The premise is simple.
Does transacting in the crypto-currency ecosystem protect consumers against data/monetary loss?
We don’t know (at this point 🙂 ) but this is a fairly broad concept so let’s break this down a bit.
There have been a few big examples of data breaches over the past 10 years – US based , UK based . Among these – let’s take a fairly recent example to analyze this further.
Equifax data breach 143 million US domiciled users had their personal information hacked. This included SSNs, birthdates, addresses, driver’s license number, few credit card numbers & dispute agreements.
2 key vulnerabilities contributed to this in my opinion –
- Consumer’s PI being stored at a centralized location (Equifax or it’s associate’s servers) in the first place.
- Consumer’s need to provide fiat credit card numbers/bank details to vendors/merchants/service providers for a particular goods/service. The service Equifax provided was credit checks. Others like Target (which had a similar breach back in 2014) needed it for retail commerce.
Now let’s look at cryptocurrencies & their underlying blockchain technology and see if they remove these 2 vulnerabilities and/or add some new ones.
For simplicity’s sake, let’s only look at Bitcoin, Litecoin & Ether – the first 2 are most likely to be used the most for daily financial transactions. The last one or rather the underlying platform will be used the most for smart contracts in the near foreseeable future at least.
Let’s also assume these cryptocurrencies themselves are relatively comparable to fiat currencies from an economic vantage – we won’t get into further value-judgement on the current valuation of these currencies or whether their volatility ever goes down to support their medium of exchange functionality.
Let’s play along & also assume that in the near future – merchants & consumers readily use & accept any of the above cryptos.
Vulnerability #1
If consumers trade in bitcoin/litecoin/eth do they store their PI at a centralized location?
Derivative of above question –
Can the PI be hacked from there to commit financial fraud?
Yes bitcoin, litecoin & eth transactions are pseudonymous – which means just by looking at transactions one can only see the public keys & addresses, but not the real world identities of who did which transaction.
However, how did the consumers get these cryptos in the first place?
Most would have bought on a marketplace or exchange which means one would have needed to upload their KYC documents. Exchanges need this for AML. So, yes exchanges still do hold some form of PI/KYC documents which by definition then can be hacked.
Now, things get slightly interesting on the second part of the question – “can this PI be hacked to commit financial fraud or in other words is it possible for consumers to lose money directly if this PI gets hacked“?
It’s clear that KYC documents can be hacked. How about the money?
What do hackers need to steal your crypto-money? The answer would be the crypto holder’s private keys. You lose your private key, you lose your cryptos. (Period. Quantum computers make things even more interesting – but even if they come around, there would be harder & more lucrative problems for them to solve) . Some exchanges/wallets do hold their users’ private keys, so it’s fair game. However with more consumer education & better wallet protection, this risk will get significantly lesser in the coming days.
So an objective verdict would be this particular vulnerability is not really completely eliminated if consumers switch from fiat to cryptos.
Vulnerability #2
Do consumers need to provide their credit card/financial information to avail goods/service?
The answer is a resounding no. This is where the benefits of cryptos come out quite strongly. Since the bitcoin,litecoin,ethereum eco-system is decentralized & protected by cryptography, consumers can do a peer to peer transfer to a vendor/service provider’s public key (read bank account) and get services/goods in return. Transaction history on an immutable, publicly transparent blockchain removes the trust component out of the equation. However, some services like credit checks will need to be re-architected for this purpose.
There is a caveat to the above being always correct though.
Thanks to the “blockchain experts” out there – people have been led to believe that distributed/blockchain always means immutable. Nope. Not quite.
It would get slightly technical to explain the why behind this but – in general, the power/immutability lies in the consensus mechanism – the more the number of validating nodes in the network & the stronger the consensus mechanism- the safer the network in. Else, all bets are off on this one.
So an objective verdict would be this particular vulnerability is fairly mitigated if consumers switch from fiat to cryptos, provided the network strength remains strong.
Do any new vulnerabilities crop up in the crypto-world?
So far, it’s 1-0 in favor of the cryptos. So, is it all hunky-dory then for the crypto world?
Remember the DAO hack ? A hacker siphoned off close to 80mil USD due to a code vulnerability. Now, this was something very specific to Ethereum and it’s underlying smart contract platform. However, with more functionality gradually added to the bitcoin protocol, the probability of such hacks increases.
To draw an analogy, think of a house with only a door to enter/exit. Now think of a house with a glass roof, an open balcony & multiple doors & windows. Bitcoin, Litecoin with its limited scripting capabilities (so far) belong to the former camp. Ethereum virtual machines being turing complete belongs to the latter camp. More surface area exposed/functionality = increased probability of burglary/hack.
So an objective verdict would be that this particular vulnerability is a new addition to the crypto-world, hitherto unseen in a grand sustained scale in the fiat financial world.
Wannacry & other ransomware/ICO phishing can be added here for completeness sake. Bitcoin’s pseudonymity, available mixer services did help in some regard, however the public keys & the coins of the attackers are invariably tainted. Converting back to fiats goes via the exchanges where the KYCs come in. Attackers can also convert their coins to more private coins like Monero, Zcash etc. and this is where regulators will focus more in the coming years.
What’s the final verdict then?
Is it all fair & square when we move to the crypto world? This is where personal value judgements make it interesting. The strength of a chain lies in it’s weakest link. In the author’s opinions mitigation of vulnerability#2 is an immense gain, a by-product of the decentralized architecture underlying the crypto eco-system. The probability of a grand scale loss is virtually non-existent because the data is decentralized.
On the smart contract or new shared economy paradigm, no matter how strong the quality assurance is, there is always a probability of software bugs. But with more peer review solidity language is bound to get more robust in future.
So overall – the verdict in the author’s opinion is fairly clear- the crypto-universe & the underlying blockchain technology does seem to score favorably over the current centralized architecture in the long run in the context of protecting consumers from financial data loss.