Why I never will use bitcoins

I’ve followed the development of bitcoins for a while and I’ve from the start avoided to get involved (i.e. using bitcoins). I don’t think that there is anything wrong with bitcoin in itself. It’s a real awesome innovation. However, I don’t think that bitcoin will ever work in the real world. Here is why.

Disclaimer: I’ve read some about bitcoins and know the basics, but I’m far from an expert. If anything I say is wrong, leave a comment and link to credible sources.

Bitcoins are untraceable

I think that people that claim that bitcoins are traceable are wrong. Sure, you can see the blockchain and follow all transactions. But you can not identify the persons behind the transaction. Never. There is nothing in the transaction information that can be linked to a real world person, no ip-adress or anything else.

A persistent person can however be able to identify the ip address. It can be used both by law enforcement and by criminals. The latter is much worse. It means that anyone who buys or sells bitcoins can be identified and therefore become a target. Criminals will of course make sure that their real IP-address is not used during the transaction while average-joe won’t.

There is a report which states that they have tracked stolen bitcoins all the way to a bitcoin exchange. Sure, that is possible thanks to the blockchain. However, there are several ways to get them out from an exchange without using the real identity. One would be to use goal keepers, another to use a bitcoin exchange which isn’t verifying identities (i.e. requires an identity but do not check if it’s really the correct person registering). Another option is to create a black market exchange where dirty “bitcoins” are sold or exchanged for less than their real value. Money laundering anyone?

This article shows that bitcoins already are used in those areas (and for botnets)

The new number one target for hackers

As bitcoins are untraceable there is nothing that will keep criminals from trying to steal them. I do in fact believe that many hackers will stop building bot nets to make money on spam or DDOS attacks. Instead, they will keep infect computers to constantly scan them for bitcoins.

Remember that a lot of personal computers have already been hacked. For instance the TDL-4 botnet had 4.5 million infected computers in 2008. If those hackers starts to scan the computers for bitcoins instead, they will probably find a lot.

Rootkits

Rootkits are Trojans which can hide themselves (by acting as a device driver). By doing so they will never be detected by anything else than specialized scanning software. There is very few regular anti-virus programs that can detect them.

I don’t know if rootkits still is a problem in Windows. If they are, they are a HUGE problem for bitcoin users.

Zero day exploits

Zero day exploits are vulnerabilities in applications and operating systems which have not been discovered by the manufacturer/producer yet. Finding exploits is a hot market and there are several companies (for example Vupen, Exodus intelligence and The Grugq) which find and sell them. These companies can make millions. Among the buyers are NSA, FBI and governments.

NY Times has a nice article about such companies.

These exploits can be bought by criminals too. Either from the above mentioned companies, or directly from the hackers. Hence yet another way to get into your computer to steal your bitcoins.

Lost money are lost

If you use regular banks you’ll always have a Deposit insurance so that you at least get some money back. Banks are also subject to bank regulations from it’s government giving some guarantee to it’s security and money handling.

If you are using a credit card you also have free fraud protection. The reason to that is that the credit card company can somewhat trace any fraudulent transactions and have a chance to get the money back.

With bitcoins you will never have that. Remember, the bitcoin transactions cannot be traced back to a person. If someone have managed to get your bitcoins, the chance of getting them back is slim to zero.

Bitcoin exchanges will always be targets

Any successful attempt to hack a bitcoin exchange will be highly rewarded (when the coins are sold). That means that criminals would also spend large amount of money to be able to do so. Even if cold storage is used the bitcoins must be loaded at some point to be sold or bought. If the transaction server is infected with a custom Trojan, those transactions will be detected.

What stops criminals from building a seemingly legitimate bitcoin exchange only to collect bitcoins and disappear with them in a year or two? How do you detect that?

Summary

Some of these problems might be solved in the future. But as long as bitcoins are untraceable that’s much more of a weakness than a strength.

Part of the solution is to get regulations for bitcoin exchanges and some sort of certification for them. But that will only solve half of the problem. As long as anyone can setup an exchange somewhere there will always be a way for criminals to sell their bitcoins. As long as they can sell the coins, they will continue to hack bitcoin exchanges and personal computers.

Ask yourself. Are you 100% sure that someone have not hacked your computer? Is it safe to store money on it?