Is your bitcoin safe in cold wallet?

[johnyj]

Do you think your bitcoin in cold wallet is protected by law of mathematics and also the most powerful computer network in the world? Think again

The recent proposal by Pieter Wuille revealed that core devs can push in a soft fork change that pretty much changes every way bitcoin works, thus hackers can spend your money without your consent

How is that possible? Because bitcoin is essentially an agreement (protocol) among nodes, if majority of the nodes around you agree that your bitcoin is gone, then it is gone! It does not matter how strong ECDSA is, all it takes is a group of nodes around you changed their rules (or so called sybil attack)

Somebody might wonder: Aren't miners suppose to be the honest nodes and stop all this? Unfortunately, in this case, miners or so called most powerful computer network in the world can not do anything about it

Why? Because everything in bitcoin is decided by its agreement among nodes. If the nodes changed their way of calculate blocks, then all the miners will be dropped from the new network, and all those ASICs in large mining farms will just become paperweight

This becomes a real threat when mining has become too centralized, e.g. only a few large pools are doing mining. So, even they are running the original version of bitcoin, if large group of nodes have upgraded to a different version, these miners will just be ignored as minority (new version can easily change the way that miner works). Of course without hash power the new version will worth nothing later on, but I guess the thieves only need to sell their stolen coins before others realize the problem

The critical point that have real financial impact are exchanges and web wallet services. If one of these nodes together with a group of malicious nodes changed their protocol, then they could easily take others' coin, sell on exchange and profit. If you are really paranoid and assume that every exchange might be a potential malicious actor like MTGOX, then they have many ways to profit unethically through a protocol change

[1715141296]

1715141296

[1715141296]

1715141296

[johnyj]

What could average bitcoin user do about this? Not a lot, but install full node at your home definitely helps to reduce such risk. And you must make sure your full node do not have malicious code

So, unlike gold locked in your strongbox, in order to make sure that your bitcoin in your cold wallet is safe, you must also care about the things happening at the protocol level

However, this is easier said than done, what if some weak code is hidden in a very complex design upgrade that almost no one can understand? So you have to put your faith on those devs who don't push in ugly codes

I never doubt the ethics of core devs and I believe making a secure system is also in their best interest. But what if they have a conflict of interest like we see in XT split, have some personal relationship with large actors, or made a mistake or missed something during their design?

This is the question of code fidelity and quality. In a complex design, it is very difficult to evaluate the security of each implementation when you are not the original designer. Everyone knows that it is a hell to read other's code

[helloeverybody]

I wouldnt worry about this at all. Something like this would be hard to sneak in and it would take multiple devs to manage it. Id say its a non issue.

[johnyj]

I wouldnt worry about this at all. Something like this would be hard to sneak in and it would take multiple devs to manage it. Id say its a non issue.

Then why is there an XT version out there? Does this mean these ABC guys are more trust worthy than those XYZ guys? What is the criteria to judge? And how do you make sure you are not biased

[~Bitcoin~]

You have point out quite a hidden truth about bitcoin. Most of us including me only care about money, our coin and our wallet. Most of the bitcoin users are shifting and trusting online wallets only these days. We don't care about installing bitcoin client and downloading full node. To be called as bitcoin lover we have to atleast support entire bitcoin network. It may take months for me to download as internet is really slow here.

[calkob]

I got into bitcoin knowing that it currently is pretty much high risk, in the next 10 years (if even that) it is either going to crash and burn or become main stream.  It will only become main stream if the average person who is pretty much computer illiterate at the minute, can trust it.  The scenario you paint, if it happened would pretty much end the dream of a decentralized trustless system and would send us back to the drawing board.

 I would like to think that it is in the core Devs best interest to make sure that the bitcoin protocal is secure.  and as the saying goes "dont plead to a mans better nature, plead to his own self interest" 

[DannyHamilton]

- snip -
hackers can spend your money without your consent

Under the current protocol rules, this is a lie.

Changing the protocol to allow others to spend your bitcoins without the private keys would require consensus of all full nodes.  Since I would refuse to support such a change (as would many other operators of full nodes), consensus on such a change would be impossible.  Therefore, the protocol cannot change to allow "hackers to spend your money without your consent".

How is that possible? Because bitcoin is essentially an agreement (protocol) among nodes, if majority of the nodes around you agree that your bitcoin is gone, then it is gone!

This is not true.  You don't seem to understand what the word "consensus" means, or how bitcoin actually works.

It does not matter how strong ECDSA is, all it takes is a group of nodes around you changed their rules (or so called sybil attack)

It takes a LOT more than just a "group of nodes around you".  Also, a group of nodes changing their rules is not a "Sybil Attack".

Somebody might wonder: Aren't miners suppose to be the honest nodes and stop all this?

Nope.  Bitcoin does not require miners to be "honest".  It requires solo miners and mining pool operators to be self-interested, and it requires that no single self-interested entity control a majority of the hash power.

Unfortunately, in this case, miners or so called most powerful computer network in the world can not do anything about it

Why? Because everything in bitcoin is decided by its agreement among nodes.

Solo miners and mining pool operators that don't want to be scammed or attacked should be running at least 1 full node.  Therefore, they participate in that "agreement among the nodes" that you are talking about.

If the nodes changed their way of calculate blocks, then all the miners will be dropped from the new network, and all those ASICs in large mining farms will just become paperweight

If some nodes change their way of accepting blocks, then those nodes will be dropped from the network.  The Bitcoin miners and Bitcoin nodes will continue running without the modified nodes and ASIC will continue to work as they always have.

This becomes a real threat when mining has become too centralized, e.g. only a few large pools are doing mining. So, even they are running the original version of bitcoin, if large group of nodes have upgraded to a different version, these miners will just be ignored as minority

As I already said, you don't seem to understand what the word "consensus" means, or how bitcoin actually works.  If a large group of nodes ignore existing consensus rules, then they will fork off onto their own non-bitcoin blockchain.  Meanwhile the remaining nodes and all the existing mining will continue to operate as it always has.

(new version can easily change the highest diff rule to highest length).

I don't even understand what you are trying to say there.  Anyone can change their node to do anything they like, but if it doesn't follow the existing consensus rules it will be ignored by the rest of the network.

Of course without hash power the new version will worth nothing later on, but I guess the thieves only need to sell their stolen coins before others realize the loss

They will find it very difficult to sell their useless coins that won't be recognized as valid by anyone or any service that is still running the current consensus rules.

The critical point that have real financial impact are exchanges and web wallet services. If one of these nodes together with a group of malicious nodes changed their protocol, then they could easily take others' coin, sell on exchange and profit.

If you are really paranoid and assume that every exchange might be a potential malicious actor like MTGOX, then they have many ways to profit unethically through a protocol change

Exchanges and Web wallet services don't need to bother changing any protocol.  The users have already sent the bitcoins to them. They can simply refuse to give the bitcoins back.

[Amph]

so this is just a bunch of silly no-sense, because in the remote case this is true(which is not) it would not benefit the hacker also, because they would lost everything too, simple logic

so it would be utterly stupid from their point of view to destroy their own "hacked profit"....

[johnyj]

so this is just a bunch of silly no-sense, because in th remote case this is true(which is not) it would not benefit the hacker also, because they would lost everything too, simple logic

so it would be utterly stupid from their point of view to destroy their own "hacked profit"....

What if they only steal Satoshi's one million coins, not any one else's? That is a large enough motivation to push out such a change

[David Rabahy]

*If* this is possible then why hasn't it?

[AgentofCoin]

Even though I am not knowledgeable enough to say whether OP is correct in his statements/opinion,
I would just like to point out that if the above scenario did in fact come about, it would entirely destroy/devalue bitcoin.
So for anyone doing this for profit, would actually in fact, make bitcoin forever worthless, and killed a golden goose.

This "threat" is only then reasonable as a purposeful attack to destroy Bitcoin/bitcoin, and not for profit.

What if they only steal Satoshi's one million coins, not any one else's? That is a large enough motivation to push out such a change

This would be a gross violation and I believe, 95% of the current users would stop accepting/buying/using bitcoins, including myself.
The only people left would be whales and "large hodlers", and they would never be able to resurrect the fallen golden goose.

[johnyj]

If some nodes change their way of accepting blocks, then those nodes will be dropped from the network.  The Bitcoin miners and Bitcoin nodes will continue running without the modified nodes and ASIC will continue to work as they always have.

The question is: Who will be dropped from the network, miners or majority of nodes?

Suppose that 7 largest mining pools are running 0.11, while 5000 nodes (including exchanges) have upgraded to 0.13, which is a softfork and backward compatible, then which one is the real bitcoin?

The difference is, in 0.13 you can spend Satoshi's one million coin with a newly defined key, because the block structure is different. But in 0.11 you can not. So the decision falls on these miners: They either stay at 0.11 and protect Satoshi's coins which no one cares, or they join majority of the nodes and share Satoshi's coins  

[ffe]

Do you think your bitcoin in cold wallet is protected by law of mathematics and also the most powerful computer network in the world? Think again

The recent proposal by Pieter Wuille revealed that core devs can push in a soft fork change that pretty much changes every way bitcoin works, thus hackers can spend your money without your consent

How is that possible? Because bitcoin is essentially an agreement (protocol) among nodes, if majority of the nodes around you agree that your bitcoin is gone, then it is gone! It does not matter how strong ECDSA is, all it takes is a group of nodes around you changed their rules (or so called sybil attack)

Somebody might wonder: Aren't miners suppose to be the honest nodes and stop all this? Unfortunately, in this case, miners or so called most powerful computer network in the world can not do anything about it

Why? Because everything in bitcoin is decided by its agreement among nodes. If the nodes changed their way of calculate blocks, then all the miners will be dropped from the new network, and all those ASICs in large mining farms will just become paperweight

This becomes a real threat when mining has become too centralized, e.g. only a few large pools are doing mining. So, even they are running the original version of bitcoin, if large group of nodes have upgraded to a different version, these miners will just be ignored as minority (new version can easily change the way that miner works). Of course without hash power the new version will worth nothing later on, but I guess the thieves only need to sell their stolen coins before others realize the problem

The critical point that have real financial impact are exchanges and web wallet services. If one of these nodes together with a group of malicious nodes changed their protocol, then they could easily take others' coin, sell on exchange and profit. If you are really paranoid and assume that every exchange might be a potential malicious actor like MTGOX, then they have many ways to profit unethically through a protocol change

As opposed to what?  A single bank deciding you shouldn't have access to your account with them for some crazy reason and freezing you out?

Bitcoin is much more secure than that. The vulnerability you describe is just the probability that all the major players in bitcoin accept a software version that blows up their wealth. Not likely.

[DannyHamilton]

If some nodes change their way of accepting blocks, then those nodes will be dropped from the network.  The Bitcoin miners and Bitcoin nodes will continue running without the modified nodes and ASIC will continue to work as they always have.

The question is: Who will be dropped from the network, miners or majority of nodes?

Both.  The network splits into "original bitcoin" and "new protocol trying to call itself bitcoin" if there isn't 100% consensus.

Suppose that 7 largest mining pools are running 0.11, while 5000 nodes (including exchanges) have upgraded to 0.13, which is a softfork and backward compatible, then which one is the real bitcoin?

Fully backward compatible? Then they can both be "the real bitcoin".  In order to be compatible, they can't break any of the current consensus rules, so it won't matter.

The difference is, in 0.13 you can spend Satoshi's one million coin with a newly defined key, because the block structure is different.  But in 0.11 you can not.

Then it isn't a soft fork, and it isn't backward compatible.  The network splits into "original bitcoin" and "new protocol trying to call itself bitcoin".  The only way that the new protocol can "win" is to convince nearly everyone (exchanges, merchants, consumers, investors, etc) to use their new "stealCoin" protocol instead of the secure "Bitcoin" protocol.

So the decision falls on these miners: They either stay at 0.11 and protect Satoshi's coins which no one cares, or they join majority of the nodes and share Satoshi's coins  

Actually the decision falls on everyone.  If everyone refuses to use the insecure "stealCoin" altcoin, then it will fail.  If everyone thinks that allowing theft is the better way to go, and they don't care if it will be used to steal form them someday, then your "stealCoin" altcoin will succeed and Bitcoin will be a failed experiment.

[pereira4]

I wouldnt worry about this at all. Something like this would be hard to sneak in and it would take multiple devs to manage it. Id say its a non issue.

Then why is there an XT version out there? Does this mean these ABC guys are more trust worthy than those XYZ guys? What is the criteria to judge? And how do you make sure you are not biased

Because the XT guys have tried to centralize Bitcoin by doing a ridiculously big blocksize increase and they couldn't find a consensus with devs and most people aren't agreeing with that, therefore they freely started their own thing as Bitcoin XT. I don't really see what you are trying to say in the OP, all those risks have already been considered and are under consideration.

[johnyj]

Then it isn't a soft fork, and it isn't backward compatible.  The network splits into "original bitcoin" and "new protocol trying to call itself bitcoin".  The only way that the new protocol can "win" is to convince nearly everyone (exchanges, merchants, consumers, investors, etc) to use their new "stealCoin" protocol instead of the secure "Bitcoin" protocol.

You can check Pieter's segregated witness proposal video here
https://www.youtube.com/watch?v=fst1IK_mrng#t=36m

It is a large change to bitcoin protocol (in fact changed pretty much everything in bitcoin) but still can be implemented using a soft fork, means backward compatible. I'm still scratching my head of how this is possible, but I guess it is using a technology similar to master coin, they can make the new design totally invisible to the old client, maybe embedded some key data in some trivial field, so the old client feels that nothing has changed

[johnyj]

I wouldnt worry about this at all. Something like this would be hard to sneak in and it would take multiple devs to manage it. Id say its a non issue.

Then why is there an XT version out there? Does this mean these ABC guys are more trust worthy than those XYZ guys? What is the criteria to judge? And how do you make sure you are not biased

Because the XT guys have tried to centralize Bitcoin by doing a ridiculously big blocksize increase and they couldn't find a consensus with devs and most people aren't agreeing with that, therefore they freely started their own thing as Bitcoin XT. I don't really see what you are trying to say in the OP, all those risks have already been considered and are under consideration.

XT is too radical thus barely can get some agreement, but the proposal I see in segregated witness is more radical than that, he promote to change the whole bitcoin architecture, do you think that is under consideration? Someone already pointed out increased sybil attack risk in SWclient, check Lauda's thread here
https://bitcointalk.org/index.php?topic=1279444.msg13227840#msg13227840

[DannyHamilton]

Then it isn't a soft fork, and it isn't backward compatible.  The network splits into "original bitcoin" and "new protocol trying to call itself bitcoin".  The only way that the new protocol can "win" is to convince nearly everyone (exchanges, merchants, consumers, investors, etc) to use their new "stealCoin" protocol instead of the secure "Bitcoin" protocol.

You can check Pieter's segregated witness proposal video here
https://www.youtube.com/watch?v=fst1IK_mrng#t=36m

It is a large change to bitcoin protocol (in fact changed pretty much everything in bitcoin) but still can be implemented using a soft fork, means backward compatible. I'm still scratching my head of how this is possible, but I guess it is using a technology similar to master coin, they can make the new design totally invisible to the old client, maybe embedded some key data in some trivial field, so the old client feels that nothing has changed

Don't have time to watch the video right now.  I'll try and watch it tonight. However, if it is completely backward compatible with the existing protocol, then it isn't possible to steal Satoshi's (or anyone else's) bitcoins with that implementation.

[Mickeyb]

With all due respect to the OP, I have read through this whole thread and I think there is quite a lot overreacting here by your side! I don't think something like this as you propose will happen to Bitcoin ever. We are much more serious than this!

[DrLove2048]

Everything has a risk associated with it... Just do the best you can to protect yourself from that risk and that's about all you can do.