This is an Op-ed article written by Arseny Reutov. The opinions expressed in this article are the author’s own. Bitcoin.com does not endorse nor support views, opinions or conclusions drawn in this post.
In late October, Bitcoin Gold forked from Bitcoin as a new cryptocurrency, and immediately became the victim of a Distributed Denial of Service (DDoS) attack that knocked it offline at a critical moment. In the months following, Bitcoin Gold has been plagued by a series of attacks across multiple vectors that have impacted on its value and – most importantly – lost innocent users millions of dollars.
Some people have attributed the attacks on the Bitcoin Gold network to opponents who believe that the fork undermines the cryptocurrency community. Whether this is the case or not, what is clear is that there is a cybersecurity issue within the cryptocurrency community, with Bitcoin Gold just being one of a number of currencies effected. It is imperative now to focus on ways in which attacks on these scale can be prevented from becoming a regular occurrence.
What is Bitcoin Gold?
Bitcoin Gold is one of the latest cryptocurrencies created through the increasingly-common practice of a hard fork. Like Bitcoin Cash before it, Bitcoin Gold branded itself as a new version of Bitcoin, rather than a competing platform like Ethereum, and opted to maintain Bitcoin’s transaction history – which means that those who owned Bitcoin before the fork now own the equivalent of Bitcoin Gold.
The distinction between Bitcoin Gold and its sister currencies largely lies in how it allows coins to be mined. Where traditional Bitcoin mining has arguably become monopolized by companies using custom-built application-specific integrated circuits (ASICs), Bitcoin Gold aims to decentralize the mining industry with an alternative mining algorithm that’s not susceptible to ASICs. It’s claimed that this will allow ordinary Bitcoin Gold users to earn extra cash through mining, as was the case in the early days of Bitcoin.
However, Bitcoin Gold quickly came under scrutiny from the wider cryptocurrency community. This criticism has typically revolved around the fact that the developers of Bitcoin Gold were given a window of time to privately mine the new network, reducing the number of coins available. Furthermore, there are many in the Bitcoin community who are already strongly opposed to forks or anything that looks to split the user base, now commonly known as Bitcoin maximalists. It has been speculated that the large opposition to Bitcoin Gold may explain why it has come under such determined cyber attack.
A Sustained Attack on Bitcoin Gold
Bitcoin Gold separated on the 24th October, and was almost immediately hit by a denial-of-service attack that overloaded the server with requests and brought the network offline. Unfortunately, Bitcoin Gold’s security woes did not stop there.
On November 20th, it was discovered that a Bitcoin Gold wallet that was being promoted on the Bitcoin Gold website, called “mybtgwallet”, was fraudulent. The team removed the wallet once the scam came to light, but the damage was done. Innocent users had already fallen prey, and it is estimated that $3.3 million was lost.
Less than one week later, on November 26th, Bitcoin Gold was forced to issue a critical warning that two suspicious files were present in its Windows wallet installer, with presumed malicious intent. The critical warning states that anyone who downloaded the files should delete them, scan or wipe their computer, and remove access to cryptocurrency wallets from their machine.
The Implications of Bad Security
The implications of this series of attacks is serious for Bitcoin Gold and the wider cryptocurrency community. Even before Bitcoin Gold had launched, its perceived lax security had effected its reputation. Coinbase, one of the largest exchanges, publicly announced that it would not support Bitcoin Gold “because its developers have not made the code available to the public for review. This is a major security risk.”
The attacks it has faced have further effected the digital currency’s reputation. At the time of this article, Bitcoin Gold ranks tenth on Coinmarketcap, a sharp drop from its place in fifth spot in late November. It is not inconceivable to think that the security issues it has faced are at least partly responsible for this decline.
Whether maximalists support them or not, Bitcoin forks are set to continue, at least for the time being – Bitcoin Gold has already been quickly followed by Bitcoin Diamond. Of course, security threats extend far beyond bitcoin forks. ICOs for example, another increasingly popular trend in 2017, have been plagued with serious incidents. DAO and Parity offerings saw over $100m of tokens illicitly redirected and Coindash also lost $8m when attackers exploited vulnerabilities in the company’s web applications. It is therefore imperative that the cryptocurrency community turns its focus to cyber security.
Lessons on Improving the Security of Cryptocurrencies
The case of Bitcoin Gold shows there are core areas of cryptocurrency security need to be addressed urgently.
Firstly, server infrastructure and the applications that host cryptocurrencies need to be seen as a security risk. This does not simply mean auditing the web application itself but also the related web and mobile applications, servers, and network infrastructure. This is where Bitcoin Gold has fallen down, as seen through the insertion of malicious code into its wallet installer. The only way to prevent such attacks is constant monitoring, with verification testing after the flaws are fixed. Likewise, with constant monitoring of the server, the original denial-of-service attack it faced could have been quickly identified and mitigated.
Secondly, there needs to be a greater focus on preventing social engineering attacks. Bitcoin Gold failed in allowing a fraudulent wallet onto its website and in not doing enough to prevent copycat attacks from targeting its users. Largely, this is an issue of constant monitoring for website clones and educating users to avoid malicious websites and apps as quick as possible. As we saw in the case of Bitcoin Gold, a failure to do so could result in the loss of millions.
If the cryptocurrency community begins to make cyber security a priority before launch, and dedicates the necessary resources to monitoring and education, new cryptocurrencies will have a better chance of competing and thriving. However, if cybersecurity continues to be a second thought, we will continue to see sustained attacks that damage the reputation of virtual currencies as a whole, and ultimately result in innocent users losing their money to criminals.
Written by Arseny Reutov
Arseny Reutov is an application security researcher at Positive.com. He specializes in penetration testing, the analysis of web applications, smart contracts audit and the research of blockchain solutions. He is the author of research papers and blog posts devoted to application security and blockchain technologies published in such magazines as Hacker and HITB as well as in his blog raz0r.name. He was a speaker at ZeroNights, CONFidence, PHDays and OWASP security conferences.
Do you think the bitcoin community has a security problem? If so, how can we improve cyber security and decrease the risks of attacks in the bitcoin community? Let us know in the comments below.
This is an Op-ed article. The opinions expressed in this article are the author’s own. Bitcoin.com does not endorse nor support views, opinions or conclusions drawn in this post. Bitcoin.com is not responsible for or liable for any content, accuracy or quality within the Op-ed article. Readers should do their own due diligence before taking any actions related to the content. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any information in this Op-ed article.
Images courtesy of Shutterstock.