September 2013. I participated in virtual cryptocurrency conference, and I made the following prediction: Governments are less than a decade away from developing forensic cryptography capabilities that paired with forensic accounting will destroy security – one of the pillars of utility that gives cryptocurrency its value – in Bitcoin and other cryptocurrencies.
Fast forward to June 2021. The United States Department of Justice did exactly that. In a story that has flown under the major news headlines, a group of hackers called DarkSide targeted Colonial Pipeline – a fossil fuel pipeline company responsible for supplying most of the gas to the United States’ East Coast. Through the use of ransomware – a computer virus that locks your computer systems and forces you to pay the hacker’s demands or lose everything on that system, DarkSide wrangled a sum of $90 million from Colonial Pipeline in an act that some called terrorism. In a pyrrhic victory to say the least, the Department of Justice seized $2.3 million of the $90 million by virtue of a search warrant.
The seizure sent shockwaves through the cryptocurrency markets. After all, Bitcoin and its contemporaries are supposed to be anonymous, secure, and fast, thus enabling people to escape the long arm of the law. Those who espouse this naive view ignore a fundamental truth about cryptocurrencies.
They are only as anonymous, secure, and fast as their users make them.
Blockchain cryptocurrencies function on a ledger of interconnecting numbers and letters. In that ledger, certain numbers represent accounts or “wallets” where cryptocurrency is stored for various users. The nature of a universal public ledger means that a sophisticated forensic accountant using forensic cryptography can easily see the movement of cryptocurrency through the blockchain and where it is at a given time. That accountant can identify where a transaction originated and where the cryptocurrency goes.
The FBI and the Department of Justice did just that in the DarkSide case. Their seizure warrant reads like a summary of the forensic process, bearing out everything that I foresaw in 2013. The FBI and the Department of Justice then seized on Bitcoin’s Achilles heel – the same vulnerability that every blockchain cryptocurrency has. They somehow obtained the private key to the wallet where the extorted Bitcoin was being held.
The private key is a string of numbers that provides ultimate control over a wallet. You cannot do anything with assets being held in that wallet without the private key. Most average users of Bitcoin do not know what their private key is. Cryptocurrency exchanges usually hold that key for the users’ own protection. If you hold the private key, you hold absolute control over the assets in the wallet.
Thus, for users who own cryptocurrency housed in exchanges with U.S. based exchanges or exchanges operating in cooperation with the U.S. government, they have no security against government interference in their wallets. As the Department of Justice did here, all it needs to do is get a search and seizure warrant to obtain the private key or to use it. It follows that the government may not find out who a user ultimately is, but it can destroy the utility of the system for them by rendering it so unreliable as to be prohibitive.
I have long given the following answer to people questioning where the real value of cryptocurrency lies: “utility based on anonymity, security, and speed.” I describe it as an ill-balanced three-legged stool. If one pillar falls, the other two will likely fall with it. The Department of Justice just sent a clear message that the security pillar is not as sound as people would like to think.
Where does this leave cryptocurrency? At the 2019 Federalist Society Student symposium, I described a framework of cryptocurrency users from the audience in the form of a question/comment. There are three types of users: the institutional, the sophisticated, and the average Joe.
The institutional users and the sophisticated users will not care much about the Department of Justice’s bust from a logistical standpoint. Their investments, and thus their fortunes, however, are dependent on the reaction of the average Joe users because there are a whole lot more of them than institutional and sophisticated users.
Here’s a bit of blunt honesty. The average Joe user is an emotionally unstable idiot who dumps cryptocurrency like a high school girl dumps “boyfriends.” The average Joe does not understand that there are ways to use cryptocurrency to prevent busts like the DarkSide bust. He is too lazy to learn them. When something bad happens, the average Joe doesn’t assess whether human error caused the problem. He blames the system and sells off, tanking the market for everyone.
The DarkSide bust shatters a virtual fantasy that a good portion of cryptocurrency users have been living in. Practically speaking, it means nothing disastrous for the sophisticated users. There are ways to guard against DarkSide busts. If you’re worried, learn them. Otherwise, wake up to the reality of treating cryptocurrency like a traditional financial instrument.