Chapter 5
Hacks, Thieves, and Critics
In the decade since Bitcoin was created, at least $15 billion worth of cryptocurrency has been stolen. This number could be even larger, as some thefts go unreported. Since 2017 alone, crypto thieves have made off with nearly $2 billion. These attacks have become increasingly sophisticated and organized. They take advantage of popular misperceptions of what makes a blockchain secure and supposedly unhackable. Like every security system invented, blockchain has both strengths and weaknesses.
Mt. Gox Hack
Many security breaches occur not in the cryptocurrencies themselves but in the exchanges on which they are stored. Exchanges are like a combination of banks and marketplaces: they connect buyers and sellers and hold assets—in this case, cryptocurrencies—in accounts. These accounts differ from the private keys associated with blockchain because they are connected to individuals. As a result, cryptocurrency exchanges contain sensitive information about account holders and, most importantly, the holders’ cryptocurrency keys.
At its peak in 2013, Mt. Gox was the largest Bitcoin exchange in the world. The exchange had been built by Mark Karpelès, a French-born computer programmer who had settled in Tokyo. As the price of Bitcoin soared, Karpelès appeared to revel in his wealth. He donated 5,000 Bitcoins to the Bitcoin Foundation, an organization dedicated to developing Bitcoin software, and joined its board. Employees reported that he would suddenly approve $400 lunches for the staff or interrupt business to order flat screen TVs for the exchange’s Tokyo headquarters.
Mt. Gox’s apparent success proved to be a facade. In truth, Mt. Gox had been hacked in 2011, and thieves had gained access to private keys throughout the exchange. Over four years, they stole some 850,000 coins from online wallets. In February 2014, the exchange collapsed into bankruptcy. More than $400 million vanished. Investors around the world lost money, and investor confidence in cryptocurrencies suffered another severe blow.
Mark Karpelès, former CEO of Mt. Gox, was convicted by Japanese courts in March 2019 of falsifying Mt. Gox’s financial data.
If there was a moral to the Mt. Gox debacle, according to Wired reporter Robert McMillan, it was the need for cryptocurrencies to operate in the real world. “[Cryptocurrency is] a technology that was pushed forward by a community of people who were unprepared or unwilling to deal with even the basics of everyday business,” he wrote.
Other investors drew a different moral. Some swore to find the thieves and to bring them to justice. Daniel Kelman, an American lawyer who lived in Taiwan, lost 44.5 Bitcoins, which, at their peak, were worth about $400,000. He connected with Kim Nilsson, a Swedish software engineer who lived in Tokyo. Nilsson was enthusiastic about the potential and promise of cryptocurrencies. He started buying cryptocurrencies in 2012 and opened an account on the Mt. Gox exchange a year later.
Sitting in front of his computer in a cramped Tokyo apartment, Nilsson went to work. The thieves had withdrawn the coins from the exchange over several years. Nilsson was able to search through transactions and detect patterns. Though blockchain addresses are anonymous, Nilsson was fortunate in that parts of the Mt. Gox database, including private records of trades, withdrawals, deposits, and user balances, had been leaked onto the internet. Using this data, Nilsson tracked down nearly two million addresses related to the Mt. Gox exchange. Still, Nilsson had no information on who used the addresses or why.
Cryptocurrencies and Law Enforcement
The FBI’s Cyber Division, established in 2002, deals with various cyber crimes, including hacking and theft.
Nilsson then received help from an unexpected source: Karpelès himself. Karpelès wanted to refute charges that he was part of a conspiracy to loot the Mt. Gox exchange. He agreed to meet Nilsson and helped him complete the list of Mt. Gox addresses. With this information, Nilsson tracked some of the stolen Bitcoins as they moved from one wallet on the Mt. Gox exchange to another. One of these transactions had a note with three letters: “WME.” Who or what was WME?
Nilsson searched through the internet and found a WME who ran a currency-exchange business in Moscow, Russia. WME, it turned out, had posted public documents related to his claim that he had been cheated by a trading platform. WME clearly hoped his publicity would force the trading platform to come clean. But he made a mistake. One of his complaints included a letter from his lawyer and the emails he had exchanged with the platform. In one exchange, Nilsson spotted the name on an account held by WME: Alexander Vinnik. Nilsson had found the Mt. Gox thief.
Unknown to Nilsson, US investigators were already following Vinnik for using a digital currency exchange to launder money. In July 2017 Vinnik left Russia to vacation in Greece. Local police and US officials surrounded him on a beach and arrested him. He was charged with laundering more than $4 billion through his digital currency exchange, BTC-e, for individuals connected with a number of crimes, including drug trafficking, identity theft, tax refund fraud, and computer hacking. US investigators said Vinnik had also “obtained” funds from Mt. Gox, which he laundered. According to Greek police, Vinnik was “an internationally sought ‘mastermind’ of a crime organization.”
Nilsson was thrilled the thief had been caught. But he didn’t get his money back. Mt. Gox is still in bankruptcy proceedings.
Alexander Vinnik was arrested in Greece in 2017 for laundering money. In January 2020, Greek courts agreed to send him to France to stand trial. He will also face trial in the United States and then in his home country of Russia, as these are all places that have brought charges against him. Vinnik maintains that he is innocent.
The 51 Percent Rule
Mt. Gox is a stunning example of what can go wrong when an exchange is hacked. But what other vulnerabilities might cryptocurrencies have?
In early 2019 a hacker seized control of more than half the network supporting the cryptocurrency Ethereum Classic. The hacker then used this control to rewrite the history of transactions making up the blockchain. With this approach, the hacker transferred more than $1 million to himself. To pull off the heist, the thief exploited the structure of blockchain itself—more specifically, the 51 percent rule.
The 51 percent rule refers to the fact that blockchain transactions are verified by nodes. The nodes are decentralized, so they are theoretically independent from one another. However, if any individual or group were able to control more than half the computing power used to verify transactions, they could send a payment to themselves and then rewrite the blockchain history to send the same payment again.
This type of attack had not targeted common cryptocurrencies because it costs an enormous amount of money to achieve a majority of the mining power. However, hundreds of smaller cryptocurrencies may be far more vulnerable to a “51 percent attack.”
In mid-2018, a number of lightly held and traded cryptocurrencies experienced 51 percent attacks. Holders of coins including Verge, Monacoin, and Bitcoin Gold suffered an estimated total of $20 million in losses. That the attack on the more common Ethereum Classic was successful, however, was more disturbing.
The DAO
As cryptocurrency holders dealt with exchange issues and 51 percent attacks, another disturbing security flaw emerged—smart contract bugs.
In 2016 a venture capital fund that promised investors a secure, transparent way to collectively make investment decisions launched. This decentralized autonomous organization was called the DAO. It sold tokens that participants could use to direct projects on the Ethereum blockchain.
The DAO was the brainchild of Christoph Jentzsch, a German software developer. Jentzsch pondered how to fund a company. Most companies at the time were simply issuing digital currencies, but Jentzsch thought deeper. Why not create a platform with its own currency to fund a number of start-up projects?
Jentzsch planned to fund developments on the Ethereum blockchain by issuing tokens in exchange for Ether. Investors would then use the tokens to vote for the projects they believed had the most merit. If the app made a return, then it would be distributed back to the token holders. The structure was open and transparent. The owners could watch the money come in, see what was voted on, and how the tokens were allocated.
On April 30, 2016, the DAO was launched with a twenty-eight-day funding window. Jentzsch hoped to raise $5 million for the DAO, but through crowdfunding, investors sent in $150 million. The publicity generated interest in Ether, which drove up demand for the coin. The DAO fund soon reached $250 million, an astonishing amount in such a short time.
“Our hope was it would be the center of a decentralized sharing economy,” said Jentzsch later. “For such a big experiment, it was way too early.”
A hacker found a flaw in a single letter—a capital T should have been lowercase—in line 666 within the smart contract. Through this loophole, the hacker wrote a contract to interact with the DAO. It started siphoning off $4,000 worth of Ether every few minutes and sending it to an address: 0xF35e2cC8E6523d683eD44870f5B7cC785051a77D.
As investors watched helplessly, the DAO was drained of 12 million Ether, equivalent to more than $50 million. After six hours, the hacker stopped.
Jentzsch, frantic to save the remaining funds in the DAO, rallied the Robin Hood Group, a group of Ether experts and computer programmers from around the world to steal the remaining Ether before the hacker could and give it back to the original owners. But as they initiated contracts to save Ether, the original flaw remained, and the hacker continued to exploit it.
The hack showed that the strength of blockchain and smart contracts—that nothing could be altered—could also be a weakness. “Because transactions on a blockchain cannot be undone, deploying a smart contract is a bit like launching a rocket,” says Petar Tsankov, a research scientist at ETH Zürich and cofounder of a smart contract security start-up called ChainSecurity. “The software cannot make a mistake.”
Some argued that it was not the thieves but the DAO programmers’ carelessness that was to blame. The programmers had made a mistake and then they had to pay for it. The programmers, however, were determined to retrieve the money for DAO’s shareholders. They argued the heist could prove fatal to the whole idea of blockchain because it was still barely established. And so they proposed a hard fork. The hard fork makes changes that retroactively apply across the blockchain. In effect, the past can literally be rewritten. In block 1,920,000, the programmers wrote code that applied new smart contracts to the Ether coins. DAO investors would be able to get their money back.
Most of the Ethereum community (89 percent) agreed to the hard fork, but a small group (the remaining 11 percent) rejected the solution. They believed that blockchains couldn’t simply be rewritten to save individual users. In their view, this could create more problems than it solved, since anyone could come to expect a bailout when things went wrong. In the real world, real people lose real money all the time. It shouldn’t be any different for cryptocurrencies and blockchains.
Vitalik Buterin, who helped found Ethereum, waded into the debate in support of the hard fork. “Some Bitcoin users see the hard fork as in some ways violating their most fundamental values,” he said. “I personally think these fundamental values, pushed to such extremes, are silly.”
For cryptocurrency advocates, the hard fork showed that blockchains themselves didn’t represent the freedom their founders had claimed: a decentralized, foolproof system beyond any individual’s or government’s authority. “The fact that Ethereum could be rolled back means that all blockchains smaller than Bitcoin’s are essentially centralized databases under the control of their operators,” wrote Saifedean Ammous, author of The Bitcoin Standard.
The dispute led to two parallel blockchains: Ethereum and Ethereum Classic. In Ethereum the money was returned to the investors. In Ethereum Classic, the thief retained the stolen DAO tokens.
The DAO attack challenged the confidence of blockchain supporters. But some argued this was to be expected. It was normal even. Blockchain supporters pointed to the chaos in the financial system in 2008. Was that any worse? They noted the endless series of trading scandals in which individuals manipulated markets and brought financial firms to collapse. Concentrations of money and wealth always attracted thieves.
In these inevitable stumbles, therefore, they saw hope. Whenever new, innovative systems launch, mistakes happen. The launch of the internet was accompanied by endless criticism claiming it would never take off, that security or some other issue would be insurmountable. But these challenges attracted the resources and intelligence to solve them. Blockchain, in the eyes of its supporters, was the same.
The market rendered its own verdict. Ethereum traded around $10 in the nine months after the attack. Then it joined other cryptocurrencies in soaring to a peak of more than $1,250 in early 2018. Then cryptocurrencies crashed, and Ether dropped to about $100. As of May 2019, it traded at around $230. Ethereum Classic traded at about $7.
In December 2018, as news spread about the vulnerability of cryptocurrencies to hacks and theft, another disturbing event took place. Gerald Cotten, the cofounder and CEO of cryptocurrency exchange QuadrigaCX, reportedly died in India due to complications related to Crohn’s disease. Cotten was thirty years old. Cotten’s widow, Jennifer Robertson, shocked Quadriga’s 115,000 users by claiming the cryptocurrencies on the exchange—worth about $137 million—were inaccessible in offshore accounts. The accounts were only accessible through Cotten’s laptop and only Cotten knew the passwords.
On February 5, 2019, the company went bankrupt. An auditor gained access to the digital wallets supposedly holding the cryptocurrencies and found nothing. All digital cash had been pulled from the wallets in 2018. Some accounts were found to be fake.
As more than one hundred thousand Quadriga users wondered whether they would ever see their money again, dozens of conspiracy theories about Cotten crisscrossed the internet. One guessed he had faked his death and was in hiding. Another said he had died, but Quadriga had always been a giant Ponzi scheme.
In this graphic, a fraudulent cryptocurrency exchange (red) has received funds from new investors (blue) and uses that money to pay itself and its earlier investors (black). The earlier investors do not suspect that they have been tricked, but the new investors won’t see a return on their investment until even newer investors come along. This kind of fraud is called a Ponzi scheme.
For investors looking for reasons not to trust cryptocurrencies, the case offered plenty. Most disturbing, however, was a smaller detail in the firm’s history. In June 2017, according to the Wall Street Journal, the firm had upgraded its software and lost 67,000 Ether in a “wallet it couldn’t access.” The loss at the time was worth $14 million, and the exchange promised it would compensate affected customers. However, because of the appreciation of Ether in the meantime, the loss had ballooned to $90 million. If a glitch in a software update could make money disappear, then perhaps cryptocurrencies were less secure than their supporters claimed.
The Challenges of Blockchain
Blockchain had often been dismissed by people with little understanding of how it worked. But as the debacles mounted, more informed criticism appeared.
Cybersecurity expert Bruce Schneier noted that if blockchain supporters wanted it to compete with governments and banks, then many people had to trust technology over institutions. As the global financial crisis of 2008–2009 proved—and history provided many more examples—institutions fail. But technology, and the people who use it, can also fail. In fact, Schneier listed a number of ways that users could lose their blockchain-based cryptocurrencies.
“If your Bitcoin exchange gets hacked, you lose all of your money,” stated Schneier. “If your Bitcoin wallet gets hacked, you lose all of your money. If you forget your login credentials, you lose all of your money. If there’s a bug in the code of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security, you lose all of your money.”
In response, several companies formed to address the security threats to blockchains. One of the most common approaches was the most intuitive: subject smart contracts to rigorous audits before they’re launched. These audits should be able to find most coding errors and bugs that can lead to security breaches. Others developed smart contracts known as bug bounties. If an individual finds a bug and reports it, they receive a reward.
But these solutions, so far, seem complicated, expensive, time-consuming, and limited. Smart contracts are, after all, in their infancy. They are also up against a system that has developed over millions of years: human nature. As Bloomberg columnist Noah Smith summed it up, “All the techno-wizardry of blockchains can’t overcome the power of good old human dishonesty.”
Other critics, however, focused on blockchain technology itself being inherently flawed and therefore not useful—especially compared to the potential that cryptocurrency supporters claimed it had.
In a blog post, tech veteran Kai Stinchcombe noted that blockchain had attracted interest and supposed investment from large, creditable companies. But, he said, these “corporate boosters” had “gone long on press and short on actual rollout.” He pointed out that blockchain company Ripple—whose head at one time was worth more than Facebook’s founder, Mark Zuckerberg—did not use blockchain itself. “You read that right,” he wrote in the blog post. “The company Ripple decided the best way to move money across international borders was to not use Ripples.”
Stinchcombe’s criticism was fairly simple. Blockchain, it turned out, could not be successfully applied to real-world problems. In 2006, he noted, Walmart tried to track the movement of individual bananas and mangoes from trees on a farm to shelves in a store. The effort failed because of the difficulty in getting everyone on the supply chain to enter data. A decade later, Walmart tried again, this time using blockchain. To Stinchcombe, the very framing of the problem and solution was absurd. If mango pickers did not like to enter produce information into a data tracking system, the solution was not “let’s create a very long sequence of small files, each one containing a hash of the previous file.”
“People treat blockchain as a ‘futuristic integrity wand,’ ” wrote Stinchcombe. “Wave a blockchain at the problem, and suddenly your data will be valid. For almost anything people want to be valid, blockchain has been proposed as a solution.”
The reality, Stinchcombe concluded, was that no one had actually used blockchain as a solution. “There is no single person in existence who had a problem they wanted to solve, discovered that an available blockchain solution was the best way to solve it, and therefore became a blockchain enthusiast.”
Stinchcombe pointed out the elephant in the room: How was the average person to know if a smart contract—written in computer code—could be trusted? You must read through it. This could take a couple of hours. Stinchcombe gave the example of buying an e-book. Say you bought a book directly from a novelist, and the smart contract arrived on your computer. The contract should state how much money will be withdrawn from your account for the delivery of the book. Reading through the contract to make sure there aren’t any bugs or errors would take far more time and effort than the e-book is worth.
“Auditing software is hard!” wrote Stinchcombe. “The most-heavily scrutinized smart contract in history had a small bug that nobody noticed — that is, until someone did notice it, and used it to steal fifty million dollars. If cryptocurrency enthusiasts putting together a [$150 million] investment fund can’t properly audit the software, how confident are you in your e-book audit? Perhaps you would rather write your own counteroffer software contract, in case this e-book author has hidden a recursion bug in their version to drain your Ethereum wallet of all your life savings?”
The point, said Stinchcombe, is that blockchain was not trustless—it simply asks people to trust technology rather than other people. This makes some sense—after all, we trust technology to conduct vital tasks all the time. But in reality, we’re actually trusting a third party to verify that the technology can be trusted. Blockchain, therefore, puts the task of verifying trust back on to the individual. This requires extraordinary knowledge, resources, and time. And this, according to Stinchcombe, makes blockchain far less effective than its supporters claim.
Financial Times journalist Dan McCrum used Stinchcombe’s argument to make a startling conclusion: “Blockchain doesn’t even solve most problems of trust. The integrity of data on a public blockchain can be trusted not to change, but that says nothing about whether the data is right in the first place. For votes, tuna, shipping containers, or mango supply chains, a blockchain registry would only be as good or as trustworthy as the people contributing to it.”
Finally, there was another painful reality about blockchain. Even by mid-2019, few average internet users were actually using it. Blockchain enthusiasts envisioned Dapps functioning as apps on an iPhone. Because Dapps were outside the control of giant tech companies, they offered users a way to bypass gatekeepers and avoid the incessant tracking that occurs on the internet. Of the twenty-seven hundred Dapps with enough data for statistical measurement, however, only three attracted more than ten thousand daily users. In fact, thirty of the top fifty Dapps were dedicated to gambling.
The smartphone apps you might be used to rely on a centralized data center to deliver content to your phone through an internet service provider (ISP). A Dapp relies on a decentralized method, where users are connected to one another rather than to a single entity, to deliver content.
One problem with Dapps is that users have to get used to a whole new blockchain-based operating system. In comparison, downloading an app onto a smartphone is relatively simple and easy. Blockchain’s operating system remains in a relatively early phase. Programmers are building and troubleshooting the system. User experience is not yet a focus.
“Does it run? Yeah, it runs, like if I built a car,” said one computer science professor. “It’ll run, but it’s not something you’d want to put your kids in.”