Recent Blog Entries
Beware Chrome and HTTP/2 Debugging April 2 2023
It’s About Security, not Privacy Feb. 26 2016
Technology Marches On Feb. 18 2016
Bitcoin: Where is the Governance? March 3 2014
Bitcoin March 1 2014
Bitcoin has been in the news recently, particularly concerning the collapse of the largest and oldest Bitcoin exchange, Mt. Gox.
I’ve been playing with Bitcoin on and off since the paper describing it was published on the cryptography mailing list in 2008. It is a very interesting technology and perhaps a very important development.
The purpose of this post is to attempt to give an unbiased review of what Bitcoin is and what it can and cannot do. To advise (though I am not an attorney nor a financial advisor, you have been warned!) on how you should view it and whether or not you should put your money into it (or how much money you should put into it).
Bruce Schneier has been quoted as saying that coming up with digital data that cannot be copied is like coming up with water that isn’t wet! Yet what we want in a digital currency is a way for you to exchange it, without making duplicate copies of the digital “money” that you can then spend over and over!
Bitcoin is not the first digital currency. Others, in particular David Chaum, has been working on digital cash since 1981. What makes Bitcoin special is it is the first digital cash system that doesn’t require a central authority and has also has the potential to detect protocol failures within itself.
I won’t go into a lot of the technical details here, there is plenty of information on the web that can provide both an introduction as well as technical details. A good place to start is this Youtube Video.
But let me discuss two important features/details. All Bitcoin value is stored in what we call a Bitcoin Address. A bitcoin address is really a representation of a public key. It may contain value, or not. Each bitcoin address has a private key which is needed in order to spend it. If you don’t have the private key, you cannot spend any value that the address may have. You can create any number of addresses. A collection of addresses (which can be just 1) go together into a Bitcoin Wallet. Typically a wallet is a file on your computer. Having many addresses makes it hard for people to trace your activity. This is important because one of the things the Bitcoin system does is maintain a public ledger of all Bitcoin transactions, since the beginning of Bitcoin (January 2009).
Having an address does not mean you have any money. When you create an address it has no value. Someone else, using an address that does have value, signs that value over to your address when they give you money. They do this using their private key. Now the money is yours and you need to use your private key to send it on.
So you must protect the private keys associated with your Bitcoin addresses. If someone else learns your keys, they can transfer your money to themselves, effectively stealing it from you. If you loose your private keys, you have lost your money. Think of it as accidentally flushing it down the toilet. No one has stolen it from you, but it is just as gone!
One way of protecting your private keys is to keep them on paper, and then protect the paper. These are called “Paper Wallets” (even though they are really only one address). You can make them on-line (the keys stay in your browser) at http://bitaddress.org.
At its core, Bitcoin is just a protocol and software system run on thousands of computers worldwide. When it was first introduced as a running system in 2009, bitcoins had no value. They were just data items. Once the system was up and running, people “mined” 50 bitcoins every ten minutes (today that number is 25 bitcoins every ten minutes). But those coins had no intrinsic value. It wasn’t until someone said “I’ll sell you this commodity in exchange for X Bitcoins” that some value started to be given.
Once people were willing to exchange real cash for bitcoins, the need for a place for people to do this arose. Mt. Gox was the first website devoted to Bitcoin trading. Before you could trade Bitcoin, you needed to setup an account. Each account, like a bank account, had a ledger that stated how many dollars were in the account and how many Bitcoin (BTC). So you setup an account, you then wire transfer money to Mt Gox for your account and you are now ready to put out a “Buy Order” for Bitcoin. You state the price you are willing to pay. Similarly someone else is willing to sell BTC for dollars. The Exchange then matches buyers to sellers, and takes a commission.
In theory Mt Gox should maintain a bank account containing all of the money wired to them. Similarly they should have some set of Bitcoin addresses where they store the BTC that people transfer to them (so they can sell that BTC to someone). You balance is just an entry in a ledger at Mt. Gox. This is very much like how a real bank works. However banks don’t just store your money, they lend it out to other and invest it to make more money. They are required by law to keep some amount of cash on hand to ensure that when people want to withdraw money, that there is money available for the purpose. If they don't have sufficient cash on hand, and cannot generate it by selling investment, they are declared insolvent.
Banks are also regulated and usually insured. They also employ an army of accountants to keep the books “balanced,” making sure that the money is where they think it is.
No one outside of Mt. Gox knows all the details. But we do know some things. For one, somehow Mt. Gox lost most of their BTC. They claim it was lost due to a problem called “transaction malleability”, an obscure problem that only effected some exchange software (i.e., it isn’t a problem with normal Bitcoin software). Whereas all of the core Bitcoin software is open source, the exchange software, with the flaw, used by Mt. Gox was closed source.
The problem may be “transaction malleability” or it may have contributed to the loss. The loss may also have been the result of an outright theft of the private keys that could authorize the spending of Mt Gox’s BTC. Or they could have just lost the keys (!!). Or they could just have stolen the BTC and have it safely off line somewhere. My point is we don’t know yet.
However no matter how the money got lost, it is pretty clear that the loss was happening over a period of time. Yet Mt. Gox did not employ an army of accountants and it appears that no one was balancing the books. So while the losses mounted, no one seemed to know about it until it was too late (!!!).
Because a BTC is currently trading at approximately $500-$600 per coin, and it is beginning to become mainstream, there are a lot of people out there looking to steal Bitcoin. By default when you install the reference Bitcoin software and wallet, the wallet file (named wallet.dat) is not encrypted. So malware on your computer can just read out your private keys and send them home (or just use the keys to send your BTC to the malware authors).
People have reported BTC thefts even when they password protected their wallet files. Presumably some malware has some built in password cracking. Use a weak password and kiss your money goodbye.
There are also on-line wallets, where a website has and protects your private keys. Although these on-line wallets are usually well protected, if malware can steal your login credentials to the wallet website, it can steal your BTC.
Today Bitcoin is being used to do two very different things. Some people are investing in Bitcoin. This is to say they are buying a lot of BTC at today’s prices hoping that in the future it will be worth a lot more. For example in March of 2013 a BTC cost approximately $50. Today it costs $500. A 1000% increase in value. But of course on November 30, 2013 a BTC was worth $1,124! So if you bought on November 30, 2013, you are out some scratch!
The Bitcoin community likes to refer to non-digital currencies as “fiat.” It almost sounds derogatory. Most of the world’s currency is “fiat currency” which is to say its values is determined by the fiat of the government. The Bitcoin community likes to tell people that Bitcoin is much better because no government can just decide to print more BTC. Every ten minutes 25 BTC is mined, no more, no less. No government can declare that more should exist. So in this sense, Bitcoin is not fiat.
However the value of a BTC is determined by the whims of a rather fickle market. Maybe its value will go up tomorrow, maybe it will go down. One positive sign is that Mt. Gox declared itself bankrupt, and the value of BTC did go down, but it didn’t go down to zero!
So investing money in Bitcoin is extremely risky. DO NOT BUY MORE BITCOIN THEN YOU CAN AFFORD TO COMPLETELY LOSE. You can have your Bitcoin drop in value, even to zero! You can have your BTC stolen. You can lose your key. If any of these bad things happen to you, you are out of luck. There is no one who can help you. No government, no insurance. YOU HAVE BEEN WARNED.
One of the really powerful uses of Bitcoin is as an exchange medium. Because it is like cash, you can use it like cash. A merchant can accept payment in BTC and be protected against credit card fraud and chargebacks. There is no credit card company to deal with (and pay... a lot!). Bitcoin transaction fees are fractions of cents (compared to 2-3% for a credit card). This is particularly powerful when dealing with sending money internationally.
So consider the following scenario. You setup an account at a reputable Bitcoin purchasing location (or you use a Bitcoin ATM if you live in a city that has one). One such exchange in the U.S. is http://coinbase.com. Note: The link in this post is a referral link. I get credit if you use this link and setup an account. In fact I will get $5 worth of Bitcoin when you buy $100 worth of Bitcoin and so will you. If you would rather not use the referral, just type in http://coinbase.com.
Things to look for when looking for an exchange:
Mt. Gox is likely not the only sketchy exchange.
So once you have an account at an exchange, and you are ready to make a purchase with BTC, simply go to the exchange buy the BTC when you need it and use it as soon as possible. In this way you and the merchant (or person) you are sending the BTC to get the advantages of the low transaction fees associated with BTC while being protected from its volatility by not holding BTC very long (most merchants sell BTC for local currency soon after accepting it).
Bitcoin is potentially a very important evolution in currency. A currency that you can truly use on-line. However it is new and users need to understand it and how to protect themselves from theft. No government backs Bitcoin, which is a blessing and a curse.
Btw. You can donate Bitcoin to me. Just use the Bitcoin address in the left sidebar. But I won’t make my finances depend on it :-)
Copyright © 2009-2023 Jeffrey I. Schiller