BUSINESS

Heartbleed Security Flaw Won't Faze Bitcoin's Boosters

04/14/2014 04:23 EDT | Updated 04/14/2014 05:59 EDT
BTC Keychain via Flickr

“In cryptography we trust” was the slogan plastered on signs and t-shirts at the first Bitcoin Expo held in downtown Toronto this past weekend as hundreds of the most dedicated Bitcoin enthusiasts gathered to discuss the virtual cash.

But in this era of cyber insecurity, it’s getting increasingly difficult to convince anyone outside of this hardcore group to believe in that motto.

The latest cyber security threat to raise alarm in the Bitcoin community is the Heartbleed secure server vulnerability, which could have damaging effects on the online-only currency, its users and its reputation.

It’s already been a bad couple of months for Bitcoin. The currency has been hammered in the press and on global exchanges in recent months, amid reports that some of the world’s largest exchanges had been hacked, and the subsequent bankruptcy of Japanese exchange giant Mt.Gox. More recently, a much smaller Alberta-based site called FlexCoin shut down after thieves stole some $600,000 worth of bitcoins from their servers.

Now, there’s Heartbleed, the flaw in the OpenSSL protocol (which is supposed to ensure privacy and security) that Canada Revenue Agency blamed for the theft of 900 social insurance numbers Monday.

The Bitcoin Foundation said Friday that the version of OpenSSL used in a widely-used software, Bitcoin Core, is susceptible to the Heartbleed bug.

The security bug is one of the most significant things to happen to the internet in the past decade, cyber security expert Michael Perklin said during a panel at the conference.

The flaw means private accounts can be compromised without users’ knowledge, and that could have devastating effects for the bitcoin industry as all transactions are done online. Perklin warned companies to take steps to regenerate all privacy keys ever used in order to avoid becoming the subject of the next security breach headline.

But he believes most companies in the bitcoin world have been extremely diligent about addressing the internet-wide flaw in the immediate wake of its discovery.

“Pretty much every single bitcoin-related website has already patched themselves,” he said in an interview.

“The bitcoin community is so close-knit and so passionate about this technology that we’re always in constant communication with each other.”

But if the reputation of virtual currency has been irreparably damaged by security concerns, it did not affect the mood among hardcore fans gathered to swap intelligence on the most Bitcoin-friendly jurisdictions or even to purchase a piece of abstract art honouring its mysterious founder, Satoshi Nakamoto.

Hardcore fans believe digital currencies are the future of banking because they are not tied to any one central bank, giving users a degree of never-before-seen independence. Bitcoin’s bad security rap is misconstrued, they say. The recent reports of hacking, security flaws and theft are not issues with the currency itself, but the security of independent companies that operate in the emerging virtual economy.

“I think the security issues are with third parties and not with Bitcoin itself. Bitcoin is extremely secure,” said Anthony Di Iorio, executive director of the Bitcoin Alliance of Canada.

“It’s just people hear it in the media and they start associating Bitcoin with security issues.”

Users can protect themselves by holding on to their own bitcoins rather than relying on third parties like exchanges, he said.

“It’s so new right now and the third parties are going to have to be more transparent about their security and have to be more open and do a better job.”

Perklin used the analogy of a purse with holes in it that allows your loonies to fall out to explain the difference.

“You wouldn’t blame the Canadian dollar because you lost Canadian dollars out of your purse, the blame should actually be with the purse itself.

“Bitcoin itself hasn’t been affected by any of these vulnerabilities, however websites that are using bitcoin technology, they are the ones who didn’t employ the correct security, so it’s not so much that it affected bitcoin, it’s that it affected these people.”

Sill, security and regulatory concerns that have weighed down the worth of virtual currencies were front and centre at the Bitcoin Expo, the weekend-long gathering of virtual coin enthusiasts from around the world.

Bitcoin experts acknowledge that regulation — addressing both anti-criminal activity and pro-consumer protection — is something that must be addressed in order for the currency to become more widely accepted.

“I think for Canadians, the bad publicity is keeping them away and they don’t understand that it is a phenomenal technology, it really is revolutionary,” said Bitcoin legal expert Christine Duhaime.

“But for some reason there’s no group out there doing a good job of PR.”

While governments are taking steps on the anti-money laundering and anti-terrorism front, the consumer protection issue receives less attention but is actually more of a concern for average Canadians, she said.

The Conservative government called out Bitcoin by name in the 2014 budget, vowing to “introduce anti-money laundering and anti-terrorist financing regulations for virtual currencies, such as bitcoin.”

But consumer protection is a provincial matter and no province aside from Quebec has considered looking at Bitcoin.

“The problem is consumers don’t really know what they’re doing when they buy bitcoin, they have no clue, so they’re putting lots of money into it and realizing that in fact where they’re putting their money, it’s hackable, stealable.”

The matter protecting consumers against themselves, such as in the case of lost passwords, is an issue that receives even less attention she said, adding that consumers get one chance to learn a password and if they lose it, they lose all their money.

“I don’t think we have enough of a dialogue to explain to consumers, from just the consumer protection side, what this is and no one is thinking about regulating that,” she said.

“As a Bitcoin community I think we should be educating people more on how to do a transaction and what the risks are.”

The good news for Bitcoin enthusiasts is that progress is being made in Canada and around the world, with government officials finally taking interest in digital currencies. That could help them gain wider acceptance, said Di Iorio.

Last week, the Canadian Senate heard from Bitcoin Automated Teller Machine company BitAccess, which gave a presentation about the cryptocurrency and a demonstration on how its machines work.

The Bitcoin Alliance of Canada has met several times with the Ontario Securities Commissioner to discuss regulations at the provincial level and expects more interaction with governments in the near future.

“It’s something that we’re going to have to deal with over the next year and I’m hoping that they’re going to balance any regulatory actions they take,” he said.

Di Iorio shares concerns within the Bitcoin community that over-regulation could kill the very aspects of the digital currency that make it appealing — the anonymity, autonomy and freedom from government intervention.

Also on HuffPost

Secret Messages Encoded In U.S. Currency