Digital Currency Security – Vulnerabilities in Bitcoin Transactions

New evolutions like Digital Currency and mobile banking have challenges conventional ways of dealing with cybersecurity.   Traditionally, closed ecosystems have been advocated for design of ‘commercial transactional architecture’ systems – which enable to predict threats and easier way of risk management overall.  But as Banking 2.0 explains, the consumer behaviour has challenged and changed this conventional approach.

Britain made the pound a floating currency post 1914 – which allows even digital currencies to be benchmarked against it.  However, Digital currencies are also used in transactions in the Dark Web and cases of money laundering.  This route of inter-currency (digital and conventional) transactions enable vulnerable spots in two ways.  First, the legal framework has ‘blind spots’ in tracking such a transaction. Second, Dark Web route opens up vulnerabilities through the point of interface.

In early 2014, there was a report of concerted attack on Bitcoin Exchanges.  The attack was multidimensional.  The largest Bitcoin exchange Mt.Gox suffered the most.  It included a DDoS attack that targeted a ‘transaction malleability’ vulnerability.  Transaction malleability allows one to change the unique ID of a Bitcoin transaction before it is finalized.  This DDoS attack could leverage this and affect multiple transactions, leading to temporary shutting down of Bitcoin Exchanges.

Another vulnerability is called ‘Double Spending’.  One can successfully spend twice using the same Bitcoin, when this vulnerability is exploited.  According to a research paper,  one can perform two conflicting transactions in succession  – this is called race attack.  Another way is to lock a transaction in block and use the same coins before releasing the block – this will invalidate this particular transaction.  This is known as Finney attack.  Pre-mine one transaction into a block and spend the same coins before releasing the block to invalidate that transaction. This is called a Finney attack.  One can own more than half of the computing power of the bitcoin network and one can intercept, and reverse any transaction, as well as have total control of which transactions appear in blocks. This is called a 51% attack, as per Bitcoin Wiki.

As days pass, and more adoption of Digital Currency in Mobile Banking emerges, vulnerabilities will also increase.  We will cover more vulnerabilities in the existing digital currency ecosystem – considering electronic and mobile commerce and banking.