If cryptocurrency claims to be the most secure currency, why does cryptocurrency theft continue to occur?
At SXSW this afternoon, Rob Pope, co-founder of the mobile app development company Dogtown Media, spoke at the Hilton Austin hotel to discuss why cryptocurrency theft occurs. He also shared a live demonstration on the process behind stealing cryptocurrency.
Pope said he became interested in focusing on the security aspect of cryptocurrency when his family members called him in 2010 asking if they should invest in cryptocurrency.
“The only way I know how to learn things is to make them myself,” Pope said.
He began to explain how cryptocurrency got started in 2009 when 17,000 lines of code were released anonymously by a man under the pseudonym Satoshi Nakamoto. In 2010, the first bitcoin purchase happened while buying a pizza.
He said cryptocurrency can be transferred from one digital wallet to another, and the transaction is irreversible. People can send cryptocurrencies to different addresses, which represent the destination for a coin payment and are independent of the whole network. Most importantly, he said these addresses are linked to private keys, which are essential to security.
“This is the thing that you hold that secures your transaction,” Pope said.
Once you make a transaction and it’s registered into the system, or blockchain, it remains there forever. In addition to these keys, there are people called miners who use machines to crunch through the numbers looking for the keys.
“They’re trying to solve a puzzle and with that puzzle, they get rewards,” Pope said.
Pope then began to introduce different ways people have stolen cryptocurrencies in the past, including the Mt. Gox hack, Bitfloor, Poloniex, Bitstamps, Bitcoinica, Bitfinex, Coinbase, Coincheck and Ethereum Classic’s 51 percent attack.
In the Mt. Gox hack, 744,408 bitcoins were stolen over a period of time through transaction malleability.
“It was probably the most famous cryptohack they’ve found,” Pope said. “(It was) certainly financially the biggest.”
In a transaction, information on the source and destination are brought together in a signature that becomes the transaction identification, which is how the software tracks where the transaction will go. With transaction malleability, the user can slightly edit the transaction identification without changing the content of the transaction itself.
Essentially, Pope said users would latch onto another user’s transaction, barely modify the transaction identification, and once the transaction was registered into the blockchain, the content belonged to them.
“You get your transaction mined before they get their transaction mined,” Pope said.
Another way people stole cryptocurrency was using the 51 percent attack in which users would pay for something and then overwrite it.
“You can pay someone and pick up that Ferrari just before they realize that exchange wasn’t real,” Pope said.
After showing a quick hacking demo on cryptocurrency, Pope introduced steps to take to ensure security, including improving the blockchain, protecting keys and wallets, improve the organizational processes and ensure the application security.
Overall, Pope emphasized that in order to prevent these cryptocrimes from happening, people must be aware of the techniques and fundamentals behind it.
“To understand how they were hacked, you really have to understand the basics of how they work,” Pope said. “These things are happening, and it’s just something you should be aware of.”