Letter #11: Bitcoin and the FBI Hack That Never Was
 |
|
Are you brand new to crypto and not sure where to begin to learn about it? Check out my intro to cryptocurrency and intro to blockchain posts or my cryptocurrency blog to learn more about this fascinating new technology!
Bitcoin is highly regarded for the fact that it is un-hackable. Or at least that it hasn’t been hacked once in the more than 12 years since the genesis (i.e., first) block on the Bitcoin network was mined. For all intents and purposes, Bitcoin stored on the network is safe as long as you protect the private key that secures your Bitcoin wallet, similar to how a password protects your Reddit or Twitter account.
You can imagine the surprise of many in the crypto community when several media outlets reported earlier today that the FBI had seized around sixty-four Bitcoin allegedly included as part of the payment made to a hacker group in connection with the Colonial Pipeline ransomware attack in May 2021. Missing from their news releases were details on how exactly the FBI had managed to access the Bitcoin, leading many new participants in the Bitcoin space to wonder if the FBI had somehow managed to hack the un-hackable network.
While the FBI almost assuredly has teams of top tier hackers in its ranks, the idea that the FBI could infiltrate the Bitcoin network was laughable from the start, and seems to have been proven wrong by the FBI’s own press release (more on that below).
What protects my Bitcoin wallet?
In order to send and receive Bitcoin on the Bitcoin network, every user must have a Bitcoin wallet. A Bitcoin wallet is vastly different from the wallet you have in your pocket, or even the wallet you have on your iPhone.
Remember that the Bitcoin network and everything on it are completely digital and are not managed or operated by any centralized entity like a government or corporation. Instead, every Bitcoin wallet consists of two things: a public key or address that’s visible to anyone so that other users can transfer their Bitcoin to you and a private key that is known to no one but you and controls your entire Bitcoin fortune.
The private key is like a password that protects your Bitcoin wallet and is required anytime you want to transfer your Bitcoin on the network. However, a private key is significantly more secure than a common password because it is a randomly generated sequence of characters that is not stored anywhere except for the spot you choose to secure it. In essence, the private key is as safe as you choose to make it. In fact, a private key is so secure that the Bitcoin in the associated wallet will be lost if the key is lost.
It’s estimated that there are 2^256, or 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336, possible private keys. It would be impossible for even the strongest computer in the world to correctly guess any private key over the course of several lifetimes, let alone guess the correct key for a specific Bitcoin wallet. In summary, the FBI did not and cannot brute force its way into taking anyone’s Bitcoin.
So how did the FBI access the hackers’ Bitcoin?
The United States Department of Justice was kind enough to provide some additional details in its own press release:
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.
But wait, didn’t we just prove that it’s essentially impossible for the FBI to have guessed the private key for the hackers’ BTC wallet? And it’s perhaps almost as unlikely that the hackers gave the private key to the FBI since they reportedly haven’t been caught.
It’s worth saying again: the private key is as safe as you choose to make it. If you post it to the internet, leave it on a piece of paper in your office, or entrust it to a company like an exchange or lender, your private key can be stolen.
The following quote from the Wall Street Journal makes it seem likely that the hackers made the choice to entrust the private key for their Bitcoin to a cryptocurrency exchange:
Almost all centralized (i.e., run by a person or company) cryptocurrency exchanges hold onto the private keys associated with users’ wallets on the platform. In fact, most of those exchanges don’t even share the private keys with the users themselves. Users are at the mercy of the people running the centralized cryptocurrency exchange for as long as they leave their Bitcoin on the platform.
It’s impossible to hack a private key. But it’s relatively easy for the FBI and the Department of Justice to coerce a person or company into handing over your personal information, including your private key when it’s held in the exchange’s databases. The FBI did not confirm exactly how they acquired the private key used to secure the hackers’ Bitcoin, but it seems much more probable that the Bitcoin were recovered from an exchange rather than through seizure of the private key from the hackers themselves (i.e., hacking the hackers).
How can I protect my Bitcoin from hackers and the FBI?
While the government will argue that it’s in the best interest of all citizens that it be able to seize or freeze assets, it certainly won’t feel that way if it happens to you, whether or not you deserve to be on the wrong side of the law. If you don't protect your Bitcoin, you put your Bitcoin at risk.
The first thing to do is to never leave your Bitcoin or other cryptocurrencies on a centralized exchange when you’re not actively trading them. In fact, learn how to use a decentralized cryptocurrency exchange (aka “DEX”) if you can. Many decentralized exchanges are “non-custodial”, meaning that you don’t have to transfer your crypto into a wallet controlled by the exchange to execute trades. And for those decentralized exchanges that do have custodial wallets, you’re somewhat protected by the fact that the team running it, if there even is one, is usually a lot less susceptible to outside pressure than those who operate centralized exchanges.
Once you’ve removed your crypto hodlings from the exchange, the next thing to do is learn how to “self-custody” your crypto. Whether you write your private key on a piece of paper locked in a safe, etch it on a piece of metal to be buried in your backyard, or secure it using a hardware wallet like a Trezor, your private key will almost assuredly be safer than it would be sitting with a company that can be hacked or can have a warrant served to it.
FUD seems inevitable, but it doesn’t have to be
As with any investment, it is essential that all investors educate themselves. This is even more important in the context of a new technology like Cryptocurrency. Otherwise, you’ll misunderstand the technical aspects of the technology, panic sell your crypto, and possibly miss out on the financial opportunity of a lifetime.
Interested in learning more about Bitcoin, Blockchain, and Cryptocurrencies?
Want to share your thoughts with the community?
Wish you could share this Letter with all your friends? Now you can
The links throughout this article are provided for informational purposes only. I am not an affiliate of these companies, I make no recommendation regarding the companies or their services, and I have not received any compensation for linking to their content.
Very interesting... makes you wonder and become very leery of the government.
Clever title. Great information~