๐๐ซ๐ฒ๐ฉ๐ญ๐จ๐ฐรค๐ก๐ซ๐ฎ๐ง๐ ๐๐ง ๐รผ๐ซ ๐รถ๐ซ๐ฌ๐๐ง๐ฃรผ๐ง๐ ๐๐ซ / ๐๐ข๐ง๐ฌ๐ญ๐๐ข๐ ๐๐ซ (Part 2 - Safety)
You invest in ETF, stocks, real estate, gold, savings or similar, recently heard about these "cryptocurrencies" and now want to join the cool kids discussion? Then please read on. This series of articles reveals the basics of the crypto world, touches on a variety of topics and remains superficial at beginner level - the perfect basis to delve deeper into individual areas on your own or to shine at the regulars' table with dangerous half-knowledge.
Part 1 was about what cryptocurrencies actually are and what added value they can generate. You can find part 1 here: https://app.getquin.com/activity/buTJFYxcSD
In this second part, we'll touch on a few technical details and shed some light on the topic of security. Please forgive me for simplifying some of the facts (and thus making them more suitable for the target group).
๐๐บ ๐ฒ๐ฟ๐๐๐ฒ๐ป ๐ง๐ฒ๐ถ๐น ๐ต๐ฎ๐๐ ๐ฑ๐ ๐๐ผ๐ป ๐๐ฟ๐๐ฝ๐๐ผ๐รค๐ต๐ฟ๐๐ป๐ด๐ฒ๐ป, ๐ รผ๐ป๐๐ฒ๐ป ๐๐ป๐ฑ ๐ฒ๐ถ๐ป๐ฒ๐บ ๐ก๐ฒ๐๐๐๐ฒ๐ฟ๐ธ ๐ด๐ฒ๐๐ฝ๐ฟ๐ผ๐ฐ๐ต๐ฒ๐ป. ๐๐ฎ๐๐ ๐๐ป๐ ๐ฑ๐ฎ๐ ๐ฑ๐ผ๐ฐ๐ต ๐ฏ๐ถ๐๐๐ฒ ๐บ๐ฎ๐น ๐ด๐ฒ๐ฟ๐ฎ๐ฑ๐ฒ๐๐ถ๐ฒ๐ต๐ฒ๐ป. ๐๐๐ ๐๐ฎ๐ ๐ฏ๐ฒ๐๐๐ฒ๐ต๐ ๐๐ผ ๐ฒ๐ถ๐ป๐ฒ ๐๐ฟ๐๐ฝ๐๐ผ๐รค๐ต๐ฟ๐๐ป๐ด ๐ฑ๐ฒ๐ป๐ป ๐ด๐ฒ๐ป๐ฎ๐?
A cryptocurrency is mainly composed of four components:
1) The crypto network. The network is the set of nodes (distributed computers) that communicate digitally with each other to conduct transactions and create new coins, for example. The crypto network is the executing component, so to speak. In many crypto networks, anyone can run a node. One example is the Ethereum network. [1]
2) The actual currency, a coin [2] or token [3] depending on the context. These are the digital coins that you can send from A to B. For example, the currency of the Ethereum network is called Ether (ETH). I.e., you can send Ether from A to B on the Ethereum network, just like you can send Euros from A to B on the banking network. [4]
3) The storage, in most cases a blockchain. A blockchain does not store the account balance for all addresses in the crypto network, but all transactions ever made in a crypto network. I.e. you can see in a blockchain which address has ever sent how many coins to which other address. If, for example, address A first received 10 coins and then another 5 coins before 7 coins were sent, this implicitly results in an account balance of address A of 10+5-7=8 coins. When a new transaction is made on a crypto network, it is permanently written to memory/blockchain by the nodes. [5]
4) The code / software. The code specifies how the network works. For example, when a transaction is valid or invalid, how coins get from A to B, how and when new transactions are written to the blockchain, ... The code therefore determines how the nodes have to do their work.
๐ช๐ฒ๐ป๐ป ๐ท๐ฒ๐ฑ๐ฒ๐ฟ ๐ฒ๐ถ๐ป๐ฒ๐ป ๐ก๐ผ๐ฑ๐ฒ ๐ฏ๐ฒ๐๐ฟ๐ฒ๐ถ๐ฏ๐ฒ๐ป ๐ธ๐ฎ๐ป๐ป ๐๐ป๐ฑ ๐ป๐ถ๐ฒ๐บ๐ฎ๐ป๐ฑ ๐ฑ๐ถ๐ฒ ๐๐ผ๐ป๐๐ฟ๐ผ๐น๐น๐ฒ ๐ต๐ฎ๐, ๐๐ถ๐ฒ ๐ธ๐ฎ๐ป๐ป ๐ถ๐ฐ๐ต ๐ฑ๐ฒ๐บ ๐ก๐ฒ๐๐๐๐ฒ๐ฟ๐ธ ๐ฑ๐ฎ๐ป๐ป ๐๐ฒ๐ฟ๐๐ฟ๐ฎ๐๐ฒ๐ป? ๐ช๐ถ๐ฒ ๐๐ถ๐ฟ๐ฑ ๐ฏ๐๐ฝ๐. ๐๐ฒ๐๐ฟ๐๐ด ๐๐ฒ๐ฟ๐ต๐ถ๐ป๐ฑ๐ฒ๐ฟ๐?
Cryptocurrencies are designed in such a way that their network and blockchain can still be trusted even if a part (< 50%) of the network behaves in a malicious way. Malicious behavior occurs, for example, when a participant wants to send the coins in his wallet to two addresses at the same time, or a node tries to manipulate the transaction history of the blockchain.
To prevent such scenarios, cryptocurrencies implement some security mechanisms. For example, the blockchain is not managed by a single node, but is stored in parallel on many nodes. If a node manipulates its locally stored blockchain, the network is not affected because all other nodes still store the original blockchain.
In addition, transactions are validated by the network. The task of the nodes is to check whether it is a valid transaction. For example, whether the sender actually has the number of coins that he wants to send. Again, the nodes agree together on the next valid transactions to be written to the blockchain. Individual malicious nodes do not stand a chance here as long as they are in the minority. [6], [7], [8]
To protect your own wallet from unauthorized access, there is a private key in addition to your public address. Only those in possession of the private key can send coins from the associated wallet to another address. It is therefore extremely important that no one gets hold of your wallet's private key and that you do not lose it. Lost private keys cannot be recovered. [9]
๐ฆ๐ฐ๐ตรถ๐ป ๐๐ป๐ฑ ๐ด๐๐, ๐ฎ๐ฏ๐ฒ๐ฟ ๐๐ฒ๐น๐ฐ๐ต๐ฒ๐ป ๐๐ป๐ฟ๐ฒ๐ถ๐ ๐ต๐ฎ๐ฏ๐ฒ๐ป ๐ก๐ผ๐ฑ๐ฒ-๐๐ฒ๐๐ฟ๐ฒ๐ถ๐ฏ๐ฒ๐ฟ ๐๐บ ๐ฒ๐ต๐ฟ๐น๐ถ๐ฐ๐ต ๐๐ ๐๐ฒ๐ถ๐ป?
In principle, two aspects play a role. First, a cryptocurrency that is not trusted is worthless. If I alone have control over the majority of a crypto network and manipulate the associated cryptocurrency, users will notice. Usage will decline and the price will fall. I am cutting my own flesh, so to speak - unless my goal is not economic gain, but the destruction of the cryptocurrency.
In addition, node operators will receive a reward for honest behavior in the form of coins of the respective cryptocurrency. These coins are either newly created and / or sourced from the transaction costs incurred when transferring from address A to address B. [10]
๐๐๐ ๐ฒ๐ถ๐ป ๐๐ป๐ด๐ฟ๐ถ๐ณ๐ณ ๐ฎ๐๐ณ ๐ฒ๐ถ๐ป๐ฒ ๐๐ฟ๐๐ฝ๐๐ผ๐รค๐ต๐ฟ๐๐ป๐ด ๐ฑ๐ฒ๐ป๐ป๐ผ๐ฐ๐ต ๐บรถ๐ด๐น๐ถ๐ฐ๐ต? ๐๐ฎ๐๐ ๐ฑ๐ ๐ฒ๐ถ๐ป ๐ฝ๐ฎ๐ฎ๐ฟ ๐๐ฒ๐ถ๐๐ฝ๐ถ๐ฒ๐น๐ฒ ๐ณรผ๐ฟ ๐๐ผ๐น๐ฐ๐ต๐ฒ ๐๐ป๐ด๐ฟ๐ถ๐ณ๐ณ๐ฒ?
Crypto networks are based on software. No complex software is bug-free. If an attacker were to discover and exploit a serious flaw in a crypto network, this could make it possible for them to steal or generate coins. This not only affects the cryptocurrency itself, but also software that uses a cryptocurrency. For example, in 2016, attackers successfully exploited a vulnerability in a DAO (decentralized organization) on the Ethereum blockchain and stole $60 million worth of Ether. As a result, the Ethereum Blockchain was split into Ethereum (ETH) and Ethereum Classic (ETC) (a so-called hard fork). While Ethereum reset its blockchain to the state it was in before the attack, the Ethereum Classic blockchain remained unchanged. [11]
It is entirely conceivable that a participant could gain control of more than 50% of the network and thus manipulate it. If this situation is exploited, it is called a 51% attack. In fact, in 2014, a so-called mining pool [12] controlled more than 50% of the Bitcoin network for a few hours [13]. However, this situation was not exploited. The mining pool subsequently voluntarily committed to never control more than 50% of the network again [14]. Ethereum Classic was the victim of several 51% attacks in 2020 [15] while two Bitcoin Cash mining pools (not to be confused with Bitcoin!) conducted a "benign" 51% attack in 2019 to delete two "ownerless" coins [16]. To what extent any form of 51% attack should be considered "benign" remains to be seen.
Another attack vector arises when coins are managed by central institutions, e.g. crypto exchanges. Crypto exchanges have a large amount of coins and are correspondingly lucrative targets for hackers. In 2014, the then largest crypto exchange, Mt. Gox, had 840,000 bitcoin stolen [17]. But even nowadays, crypto exchanges are still successfully attacked on a regular basis. For example, in 2022, approximately 33 million USD were stolen from crypto.com stolen [18].
In addition, the private key that secures a wallet can also be attacked. For example, a wallet's private key can be stored in a location that a hacker can gain access to. Of course, a wallet owner can also be forced to transfer his coins or reveal his private key under the threat or execution of force [19]. Unlike in the banking network, there is no way to reverse such transactions. Since the private keys must be generated by software, there are also opportunities for attack. On pp. https://iotaseed.io/ it was possible to generate private keys for the cryptocurrency Iota in 2017 and 2018. Stupidly, the operators of the site stored the private keys themselves and used them to steal 10 million euros in Iota [20].
๐๐ฎ๐ ๐ธ๐น๐ถ๐ป๐ด๐ ๐ด๐ฟ๐ฎ๐๐ฒ๐ป๐๐ผ๐น๐น! ๐๐ ๐ถ๐๐ ๐ฑ๐ผ๐ฐ๐ต ๐ป๐๐ฟ ๐ฒ๐ถ๐ป๐ฒ ๐๐ฟ๐ฎ๐ด๐ฒ ๐ฑ๐ฒ๐ฟ ๐ญ๐ฒ๐ถ๐, ๐ฏ๐ถ๐ ๐ฎ๐น๐น๐ฒ ๐๐ฟ๐๐ฝ๐๐ผ๐รค๐ต๐ฟ๐๐ป๐ด๐ฒ๐ป ๐ด๐ฒ๐ต๐ฎ๐ฐ๐ธ๐ ๐๐ฒ๐ฟ๐ฑ๐ฒ๐ป!
Crypto is a relatively young technology and like any new technology, there are teething problems that are gradually being ironed out. If you want to minimize the risk, you can bet on established cryptocurrencies like Bitcoin and Ethereum. Both currencies have been around for a very long time. Accordingly, the probability that there are still serious and undiscovered vulnerabilities in the code is relatively low. In addition, changes to the code are meticulously reviewed by a large community. Younger cryptocurrencies with a smaller community, faster development cycles and more disruptive technology are potentially more vulnerable here.
To prevent the risk of successful network attacks, you should choose cryptocurrencies with large, distributed, and decentralized networks whenever possible. No one actor should control large parts of the crypto network. The size and distribution of the crypto network should keep that unlikely for the future. Unfortunately, decentralization is not that easy to measure. [21] proposes two approaches to this. However, decentrality is not only important in the network itself. For example, a risk also arises if the code of a cryptocurrency is mainly developed by one person or one institution. Who checks that a backdoor is not built in here after all?
To reduce the likelihood of losing a large amount of coins, you should not let these coins be managed by central institutions like a crypto exchange. Instead, it is a good idea to use a hardware wallet for safekeeping at home [22].
๐ ๐ฒ๐ถ๐ป ๐๐ผ๐ฝ๐ณ ๐พ๐๐ฎ๐น๐บ๐. ๐ฆ๐ถ๐ป๐ฑ ๐๐ฟ๐๐ฝ๐๐ผ๐รค๐ต๐ฟ๐๐ป๐ด๐ฒ๐ป ๐ท๐ฒ๐๐๐ ๐๐ถ๐ฐ๐ต๐ฒ๐ฟ ๐๐ป๐ฑ ๐ฑ๐ฒ๐๐ฒ๐ป๐๐ฟ๐ฎ๐น ๐ผ๐ฑ๐ฒ๐ฟ ๐ป๐ถ๐ฐ๐ต๐?
It depends. Many smaller cryptocurrencies advertise better features (e.g., faster speed) than the top dogs. Often, however, one has to accept compromises in decentralization and security (keyword blockchain trilemma [23]). If the security of cryptocurrencies plays an important role for you, you should deal with this aspect of a cryptocurrency before you invest in it. Personally, I consider the decentralization and security of Bitcoin and Ethereum to be sufficient, and that of all other coins to be at least worth checking.
๐ข๐ธ๐ฎ๐ ... ๐ด๐ฒ๐ป๐๐ด ๐ง๐ฒ๐ฐ๐ต๐ป๐ถ๐ธ. ๐๐ฐ๐ต ๐ฏ๐ถ๐ป ๐ฝ๐ฟ๐ถ๐บรค๐ฟ ๐๐ป๐๐ฒ๐๐๐ผ๐ฟ ๐๐ป๐ฑ ๐บรถ๐ฐ๐ต๐๐ฒ ๐บ๐ฒ๐ถ๐ป ๐๐ฒ๐น๐ฑ ๐๐ฒ๐ฟ๐บ๐ฒ๐ต๐ฟ๐ฒ๐ป. ๐ช๐ถ๐ฒ ๐ด๐ฒ๐ต๐๐ ๐๐ฒ๐ถ๐๐ฒ๐ฟ?
I'm glad you brought that up! In the next part, we'll actually look at how to make money with cryptocurrencies. You can find the 3rd part here https://app.getquin.com/activity/ZgfENSuSRD
Sources and read more:
[1] https://academy.binance.com/en/glossary/node
[2] https://academy.binance.com/en/glossary/coin
[3] https://academy.binance.com/en/glossary/token
[4] https://ethereum.org/de/eth/
[5] https://academy.binance.com/en/glossary/blockchain
[6] https://www.bitpanda.com/academy/de/lektionen/wie-funktioniert-eine-blockchain
[7] https://www.bitpanda.com/academy/de/lektionen/was-ist-double-spending-und-warum-ist-es-ein-problem/
[8] https://academy.binance.com/en/articles/what-is-a-blockchain-consensus-algorithm
[9] https://www.coinbase.com/learn/crypto-basics/what-is-a-private-key
[10] https://academy.binance.com/en/glossary/block-reward
[11] https://www.gemini.com/cryptopedia/the-dao-hack-makerdao
[12] https://www.bitpanda.com/academy/de/lektionen/wofur-gibt-es-mining-pools-und-wie-funktionieren-sie/
[13] https://www.theguardian.com/technology/2014/jun/16/bitcoin-currency-destroyed-51-attack-ghash-io
[14] https://www.bitpanda.com/academy/de/lektionen/was-ist-ein-51-angriff-und-wie-wird-er-verhindert/
[15] https://www.coindesk.com/markets/2020/08/29/ethereum-classic-hit-by-third-51-attack-in-a-month/
[17] https://www.buybitcoinworldwide.com/mt-gox-hack/
[18] https://www.btc-echo.de/news/crypto-com-hack-mehr-geld-gestohlen-133356/
[20] https://iotaseed.io/
[21] https://www.sciencedirect.com/science/article/pii/S2405959521000977
[22] https://www.btc-echo.de/ratgeber/bitcoin-hardware-wallet-vergleich/
[23] https://www.gemini.com/cryptopedia/blockchain-trilemma-decentralization-scalability-definition