How secure and anonymous bitcoin really is? What are the legal challenges in operating with bitcoins? What are the possible solutions and predictions? Nikolay Demchuk explains.
Cryptocurrency is virtual money which is not backed by fiat currency and has a decentralised system. Among cryptocurrencies nowadays, Bitcoin (technology, network) is the most popular, which shows constant growth of interest from the business side. More and more businesses are trying to operate with bitcoins (single unit, the so-called “money”), invest in this cryptocurrency or offer customers possibilities to make payments in bitcoins. However, there are still some concerns in the business community that bitcoin is difficult to deal with as being anonymous makes it non-compliant with regulations or that bitcoin being a virtual currency is vulnerable to cyber-attacks. The third concern is that bitcoins have volatile character and their value is changing dramatically.
Bitcoin’s vulnerability to attacks
Apart from some suggestions regarding the insecurity of bitcoin as a virtual currency and possible attacks against it, so far bitcoin has not been successfully attacked. Bitcoins cannot be easily stolen as in order for the thief to take or spend them, they would have to forge the owner’s signature, which is impossible due to how the cryptography in Bitcoin works. The denial of service attack is not possible either, because if one miner refuses to process the transaction, it will randomly go to another one.
The only theoretically possible attack is the so-called “forking attack”, aimed at double spending the bitcoins. However, in order to successfully execute a forking attack, one should spend even more money, energy and time than they do, by simply mining new blocks or transactions to earn new bitcoins.
In addition to complete a forking attack successfully, a hacker has to get approval by the other miners in the network, as any single transaction is transmitted to the network where it must be approved by the following random miner in order to put the transaction in the block. Miners verifying this transaction will see this transaction is suspicious or fraudulent and simply may not accept it. The chances that the attacker and the miner who will verify the transaction are the same person or accomplices is very low as there are many miners in the network – and in order for the transaction to be totally secure, it should be verified at least six times by six different miners.
Therefore, Bitcoin is practically considered to be a very secure technology and resilient to cyberattacks of the virtual world, but theoretically an attack is feasible.
The other concern is about bitcoin’s anonymity. To get straight to the point, bitcoin is a pseudo-anonymous cryptocurrency, because it is still possible to link the bitcoin address to the person. On the one hand, bitcoin does not require the owner of the cryptocurrency to reveal their real name as bitcoins are sent and received on bitcoins’ addresses, which consist of numbers and serve as user identification – but still one has to know the bitcoin address of that particular person or merchants to make bitcoin transaction to them. In computer science, it is called pseudo anonymity – ie, this middle ground of using an identification which is not your real name or state provided identifier.
On the other hand, one can create many bitcoin addresses and use these for different transactions, so the user can somehow avoid this middle ground identification. But even this fact does not make bitcoin anonymous, as it is still possible to link bitcoin address to the person – ie, there is no unlinkability in bitcoins. Unlinkability means no one can tie the bitcoin address to a particular person. However, this is difficult to achieve as bitcoins transactions go via blockchain which is public and anyone can track all bitcoin transactions that are linked to a given address.
Furthermore, in the bitcoin business – exchange websites, online wallet services and other merchants – people are required to prove their identity by showing or sending their IDs or other personal information that can identify them (called KYC process). For example, the UK Gambling Commission has added bitcoins to the units that can be used in online gambling. However, the commission urged the online gambling operator to perform KYC of the customer to have sufficient information on who is behind the e-wallet and ensure the compliancy with AML/CTF law (the anti-money laundering and counter-terrorism financing act – editor.)
Above all, the bitcoin address can also be deanonymised by indirect references. For example, one can simply look up your bitcoin address in your device or track whether you were online when a transaction took place and match different data, which reveals the owner of the bitcoin address.
Therefore, in order to transfer bitcoins to someone else or to receive bitcoins, you need to get their public addresses or to give yours to the one who is going to send bitcoins to you. By doing this, you are revealing the identity and the person who sends bitcoins to your bitcoin address knows that this address belongs to you.
Another concern is about the volatility of the bitcoin exchange rate. Since the creation of Bitcoin, its exchange rate was unstable with sharp recession and growth. There were several factors that affect the rapid change of bitcoin rates within a short period of time. These include economic, political and security problems. However, in the long-term perspective, the bitcoin value has only been on the rise and not drastically fallen. It can be said it is riskier to invest into Russian rubles than bitcoins.
The bitcoin exchange rate fluctuates, but it is not so different from other fiat currency rates that are also influenced by the economic, political and security situation. The bitcoin business, as any other, is risky and you can win or lose.
Yet, there is no particular law designed for cryptocurrency in the EU. The European Commission in its press release, dated 5 July 2016, proposed to bring virtual currency exchange platforms and custodian wallet providers under the scope of the 4th Anti-Money Laundering Directive. Yet, this idea was not enforced.
In some EU member states, the owners of bitcoin exchange websites are required to get a license to operate with bitcoins and to conduct KYC/AML checks of each customer. In Estonia, the bitcoin exchanges fall under licensing obligation and special virtual currency related rules are currently under discussion in the parliament.
These different rules make running a global business – where regulation might be different in every country as there is no unified or harmonised regulation – difficult, to say the least.
Even now, without any special EU bitcoin regulation, businesses are operating with bitcoins. You can exchange bitcoins, can purchase tickets and products, pay bills and gamble with bitcoins. The business sector is always ahead of regulation and it usually works like this: first something new is happening, then regulators try to set up some rules and safeguards of that something “new” when they see that impact is visible. The impact of bitcoin is difficult not to see nowadays. A lot of investments have been made in the mining equipment; many stakeholders are working on promoting bitcoins among people; a lot of discussions about regulation are happening on the governmental level. Thus, the era of cryptocurrency is here.
Barry Silbert, the founder and CEO of Digital Currency Group, predicted that cross-border payments and remittances using bitcoins will hit US$1 billion run rate in 2017. Witnessing how fast different merchants deploy bitcoins as an alternative mean of payment, it seems like very realistic target.