Bitcoin Security Loopholes: Analysis

Written by Chandler Harris

Bitcoin, the wildly exciting digital currency, has some key security loopholes. Read on to find out how to keep your Bitcoins safe.

aNewDomain.net — Bitcoin turns out not be as as safe as most people think it is. It is rife with security loopholes.

Bitcoin CoinA well-known benefit of Bitcoin is that online transactions made with the digital currency can hide the identity of its users. The identities are private, however the transactions are publicly recorded on the Bitcoin peer-to-peer network. This lets anyone capture an address stored in a transaction and track all payments made to the address.

“It’s easy for merchants to inadvertently expose the details of their supply chain, their finances, and their spending habits,” said Christian Dumontet, founder of Foodler. Dumontet’s business takes online restaurant orders, processing roughly $15,000 in Bitcoin food orders per month.

“It may not be easy to get Bitcoin privacy information, but it’s certainly possible,” Dumontet says. To avoid this breach in privacy, many merchants create unique Bitcoin addresses for every sale. But multiple addresses can be consolidated, which opens the door for people who track transactions and creates security vulnerabilities.

German and Swiss researchers conducted a Bitcoin security study and found that almost 40 percent of user identities can be traced, even when those users take the recommended privacy precautions.

Another group of researchers from the University of California at San Diego and George Mason University discovered more security issues. Transactions created by cashing out Bitcoins, filed in the public ledger, leave a data trail that leads right to the users.

The researchers found that the identity of these users can be unveiled using complex algorithms that associate and analyze large numbers of Bitcoin addresses with services.

“We haven’t uncovered the identity of the thief, but we’ve paved the way for law enforcement or an agency with subpoena power to do exactly that,” said Sarah Meiklejohn, a doctoral candidate in computer science at UC San Diego, who participated in the research. She refers to the “thief,” which is really the eventuality of thieves that could (and likely will) use this technology to steal Bitcoins from clueless companies.

The researchers connected more than 500,000 Bitcoin addresses to Mt. Gox, a Japanese-based exchange for Bitcoins, which requires identification from its users such as a scanned passport. They found numerous users whose transactions linked them from their Mt. Gox address to Silk Road, an online website used primarily for illicit goods. Law enforcement would have no problem obtaining the names of these users if they issued subpoenas for Mt. Gox.

“Bitcoin transaction privacy is really complicated,” said Gaven Andresen, chief scientist with the Bitcoin Foundation, in Wired. “If you want to be sure that your transactions are going to be private, then you probably need to hire a cryptography PhD to analyze your system.”

“It’s definitely a concern, and it’s definitely part of the reason I say that Bitcoin is an experiment,” he added.

All the research points to two key ways to maintain privacy for Bitcoin users. Generate new addresses for every transaction and steer clear of the exchanges and other techniques such as repeatedly forwarding funds.

Be safe out there, Bitcoiners.

For aNewDomain, I’m Chandler Harris.

Based in Silicon Valley, Chandler Harris is a senior editor at aNewDomain.net. He has written for numerous publications including Entrepreneur, San Jose Magazine, Government Technology, Public CIO, AllBusiness.com, U.S. Banker, Digital Communities Magazine, Converge Magazine, Surfer’s Journal, Adventure Sports Magazine, and the San Jose Business Journal.