Is Bitcoin a Safe Investment?
The recent volatility in bitcoin and other cryptocurrencies has made many investors wary along with the continued hacking of the exchanges where people buy and sell the digital currencies.
The lack of security has raised concerns about the risk of owning these virtual currencies as hackers continue to breach the exchanges, forcing one bitcoin exchange in South Korea, Youbit, to file for bankruptcy in 2017.
The uncertainty emphasizes the hazards investors face daily in their attempt to profit from bitcoin, ether and other cryptocurrencies. The debate on whether bitcoin is actually a currency or an investment continues as the Securities and Exchange Commission considers it a security, the IRS treats it as property and the Financial Crimes Enforcement Network says bitcoin is a currency.
[Read: What's the Best Bitcoin Wallet?]
The price of bitcoin, the No. 1 digital currency with a market cap of $158.7 billion, crumpled from a high of nearly $20,000 at the end of 2017 to less than $7,000 in April. It's now trading at about $9,300.
Ether, which has a market cap of $74 billion, has faced a similar fate and was the worst-performing major digital currency in March. It operates on the Ethereum network and is trading at $745, down from more than $1,400 in January.
Bitcoin and the other digital currencies remain a sought-after target for cybersecurity criminals because they can easily hide their tracks and remain unregulated by a central bank or a government. Since cryptocurrencies are not backed by a physical commodity, investors who have been hacked lack any legal or criminal recourse.
One of the largest issues is that the criminals are hard to catch since they are anonymous and the heists are prolific. As the number of initial coin offerings (ICOs) have risen, the incidences of hacks into the exchanges such as Coinbase or the personal wallets have mirrored them, cybersecurity experts say.
The digital tokens are highly profitable for the criminals and in nearly every instance, a common application flaw was exploited by malware, says Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company. This allowed the attackers to gain access to user information who then fraudulently purchased more cryptocurrency or used the credit card information the user stored in their account.
"We have to keep in mind that hackers will go after targets that will reap them financial gains," he says.
"As cryptocurrencies like bitcoin and ethereum become more popular and more valuable, the services that support the buying, selling and trading of these currencies will increasingly be targeted."
Cryptocurrency exchanges are the latest target and similar to issues cybersecurity experts have followed with ransomware, phishing emails and the numerous other ploys that hackers have been using for many years.
While the technology used to create cryptocurrency remains sound and has not been compromised yet, investors must be "very vigilant with the exchange websites they use as they are vulnerable to all the same kinds of attacks that every other website on the internet faces," Wenzler says. "Only now, the stakes can potentially be higher as it won't solely be credit card information that's insured and protected, but rather the very valuable cryptocurrencies that when lost, users have essentially no recourse to recoup their losses."
The exchanges must boost their security as the trading of bitcoin and other digital currencies will continue.
"They better defend themselves from the deluge of attacks they are dealing with, or there may not be a safe place left for users to buy and sell what they have and deliver upon the promise of what cryptocurrencies can bring to future economic development and growth," he says.
[Read: 5 of the Best Stocks to Buy for May.]
Rarely do investors receive their money back, but in some instances the exchanges offer to refund it voluntarily. In January, Coincheck, a Tokyo-based cryptocurrency exchange said it planned to give back $46.3 billion yen ($425 million) that hackers stole of its NEM coins, a different cryptocurrency from bitcoin.
Youbit, a South Korean cryptocurrency exchange, filed for bankruptcy in December after two cases of hacks occurred. Mt. Gox, which was based in Tokyo and managed 80 percent of global bitcoin trade, was forced to file for bankruptcy in 2014 after $450 million of the cryptocurrency was stolen.
Keeping bitcoins in a secure place has proven to be difficult, says John Black, vice president of education at SecureSet, a Denver-based immersive, accelerated cybersecurity academy. Investors holding accounts at an exchange, including mobile app wallets like Mycelium, are vulnerable because all of their assets could be stolen.
"Just as you would never walk out of your home with a lot of cash in your wallet, you should not hold a lot of bitcoins in a wallet on your phone," he says. "Instead, you should use 'cold storage,' which is a way of storing your bitcoins offline so they are not subject to online hacking."
Investors holding a substantial amount of bitcoins should always use a wallet or exchange that uses cold storage. Coincheck, the Japanese exchange that was hacked last year, did not use cold storage because of insufficient staffing, and the hackers were able to make off with a staggering sum, Black says.
Coinbase claims that it uses cold storage for 98 percent of its bitcoins, leaving only 2 percent on its servers," he says. "However, given the large holdings Coinbase has, even losing 2 percent of its deposits would be substantial and would likely result in yet another decline in confidence from investors."
Bitcoin should not be seen or treated as an investment and instead should be viewed as an unstable cryptographic transaction, says Joseph Carson, chief security scientist at Thycotic, a provider of privileged account management solutions.
The frequent hacking of cryptocurrencies occurs because the security is mostly the responsibility of the individual holding the wallet, he says.
Protecting accounts with a "simple, weak, reused password and no additional security controls" means that cryptocurrency theft will continue to increase and more people will lose all of their bitcoins, Carson says.
"This is the same for the cryptocurrency exchanges as the security appears to be pretty basic," he says. "Hackers will continue to target cryptocurrency as they know exactly how to hide their tracks. The crime is easily done across country borders and the profit can be in the millions and millions of dollars."
Although cryptomining malware does not target individuals, cybercriminals can infect systems that use high-performance graphic processing units or video cards, says Chris Morales, head of security analytics at Vectra, a San Jose, California-based provider of automated threat management solutions.
[See: 7 of the Best Stocks to Buy for 2018.]
Companies tend to enforce strict security controls to prevent cryptocurrency mining behaviors, but universities do not have the same luxury with their students.
"They can at best advise students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads," he says. "Many universities are now issuing student policies restricting the use of university resources for this type of monetary gain. To detect the behaviors, universities can install monitoring systems that look for behaviors related to cryptomining and will allow the university to hone in on where these behaviors occur, when they occur."
More From US News & World Report
