 7,500 bitcoins. Without a backup of his private keys, he can’t access the cryptocurrency. So today, somewhere out there at a random landfill site, lies a hard disk with over $67 million worth of bitcoin, and he can’t retrieve it. His story is similar to many around the world, with an estimated 20% of all bitcoin having been lost.
This boils down to the supply/demand cycles of the cryptocurrencies, given their limited nature and manipulation by interested parties. This makes the markets volatile, which is exacerbated by speculative demand—there today, gone tomorrow, and hoarding that affects liquidity. It is common for cryptocurrencies to rise and drop by hundreds and thousands of dollars in a span of hours.
Regulatory and compliance risks
For individual businesses getting into the murky waters of the cryptocurrency world, there will be additional costs when it comes to regulatory risk compliance. There is a keen focus on adherence to anti-money laundering and privacy laws at a business and global level, with numerous checks and balances. Failing to comply with local and state laws will cause the business owners to find themselves getting into the cross-hairs of jurisdictional law enforcement agencies, who will be coming with their own agenda.
Cryptocurrency is here to stay. As technology advances and more investments are made in the field, public convenience and acceptance of the asset class with grow. Many of the risks will still be prevalent, hence the need for users to be particularly keen on the security measures they put in place, and the legal requirements that they will need to adhere to as they continue to engage in the handling of the digital assets.