FULL RISK ANALYSIS OF BITCOIN
Let’s see what kinds of risk you carry if you own or interact with Bitcoin. I try to provide here a complete risk analysis of Bitcoin and my opinions about them. In my previous article I wrote about RISK in general, but I think this is a big topic and it can’t be summed up so shortly, and I am especially fascinated about risk in Bitcoin mainly because it involves me too, but also many other millions of people.
I won’t even try to quantify risk, that would just require too much work, and I am not going to do that right now. But I will give sort of hints, that in my opinion what kind of events are more likely or more worrisome that require more attention.
I have done my research on Bitcoin a long time ago, when I invested first in it, so I know pretty much all angles of it, and I tend to organize myself accordingly to reduce risk as much as possible.
Also I will not count in the reward potential of Bitcoin, which might outweigh it’s risks, that is why I invested in it, otherwise it would be irrational to do so. So I am just going to talk about the risks and potential risks of Bitcoin.
FULL RISK ANALYSIS OF BITCOIN
1) Market Risk
Let’s start with the most obvious one. You bought BTC and the price starts to go down, what to do? Can it go to 0 and you lose all your money?
It is usually a rule of thumb that at the higher price you buy, the more loss you can get if it drops. This is because the more sheep buy into something, as soon as something bad happens, all sheeps get scared and sheeps work like a herd, the herd goes irrational/crazy together and they all start to sell. Since humans have a pre-programmed characteristic of following the herd, if there is a panic, everyone rushes to the same exit door, trampling eachother. You can only make money if you go against the herd, so you should probably be on the buying side when the price crashes, you should anticipate that ahead of the time, and buy up very cheaply what these sheeps have sold in panic.
So if you can anticipate the panic in a market then you have 0 market risk, because you will be ahead of the herd.
Besides I don’t think the price of Bitcoin can really crash that much. There is a lot of “dark” money involved that will never be brought to surface, mostly on the deep-web, those guys are not stupid, as soon as they cashout their money their bank account gets confiscated and they are sent to jail.
So the price of Bitcoin really can’t go down that much because of this. But there is also a deflationary effect, mainly that many people are losing their wallets, I think there was an attempt to compile this:
I think we can safely count 2 million BTC lost already with Satoshi and others, and this number will only grow.
Plus a lot of the Bitcoins are in Offline safe wallets, not anywhere near the exchanges. So the money velocity of Bitcoin is low, and it is only shrinking.
I think the long term price of Bitcoin is very bullish. And the variance doesn’t matter. It’s a bullish market, holders will be rewarded longterm.
2) Political Network Risk
This refers to the way Governments could coerce Node operators / Miners to do their bidding. While Governments could coerce Bitcoin businesses / exchanges / individuals, I don’t think they can coerce the network itself. Let me put it in this perspective. Bitcoin currently has 8452 nodes, which is quite refreshing to see, since a year ago it had only 3000 nodes, so the node count is growing, safely and steadily.
Now there is some political risk:
The biggest risk comes from the 5-Eyes system that could coerce nodes to insert backdoors for “national security” reasons, but we all know that the real reason would be to just to destroy Bitcoin.
While I don’t really like the EU, we see now more cooperation between EU countries in terms of privacy and net neutrality, so France and Germany might not cooperate with the US influenced political alliances. So that is further decentralization, and of course the other small countries and 3rd world countries also provide more political security.
But even then maybe not all nodes would comply, some would go under, maybe using some VPN and many would protest such requirements, so who knows, but I don’t think it’s that easy to coerce 3288 nodes, if it would be then Bitcoin has already lost.
Now with Miners it’s a little bit different. I think there is some risk here. Most miners are in China, and we know how oppressive the Chinese are, so they could easily just shut down all Chinese miners to clamp down on the Chinese cash flight, and tighten capital controls there.
But I don’t think they will do this, even if they do, then the difficulty drops and more miners will emerge in other parts of the world. And the Chinese could miss out on a big growth of GDP. But I don’t think the Chinese will do this, they are smart.
What is most likely to happen is that an international cyber-war will happen between USA<>RUSSIA<>CHINA and there Bitcoin could suffer a lot, each political block will fight for it’s own supremacy like in the Cold war, but the battleground now is the internet, and Bitcoin can hardly stay neutral when there are so many Chinese miners and US businesses involved.
So this is big problem, but if Bitcoin survives this it will only become stronger, the decentralization of Bitcoin will be put to a real test, during this political war.
3) Legal Risk
Every Bitcoin user carries a huge legal risk. Even if they engage in perfectly legal activities. Why? Because the Government is Tyrannical and doesn’t even follow it’s own rule of law, but just likes to make examples out of people.
For example say you operate a licensed business in BTC, and you swap your product for BTC. Well you have no idea if the money you exchange with has been tainted or not. For all you know all your customers could be criminals, and you would operate as a money laundering gateway for them, even without you knowing it.
So the Government sees that a lot of drug related BTC flows through your business, and instead of going after the criminals, they go after you since your identity is known.
Look the Prosecutor is an evil corrupt scumbag, he doesn’t care about your innocence, he just wants to score, and grow his career. He doesn’t care if he puts an innocent person behind bars, ruining your life, he just loves to destroy people’s lives, he does that for a living. Most prosecutors are psychopaths, all they care about is their fame and career. So there you are, your BTC address is directly linked to illegal activity and either you are an accessory to the crime, or they say that you were the perpetrator of the crime, because why go after the anonymous criminal, when they have your identity on a silver platter, and you have no way of defending yourself against those allegations when the blockchain incriminates you.
So the FUNGIBILITY issue is a real big fucking problem in Bitcoin, it’s a huge burden. Practically anyone could incriminate anyone. Just any criminal sending some money to you and bam, you are already linked to it, so they will come after you instead of him. It’s easy to create patsies and frame people with Bitcoin. This is a huge risk.
So it looks like being anonymous is the only way to counteract this risk. Bitcoin literally forces everyone to be anonymous to avoid this risk. And that is good, people should reclaim their privacy anyway, too bad they have to do it the hard way, under these risks, when in fact privacy should be by default protected.
So you either invent a fungible cryptocurrency or you use it anonymously.
4) Negligence Risk
Well you can’t really do much about this, but to be vigillant and always double-triple-quadruple check everything. Also if you can automate something, by writing a piece of code that would do that, then you should do it, humans are very prone to errors while machines makes mistakes more rarely.
One kind of this risk could be the loss of password/wallet file. This is very common, but this can be mitigated by backing everything up multiple times, and also not storing it in the same place.
It doesn’t do you much good if you have 5 USB backups and your house burns down. Why not bury some in the garden? Or place it in a safe deposit box, but like double-encrypted, since it’s very often that they spy on safe deposit boxes’ contents.
Or you could mistype your address, but that is already taken care of since the probability of the address being valid after mistyping is around 1:4,300,000,000 , and hopefully wallets check for spaces and tabs accidentally typed into the input boxes, so there is really no way this would pose a big risk.
But on the other hand you should make sure that you send money to the right address, and this can be done by quadruple checking that address.
Of course I am not even going to consider here the fact that you could accidentally post your Bitcoin private key to a Facebook post. I mean the private key should be as far away from a network connection as possible, preferably on an Offline PC, so these kinds of accidents should be unthinkable.
5) Lack of Entropy
It is possible that the RNG of your computer is weak, and it generates predictable numbers. I think this can easily be solved if you generate your private key with dices. There are tutorials about that:
- https://steemit.com/Bitcoin/@creatr/how-i-generate-my-own-secure-private-keys-for-Bitcoin
- https://steemit.com/security/@profitgenerator/passwords-and-dices-tutorial-to-create-secure-passwords
- https://steemit.com/Bitcoin/@profitgenerator/tutorial-generate-Bitcoin-private-keys-securely
6) Cryptographic Risk
It is possible that the Hashcash mining algorithm is weak, as it has been debated since it’s inception that maybe it should be swapped with HMAC-SHA
Then also the ECDSA curve used in Bitcoin namely the: Secp256k1
could be weak.
Allegedly the secp256r1, the version of the curve that has “random” (pre-selected) parameters has been backdoored. But the k
curve is still strong, otherwise your coins would have already been stolen.
Although it is common knowledge that the Secp256k1 curve is not quantum resistant, so as soon as some quantum computer comes out, all Bitcoin addresses will be vulnerable.
There is nothing you can do about this, since all other cryptocurrencies are affected by this, so you just have to factor in this risk in your decisions.
7) Coercion/Threat Risk
It is possible that gangsters will try to coerce and threated Bitcoin users with large amounts of coins. Well there is nothing you can do about this after you have been coerced.
The simple way to defend against this is to stay anonymous, and never talk about how much money you have, never reveal personal, financial information or the address of your house and things like that.
Otherwise you will have to spend a lot on personal security, hiring a bodyguard, alarm system, and whatnot, which you should already have, since burglars could visit your house too, and who knows maybe they find your USB stick containing your Bitcoins and will force the password out of you.
(source: xkcd via CC BY-NC 2.5
In this case Steganography can be used, the real wallet could be concealed under a fake wallet. Leave a tiny amount in a fake wallet and if you are coerced just give them the password to the fake wallet, and they will have no way of knowing that the big wallet is hidden there too.
Encryption + Steganography is your friend that keeps your money away from thieves.
8) Software Bug
It is possible, as with any software, that bugs could appear. The first rule is to always use open-source wallet. Not just because of trust, I mean you can’t really trust a black box, you have no idea what runs there. But also because open source, popular wallets are reviewed by many people, and people report any kind of bug to the developers, plus anyone can review the source code and search for bugs.
It’s obvious that open-source is more secure than closed-source. Thus you should use Linux Operating system if you are serious about security, and ditch the closed source ones.
Your Bitcoin wallet must be open source too, so that it provides the most transparency and security.
But even then some bugs could slip through, so I think a conservative update policy should be followed. Only use stable software releases.
If only minor fixes have been added in the latest version, then better not upgrade just yet, because if some bug did slip in due to those changes, then it could cause more harm than good.
But if you do want to use the latest version because you think it’s better to upgrade frequently, which I don’t think its good, then at least wait a few days or weeks until other people check the latest version and signal if some obvious bug have been found. There were many cases when the developer compiled the code wrongly and accidentally left a bug in there, so he had to put out a new version 1 day later. You don’t want to risk that. So better wait a few days after a release to make sure everything is smooth.
Also it’s advantageous if you compile the source code yourself, this way you avoid relying on other people to compile it for you.
9) Software Integrity
This is a big issue, because many phishing attempts have been already made. You have to make sure that the code you run can be trusted.
So compiling from open source is a good way to avoid this problem. Otherwise you have to triple check the hash checksum of the downloaded file, and match it against other sources.
The software should also provide a PGP key which you should also verify it’s authenticity from multiple websites, like for Electrum the fingerprint of the public key is:
6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
You should verify this across many trusted websites, and also check who signed it, I think it’s signed by many Linux developers who’s identity can also be verified, or your Linux OS has already their public key hardcoded in. So you can create a web-of-trust for yourself.
After the public key is verified, you can verify that against the downloaded wallet software, to see whether it’s a genuine one, since you don’t wanna run a malware.
It would also be good that software developers would create deterministic software, meaning that the same source could would always compile the same binary.
So that would create additional protection, since you can not only just verify the downloaded binary against the trusted public key of the developer, but you can also download the source code, compile it, and verify your own built binary against the one you downloaded.
But it all depends on the integrity of your Operating System, so before you do all of this, you must make sure that your OS is Linux, I’d not trust anything else, and that you have verified the authenticity of it too.
I’d burn it to a DVD, and verify the checksum of the DVD against the downloaded binary, across multiple computers, and if it matches then you have a trusted OS, then you can go ahead and do the verification for the BTC wallet.
10) Malware/Keylogger
There isn’t that much defense you have against these. If you have a trusted OS with a trusted wallet software, then the risk of this is considerably low, but there could still be many way how private keys can be stolen. Whether it’s a USB malware, or whether it’s like a hardware level keylogger.
I think storing your funds on an Offline Computer is the best way to avoid this. If you are extremely paranoid you can burn a CD for every interaction between the Offline PC and the Online one.
You can also remove the Wireless Adaptor from your PC, use wired mouse and wired keyboard and make sure the computer is not connected to the Internet and never will be. Best to just remove the entire Ethernet Adaptor from your PC alltogether to make sure nobody plugs in the internet cable accidentally.
SUMMARY
1) Market Risk: MODERATE
- Defense: Sell before the herd, and buy low when they are selling
2) Political Network Risk: LOW
- Defense: None, but setup your own full node and contribute to BTC’s security
3) Legal Risk: HIGH
- Defense: Using anonymous/fungible cryptocurrencies, staying anonymous
4) Negligence Risk: HIGH
- Defense: Be careful & automate things where you think you could do mistakes
5) Lack of Entropy: LOW
- Defense: Generate private keys with dices
6) Cryptographic Risk: LOW
- Defense: None
7) Coercion/Threat Risk: HIGH
- Defense: Keep your mouth shut, Encryption, Steganography, Home security
8) Software Bug: MODERATE
- Defense: Conservative update policy
9) Software Integrity: MODERATE
- Defense: Verify all downloads many times, Verify the authenticity of the OS many times
10) Malware/Keylogger: HIGH
- Defense: Cold Storage with unnecessary peripherials removed, information access control
Disclaimer: The information provided in this article is just my opinion, it does not constitute as any kind of advice. You are solely responsible for your own financial safety.
Sources:
https://pixabay.com
Very good analysis with many valid points, @profitgenerator. Upvoted.
I haven't mentioned
counterparty risk
, but from the way I wrote this article, it can be seen that I don't really advocate for storing your coins at a centralized exchange/ custodian.Everyone should store their Bitcoins on their own self-hosted wallet in safety, where they exclusively control the private keys.
Nice summary stating the risks involve. I guess with all disruptive technology, it will always be evolving and the fact it is a currency going against the fiat, all the more it will face more scrutiny. But am sure it will come out stronger and more resilient.
Risk can only be eliminated though decentralization, or in other words if the risk is segregated. Socializing the risk is the worst thing possible to do, because that guaranteees that everyone loses in the end and makes people irresponsible so the losses will be huge.
I am growing wary of these exchanges that centralize a lot of money and allegedly work on fractional reserves, they do the same mistake as the banking system.
But decentralized exchanges come too, so yes in that aspect the risk is lowered.
It really is risky to venture on cryptocurrencies but the benefits outweights it.
If done smartly, then yes, the rewards massively outweight the risks.
It's not risky if you know what you know how to do it safely and don't spend money you cant afford to lose. Thank you for all the detailed info profitgenerator this is great stuff, I knew the basics but now I can get further ahead!
No problem, make sure you share this article everywhere, so that others can read it too, I put a lot of work compiling all this information toghether.
I do my due diligence before every investment, so if other don't at least they can learn more about the risks by reading my article.
LOL! Do you have a similar one for STEEM or SBD?
Awesome comprehensive risk assessment of Bitcoin!
Fantastic post my friend. Upvoted and RESTEEMING so I can take a deeper look at it later :]
Thanks you can read it through and tell me your opinion later.
Glad to see there is still quality content on steemit. Great acticle!
I hope you read it through, it's very good info.
Great to see more people talking about Risk (and not necessarily in a negative light)