Bitcoin is vulnerable in the same way any other online asset is vulnerable: Passwords can be stolen or guessed, accounts can be hacked. Most of the thefts involve hacking into users’ accounts. Bitfloor’s description of how it lost $250,000 in Bitcoin is typical. A hacker found an unencrypted copy of the coded keys to users’ wallets:
“Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations.”
In fact, Bitcoin defenders say this is exactly the point. Bitcoin isn’t insecure — you are!
“Although these events are unfortunate, none of them involve Bitcoin itself being hacked, nor imply inherent flaws in Bitcoin; just like a bank robbery doesn’t mean that the dollar is compromised. However, it is accurate to say that a complete set of good practices and intuitive security solutions is needed to give users better protection of their money, and to reduce the general risk of theft and loss.”
The idea that Bitcoin is “secure” even though it can be stolen is a bit like saying that gold is “secure,” even if it is being spirited away by gangsters. They can’t destroy the gold, after all.
What they really mean is that Bitcoins themselves cannot be copied or faked, like counterfeit bills. Anyone receiving a Bitcoin can be confident that it is real and valuable.
But that aspect of its security — the permanence of the value in the transaction — turns out to be Bitcoin’s biggest security flaw. Once a Bitcoin transaction has been approved by both sides, it cannot be reversed without the permission of the receipient. So when hackers engineer the transaction, the cash is gone forever.
That’s not what happens with traditional currency. In the U.S., if your bank is robbed or even if the bank goes out of business, the FDIC backs up the lost deposits and replaces your money, up to $250,000 per bank.
And then there is this new theory from Cornell University which posits that there is an incentive in the system for users to cooperate and hoard their coins until they control a majority of available Bitcoins. At that point, the currency collapses.
Bitcoin is only as “secure” as the fallible, ill-intentioned users who open accounts, create passwords and covet their fellows’ wallets.
Which is to say, not especially secure.