It just skims these I identify as the biggest security threats to cryptocurrency, I didn't go much in detail but if you find inaccuracies or incompleteness tell me! (Well, any feedback is welcome
As with any form of currency or valuable commodity, cryptocurrency security is a primary concern. Protected by more or less time-tested algorithms, the main cryptocurrencies' cryptography has never been breached, but this is not the end of the story.
An important note to make is that an malicious party can be interested in either stealing money directly or sabotaging a service. Many people don't see a reason for the latter, but there are plenty: for example manipulating price, damaging a competing currency or business, disrupting an event or fund-riser of an opponent political party etc. So theft and vandalism are equally dangerous for a cryptocurrency.
Lastly security threats involve both the network as a whole and its users. It's important to be conscious of the security of your favorite cryptocurrencies, and of your own assets.
Cryptocurrency network dangersLet's start with the risks the cryptos' networks themselves face.
The 51% attackThe most notorious danger to any consensus-based network is a 51% attack. Proponents of various technologies have claimed to have the solution, but in general they have just been spinning around the meaning of "51% attack".
A 51% attack against a cryptocurrency network allows a malicious party to spend the same coins more than once, to deny transactions that already happened in the past, and to mess up the blockchain. It does not allow them to steal money directly, but it's still a huge threat.
The fundamental problem is that any peer to peer network views all its nodes as equals, no one is more authoritative than any other. To reach some sort of consensus, it has to award them with some "voting power". This can be proof of work, proof of stake, proof of resource or whatever else you may imagine, but it has to be something, and in the end who owns at least 50%+1 of that something can compromise the network (yes, the term 51% attack is incorrect since the attacker only needs 50%+1 voting power).
Notably, node numbers mean nothing, for example, since the detection of 51% attacks is easy, one could imagine the "good" nodes to identify the malicious ones and expel them. However the attacker can easily set up more nodes than there are on the network at all, in fact the reason why minting algorithms are born is so that one does not make infinite nodes. A node without resources (eg computational power for POW or capital for POS) has as much authority as no node at all.
DOS attacksThere's a number of denial of service attacks that can be used to damage a cryptocurrency. The attacks on the network per-se are for the most part easy to prevent with well-known peer to peer networking technology, while the attacks that leverage the protocol limitations are harder to deal with, but in general very costly.
A very simple form of DOS, for example, is to spam bitcoin nodes with tons of meaningless queries. The nodes will swiftly ban the attackers' IP neutralizing the danger.
To spam the network with meaningful-looking requests requires the attacker to set up millions of nodes, each with its own IP address and client in place, this kind of attack is both hard and costly to perform, but it would definitely slow down the network considerably (and there's no real way to distinguish legitimate nodes from nodes created just to waste the network's resources).
Leveraging the protocol's maximum number of transactions, instead, can be done easily. Bitcoin network, for example, can accept a maximum of 7 transactions per second, so issuing more transactions than that will cause the network to have troubles. Now, normally cryptocurrency networks have transaction fees, and these fees rise sharply when the max transaction threshold nears, making this kind of attack extremely expansive (in general the transaction fees go to the miners who find the latest block, by the way). However artificially rising the transaction fees may be good enough for the malicious party, for example if bitcoin fees rise from a few cents to one dollar many online stores will see their sales plummet, a large e-commerce business could try to damage its competitors this way, spending a few tens of thousand of dollars a day but causing huge losses to its direct competitors.
A cheaper but also dangerous kind of DOS is the blockchain spam: creating useless transactions that take up large space in the blockchain, thus making it harder for the nodes to keep up. Note that a transaction can occupy a larger piece of memory regardless of the amount of coins sent. Bitcoin mitigates this by making larger transactions pay more transfer fees, but this kind of spam is still a serious issue. In truth any transaction causes some degree of blockchain bloat and bitcoin has been struggling with blockchain size even without malicious blockchain spam attacks.
There are actually subtler ways to spam the blockchain, some even forcing the nodes to keep useless data in RAM, and we have yet to see them put in practice, so it's another serious danger whose potential damage is yet unknown.
Bruteforce and algorithm attacksIn general people who work in the cryptography field are very attentive to "bruteforce attacks", these attacks can't be made impossible, but they my require too much computational power to be feasible. It would take the whole world's computing power and at least some billions of years to break about any cryptographic technology deemed "secure". Cryptocurrencies are no exception: a bruteforce attack with modern day technologies is simply unthinkable.
Recently speculation about quantum computing has been quite popular, and some claim that such technology could make modern cryptocurrency protocols insecure. While it's very difficult to prevent an attack with a technology that does not exist yet, many cryptocurrency developers have already implemented some countermeasures and probably it won't be too difficult to upgrade modern cryptocurrency protocols if the threat became real, however it's something to keep in mind.
Algorithm attacks, on the other hand, are more tricky and could render unusable a coin's technology very fast. Breaking an algorithm (that is, finding a computationally easy way to crack it) means, in the first place, that said algorithm was breakable. Some algorithm's security is proven mathematically, and therefore there isn't any way to break them.
Unfortunately because of some cryptocurrencies' technical needs, it's impossible, as of today, to implement a protocol based only on mathematically-proven secure algorithms.
With new cryptocurrencies rolling out new technologies every day, we're seeing more and more different algorithms being employed, and no algorithm significant breach has been registered yet, but it's better to not lower the guard against this sneaky kind of threat.
Individual riskWorking with a secure cryptocurrency is pointless if the money can be stolen from you. Let's see the main issues.
Lack of privacy as a risk factorLeaking data about oneself is definitely a major security risk and probably the most underestimated one. If you go to a local pub bragging about these two gold ingots you keep at home you can be sure some thieves will at least try to get them.
Cryptocurrency is no different, with the added malus that public-ledger based technologies like bitcoin basically tell the whole world how much cash you have.
I wrote more in detail about anonymous cryptocurrencies
here. In any case it's a good idea to use tor or other anonymizing services to access networks like bitcoin's, and if possible to keep a good stash of proper privacy-oriented currencies.
I'd like to stress this once more: if you publicize the fact that you have tens of thousands of dollars at home (in cash basically) you're endangering not only your wealth but also your and your family's personal safety.
<h3>Trusting third parties</h3>
Ever since bitcoin started meaning business we have seen monthly cracks, frauds and (true or claimed) hacking cases.
To protect yourself from frauds or accidental loss of money from third parties you should always conduct a good deal of research on the business background before you invest money in any of them.
Needless to say, if the business is run by anonymous fellows you'd better be extra careful. The service may be legitimate, but it's often not so. If the people behind it have a name and a face g and check their personal history. Some people actually use pseudonyms, you can check out
this article, or
this, to see what I mean, so be extra careful even when the person claims a certain identity.[/b]
Wallet and medium securitySecuring your own wallet, and the medium you use it on is also crucial. Note on this point that if you managed to hide your currency wealth hackers are less likely to target you, and this substantially enhances your chances to stay safe.
Firstly, for the medium, if you can I strongly recommend not to use a smartphone for large sums of money (most of them turned out to have serious security flaws), Windows has also historically been an easy attack target, so I advise you to keep your wallets on an up-to date Linux or Mac system if you can (note for Linux you can opt for a "hardened" version, which is safer). Even better you could get a hardware wallet like Trezor or build yourself one (if electronics is your hobby).
Also remember that the less things your computer does the safe it is. If you have some IT skills, deactivate all services and prevent any unnecessary connections via firewall. Otherwise try to use a system just for your wallets, and don't install unnecessary stuff. Keeping your system up to date is also important.
Secondly the wallets should always be encrypted and have a strong password, ideally a different password for each wallet. Very often you'll find wallets that offer you a N words seed for your wallet, that IS your wallet, and if you can remember it you don't need to store the wallet anywhere. Mind that if you forget the seed (or lose the password of an encrypted wallet) you lose all the money inside, so you better back up the access data somewhere.
Remember that using a safe wallet is pointless if the underlying system is unsafe.
stay safe and up to dateIn the end if you want to be safe holding cryptocurrencies, be sure that the technology you're working with is safe, and that you're up to date with new threats.
Also keep your business for yourself when possible.
