Comment
Author: Admin | 2025-04-28
These days anyone regularly tuning into r/bitcoin read stories about individuals getting their wallet.dat stolen and bitcoin businesses closing operations after a security breach. Yesterday, Security Researcher Egor Homakov disclosed how Mt.Gox was vulnerable to an account hijacking attack caused by a XSS flaw combined with improper session management. The issue has been since fixed, and while it’s great to see security researchers take on the challenge of bitcoin security, sometimes it seems like something overall is broken when looking at security in the bitcoin ecosystem.Ironically these security breaches are a marker of bitcoin’s overall success. As bitcoin continues to grow and flourish, and we can expect criminals to target more and more bitcoin businesses as its value increases. For bitcoin, this list of thefts and heists is only the beginning.Improving Application SecurityAs a protocol, Bitcoin itself is secure. Most bitcoin security issues are not related to the bitcoin protocol, they are due to improper handling of bitcoins or insufficient security built into applications dealing with bitcoin. At protocol level there are some interesting developments in progress like multi-signature transactions which, when implemented by applications, will make compromises of bitcoin applications less harmful. The current bounty for a compromising bug in the bitcoin protocol is around $ 12.000.000.000, and so far no vulnerabilities have been disclosed or exploited. In addition to this bounty, we have also seen initiatives like the Bitcoin Security Project raise awareness about security to the bitcoin community.In terms of improving the overall security of bitcoin web applications, we believe that as the bitcoin ecosystem matures, bitcoin businesses will increasingly compete on application security to attract customers. More and more businesses will follow the example of wallet providers Coinbase and Blockchain.info, who are leaders in bitcoin because of their transparent, open writeup of their security practices.Transparent SecurityDespite the inherent values presented in security transparency, many bitcoin businesses do not advertise their security practices. For those who do, how do users know that these practices are being followed by the business? Clearly there is an incentive for a dubious bitcoin website to attract users by advertising higher levels
Add Comment