The Bitcoin (BTC) blockchain follows a set of rules established through 642,000 lines of code, stored in an open repository on GitHub. Only a few people have the right to make changes to it.
Although the Bitcoin network is decentralized, there is an inherent centralization to the development element, which is potentially one of the system's vulnerabilities.
- What happens if someone is able to tamper with the code and introduce a bug into Bitcoin?
- Could the authorities take advantage of this feature to bring down the cryptocurrency network?
To answer these questions, Decrypt interviewed several experts and developers.
Who maintains the Bitcoin code?
First you need to understand how the system works. Only Bitcoin Core administrators can make significant changes to the GitHub repository. In fact, this role is assigned to six developers: Vladimir van der Laan, Jonas Schnelli, Marco Falcke, Samuel Dobson, Michael Ford and Peter Wülle.
Bitcoin is open source software, so administrators are not officially appointed, but are given ad hoc authority by existing administrators if one of the developers demonstrates sufficient qualifications. Supposedly, Bitcoin Foundation founder Gavin Andresen appointed Vladimir van der Laan as lead administrator, who is primarily responsible for uploading changes to Bitcoin Core.
To update the Bitcoin codebase, the Bitcoin Core team reviews the code submitted by thousands of developers and can approve it if it deems it appropriate. Each administrator has access to a PGP key, which is necessary to sign changes included in the repository.
CTO of custodial startup Casa Jameson Lopp said:
“While there are a few admin accounts at the organizational level that have the ability to push code into the main branch, this is more of a technical function than an empowering position.”
Bitcoin's two problems
According to Stroustrup, the main problem with Bitcoin is its massive energy consumption. As the complexity of mining (cryptocurrency production) increases, so do the energy costs consumed by increasingly powerful equipment.
Mining difficulty decreases only when the price goes down. Some miners turn off their devices so as not to work at a loss: for example, the break-even threshold is at around 6.5-7 thousand dollars in countries with cheap electricity. If the Bitcoin exchange rate is lower, then you will have to pay more for electricity than you can get from selling cryptocurrency on the exchange.
The second problem is the use of Bitcoin for illegal purposes. Drug dealers, dealers in weapons and other illegal goods, and terrorist organizations have appreciated the anonymity that cryptocurrencies provide. Tracing a payment in bitcoins to a specific person is much more difficult than a transfer to a bank or payment system.
Although the Bitcoin blockchain is open and all transactions are in full view, no documents are required to register in the system. You can withdraw cryptocurrency through semi-legal exchanges or private exchangers who also do not ask for a passport.
Unauthorized access to Bitcoin Core
Any attack on the Bitcoin codebase, even if carried out by GitHub employees, will require a PGP key.
“GitHub employees could change code in the Bitcoin Core repository for malicious reasons. That's why developers sign releases with a PGP key. If the code on GitHub is modified by an attacker, the signatures will not match ,” said researcher Andrew Young.
But what if the attacker actually gets hold of the PGP key?
“If one of these keys were leaked, an attacker could potentially change the code in the repository, ” said Blockchain Research Lab researcher Elias Strehle, adding that the developers had taken this into account.
My guess is that the admins will quickly create a new repository with the new PGP keys, upload the intact code into it, and ask the community to use that repository instead of the modified one."
Simple and inexpensive
If hiring a whole team of programmers, lawyers and marketers is beyond your means, then you can resort to a simpler method - copy a ready-made coin and create a fork. A fork is a clone of the original digital coin. For example, Litecoin is a fork of Bitcoin, since the source code of the flagship cryptocurrency was taken as a basis. The source code of many digital coins is publicly available on GitHub, but working with it also requires basic knowledge of programming languages.
Usually, when creating a fork, only basic information is replaced in the source code: the name of the coin, port settings, cryptocurrency generation parameters and other aspects. At this point, the technical side of the issue is completed and the created digital coin is ready for distribution.
Malicious Administrator
Consider a scenario in which the attacker is one of the administrators. In theory, he could upload malicious code in the hope that no one will notice.
“Due to the variety of players who must accept the changes, it is quite difficult to hide a malicious change in Bitcoin Core, but it could probably be done as part of an update that would be considered good by most,” said Nym Technologies CEO Harry Halpin.
Truly evil changes would be distributed with updates that appeal to the majority!”
This, however, is also unlikely to work, since other administrators or one of the thousands of developers will most likely notice that something is wrong. However, even if a malicious change gets past this stage, there is one more defense.
“I believe it will be caught by the signature verification script the next time someone issues a code request or runs a test, ” said developer Thomas Kerin.
The attention of all developers will immediately be focused on what happened.”
Contradictory Statement
Bjarne Stroustrup was a guest on the podcast of Lex Friedman, an expert on artificial intelligence and advanced software development technologies. The creator of C++ said that he does not see a future for Bitcoin - the cryptocurrency is doomed.
Stroustrup sincerely regrets that C++ was used to create the Bitcoin code. But he acknowledged that Bitcoin's creator, Satoshi Nakamoto, whoever he was, made a huge contribution to the development of the technology.
The expert emphasized: people who made great technological revolutions were often condemned. But not for what they created, but for how others used their inventions. Stroustrup also noted that the popularity of Bitcoin is rapidly declining.
At the same time, Stroustrup called blockchain a brilliant invention. But he is upset that such advanced technology has not yet found a more worthy application than cryptocurrencies.
Kidnapping of administrators
In theory, it is also possible that all administrators will be kidnapped, information about this will not spread quickly enough in the community, and a significant part of Bitcoin nodes will switch to vulnerable code. Concerns that authorities may try to disable Bitcoin periodically arise among users.
Let's assume that all the administrators were arrested, and the attackers immediately began distributing a malicious Bitcoin Core update. Kerin believes that this approach will not be successful either:
“The community will fork the repository using the latest full version and build on it.”
He also believes that it will be impossible to carry out such an operation without making the incident public, for example by the families of the administrators.
“Manipulated nodes and function nodes will likely be unable to reach consensus on the state of the blockchain, leading to a fork ,” Strehle said.
Updates are not automatically distributed across the Bitcoin network; Each node operator decides for himself whether to install them or not. Thus, users may not support even valid changes if they do not agree with their content.
On the verge of failure
Any open source development can be very easily copied and changed, but the community is very likely not to appreciate the next cryptocurrency “clone”, since it does not carry any value or uniqueness. The founder of the stable cryptocurrency platform STASIS, Grigory Klumov, spoke about this.
“If you copy the code, it will just be a copied product, which has no value for building a new community - it has no motivation for people to join you,” the expert notes.
Klumov added that today companies create their own advanced blockchains, but spend tens of millions of dollars to bring them to the market and attract users. He cited Flow, Graph, Near and Avalanche as examples. According to him, now the world of cryptocurrencies is experiencing the greatest competition in the entire history of its existence, which can be compared with the “dot-com bubble” in 2000.
What is a farm?
A Bitcoin farm is a special equipment – Asic, which mines Bitcoins.
In simple words, ASICs are very powerful video cards that are made in China. They look like this:
The price for one ASIC can reach several hundred thousand rubles.
Why is the Bitcoin farm called this way? In fact, everything is very simple: a person who wants to start mining Bitcoin buys several ASICs, places them, and sets them up. ASICs placed together are simply called a farm.
If a person has only 1 ASIC, it will not be called a farm, since a farm is several ASICs installed in one place at once.
Designation and purpose of VTS-e codes
The internal currency of the exchange is a kind of virtual monetary unit, the BTS-e code, which can be exchanged, purchased, and used in the process of currency speculation. Outwardly, it looks like a long combination of randomly selected symbols: BTCE-USD-KSSWСY8OU-V6S2Y55T-VХ9RNRTV-AOZO5HRE-T410КKPR. It encrypts the amount and equivalent of the currency specified by the user upon purchase. If you need, for example, to transfer funds to another user, but the sender does not know his account, you can easily cope with this task using codes. They will also help to get out of a situation where an exchange user must urgently transfer Bitcoins to another participant, but does not have the opportunity to wait for a long time for confirmation.
In general, the BTC-e code is a very mobile and reliable financial instrument from the cryptocurrency exchange of the same name, designed to provide a secure trading mode and carry out successful currency speculation.
What does Bitcoin look like?
Since Bitcoin exists only on the Internet, it cannot be touched or seen. Each coin is represented as a hash function. The totality of data about each coin is stored in an electronic file in a Bitcoin wallet. This file can be downloaded to your computer or it will be stored on the server of the service where you created the virtual wallet. Access to the wallet is provided using the address - a sequence of letters and numbers. At this address you can send bitcoins from your account or receive them from other users.
What does Bitcoin look like? The photo of the coin from the CNN website, like other similar images, rather misleads ordinary people as to what a real Bitcoin looks like.
Numerous images on the Internet raise the question about Bitcoin: what does the coin look like? As we have already said, Bitcoin is not a coin or a banknote, that is, any physical embodiment of it is rather symbolic in nature. However, there are companies and individuals that issue coins from various metals that have two QR codes: an open one with an address (for transfers and transactions) and a closed one with a private key (known only to the owner and giving access to the balance and transaction history). Such coins are of interest to collectors and are essentially a way to store a crypto wallet address. You can just as well write it down on paper, it just won’t look as presentable.
The features of the btc-e platform include:
— Availability of a trading API, which opens the way for the use of third-party software when trading. Thus, many users can use ATS - automated trading systems.
— For ease of use, there are three types of chats: in Russian, English and Chinese. The presence of the Chinese language led to massive registrations from users from China. Initially, technical assistance was provided to clients through such chats, but as the number of users grew, it became impossible to keep requests, and a “ticket” system was developed, which expanded the capabilities of the resource.
— Several levels of authentication using Google authentication help to reliably protect users from hacking.
Open source everywhere
It is difficult to calculate how many times a day you use Linux, because it is this operating system that underlies the operation of most servers on the Internet. Whenever you visit Facebook, Google, Pinterest, Wikipedia and the thousands of other major sites, services that these (so different) sites provide you, you are dealing with computers that are most likely running the Linux operating system. Linux can be found much closer; Chances are you have it on hand. Let's say the operating system of Android smartphones is based on Linux. If you have a Chromebook, then you are using a Linux-based laptop. This operating system is increasingly used in televisions, thermostats, multimedia systems in airplanes, cars, etc.
Why is this interesting? Because Linux is not the product of one programmer or even a group of programmers; unlike MacOS or Windows, it was not developed by one or even a dozen corporations. Linux has thousands of contributors. As the Linux Foundation, a non-profit organization promoting open development of the operating system, reported in 2015, approximately 14,000 developers from more than 1,300 different companies contributed code snippets. In 2015 alone, 2,355 developers participated in code improvements for the first time. Thus, by extrapolation, it can be calculated that by 2017 approximately 18,000 people had contributed, and this number will grow.
In 1996, the author of The Cathedral and the Bazaar, Eric Raymond, wrote:
Who would have thought even five years ago (in 1991) that a world-class operating system could, as if by magic, be cobbled together into a single whole from fragments of the freelance work of several thousand developers scattered across the globe and connected only by the ghostly threads of the Internet?
Addresses can be created offline
Address creation can occur without an Internet connection and does not require any contact or registration on the Bitcoin network.
It is possible to create a large number of addresses offline using freely available software tools. Generating address batches is useful in several scenarios, such as online shopping websites where a unique pre-generated address is provided to each customer who selects the "pay with BTC" option.
Where can I pay?
Many countries have already legalized cryptocurrency, and many global companies have begun to accept bitcoins as payment for their goods or services.
In Russia there is no legislation yet regulating the circulation of cryptocurrency, so many companies have not yet introduced payment in cryptocurrency. But in some cities there are already places where you can pay with bitcoins. For example, in Moscow on Vavilova Street there is a coffee shop where you can buy coffee and croissants for bitcoins.
In the future, the scope of application of cryptocurrency in Russia may increase significantly and grow to the size of foreign countries.
SX
There are two alternative command line tools for working with Bitcoin transactions: pyBitcointools and . SX was created by Amir Taaki, pyBitcointools was written by Vitalik Buterin. The syntax is very similar, although there are some differences. Installing SX is relatively simple - all you need to do is download the install-sx.sh script, install a couple of libraries, and run the script. In Ubuntu, say, the sequence of commands looks like this:
wget https://sx.dyne.org/install-sx.sh sudo apt-get install git build-essential autoconf libtool libboost-all-dev pkg-config libcurl4-openssl-dev libleveldb-dev libzmq-dev libconfig++-dev libncurses5 -dev qrencode chmod +x install-sx.sh ./install-sx.sh
Once you install SX, you can do a lot of things with it. Let's say if you're just building a payment processing platform, all you need to do is download the history of an address and perhaps view its transactions in detail:
> sx history 114tTpMrJHJpNvkPZmz8KVcJoQjD5Utosd Address: 114tTpMrJHJpNvkPZmz8KVcJoQjD5Utosd output: eb84dd62287a1d85e3f31b0de869534a8f800fad559e36f779a4 5470aa4e8976:0 output_height: 277978 value: 100000 spend: 3216bc4b8294532cddab1ae2a95a336ee841be02e6246c1ad9cf1e7db788d10e:0 spend_height: 277979
Address: 114tTpMrJHJpNvkPZmz8KVcJoQjD5Utosd output: 5a45c86c5aff8200db4c7f8a91b9a3e51932510cbeb2dc173fc8611bee5aeaaf:1 output_height: 278076 value: 70000 spend: 481 7f863ace4337be7ea95476b2c73723fb83fbe0e1a6236fbf30f2a8aa14dee:0 spend_height: 278076
> sx fetch-transaction 516f0bfe2ed3703112434f645fdc7d805bba51c94c9d8f88b666f1c832eb423c
010000000142f2e85e078a214d5c61b58276da5cec01311e026355c570b650c2e66558 5011010000008a47304402203aa40adefd0dc4a3f960b230a9e1b284 d78a4b4dec9119 368fdeb006af3b6c7b022071165df64ea4502003d8b6e9c46c28b5c5c748226737b4fe1 ee8fc4269b50ee5014104a70f7c8b0a835f549f061b725b d3e06744963a07cb2f76097b afe040f939d6e6d23c6cc89e5b50aa944d26b7d1c8a1f3b8b4e6f7c2f54cf35fb46b0e4b94 42e1ffffffff02a08601000000000019 76a914ba55b9859c7356c5e5549c8a30c463e3db6 4e84488ac80054800000000001976a9145a35a4558b8a0140f4a73aaac0be891b99e37 90e88ac00000000
If you want to calculate the balance of an address, you must get its entire history (the –j switch will give you the result in an easily parsable JSON format), filter out those inputs that have already been spent, and sum the values of the rest. This will give you the total number of Satoshis at that address that can be spent (remember, 100 million Satoshis = 1 BTC). If you want to analyze the transaction in detail, copy it to a file and run:
> sx showtx filename
You can also work with secret keys and addresses:
> sx newkey > priv1 > cat priv1 5JRLqUG1FwSimZwSzNLPG1BKCENCRhDwkVveL59AEqt97bbkCD1 > cat priv1 | sx pubkey 04bfc8181cd833567e078cb03ec44034c226bf23dbb2482db53513e0fcea205c40bd6dc73db0c33296d8fa8e0bd347099e07787e17a2a40293004efdb51 2ff51e2 > cat priv1 | sx addr 1B772AGqphjSQqqeecdTBmnBdgMBPYDXt7
Well, you can make transactions. Here we use output 819171fa2eaa33fc684c800ae2ce34cff8400d4d966e995c6a2f0e970b6f703d:0 to send 90,000 satoshi to address 18qk7SqRHuS4Kf3f6dmsvqqv7iw1xy77Z6:
> sx mktx txfile.tx -i 819171fa2eaa33fc684c800ae2ce34cff8400d4d966e995c6a2f0e970b6f703d:0 -o 18qk7SqRHuS4Kf3f6dmsvqqv7iw1xy77Z6:90000 > cat tx file.tx 01000000013d706f0b970e2f6a5c996e964d0d40f8cf34cee20a804c68fc33aa2efa7191810000000000ffffffff01905f0100000000001976a9145600d581 a94f65067a09103609e919e3c01141ed88ac00000000 > sx rawscript dup hash160 [ `echo 1B772AGqphjSQqqeecdTBmnBdgMBPYDXt7 | sx decode-addr` ] equalverify checksig > raw.script > cat raw.script 76a9146ed8c762b24ba024df09cb323ea525b06da3acb788ac > echo 5JRLqUG1FwSimZwSzNLPG1BKCENCRhDwkVveL59AEqt97bbkCD1 | sx sign-input txfile.tx 0 `cat raw.script` > sig > cat sig 3044022069f05eacfe93fc6c028bd078228d7807af07c5ed7566491c709b181950d735830220788e089c63512c07239b 94740a36de724b54c076192dbd27584b5b729986420d01 > sx rawscript [ `cat sig` ] [ 04bfc8181cd833567e078cb03ec44034c226bf23dbb2482db53513e0fcea205c40 bd6dc73db0c33296d8fa8e0bd347099e07787e17a2a40293004efdb512ff51e2 ] | sx set-input txfile.tx 0 > txfile2.tx > cat txfile2.tx 01000000013d706f0b970e2f6a5c996e964d0d40f8cf34cee20a804c68fc33aa2efa719181000000008a473044022 069f05eacfe93fc6c028bd078228d7807af07c5ed7566491c709b181950d735830220788e089c63512c07239b94740a36de724b54c076192dbd27584b5b7299864 20d014104bfc8181cd833567e078cb03ec44034c226bf23dbb2482db53513e0fcea205c40bd6dc73db0c33296d8fa8e0bd347099e07787e17a2a40293004efdb51 2ff51e2ffffffff01905f0100000000001976a9145600d581a94f65067a09103609e919e3c01141ed88ac00000000 > sx broadcast-tx txfile2.tx
You can also check the validity of the transaction:
> sx validtx txfile2.tx Status: Validation of inputs failed Unconfirmed: 0
The error makes sense since the outputs I used here were already spent. Essentially, SX allows you to quickly make a custom Bitcoin client: you can select unspent outputs from your addresses and manually collect transactions. Warning: do not work with large sums at once - after all, this is real money! Until you thoroughly understand creating transactions, it is easy to accidentally leave out a zero in the transaction output number. This is a low-level system, it will not catch your mistake, and in the end you will pay a commission of 90% of the transaction, without even wanting to. Well, or practice on testnete, for starters.
