Dan “@dakami” Kaminsky recently put out an excellent post on his attempt to “hack” Bitcoin two years ago. As with many crypto-based applications, the Bitcoin protocol (and even its core implementation) is pretty solid … it’s all the technology around it that most likely to fail. In this case this surrounding tech includes vulnerabilities like users with no or weak wallet passwords and faults in Bitcoin exchanges.
Two years ago, I tried to hack BitCoin.
This was very exciting.
It is a fairly open secret that almost all systems can be hacked, somehow. It is a less spoken of secret that such hacking has actually gone quite mainstream. Everybody hacks … sometimes.
But I am not here to discuss the raging question that is — what do we do about the fact that we’ve built a global economy on a system optimized for moving pictures of cats?
They really are very cute.
Seriously though, as an engineer and as a hacker (and I promise you, these are two very different things), BitCoin surprised me. Here was a system with the following properties:
- Created an enormous global cloud of always-on, listening machines
- Spoke its own fiddly little custom network protocol
- Written in C++, which for all of its strengths is not usually the safest thing in the world to be reading random Internet garbage with
- Directly implemented the delivery of a Pot Of Gold At The End Of The Rainbow for any hacker who could break it
By all extant metrics in security system review, this system should have failed instantaneously, at every possible layer.
And, to be fair, it has failed at other layers – BitCoin thefts have occurred, in the meta-code that surrounds the core technology itself.
But the core technology actually works, and has continued to work, to a degree not everyone predicted. Time to enjoy being wrong. What the heck is going on here?
Today’s post pic is from Salon.com. See ya!