• United States




Don’t trust anonymous e-currencies like Bitcoin

Jun 04, 20135 mins
CybercrimeData and Information SecuritySecurity

The Liberty Reserve debacle cast a new light on Bitcoin, but even well-maintained e-currencies aren't worth the risk

The recent bust of Liberty Reserve by the U.S. Department of Justice has many people wondering if Bitcoin, WebMoney, e-Gold, and other online, anonymous e-currencies will be next. Clearly, Liberty Reserve was used mostly for criminal purposes — the DOJ says “virtually all criminal” — but there had to be some innocent victims who lost access to their e-currency at least temporarily, if not permanently.

Personally, I’d advise staying away from anonymous e-currencies. But the reason has more to do with security and trust than whether or not a court warrant will render an e-currency immediately worthless.

[ Also on InfoWorld: $45 million in cash stolen? That’s chump change. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

Obviously, Bitcoin has the highest profile among these e-currencies. A Pulitzer Prize-winning economist has voiced his opinion on Bitcoin, and the infamous Winklevoss twins have been reported to own 1 percent of all Bitcoins. The e-currency has even been used to buy luxury cars. But if you ask me, these currencies all suffer from the same fundamental flaw.

All money is really about communal trust. Does a group of people agree to use and trust a representative store of value to conduct business? It could be paper currency, a precious commodity (like gold), bank drafts, stock certificates, plastic cards, e-currency, gaming points, or even stones with holes in them. We certainly have more trust in fiat money (that is, money backed by law), but we also trust purveyors of gold, silver, and other precious commodities — whose prices rush up and down unrelated to their intrinsic value, just like e-currencies. If you want to get philosophical about it, most of your fiat money is represented by bits and bytes, unless you happen to stuff your mattress with cash.

The case against e-curriences

So why don’t I trust e-currencies? For the following reasons:

Traditional currencies are backed by nation-states and regulated financial industries, and as much as you might hate or distrust those entities, they have staying power. In my nearly 30 years on the Internet, I’ve seen e-currencies come and go. When they go, everyone immediately loses everything. Just ask Liberty Reserve’s customers.

Nation-states have laws, police, and armies. Those laws make the fiat currency legal. People in those systems accept the their currency. No one in the real world has to accept your e-currency or rock with a hole in it. If someone steals your real currency, the police will at least try and help you get it back. In cases of online theft, you may have a hard time getting a law enforcement authority to determine if a crime has happened. Even then, it’s often only because the intangible online value could be immediately traced back to real money. For example, if you tell the police someone stole your gaming points, you’ll have a harder time proving a crime occurred if you earned them during the game than if you purchased them with your credit card.

Let’s not forget nation-state armies. Ultimately, those armies protect the treasures of countries. If they didn’t, another country could bust into your country, take the money, and walk away with it. I don’t know of an army willing to send a soldier to recover a stolen Bitcoin.

The safety net

You don’t even need nation-state armies to get back your stolen money. In most industrialized nations, if you can prove that a malicious hacker stole your money, the bank will often put the money right back. For example, some bad guys broke into a friend’s stock account and stole more than $50,000. He notified the stock trading company where he had his account, and in a few minutes, the money was back. The entities that put your money back don’t even require you to work too hard to prove your money was stolen. It’s a cost of doing business, and they’re ready to help get back what you lost. Try that with your e-currency. In almost every case, if your e-currency is stolen, it will be gone for ever.

In the real world, if you lose your credit card, checkbook, or even bank account log-on password, your money isn’t gone. In fact there are lots of services and laws to protect you and your money. Not so in the e-currency world — check out a statement posted on a Bitcoin Wiki Faq regarding the potential loss of Bitcoins: “Consider it a donation to all other bitcoin users.”

Ultimately, most e-currencies possess the security of whatever your email address and password is. If hackers break into your computer, learn your password — or even break in and steal all your money at the bank — it will be replaced fairly quickly. This is absolutely not true of e-currency sites.

I’m not saying that e-currency schemes are evil. And I’m not saying fiat money is perfectly trusted or protected — the runaway inflation that led to wheelbarrows of money being exchanged in Weimar Germany come to mind. I’m just saying that by comparison, over the long run, there is no comparison. The trust equation isn’t even close.

The perfect e-currency would be one that is widely accepted, where I’m protected against malicious loss — by armies, law enforcement, or the fiduciary entity creating it. Oh, yeah, I already have that. It’s called real money.

This story, “Don’t trust anonymous e-currencies like Bitcoin,” was originally published at Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at For the latest business technology news, follow on Twitter.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author