Is Bitcoin Facing Existential Cybersecurity Problems?
Posted by Colin Lambert. Last updated: October 15, 2021
With central bankers in particular sounding off about the threats of cryptocurrencies – and reinforcing that narrative by pushing the case for central bank digital currencies – new research from Avoca Global Advisors argues that Bitcoin in particular, fails several tests required for adoption in the US and will create “severe operational and financial stability risks” if it is interconnected to the US financial system.
Noting that the underlying secure hashtag algorithm (SHA) for Bitcoin is almost 20 years old and is expected to have a finite lifetime, the paper, Bitcoin: A Trojan Horse, argues, “The Bitcoin network faces existential risks from advances in cryptographic analysis, quantum computing, and malign nation-state cyber-attacks.”
Observing that China has played a “substantial” role in developing Bitcoin, which could amplify the risks of other types of malicious cybersecurity attacks on network, Avoca Global states, “We believe that Bitcoin provides few, if any, of the essential properties of ‘safe and proper’ currency”, it also observes that the possibility of the Chinese government (which has cracked down hard on cryptocurrencies and miners) disrupting or attacking Bitcoin, “is an obvious risk”.
Upping the ante, the paper then argues that as Bitcoin has been classified by US courts as a currency or form of money, it is, arguably, “operating as an illegal private-sector currency”, adding, “We expect that the US policymakers may soon move to effectively ban Bitcoin based on existing federal laws.”
The underlying algorithm for Bitcoin is SHA-256, which was first published in 2002 and remains widely used. The paper, however, points out that academics believe it will not be a reliable cybersecurity standard beyond 2027 due to advances in quantum computing. “The anonymous Bitcoin network has limited ability to respond to a severe cyberattack that would force it to migrate to a new hashing algorithm or to adapt to a post-quantum world,” it states.
The core argument of the paper is that quantum computing power alone will break SHA-256, the way it did a previous iteration, SHA-1, leading it to suggest, “Logically, Bitcoin is not ‘digital gold’ – and with advances in cryptology and quantum computing – it will ultimately dissolve into “digital sand” exposing its holders to risk of sudden and serious financial loss.”
It adds, “We are not aware of any company of industry, which places its entire operational existence on the durability of SHA-256 technology.”
Bitcoin is not ‘digital gold’ – and with advances in cryptology and quantum computing – it will ultimately dissolve into “digital sand”
Reiterating that Bitcoin is “completely reliant” upon SHA-256, Avoca further points out that a full collision on SHA-256 “would likely completely collapse Bitcoin”. Although, it adds, Bitcoin creator Satoshi Nakamoto reportedly argued that if SHA-256 become broken “we could come to some agreement about what the honest block chain was before the trouble started”, Avoca says, “We know of no financial regulator in any of the major developed economies which tolerate this approach to operational risk management, cybersecurity, and contingency planning for any regulated financial market utility or firm or product.”
The paper also observes that Bitcoin could be vulnerable to a “51 percent attack” where malicious players take control of more than 50% of the network’s hash rate. “In theory, Bitcoin’s network is expected to be less vulnerable to the risk of a “51 percent” attack because it has a vast network, with approximately ten thousand “nodes” by most estimates,” the paper notes. “However, Bitcoin mining is increasingly dominated by the use of supercomputers called application-specific integrated circuits (ASIC) which are highly expensive. As a result, the network’s hash rate – and therefore mining power – is increasingly becoming concentrated in the hands of fewer participants.
“Over time, as a greater proportion of the total supply of Bitcoins has been mined, the ‘Proof of Work’ protocol is likely to get harder and the financial rewards to mining less attractive,” it continues. “Since miners functionally play a crucial role in verifying the network’s integrity – because they get ‘rewarded’ with Bitcoin for verifying transactions – a decline in the number of miners would weaken the network’s security.”
Latency and Legitimacy
The paper also highlights the latency and inefficiency that characterises Bitcoin when compared to fiat processes such as those operated by Visa. These bottlenecks leave the network exposed, Avoca Global argues, to predatory practices from high frequency traders, adding that research has already identified “spam attacks” from this sector.
Observing that private-sector crypto exchanges, such as Coinbase, often try to reduce transaction fees by providing “off-chain transactions” which do not go on the blockchain straight away, the paper points out. “This ‘off- chain’ practice by crypto exchanges contradicts the essential principle of a real-time and completely transparent and public-distributed-ledger…[and] may weaken the integrity and cybersecurity of the system.”
Clearly, the anonymous Bitcoin network is incapable of providing the appropriate level of public transparency about pricing, transactions, and liquidity which was required by Congress under the Dodd-Frank Act
The paper also points to academic and industry reports suggesting a very high amount of “wash trading” occurs on the unregulated Bitcoin exchanges, which obfuscates the true liquidity in these markets. “We think these issues of transactional latency and opacity are critical and they preclude the use of the Bitcoin network from the US financial markets,” the paper states. “In particular, the identified latency and opacity issues are inconsistent with the US financial market regulators’ mission of fair, orderly, and efficient markets.”
The paper also notes that the Dodd-Frank act required the timely reporting of financial market transactions in an orderly public way. “Clearly, the anonymous Bitcoin network is incapable of providing the appropriate level of public transparency about pricing, transactions, and liquidity which was required by Congress under the Dodd-Frank Act,” Avoca Global argues. “As such, we think it is highly regrettable that the Chicago Mercantile Exchange listed Bitcoin futures derivatives on its exchange with these known operational risks.
“Historically, US futures clearing houses have caused serious systemic risks due to latency issues, collateral mobility, and related opacity about price discovery between cash and derivative markets,” it continues. “We think the promoters of Bitcoin seeking to launch exchange-traded funds (ETF’s) on US stock exchanges do not appropriately discuss the operational and cybersecurity risks in their public prospectuses.”
The paper lays out several arguments as to why Bitcoin is not a fit and proper currency and should not be integrated into the US financial system and also sees a looming threat from US regulators, who have been slow to act due to the novelty and “panormama of legal issues” that Bitcoin raises. As well as not seeing it as a currency the paper also argues it does not comply with the standard US legal definitions of an investment security or commodity. Perhaps even more seriously, it points out that Bitcoin violates existing Federal laws that ban private currency issuance.
Observing US regulators’ active efforts to impose regulation on Bitcoin and cryptocurrencies generally, Avoca says it expects the U.S. government will “soon act to effectively ban Bitcoin – and all other anonymous and uncollateralized cryptocurrencies – from the United States per the existing U.S. federal laws.”
It adds that the global financial crisis demonstrated that the rapid expansion and use of opaque and esoteric derivatives, alongside loosely regulated nonbank financial institutions, “fostered an unstable and dangerous risk-taking ecosystem”.
Conceptually, a crisis of payment systems and money would be exponentially more dangerous than a crisis of credit and capital markets, it argues, adding that time is of the essence to enforce existing federal law onto the unregulated cryptocurrency market and to preserve and protect the US and global financial stability.
The full report can be accessed here.