the victim computers. For example,
Dogecoin (coded in C++) has effectively received no updates in two years, yet
this explicit joke still has a notional
value (at time of writing) of over $550M
and is the 27th-largest cryptocurrency.
The odds of a wormable vulnerability
in the P2P software are significant,
especially when combined with the
observation that Dogecoin is a fork of
Luckycoin’s source, which was itself a
fork of Litecoin, itself a fork of Bitcoin.
Security patches in any of the upstream
cryptocurrencies can act as a guide for
The exchanges themselves also create systemic risks. Almost all exchanges seek to avoid regulation, which
means they implode with almost
seeming regularity—usually due to a
combination of theft and fraud. These
exchanges may even participate in active market manipulation.
A previous Bitcoin bubble appears
to have resulted from deliberate price
manipulation on the MtGox Bitcoin exchange; the current bubble may be due
to the Bitfinex exchange creating Tethers and then using them to buy cryptocurrencies. There are also credible allegations of exchanges enabling wash
trading, spoofing, insider trading, and
other market manipulations.
Finally, cryptocurrencies are actually
vulnerable to intervention by central authorities. Although cryptocurrency advocates claim there is no central authority
that can censor transactions, the common collectivization of mining into a few
entities, combined with official distributions, means small groups can arbitrarily change the rules, and have done so in
cases such as a bug-related hardfork in
Bitcoin and the Ethereum rollback of the
supposedly immutable DAO contract in
response to the DAO theft. Both showed
that central authorities exist for even the
biggest cryptocurrencies and that these
authorities can act arbitrarily to rewrite
the rules. Such interventions have generally been benign; however, that such
interventions are even possible negates
the basic thesis that these currencies
lack central authorities.
Governments can also intervene
to effectively kill cryptocurrencies,
should that be desired. The most effective mechanism is simply regulation.
Cryptocurrencies have value only when
they can be converted back to local
currency. By effectively strangling the
exchange process, governments can
make cryptocurrencies unworkable.
Already most exchanges are now cut off
from banking, limiting the conversion
opportunities. Similar face-to-face in-
dividual exchanges (such as those felic-
itated on LocalBitcoins) are inevitably
running afoul of local money-service
laws. Enforcing these laws could fur-
ther limit convertibility.
Governments (or others with a substantial budget) can also attempt technical disruptions. The limited transaction capability can be exploited by a
government purchasing a quantity of
Bitcoin, and then creating useless transactions. The goal of such a spam campaign would not be simply to clog the
network, but also to generate responding spam filters. As the spam campaign
continues, the goal becomes to tune the
spam so that the filters cause false positives. How can a cryptocurrency work if
a non-trivial fraction of legitimate transactions are blocked by spam filters?
Risks to Society
The aforementioned risks are all limited to market participants, and result
in various failures. But the greatest risk
to society may come not from failures,
but from success. Beyond the obvious
externalities imposed by cryptocurrency mining (a stable doubling in
Bitcoin’s price will further double its
power consumption), it is primarily
criminals who regularly benefit from
In many cases the bandwidth limit
for crime is not the crime itself, but
the money laundering. For criminals,
cash is censorship-resistant but requires proximity and mass with $1M
U.S. weighing approximately 10kg. Euros are more compact, requiring only
1.7kg in 500€ notes for the same value,
leading the European Central Bank to
begin phasing out the 500€ note. Additionally, it is deliberately difficult
to move significant quantities of cash
into the rest of the banking system, as
deposits over $10,000 or other features
generate suspicious activity reports.
If cryptocurrencies succeed, we can
expect a great increase in criminal
bandwidth. The only reason why the
online drug markets remained small
(approximately $1M a day in sales despite existing for half a decade) is that
Bitcoin and the other cryptocurrencies
are like the classic corrupt poker game;
yes, it’s rigged, but it’s the only game in
town. A cryptocurrency that actually offered both real anonymity and acted as
a store of value (eliminating the need
to constantly shift between dollars)
would see an explosion in this market.
But such uses would not be limited
to criminal-to-criminal transactions
but would also act as a vehicle for extortion. The first ransomware epidemic a few years ago offered a choice to
victims, either Green Dot or Bitcoin,
with almost every victim using the
much easier Green Dot, where the victim could purchase a MoneyPak from
a convenience store and provide the
numbers to the extortionist. It was the
U.S. Treasury pressure on Green Dot (to
break up a money-laundering flow) that
disrupted that epidemic. How much
greater would the current ransomware
epidemic be if it was easy for victims to
pay? How much other criminal extortion would target ordinary citizens?
The risks in the cryptocurrency world
are multifaceted and diverse, but fortunately most are limited to those who
participate. This leads to a natural conclusion. As the philosopher WOPR said
in the movie WarGames, “The only winning move is not to play.”
1. Jakobsson, M. and Juels, A. Proofs of work and
bread pudding protocols (extended abstract). In B.
Preneel, Ed., Secure Information Networks. IFIP, The
International Federation for Information Processing,
vol. 23. Springer, Boston, MA, 1999.
Nicholas Weaver ( firstname.lastname@example.org) is a
researcher at the International Computer Science
Institute and a lecturer in the CS department at UC
Berkeley. He wishes to thank Steve Bellovin for his
constructive shepherding of this column.
Copyright held by author.
succeed, we can
expect a great
increase in criminal