Quick and fun interview by Sean O’Sullivan about how I became a venture investor.
Mese: Febbraio 2018
How I was hacked, and all my cryptocurrencies were stolen!
Because I started playing with cryptocurrencies as a hobby years ago, and for a long time they were not worth much of anything (read Some thoughts on cryptocurrencies), it did not occur to me to treat my crypto holdings more securely than other assets I owned. I assumed that by using very complex passwords, or a password manager like Dashlane, and requiring two-factor authentication with text messages sent to my cell phone, I would be safe.
Boy was I wrong! I did not realize I had a (very) weak link in my security: my cell phone provider. The hackers called T-Mobile pretending to be me. They said I had lost my cell phone and asked T-Mobile to activate another SIM with the same number. As (bad) luck would have it, I was traveling in Europe at the time. I noticed my cell phone lost connectivity, though it still worked through Wifi. I assumed it was just a roaming issue, put my phone on airplane mode (as I do every night) and went to sleep.
When I woke up, I still did not have connectivity, but it was not obvious that something was awry as many normal emails had come through the night. After a few hours, I randomly decided to check my Twitter and realized my password no longer worked. That’s when I became suspicious. I tried to login to my Gmail (which I very rarely use) and that password had also been changed. I checked my regular email address and while send and receive worked with no error, no new external emails had come in for a few hours (which is unusual as I get over 200 emails per day). I tried to login to my domain manager and no longer had access.
The hackers had been very sneaky. After they got control of my cell phone number, they sent themselves a reset password text message at my domain manager to get access to that. They left my existing Exchange mailbox intact, but created a new mailbox and switched the MX record to point to that mailbox. It took a few hours for the MX record change to propagate so I still received emails for a few hours. Also, because they did not reset the password of my Exchange email I did not get an incorrect password message that would have aroused my suspicion. Also, I kept getting internal FJ Labs emails even after the MX record change because those are also on the same Exchange server as my email.
Once the MX record change had propagated, they were able to use their control of my email and access to my cell phone (given that I required text confirmation in addition to control of my email) to reset the password for my Dropbox, Venmo, Twitter, Gmail, Coinbase, Xapo, Uphold and Bitstamp accounts. I did not see any of those reset password messages or any of the text message confirmations because they were going to the new mailbox and phone they setup. They then sent themselves all my BTC to 12LmHubDmhnLTrvPgs82MJ2FTJR68rwrfK.
At this point, it was clear that my phone an email had been compromised. I immediately called T-Mobile which confirmed that they had setup a new SIM for my number. It took a fair amount of time, but I convinced them to restore the original SIM. I then reset the password at my domain manager and noticed the MX record had been changed. They were now pointing to a mailbox hosted by my domain manager. I logged in and saw all the password resets on all my accounts.
It took hours, but I reset all the MX records and the passwords on all my accounts and replied to all the emails I had missed that had been sent to the new mailbox.
As luck would have it, for all their sophistication they stole only 0.01 BTC 🙂 I can take no credit for this, as it was sheer luck. I had fundamentally revised my crypto investment strategy the week before the hack and sold all of my direct crypto holdings. I had also reached my Venmo weekly payment limit, so they could not Venmo themselves money (and I can see they tried). They did not try to make wire transfers from my normal bank accounts, perhaps because that money would have been easier to trace and I require a few more security measures for wire transfers that are more difficult to get around.
This experience made me realize that your security is only as strong as your weakest link. Since then, I implemented several changes to my security protocols. To make any changes to my T-Mobile account by phone or in person, you now need to mention a very complex password with digits and special characters. I recommend that everyone adds a voice authorization password required to make changes to their cell phone account. It also made me realize the perils of using an email address everyone knows and a phone number everyone knows to manage my crypto holdings. The crypto accounts I now use all have email addresses dedicated to them and I use a non-US cell phone for two-factor authentication. No one has that number and I don’t use it for anything other than to authenticate access to my accounts. Also note that if you use an application like Authy for two-factor authentication (which I recommend), you should only allow it to work on one device (it’s the default setting). I like that it takes several days to reset your Authy account even if you are just putting it on a new cell phone with the same number. It adds a layer of security in case someone ends up getting a new phone on your number.
For crypto in particular, once the access to your accounts is secure you must decide whether you should leave your assets on the exchange or be your own custodian. Both come with their own risks.
- Leaving it on an exchange: Your risk here is defined by the probability that this exchange will be hacked or be subject to new regulation. If you decide to go down this path, there are certainly better options than others. I know that the Coinbase team is doing a terrific job at keeping their assets secure. This does come with the drawback of users not being able to participate in certain airdrops, or not having access to new currencies from forks immediately, but I won’t delve into that topic here.
- Being the custodian: Your risk here is defined by the likelihood of your seed phrase been stolen, or all replicas of it being permanently damaged/irrecoverable. Someone could also get the password for your given wallet and steal the hardware from you, in which case, unless you immediately get a new wallet, recover your keys from the passphrase, and transfer all of your assets out, they’ll all be soon gone. You could also lose your passphrase, as well as the password as it infamously happened to Wired writer Mark Frauenfelder in his epic tale of hacking his own wallet.
People should weigh the probability of the exchange being hacked versus the probability of their seed phrase being stolen or lost. For most people with little crypto exposure, I would recommend they leave their crypto on Coinbase as it probably has a lower probability than the risks involved in being your own custodian. In addition, it’s way more convenient to just have your assets there rather than have to deal with the hassle of custody.
If you own a lot of crypto assets, you should avoid leaving coins in exchanges to avoid the risk of those being hacked as it famously happened to Mt. Gox, Bitfinex, and YoBit not so long ago. In 2014, Mt. Gox handled 70% of all Bitcoin transactions worldwide when 850,000 bitcoins belonging to customers were stolen. They subsequently filed for bankruptcy and went out of business. It’s certainly worth your time to learn how to protect yourself against these attacks.
If you choose to go down this path, I would highly recommend you getting your own hardware wallet. The two main companies in this space are Trezor and Ledger. I’m not very familiar with Trezor but can vouch for Ledger. When you first setup your wallet, you will be prompted with a passphrase and a password, the latter being specific to that wallet. Think of the passphrase as your master password for all private-public key pairs you will use in the future. If your wallet is damaged or lost, you can recover all transactions on a new one by having this passphrase. Just as you can be the one recovering these keys, anyone else who gets access to it will be able to do so as well so make sure that you save it in a safe place. Safe means: not on a computer with internet access; not on a hard-drive that’s not encrypted; not on a paper that could be easily stolen. You should also have more than one copy in different places (all of which must have tight security since your system is just as secure as your weakest link) to protect yourself against a potential loss (hard-drive malfunction, fire, a potential robbery, and others). As you are probably thinking by now, being the custodian of your own keys is no easy job.
As a side note, while hardware wallets are certainly great products, if you are an institution or someone who might be likely the target of a personalized attack, this path might also fall short. First, when talking about redundancy and safety, this is not a binary dimension but a spectrum. You could either leave a paper with your passphrase hidden in the closet or store it in a safety box inside of a bank. On top of the steps described above, you should also seriously consider multi-signature security. At a high level, this means that you’d need multiple keys to transfer your funds (e.g. 2-of-4 policy would be mean that there are 4 keys, and you’d need at least two of them). There are already a few companies like Coinbase and Anchor that provide this kind of service.
Stay safe!
42 Questions with Fabrice Grinda of FJ Labs
I had the pleasure of being interviewed by the amazing Sean O’Sullivan about FJ Labs.
Some thoughts on Bitcoin energy consumption
By Eric Denovitzer
The rising popularity1 and price in Bitcoin has been accompanied by widespread criticism of the amount of energy used by miners of the network. Often cited by critics is the fact that it takes the daily energy consumption equivalent of 7-9 households to secure one single transaction. The energy consumption is something that we should certainly be aware of; however, we should not evaluate this issue in isolation, but rather as part of a completely new paradigm. Bitcoin established the rules for decentralized-trustless networks. Its value might not seem completely apparent if you live in a country with freedom of speech2 and no capital controls. However, this is not the reality in which many people live. For instance, the Argentine government imposed artificial currency pegs between the Peso and any foreign currency between 2011 and 2015, while the country was going through double-digit annual inflation. In other words, if you had your savings in Pesos you’d see your purchasing power decrease at a meteoric rate. Many other countries such as Venezuela or Zimbabwe are going through much worse situations now3. Bitcoin offers an alternative store of value in these cases. Because of its decentralized-trustless architecture, no public or private entity can shut it down. So, people who have never met each other, and might live in opposite ends of the world, can interact without any third-party or counterparty risk. The mechanism that makes this possible is a highly redundant architecture -the same data is stored in many computers- and having certain players on the network -the miners- consume considerable amounts of energy.
Before moving on, for those who are not familiar with the underlying protocol of the Bitcoin network, it might be useful to give a very high-level overview of how this energy is being used. Transactions in Bitcoin are grouped into blocks such that there is a new block created (‘mined’), on average, every 10 minutes. In addition to these transactions, each block contains a ‘pointer’ to the previous block, and the solution to a computational problem4 . This sequence of blocks is basically the equivalent of the accounts database that would power a bank, with which the Bitcoin network can calculate what the respective balance for each individual/address is (a ledger). The ones who are creating these blocks are the famous miners. The process of creating a block consists of two primary steps: (1) verifying that the transactions that will go into this block are valid (i.e. no one is double-spending5 , and payers have enough BTCs for their respective payments), and (2) finding the solution to the aforementioned computational problem. The latter is what is called Proof of Work (PoW). This challenge basically consists of taking a set of transactions that have not been included in any of the previous blocks, as well as the ‘pointer’ to the previous block, and then finding a number that satisfies a certain property (the ‘problem’). Finding numbers that are valid solutions to this problem is very computationally expensive -in other words, it demands a lot of energy-. When a miner finds a solution, it publishes the block to the network, and then, after proving that one block is valid, all miners will start working on creating the next one. For publishing the new block, the miner is rewarded with newly minted bitcoins, as well as fees from all the transactions the miner included in the block the miner created6 . That’s basically it. This process is repeated over and over again, and the chain will continue growing with new blocks.
Remember that the process described in the paragraph above is run in a decentralized way such that every participant keeps a copy of the valid chain. This level of replication, though inefficient in many ways when compared to centralized approaches, is what makes the network robust to failures – either accidental, or from the result of an attack – from any individual node. On the other hand, you might wonder what’s stopping someone from publishing a completely new chain in which she basically owns a massive amount of coins. The way that consensus is achieved among all the participants to choose the valid chain is by selecting the one that has the largest amount of work spent on solving the respective computational puzzles. In this way, for an attack to be successful, the malicious player would need to be able to solve these puzzles at a faster rate than that of the combined group of well-intentioned miners, such that at some point the corrupt chain becomes longer than the valid one. By having legitimate players spend a relatively large amount of energy on solving these puzzles, it makes the cost of any potential successful attack very high. By now, it should be clear that the energy used to mine bitcoins is not really wasted. It’s actually what’s keeping the network secure, and what gives the coins any potential value. Had it been easier/cheaper to forge new coins, bitcoin would have never gained any traction, and hence would be worth nothing.
Why is energy consumption increasing?
We should focus on the incentives for the people who are consuming this energy to understand why they are willing to keep increasing such consumption. As mentioned above, miners receive a number of newly minted bitcoins as well as transactions fees for each new block they create, with the majority of the payout coming from the former. The rate at which these new coins are created, currently at 12.5 BTC per block, halves every certain number of blocks. Since the price of BTC is rising at a faster pace than the rate at which mining rewards are decaying, the dollar amount awarded for mining has increased. Given that this is not a single-player game -and it should never be-, and assuming no collusion, the optimal strategy for each mining pool is to keep adding more hardware while it remains profitable. At the same time, given that the number of transactions per block is limited by the block-size (1MB) and the difficulty of the puzzles is adjusted such that it takes approximately 10 minutes to create each new block –in other words, the more hashing power, the harder the puzzles-, the increase in hashing power is not followed by an increase in transaction throughput. Hence, this leads to an increase in cost per transaction.
If we also consider ASICs -the main hardware used for mining- developers, given that the main clients are in places where electricity is incredibly cheap, their main incentive is to increase the number of hashes7 calculated per second, and not necessarily the total amount of energy consumed per second used when working at maximum capacity. It’s important to notice though, that this might not be always the case. Electricity costs might rise in the future -as these countries start developing new industries and infrastructure-, and it will be in miners/ASICs main interest to optimize this.
The comparison with traditional networks and assets
The other common point of debate is mentioning that the Bitcoin network is much more wasteful than the banking or credit card system on a transaction basis. While this is true, Bitcoin was not primarily designed to have the most cost-efficient transactions. Its main purpose is to provide a digital asset that can be exchanged without the risk of seizure or control by any private or public actor. It’s hard to put a dollar or energy value to this, but based on many examples -of which I’ve only mentioned a few-, we can see that it’s tackling a real and serious problem.
A bank transfer might be cheap from an energy point of view, but when the government decides to freeze all bank accounts8 , I doubt that efficiency would be the main concern. If you are escaping from an oppressive regime9 , you’d be able to take part or all of your assets with you, without having the physical limitation or risk of being caught from carrying them with you. All it takes is remembering your key (I know it might take some time, but it’s physically possible!), or bringing a little piece of paper with it.
It’s hard to calculate the exact numbers for the banking system, or gold mining. Mining companies are very conservative about disclosing these values, but let’s look into some metrics to gain some perspective. There are different estimates out there, but some of the most extreme ones put the Bitcoin network consumption at slightly less than 35 TWh/year10 . On the other hand, the gold mining industry consumed 131.9 TWh/year11 . On top of this, gold has a tremendous negative impact on the environment beyond just energy consumption. It consumes massive amounts of water, and the purification of gold involves very risky procedures12.
It’s also worth highlighting that while the infrastructure for these traditional networks and assets has existed for several decades/centuries, when it comes to blockchain and cryptocurrencies, we only have a few years of experience. The Bitcoin whitepaper was published in 2008, and the network went live in 2009. As an example, we can consider the case of data-centers, infrastructure that is central to networks like Google, Facebook, or the banking system. Had they continued scaling without any improvements in efficiency since its origins, they would have probably taken over a considerable percentage of the total production of energy. However, this was not the case, and they have continuously become more effective13. Assuming there will be no change in the architecture of Bitcoin itself, or off-chain solutions would imply discarding most of the evidence out there.
Moving forward
The main purpose of this article is not to say we should be satisfied with the current state of the world -we shouldn’t – or that Bitcoin will necessarily be the main cryptocurrency. However, I think it’s important to address this criticism given that, in isolation, might end up doing more harm than good. It encourages the evaluation of this new paradigm through a lens constructed from existing solutions, rather than focusing on what this new approach is truly enabling.
It’s also important to keep the maturity of this technology in perspective. Imagine discarding the value of the Internet in its early days because a voice call over the landline phone network had better quality. Since then, we have seen the infrastructure improve -we no longer have 28kpbs connections-, as well as the software that runs on top. In the case of decentralized networks, a lot of progress has been made, but it’s still early days. Projects like the Lightning Network can potentially bring the transactions costs within the Bitcoin network down considerably by only settling final balances between parties on the main chain (this is already live in Litecoin). Other networks have also been working on ways to make the process more energy efficient. Ethereum has also moved further along with potential hybrid mechanisms using Proof of Stake14, and projects with new underlying mechanisms such as Proof of Space-Time15 are beginning to take shape. Maybe in the (near) future, once we have a working alternative that enables what Bitcoin does today but more energy efficiently, we can affirm that the latter is being wasteful. Until then, we don’t really have a relevant baseline to compare it with.
- https://techcrunch.com/2017/12/07/coinbase-hits-top-spot-on-apples-us-app-store/
- https://www.livescience.com/21368-measuring-freedom-and-repression-infographic.htm
- https://www.bloomberg.com/news/articles/2017-06-15/venezuelans-are-seeking-a-haven-in-crypto-coins-as-crisis-rages
- There are actually other fields as well, but for the sake of simplicity, we’ll just focus on transactions and the pointer to the previous block. For a comprehensive description of the block structure see https://en.bitcoin.it/wiki/Block & https://en.bitcoin.it/wiki/Block_hashing_algorithm
- https://en.wikipedia.org/wiki/Double-spending
- https://en.bitcoin.it/wiki/Controlled_supply
- Within this context, think of a hash as a potential solution to the computation problem that miners need to solve. To find a solution, miners basically calculate many hashes until they find one that satisfies the required properties.
- These has happened in several occasions in developing countries.
Please see https://en.wikipedia.org/wiki/Corralito for an example. - Credit to Ari Paul for being the first on I’ve heard giving this example.
- https://digiconomist.net/bitcoin-energy-consumption
- https://www.coindesk.com/microscope-true-costs-gold-production/
- https://en.wikipedia.org/wiki/Gold_cyanidation
- https://www.theverge.com/2016/7/21/12246258/google-deepmind-ai-data-center-cooling
- https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ
- https://chia.network/