Breaking Chat GPT’s Bitcoin FUD #4: Security Vulnerabilities

According to Chat GPT, the increasing popularity of Bitcoin attracts hackers and other malicious actors. But what can these hackers actually break?

Well, there are multiple layers of Bitcoin security. We can talk about mining and potential 51% attacks to reorganize the most recent blocks, we can look into the odds to brute force a wallet to find its private key, or we can take the easy way out and assume an increase in social attacks (malicious developer inserting harmful code, or individual Bitcoin users getting tricked into losing their coins).

First of all, the 51% attack is one of Bitcoin’s biggest security threats – and one which is part of the Proof of Work design. The idea that a simple majority of the miners’ hashrate can act in bad faith is a serious attack vector. However, the incentives of the so-called Nakamoto Consensus are designed in such a way that playing by the rules is more profitable than trying to attack the system. Buying and renting the mining equipment, then consuming a lot of electricity in order to double spend transactions and reorganize the most recent blocks is not cheap at all.

At more than 360 exahashes per second in hashrate, even the most resourceful governments and transnational corporations in the world would struggle to amass 51% of it. Furthermore, supercomputers are not optimized to run SHA-256 hashes like the Bitcoin ASICs – so if you put together all the supercomputers in the world, you only get the equivalent of a very tiny and insignificant mining pool.

Running a 51% attack on Bitcoin requires purchasing or renting scarce and highly-specialized hardware which is currently being used to secure the network while earning rewards for playing by the rules. The financial incentives matter, and have so far kept the miners honest, focused on their goal, and efficient with their energy use. Anyone pursuing this type of attack against Bitcoin requires lots of resources to sustain it. The greatest risk that the attacker faces is that the honest network participants fork off to a new chain which copies the UTXO set to retain the rightful coin ownership. Such an effort offers no guarantees of any profitability or success – which at its best can serve as political FUD against the network’s security. If the financial incentives remain a constant, we’ll most likely never see any kind of serious 51% attack.

Even the large pools, which consist of multiple users who put their hashing power together in order to share the rewards, are subjected to a type of game theory that keeps them honest. Under governmental pressure, they could prefer to stop mining altogether to opt out from attacking the network. Turning off mining operations will cause disruptions for the remaining blocks of the cycle, but after every 2016 blocks (approximately 2 weeks) there’s a new difficulty readjustment and there’s always someone else on a different part of the world who is willing to start mining when the odds to successfully find the right hash become higher. Bitcoin is extremely well thought out and there’s a reason why these attacks were never really successful – not in the early days when they were easier to pull off, not today when the number of highly-specialized mining machines that secure the network is higher than ever.

Furthermore, ChatGPT claims that malicious actors would emerge as a consequence of the increasing popularity. So from the get-go, launching 51% attacks shouldn’t fall under this description – as more users joining will also result in more mining rigs being deployed. However, it was important to explain since the AI software doesn’t directly allude to the issue.

Secondly, let’s talk about brute forcing wallets in order to find the private key which allows hackers to steal the funds. It’s certainly a type of security vulnerability that theoretically should become more widespread as Bitcoin gets mass adoption. Every internet hacker ought to attempt to brute force wallet files, try to guess valid BIP39 seed phrases, and generate correct passphrases. Good luck with that, though – you have better odds finding intelligent alien life on a distant planet or digging up a particular grain of sand in the desert.

Let’s take the most obvious example: Satoshi Nakamoto’s coins. The fabled million, as described by Sergio Demian Lerner in his Patoshi research project, is the ultimate bounty. There’s no proof that this theory about what Satoshi might own is correct – it’s a mere analysis which assumes that Satoshi constantly mined. But the resulting coins, to whomever they may belong, are in plain sight and haven’t moved since 2009. Everyone knows about their existence and can track them on the public ledger. However, nobody can brute force the private keys in order to claim ownership of them.

To put everything into numbers, Bitcoin has a total number of 2256 possible private keys and only 2160 combinations of addresses that can exist (assuming that they’re all 160 bits). Yet brute forcing must start from an existing and valid public key. Which in and of itself requires extra effort.

A more efficient way to brute force wallets involves trying to find one of the 296 private keys that collide with the same address. The number of possibilities is 79,228,162,514,264,337,593,543,950,335 – about 79,228 times more than the estimated number of stars in the universe. On the other hand, if you want to brute force a specific wallet (like Satoshi’s), you must deal with the entirety of 2256 private key combinations. Assuming that you possess the processing power to try 1000 trillion keys per second, going through ever key will take you an amount of time which is equal to 2.7×1044 × age of the universe (as pointed out by developer Raghav Sood on the Bitcoin StackExchange). This number exceeds anything that’s measurable to man – including the amount of atoms surrounding our observable world.

As for BIP39 seed phrases, there are 2048 words and 12/24 combinations of them. For the sake of convenience, let’s assume a basic 12-word setup. In order to guess a random one, you have 204812 (or 2132) possibilities. To quote Reddit moderator BashCo, that number is one in 115 quattuorvigintillion 792 trevigintillion 89 duovigintillion 237 unvigintillion 316 vigintillion 195 novemdecillion 423 octodecillion 570 septendecillion 985 sexdecillion 8 quindecillion 687 quattuordecillion 907 tredecillion 853 duodecillion 269 undecillion 984 decillion 665 nonillion 640 octillion 564 septillion 39 sextillion 457 quintillion 584 quadrillion 7 trillion 913 billion 129 million 639 thousand 936.

If you’re certain that one of the 2048 words must be the first one, then your odds turn into 204811 – because in BIP39, you can have words getting repeated in the same setup. And if you have the first 10 words in the correct order and only need your 11th and 12th one, you only have 20482 possibilities – which already makes it brute forceable today with a regular computer processor. So take good care of your seed phrase and, if you feel comfortable about it, add a passphrase on top from outside of the BIP39 dictionary. This will greatly improve your security, but might only become problematic if you forget/lose your passphrase.

But generally, as Peter Todd and BIP39 co-creator Pavol “Stick” Rusnak pointed out, it’s very impractical and akin to stating that you can park 500 cars on a football pitch. Peter’s suggestion was to delete it altogether, as the efficient type to attack BIP39 seed phrases is to brute force the private key it generates.

Yes, quantum computing might become a threat in the future. But this future is very distant: as of March 2023, the most powerful quantum computer in the world is IBM’s Osprey – a machine that touts 433 physical qubits. As pointed out by a 2022 research paper which got published in the AVS Quantum Science journal, a computers that aims to break Bitcoin’s elliptic curve public key cryptography within 24 hours requires 13 × 106 qubits. In other words, quantum computers need to get thousands of times more powerful to break bitcoin.

So far, the technological leap in quantum computing slightly exceeds Moore’s law. For prediction purposes, let’s use this model to assume that the pattern continues and the amount of qubits keeps on doubling every 2 years. In order to get from 433 to 13 × 106, quantum computers need to become 30023 times more powerful. That’s at least 20 more years before we should seriously start to get worried.

It took 24 years of research and development to go from 2 qubits to 433 qubits. How long until we reach 10000 qubits? Probably a few more decades. At 10000 qubits and some very specific physical conditions (a code cycle time of 1 μs, a reaction time of 10 μs, and a physical gate error of 10^−3), a quantum computer will be able to steal the coins from an arbitrary Bitcoin wallet in 10 days. However, cryptography will also improve tremendously by then and Bitcoin might migrate towards a better model that makes brute forcing so difficult that quantum computers need a lot more time to catch up.

Upgrading to quantum-resistant keys only requires a soft fork which can be activated by a majority of nodes or miners. So this whole discussion might just turn out to be a paper tiger – or an unworthy piece of FUD.

Now that we got these two very complex and extremely expensive attacks out of the way, it is time to focus on the most probable ones: the social attacks. In Bitcoin, we like to say “don’t trust, verify”. However, establishing trust systems which remove doubt about potential maliciousness from developers is one very serious attack vector.

The easiest way to mitigate any kind of attack is to remain conservative about code: don’t update to the latest version unless you verify it beforehand or pay someone else to do it for you. And if you do neither, at least make sure that enough people with adversarial incentives have verified the new code. When the stakes are so high that the global financial system is under threat, it’s safe to assume that developers are under a lot of pressure and might make mistakes or get compromised.

This is not an argument for ossification, though: Bitcoin is not complete as a project and refinements are still necessary. From adding privacy to making transactions smaller and all the way to providing resistance against quantum computing attacks, there’s still a lot to do. My argument is against being reckless with untested technology whose consequences are not entirely understood, but not against innovation.

Nonetheless, while pursuing innovation, we should not surrender verification to urgency. As a community, we should encourage Bitcoin developers to prepare options before the threat becomes imminent: models for quantum-resistant elliptic curve cryptography, scalable privacy, and so on. Some of these solutions are already being tested with market incentives on other networks – what matters the most is that Bitcoin developers pay attention to the legitimate technological improvements, refine what’s already out there, and bring out proposals that everyone must debate. Also, we should never neglect our roles as sovereign node operators and miners – we are the ones who choose which code we run and Bitcoin clients can work with some minimalistic specs. Not everything that’s been added to Core is necessary, but the well-tested features provide useful optimizations.

Last but not least, we must talk about the security of every individual Bitcoin user. This, most likely, is the primary type of FUD that ChatGPT expressed when it mentioned hackers and malicious actors. Anything between keyloggers that register and broadcast your computer keyboard inputs (which may contain your Bitcoin Core passphrases or BIP39 seed phrase) to affinity scams and physical attacks is increasingly more likely to happen as the price of BTC gets higher.

The bad news is that no developer, protocol change, governmental or non-governmental entity is able to protect you from making mistakes. The good news is that there are some general good practices that you can follow in order to improve your security. They include:

– using a dedicated device to sign and broadcast Bitcoin transactions (a Linux laptop or phone that runs Bitcoin full node software while being used, BIP39 hardware wallets with strong passphrases);

– creating setups which eliminate single points of failure (multisig and SLIP39 Shamir backups);

– using cold storage (metal plates, paper wallets, physical bitcoins);

– protecting yourself through good operational security and privacy (don’t reveal to random strangers where you live, what your Bitcoin setup is, and how much money you have – this also includes living a materially normal life for your neighborhood/community without showing off). Remember: leak as little information about your Bitcoin activity as you can, or at least mislead your spies to have a distorted image of what you’re really doing and how wealthy you are.

Bitcoin is a currency which enforces absolute ownership. Which means that, once a transaction has been broadcast and confirmed into a block, it has become irreversible. Therefore, every used is responsible for protecting their wealth to the best of their knowledge and ability, according to a real threat model. Before you create any kind of setup, you must ask yourself “who is the most dangerous adversary that’s likely to try to steal my coins?”.

If you’re sharing the computer with other people, then you shouldn’t leave behind unencrypted wallet files. If you’re traveling, then it’s a bad idea to carry around devices which reveal that you’re carrying bitcoin (usually, a hardware wallet is easier to recognize and more suspect than a laptop or piece of paper). If you have children or a nosy spouse who might meddle with your file cabinets and drawers, then it’s better to not keep your backup within reach. If you live in a bad neighborhood with high crime rates, then should probably avoid keeping any bitcoin backups in your house. And if your area is under the threat of floods, fire, volcano eruptions, or earthquakes, then you need to figure out a system with good geographic distribution that simultaneously makes it impossible to lose everything and easy for you to access the other keys/parts of your backup.

However, the most common threat consists of internet hackers. You can find these criminals under the form of individuals who illegally try to break into your computer, as well as suit-wearing businessmen who design systems that essentially steal your coins within a legal framework. From the first category, you can distinguish people who code malware or else befriend you to later ask for money (whether it’s a Nigerian prince or an OnlyFans model who desperately needs help). The second category consists of exchanges and banks, who promise to custody your coins in a safe environment but will restrict you from withdrawing whenever their business model is under water. You should avoid both of these hackers at all costs, as they are the most likely to steal your bitcoin.

While it’s convenient to deposit your coins in some bank account, this type of action defeats the purpose of the Bitcoin project and greatly diminishes your own financial sovereignty. Trusted third parties are security holes and you should never trust an individual or company who promises to hold your BTC in exchange for security and/or yield.

Of course, there are other types of social attacks: fake exchange e-mails asking you to verify your seed phrase in a reply, callers impersonating a wallet service which asks you to confirm your data (sometimes even a home address) hardware wallet deliveries getting intercepted and compromised via BIP39 seed phrase insertion (the attackers leave their own seed phrase in the box, hoping that newbie users will send their coins there), $5 wrench attacks, and impersonators who pretend to be friends or family members who urgently need a money delivery. These are the ones that become more common as the price and adoption go up. Which is why you need to be aware of them and protect yourself by minimizing the amount of data you provide about the services that you use, the place where you live, and the amount of bitcoin you have.

Getting back to ChatGPT’s argument, it’s disingenuous to assume that people getting scammed is a serious threat to Bitcoin. The network will exist and continue to function in spite of the thieves. Sure, a large number of people might feel scared and deterred by the idea of responsibility. But we shouldn’t forget that self-custody solutions also get more secure and user-friendly over time. Bitcoin’s layers also get more developed and new ways to use and store your money get unlocked. For example, the Fedimint project plans to enable community banks in which users can unlock their funds with nothing but a selfie.

Hackers and malicious actors exist in every money system and human organization. What matters the most is to build a culture of fairness, accountability, good practices, and truth. As long as these are in place, ChatGPT is gonna be taking a big L for being so wrong with its FUD.

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me