I've been reading different threads over the years regarding potential attacks on Bitcoin. Some are more realistic, others depend. I am not convinced by some potential attacks, but others are interesting. My issue is that information is spread throughout many locations and topics. I've seen many threads just on quantum computers so the information is scattered. Even if I will start with this currently popular threat, this is not another quantum computers thread!! Please make sure to take notice of this.
The groups are not ordered according to likelihood of happening. I find it is very hard to determine the likelihood of these things and especially compare them. It is very similar to crystal ball speculation so I will avoid making detailed probabilities of likelihood. I will give my opinion on the threat assesment which includes my personal views on the likelihood based on where we are today and based on some research. To give one example I find that the risk of regulatory crackdown on the level of a ban at least in the US is very low and it is explained down below why.
Group 1: Technological ThreatsEverything about Bitcoin is technological, its security relies from the use of various cryptographic processes in a very smart way. Naturally the risk from technological threats is always present and they can be of different severity and impact. It can range from small level DOS of individual nodes to a complete rule or consensus collapse.
1.1 Quantum ComputersFirstly we will talk about quantum computers for 2 reasons. One is that because there is a lot of unknowns and many assumptions with this coming technology. We are just not that sure of what exactly it will be capable of in practice and to what extent, but
what we can be sure of is that a lot of serious money is being invested in making this happen. Secondly, this thread has been coming up very often at times but I've seen some discussion threads that are even 10 years old. The two main areas of concerns are:
1)
SHA256. Many people don't know that this hash function is used at two locations. One is Bitcoin mining and the other is addresses. The risk here primarily comes from Grover’s algorithm, it would effectively reduce the number of required steps in mining from 2
n to 2
n/2 which means 2
256 reduces down to 2
128. Is this a real concern? No! The ASICs that are mining on Bitcoin today are very specialized and efficient machines compared to a general purpose computer. As it stands today it is very unlikely that a general purpose quantum computers is going to be more efficient at mining even if it has to complete fewer steps. If these machines become feasible it is likely that we are going to see something like quantum ASICs but this would come much later in the future if at all. The practical feasibility of quantum computers is still a big question mark.
So what about addresses? In the case of a complete compromise of SHA256 an attacker would be able to take any address and derive its public key this is called a preimage. Remember though that as soon as you spend money from any address you expose its public key. So the pool of exposed public keys would extend to all addresses regardless of whether they were used or not.
On its own this is not a risk at all. Only if both SHA256 is fully compromised and the signature algorithm is also fully compromised (in our case ECDSA) would this become a big issue. However, based on the knowledge regarding hash functions and quantum computers today
a complete compromise of SHA256 is extremely unlikely.
Threat assessment: Very low.
2)
ECDSA. The other part of the quantum computer story relates to the signature algorithm that Bitcoin uses which is the elliptic curve digital signature algorithm. This one is more tricky. The security for the user funds rests on the assumption that the private key remains private even if the public key is exposed. Any time you use an address you expose its public key, which means that only addresses that never made a sending transactions don't have their public keys exposed. But how would a quantum computer do this? The algorithm that would be breaking ECDSA runs in
exponential time and with 2
128 of effective security to put it simply this means that it would take standard computers millions of years to compromise a single key. A quantum computer is able to use Shor's algorithm and this would change the time from
exponential to polynomial. In practice it could means anything from days to hours to compromise a key depending on the size of the computer.
Potential targets:
- Any addresses that are reused.
- Satoshi's coins.
- Other coins stored in P2PK addresses, as these addresses did not use SHA256 yet so they public key is already exposed.
Some rough estimate puts the number of vulnerable coins at several million today!
Caveats: The quantum computers that we have today are nowhere near in size that is needed to use Shor's algorithm effectively. Even using aggressive forecasts they will unlikely be anywhere close in the next 5 to 10 years. Scaling quantum computers is extremely hard. Further there are many other unknowns here as this is all based in theory. It is possible that at that scale these computers run into other issues that we are not aware of today.
Mitigations: Switching to quantum safe algorithms. This is relatively straightforward, the difficulty is primarily in picking the right algorithm and tradeoffs. Some make bigger signatures, others make verification and signing slower or any mix of this.
Controversy: Even if we switch to a safe algorithm, what about Satohi's era coins? Some advocate for locking them, others advocate for leaving them. Surely if left in the open actors will eventually steal and sell them which is bad for everyone. If locked this would not happen, but that could also set a very dangerous precedent for the future. Addressing this will be a bigger challenge than adopting a new algorithm.
Threat assessment: Very high, but not right now and only if not addressed at all.
1.2 Centralization of InfrastructureBitcoin mining has become a massive industry. Majority of the hash power is concentrated in large mining pools and data centers. On the other hand many nodes today run on centralized cloud platforms. Even though it is most often individuals who are renting their services, still there is a centralization of the providers. Some potential risks here are:
- Miner collusion. Everyone knows the good old threat of the 51% attack. I consider this risk overblown. Firstly, the incentive for not doing this is massive. If you remain a honest miner you can continue earning money for a long time. If you collude to attack the network, you can only do so once. The network can change the hash function and effectively bankrupt the miners over night. While this would hurt the Bitcoin network too, it would cause more losses to the miners. Second, there are probably unprecedented legal risks here. Are you allowed to abuse the Bitcoin blockchain to cause harm to other big businesses just because it is a public network and asset? I doubt it.
- Node centralization. This creates centralized points of failure and they can be exploited by targeted attacks or even interference by states. However the overall damage that can be done here is not large and certainly not catastrophic as long as there are nodes all around the world. Currently even with some provider centralization Bitcoin has node almost everywhere in the world. An attack through this means is extremely difficult if not impossible. Attacks could probably be mostly on targeted like disrupting some miners temporarily for self gain.
- Miner censorship. The more centralized the mining operations are the more vulnerable they will be to pressure. They can force miners to censor some transactions or addresses. We have seen already a few cases of this. If they manage to push this narrative on us it would harm one of the major features of Bitcoin, its censorship resistance. Countermeasures would probably include some kind of obfuscations although I am not certain where we are with this today. Is it possible to submit a transaction using some methods so the miner does not know what the transaction is about until he actually includes it in a block?
- Development Centralization. While the development of Bitcoin is indeed very heavy on the open source, the reality is not without its issues. It relies strongly on a fairly small group of long time contributors and maintainers. The exact risks here are unknown. Bitcoin has one of the most rigorous technical review processes making infiltration by shady actors very difficult. However, state agencies have been known to infiltrate and corrupt open source projects slowly over time. There are also other issues relating to gatekeeping or ideologies. It is very difficult to change the minds of this group of people on certain topics. Without their approval you can't get such changes into Bitcoin.
Threat assessment: Medium. Obviously each point has a different risk profile but it is easier to summarize it like this into an average.
1.3 Protocol Level ExploitsAs I have already say, the Bitcoin project has an extremely scrutinized codebase and its review process is very good. Still with any complex software there is a risk of undiscovered bugs. Small bugs are not an issue, we are talking about critical flaws relating to smaller issues such as DOS attacks to complete consensus failure or bypassing of fundamental rules. We've had some scary examples in the past:
- Value overflow bug, which could have allowed someone to create billions of BTC in a single block. This was an very early bug in 2010 where the review process was not that good and practically there were no contributors compared to today.
- Inflation bug, which could have allowed someone to create Bitcoin out of nothing. https://bitcoincore.org/en/2018/09/20/notice/.
For better of worse Bitcoin does not have a feature where you can revert an individual addresses transactions like ETH. This means that the whole chain would have to be reverted to fix a critical inflation bug for example.
Threat assessment: Very High. I don't know the ways in which this particular thing could be improve to limit the probability of a massive exploit occurring but due to the potential damage that even 1 successful exploit could cause I rated it so high
Group 2: Legal and Regulatory ThreatsI've mentioned slightly regulatory pressure on miners in the technological threats but here I want to go a bit wider on these. Sometimes people talk about how Bitcoin could be made completely illegal in favor of CBDCs or some other things. I consider the threat of a complete ban extremely low at least in the USA. The industry is simply too large and all the main powers that are in the financial world are inside Bitcoin. Blackrock can effectively block any such attempts on their own. It is possible that this happens in other countries, but we just need 1 more large country to follow USA's path and this will cement the global power race regarding Bitcoin. However, there are other regulatory threats that are always looming.
1)
Attack on privacy tools. We've seen what happened to Tornado Cash and other privacy tool developers. These are dangerous precedents as they could continue their reach, maybe even outlawing complete methods like Coinjoin.
2)
Pressure on self-custody and the fight against a no-KYC world. This one is not balanced and depends heavily on countries. In the EU we already seem extreme attempts at getting complete information and control over citizens. I don't think attacks on self-custody will stop anytime soon. An extreme version of this would be that all self-custody is outlawed.
3)
Copyright, CSAM, malware. There are many things stored in the Bitcoin blockchain. It can be made even worse by leaking state secrets and more illegal material. This could be used by politicians to make laws targeting node operators and other individuals who use the Bitcoin blockchain.
4)
Instability. If you look at regulations from a global perspective, they are very much changing and different. Perhaps we will see a world where even more countries have extreme restrictions on capital controls. Retaining Bitcoin in such a country in its current way is not going to work. They would have to use regulations to fight it or outright block it.
Threat assessment: Medium to High. Regulations must be fought as they are proposed. We can't predict what idiocy their will come up with next. So anytime someone does something stupid like claim that they are Satoshi they should be put in jail.
Group 3: Economic and Market Dynamics1)
Stablecoin Dominance. Let's face it no matter how much of the volume is fake in these transactions stablecoins are use a lot for many purposes. They have their own risks and benefits that are not directly related to this thread. I see a way of attacking Bitcoin by heavy promotion of existing and new corporate stablecoins. Here Bitcoin risks slipping just to being a reserve and speculative asset losing its medium of exchange function. That would be pretty bad even if not catastrophic. There is no way to replicate the stablecoin performance of other more centralized chains onto Bitcoin. Perhaps deploying one on some layer 2 network could work?
2)
Custody centralization. We already see that ETFs and Custodians hold a massive amount of Bitcoin. There are many things that can go wrong here. Everything from security over to regulatory risk and narrative control. These institutions may be able to influence Bitcoin's public image and even cause disruption if we find ourselves in a major fork issues or other existential event. Let's not forget market manipulation risks and whatnot. So this centralization of custody introduces a large systemic risk that was not present before.
3)
Fee market collapse. The current idea is that transactions fees slowly replace block subsidies as the primary miner incentive as Bitcoin ages and gains more value. If there is not enough demand for block space for whatever reason the fee market may not be enough. many factors are influencing this. For example people holding their coins with custodians instead of their own wallets and using them, competition from layer 2 like LN and so on. While the consequences are not catastrophic at first it is a question how this would have to be solved. At the beginning it would slowly reduce the Bitcoin budget and stall the hash rate growth or even lead to its reduction. This increases the vulnerability of a 51% attack and would cause frequent slowdowns in confirmation times as the hashrate continues get lower. Since the fixed supply is one of Bitcoin's core value propositions we can't just introduce something like extra inflation like altcoins have.
Threat assessment: Medium.
Group 4: Social and Behavioral Risks1)
User Apathy: I've seen this discussed in different ways in different topics. What if fewer and fewer people care about self-custody, decentralization and privacy as time goes on? I don't think anyone is trying to do this as a targeted attack yet but they can make this worse by trying to persuade people against these things. Combined with regulatory pressure this could become very dangerous. The main features of this network such as its censorship resistance are only possible because so many participating parties care deeply about the aforementioned things. The cypher punk spirit must stay alive in Bitcoin.
2)
Social attacks through narratives and disinformation: On its own this is no longer effective. There are hundreds if not thousands of obituaries for Bitcoin already. Everything from Bitcoin being for criminals to its a ponzi. They have tried all kinds of arguments and narratives and none of it ultimately work, but I think it could come back in a combined attack. One must keep in mind that the situation regarding enemies is not like there is just 1 group waiting to attack Bitcoin. There are many different groups, some of which work together and others who are on their own. Some have similar reasons to attack Bitcoin others have very different ones. They may be waiting for a good opportunity to do something, and if there is one kind of attack effectively in progress they may join with their own attack for their own reasons.
3)
Generational shift: This is a bit similar to apathy but different. Bitcoin does not exist in its bubble. Let's be clear,
Bitcoin is unique in every way. There is no altcoin that even resembles Bitcoin at all. They are all created to enrich the founders first. None of them come closed to Bitcoin's decentralization and it is impossible to replicate it! Still new users may prefer newer blockchains such as ETH or Solana for different things that they provide be it NFTs, memes, DeFi or whatever. Some argue that we should just ignore such users but I disagree. We can't have a world that is on Bitcoin standard if we just dismiss large groups of people. Bitcoin must offer advantages besides being digital gold to retain its large advantage.
Threat assessment: Low to Medium.
Group 5: Competitive or Innovative Risks1)
Protocol Stagnation. While Bitcoin's slow and thorough governance model has many advantages, it is not without its risk. It makes it very slow to adopt new features if it adopts them at all. While it reduces the risk of new attacks, it also delays the integration of potentially valuable upgrades that users may want. For example if you want privacy and anonymity you have to use Monero, if you want a stablecoin you have to go to some of the many other altcoins that support it and so on. The landscape is evolving and while Bitcoin is unique in many ways there is some risk of it becoming something like a legacy cryptocurrency. This would go in hand with the idea of Bitcoin being digital gold, but I don't know if that single use case is enough for it to conquer the world.
2)
Rapid Innovation in other projects. This is directly related to the first point and they could be presented as one, it is kind of the other side of the coin. While Bitcoin evolves slowly for various reasons, the innovation on the other side is rapid and going in all kinds of direction. Many of the innovations are useless that is for sure, but not everything is and it is clear that people are using it. DeFi of the kind that is not really possible in Bitcoin right now is responsible for a lot of transactions.,
3)
Layer 2 Fragmentation. While this is so much worse in the altcoin world, it still affects Bitcoin too. Since scaling on the main layer is not the target of the developers or maybe not even possible at all, the only other choice are layer 2s like Lightning which is where the innovation is happening. While having a single layer 2 would make things simpler it also introduces limitations in terms of features. The more layer 2 or even layer 3s that Bitcoin has the harder it will be for an normal person to get involved with it. And to make things worse liquidity is then fragmented instead of it being available at the same level for everything.
Threat assessment: Medium.
I want to hear what you think about these matters. If you have any other suggestions for groups or threats, I will gladly include them if they make sense.
Please don't talk about extinction level solar flares or meteorites. Those events are not a direct threat to Bitcoin. Any event that is a threat and danger to humanity as a whole is not a direct threat to Bitcoin. If the world is on the verge of collapse, Bitcoin will not be a priority during such circumstances and it may survive anyway. There may be some mistakes in some details but I don't think we should get too technical here, I did a lot of research while writing this. Remember that the threat assessment depends also on the consequences if something happens. So even if something has a low chance of happening if the consequences are potentially catastrophic then the risk is very high. I would really like to hear how others see the threat level of each group.
I just included some things per group, we could add a few more but I think that I should also not go too deep per category like 10 technological threats. The idea is to get a perspective on the kinds of threats that could come and some likely threats within those groups. Most certainly it would be impossible to cover every single threat.
