𝐊𝐫𝐲𝐩𝐭𝐨𝐰ä𝐡𝐫𝐮𝐧𝐠𝐞𝐧 𝐟ü𝐫 𝐁ö𝐫𝐬𝐞𝐧𝐣ü𝐧𝐠𝐞𝐫 / 𝐄𝐢𝐧𝐬𝐭𝐞𝐢𝐠𝐞𝐫 (Part 2 - Safety)

You invest in ETF, stocks, real estate, gold, savings or similar, recently heard about these "cryptocurrencies" and now want to join the cool kids discussion? Then please read on. This series of articles reveals the basics of the crypto world, touches on a variety of topics and remains superficial at beginner level - the perfect basis to delve deeper into individual areas on your own or to shine at the regulars' table with dangerous half-knowledge.

Part 1 was about what cryptocurrencies actually are and what added value they can generate. You can find part 1 here: https://app.getquin.com/activity/buTJFYxcSD

In this second part, we'll touch on a few technical details and shed some light on the topic of security. Please forgive me for simplifying some of the facts (and thus making them more suitable for the target group).

𝗜𝗺 𝗲𝗿𝘀𝘁𝗲𝗻 𝗧𝗲𝗶𝗹 𝗵𝗮𝘀𝘁 𝗱𝘂 𝘃𝗼𝗻 𝗞𝗿𝘆𝗽𝘁𝗼𝘄ä𝗵𝗿𝘂𝗻𝗴𝗲𝗻, 𝗠ü𝗻𝘇𝗲𝗻 𝘂𝗻𝗱 𝗲𝗶𝗻𝗲𝗺 𝗡𝗲𝘁𝘇𝘄𝗲𝗿𝗸 𝗴𝗲𝘀𝗽𝗿𝗼𝗰𝗵𝗲𝗻. 𝗟𝗮𝘀𝘀 𝘂𝗻𝘀 𝗱𝗮𝘀 𝗱𝗼𝗰𝗵 𝗯𝗶𝘁𝘁𝗲 𝗺𝗮𝗹 𝗴𝗲𝗿𝗮𝗱𝗲𝘇𝗶𝗲𝗵𝗲𝗻. 𝗔𝘂𝘀 𝘄𝗮𝘀 𝗯𝗲𝘀𝘁𝗲𝗵𝘁 𝘀𝗼 𝗲𝗶𝗻𝗲 𝗞𝗿𝘆𝗽𝘁𝗼𝘄ä𝗵𝗿𝘂𝗻𝗴 𝗱𝗲𝗻𝗻 𝗴𝗲𝗻𝗮𝘂?

A cryptocurrency is mainly composed of four components:

1) The crypto network. The network is the set of nodes (distributed computers) that communicate digitally with each other to conduct transactions and create new coins, for example. The crypto network is the executing component, so to speak. In many crypto networks, anyone can run a node. One example is the Ethereum network. [1]

2) The actual currency, a coin [2] or token [3] depending on the context. These are the digital coins that you can send from A to B. For example, the currency of the Ethereum network is called Ether (ETH). I.e., you can send Ether from A to B on the Ethereum network, just like you can send Euros from A to B on the banking network. [4]

3) The storage, in most cases a blockchain. A blockchain does not store the account balance for all addresses in the crypto network, but all transactions ever made in a crypto network. I.e. you can see in a blockchain which address has ever sent how many coins to which other address. If, for example, address A first received 10 coins and then another 5 coins before 7 coins were sent, this implicitly results in an account balance of address A of 10+5-7=8 coins. When a new transaction is made on a crypto network, it is permanently written to memory/blockchain by the nodes. [5]

4) The code / software. The code specifies how the network works. For example, when a transaction is valid or invalid, how coins get from A to B, how and when new transactions are written to the blockchain, ... The code therefore determines how the nodes have to do their work.

𝗪𝗲𝗻𝗻 𝗷𝗲𝗱𝗲𝗿 𝗲𝗶𝗻𝗲𝗻 𝗡𝗼𝗱𝗲 𝗯𝗲𝘁𝗿𝗲𝗶𝗯𝗲𝗻 𝗸𝗮𝗻𝗻 𝘂𝗻𝗱 𝗻𝗶𝗲𝗺𝗮𝗻𝗱 𝗱𝗶𝗲 𝗞𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲 𝗵𝗮𝘁, 𝘄𝗶𝗲 𝗸𝗮𝗻𝗻 𝗶𝗰𝗵 𝗱𝗲𝗺 𝗡𝗲𝘁𝘇𝘄𝗲𝗿𝗸 𝗱𝗮𝗻𝗻 𝘃𝗲𝗿𝘁𝗿𝗮𝘂𝗲𝗻? 𝗪𝗶𝗲 𝘄𝗶𝗿𝗱 𝗯𝘀𝗽𝘄. 𝗕𝗲𝘁𝗿𝘂𝗴 𝘃𝗲𝗿𝗵𝗶𝗻𝗱𝗲𝗿𝘁?

Cryptocurrencies are designed in such a way that their network and blockchain can still be trusted even if a part (< 50%) of the network behaves in a malicious way. Malicious behavior occurs, for example, when a participant wants to send the coins in his wallet to two addresses at the same time, or a node tries to manipulate the transaction history of the blockchain.

To prevent such scenarios, cryptocurrencies implement some security mechanisms. For example, the blockchain is not managed by a single node, but is stored in parallel on many nodes. If a node manipulates its locally stored blockchain, the network is not affected because all other nodes still store the original blockchain.

In addition, transactions are validated by the network. The task of the nodes is to check whether it is a valid transaction. For example, whether the sender actually has the number of coins that he wants to send. Again, the nodes agree together on the next valid transactions to be written to the blockchain. Individual malicious nodes do not stand a chance here as long as they are in the minority. [6], [7], [8]

To protect your own wallet from unauthorized access, there is a private key in addition to your public address. Only those in possession of the private key can send coins from the associated wallet to another address. It is therefore extremely important that no one gets hold of your wallet's private key and that you do not lose it. Lost private keys cannot be recovered. [9]

𝗦𝗰𝗵ö𝗻 𝘂𝗻𝗱 𝗴𝘂𝘁, 𝗮𝗯𝗲𝗿 𝘄𝗲𝗹𝗰𝗵𝗲𝗻 𝗔𝗻𝗿𝗲𝗶𝘇 𝗵𝗮𝗯𝗲𝗻 𝗡𝗼𝗱𝗲-𝗕𝗲𝘁𝗿𝗲𝗶𝗯𝗲𝗿 𝘂𝗺 𝗲𝗵𝗿𝗹𝗶𝗰𝗵 𝘇𝘂 𝘀𝗲𝗶𝗻?

In principle, two aspects play a role. First, a cryptocurrency that is not trusted is worthless. If I alone have control over the majority of a crypto network and manipulate the associated cryptocurrency, users will notice. Usage will decline and the price will fall. I am cutting my own flesh, so to speak - unless my goal is not economic gain, but the destruction of the cryptocurrency.

In addition, node operators will receive a reward for honest behavior in the form of coins of the respective cryptocurrency. These coins are either newly created and / or sourced from the transaction costs incurred when transferring from address A to address B. [10]

𝗜𝘀𝘁 𝗲𝗶𝗻 𝗔𝗻𝗴𝗿𝗶𝗳𝗳 𝗮𝘂𝗳 𝗲𝗶𝗻𝗲 𝗞𝗿𝘆𝗽𝘁𝗼𝘄ä𝗵𝗿𝘂𝗻𝗴 𝗱𝗲𝗻𝗻𝗼𝗰𝗵 𝗺ö𝗴𝗹𝗶𝗰𝗵? 𝗛𝗮𝘀𝘁 𝗱𝘂 𝗲𝗶𝗻 𝗽𝗮𝗮𝗿 𝗕𝗲𝗶𝘀𝗽𝗶𝗲𝗹𝗲 𝗳ü𝗿 𝘀𝗼𝗹𝗰𝗵𝗲 𝗔𝗻𝗴𝗿𝗶𝗳𝗳𝗲?

Crypto networks are based on software. No complex software is bug-free. If an attacker were to discover and exploit a serious flaw in a crypto network, this could make it possible for them to steal or generate coins. This not only affects the cryptocurrency itself, but also software that uses a cryptocurrency. For example, in 2016, attackers successfully exploited a vulnerability in a DAO (decentralized organization) on the Ethereum blockchain and stole $60 million worth of Ether. As a result, the Ethereum Blockchain was split into Ethereum (ETH) and Ethereum Classic (ETC) (a so-called hard fork). While Ethereum reset its blockchain to the state it was in before the attack, the Ethereum Classic blockchain remained unchanged. [11]

It is entirely conceivable that a participant could gain control of more than 50% of the network and thus manipulate it. If this situation is exploited, it is called a 51% attack. In fact, in 2014, a so-called mining pool [12] controlled more than 50% of the Bitcoin network for a few hours [13]. However, this situation was not exploited. The mining pool subsequently voluntarily committed to never control more than 50% of the network again [14]. Ethereum Classic was the victim of several 51% attacks in 2020 [15] while two Bitcoin Cash mining pools (not to be confused with Bitcoin!) conducted a "benign" 51% attack in 2019 to delete two "ownerless" coins [16]. To what extent any form of 51% attack should be considered "benign" remains to be seen.

Another attack vector arises when coins are managed by central institutions, e.g. crypto exchanges. Crypto exchanges have a large amount of coins and are correspondingly lucrative targets for hackers. In 2014, the then largest crypto exchange, Mt. Gox, had 840,000 bitcoin stolen [17]. But even nowadays, crypto exchanges are still successfully attacked on a regular basis. For example, in 2022, approximately 33 million USD were stolen from crypto.com stolen [18].

In addition, the private key that secures a wallet can also be attacked. For example, a wallet's private key can be stored in a location that a hacker can gain access to. Of course, a wallet owner can also be forced to transfer his coins or reveal his private key under the threat or execution of force [19]. Unlike in the banking network, there is no way to reverse such transactions. Since the private keys must be generated by software, there are also opportunities for attack. On pp. https://iotaseed.io/ it was possible to generate private keys for the cryptocurrency Iota in 2017 and 2018. Stupidly, the operators of the site stored the private keys themselves and used them to steal 10 million euros in Iota [20].

𝗗𝗮𝘀 𝗸𝗹𝗶𝗻𝗴𝘁 𝗴𝗿𝗮𝘂𝗲𝗻𝘃𝗼𝗹𝗹! 𝗘𝘀 𝗶𝘀𝘁 𝗱𝗼𝗰𝗵 𝗻𝘂𝗿 𝗲𝗶𝗻𝗲 𝗙𝗿𝗮𝗴𝗲 𝗱𝗲𝗿 𝗭𝗲𝗶𝘁, 𝗯𝗶𝘀 𝗮𝗹𝗹𝗲 𝗞𝗿𝘆𝗽𝘁𝗼𝘄ä𝗵𝗿𝘂𝗻𝗴𝗲𝗻 𝗴𝗲𝗵𝗮𝗰𝗸𝘁 𝘄𝗲𝗿𝗱𝗲𝗻!

Crypto is a relatively young technology and like any new technology, there are teething problems that are gradually being ironed out. If you want to minimize the risk, you can bet on established cryptocurrencies like Bitcoin and Ethereum. Both currencies have been around for a very long time. Accordingly, the probability that there are still serious and undiscovered vulnerabilities in the code is relatively low. In addition, changes to the code are meticulously reviewed by a large community. Younger cryptocurrencies with a smaller community, faster development cycles and more disruptive technology are potentially more vulnerable here.

To prevent the risk of successful network attacks, you should choose cryptocurrencies with large, distributed, and decentralized networks whenever possible. No one actor should control large parts of the crypto network. The size and distribution of the crypto network should keep that unlikely for the future. Unfortunately, decentralization is not that easy to measure. [21] proposes two approaches to this. However, decentrality is not only important in the network itself. For example, a risk also arises if the code of a cryptocurrency is mainly developed by one person or one institution. Who checks that a backdoor is not built in here after all?

To reduce the likelihood of losing a large amount of coins, you should not let these coins be managed by central institutions like a crypto exchange. Instead, it is a good idea to use a hardware wallet for safekeeping at home [22].

𝗠𝗲𝗶𝗻 𝗞𝗼𝗽𝗳 𝗾𝘂𝗮𝗹𝗺𝘁. 𝗦𝗶𝗻𝗱 𝗞𝗿𝘆𝗽𝘁𝗼𝘄ä𝗵𝗿𝘂𝗻𝗴𝗲𝗻 𝗷𝗲𝘁𝘇𝘁 𝘀𝗶𝗰𝗵𝗲𝗿 𝘂𝗻𝗱 𝗱𝗲𝘇𝗲𝗻𝘁𝗿𝗮𝗹 𝗼𝗱𝗲𝗿 𝗻𝗶𝗰𝗵𝘁?

It depends. Many smaller cryptocurrencies advertise better features (e.g., faster speed) than the top dogs. Often, however, one has to accept compromises in decentralization and security (keyword blockchain trilemma [23]). If the security of cryptocurrencies plays an important role for you, you should deal with this aspect of a cryptocurrency before you invest in it. Personally, I consider the decentralization and security of Bitcoin and Ethereum to be sufficient, and that of all other coins to be at least worth checking.

𝗢𝗸𝗮𝘆 ... 𝗴𝗲𝗻𝘂𝗴 𝗧𝗲𝗰𝗵𝗻𝗶𝗸. 𝗜𝗰𝗵 𝗯𝗶𝗻 𝗽𝗿𝗶𝗺ä𝗿 𝗜𝗻𝘃𝗲𝘀𝘁𝗼𝗿 𝘂𝗻𝗱 𝗺ö𝗰𝗵𝘁𝗲 𝗺𝗲𝗶𝗻 𝗚𝗲𝗹𝗱 𝘃𝗲𝗿𝗺𝗲𝗵𝗿𝗲𝗻. 𝗪𝗶𝗲 𝗴𝗲𝗵𝘁𝘀 𝘄𝗲𝗶𝘁𝗲𝗿?

I'm glad you brought that up! In the next part, we'll actually look at how to make money with cryptocurrencies. You can find the 3rd part here https://app.getquin.com/activity/ZgfENSuSRD

Sources and read more:

[1] https://academy.binance.com/en/glossary/node

[2] https://academy.binance.com/en/glossary/coin

[3] https://academy.binance.com/en/glossary/token

[4] https://ethereum.org/de/eth/

[5] https://academy.binance.com/en/glossary/blockchain

[6] https://www.bitpanda.com/academy/de/lektionen/wie-funktioniert-eine-blockchain

[7] https://www.bitpanda.com/academy/de/lektionen/was-ist-double-spending-und-warum-ist-es-ein-problem/

[8] https://academy.binance.com/en/articles/what-is-a-blockchain-consensus-algorithm

[9] https://www.coinbase.com/learn/crypto-basics/what-is-a-private-key

[10] https://academy.binance.com/en/glossary/block-reward

[11] https://www.gemini.com/cryptopedia/the-dao-hack-makerdao

[12] https://www.bitpanda.com/academy/de/lektionen/wofur-gibt-es-mining-pools-und-wie-funktionieren-sie/

[13] https://www.theguardian.com/technology/2014/jun/16/bitcoin-currency-destroyed-51-attack-ghash-io

[14] https://www.bitpanda.com/academy/de/lektionen/was-ist-ein-51-angriff-und-wie-wird-er-verhindert/

[15] https://www.coindesk.com/markets/2020/08/29/ethereum-classic-hit-by-third-51-attack-in-a-month/

[16] https://de.cointelegraph.com/news/two-miners-purportedly-execute-51-attack-on-bitcoin-cash-blockchain

[17] https://www.buybitcoinworldwide.com/mt-gox-hack/

[18] https://www.btc-echo.de/news/crypto-com-hack-mehr-geld-gestohlen-133356/

[19] https://www.watson.ch/digital/kryptow%C3%A4hrungen/139925245-raeuber-foltern-bitcoin-besitzer-wegen-passwort-und-erbeuten-millionen

[20] https://iotaseed.io/

[21] https://www.sciencedirect.com/science/article/pii/S2405959521000977

[22] https://www.btc-echo.de/ratgeber/bitcoin-hardware-wallet-vergleich/

[23] https://www.gemini.com/cryptopedia/blockchain-trilemma-decentralization-scalability-definition

#anfänger
#sicherheit
#learn
#esel
#crypto