One doesn’t have to be a financial guru to feel all the excitement around cryptocurrency. It’s hard to ignore all the stories of amateur investors who earn millions by investing their savings in whimsically named currencies like Bitcoin, Ethereum, and DogeCoin.
All the evangelizing around “crypto” isn’t really about the currencies themselves, but “decentralized blockchains,” which is the technology that makes them possible. An impressive blend of mathematics and encryption, blockchains are essentially digital ledgers housed on the Internet that are difficult to falsify. Decentralized blockchains were invented by the creator of the Bitcoin cryptocurrency, but they are employed for all other types of crypto and other digital assets like non-fungible tokens (NFTs).
To prevent entities from forging entries to the append-only public ledger that is the official record of who owns what, we must artificially make it difficult to add to the ledger. Otherwise, anyone could, for example, claim that another person’s wallet full of cryptocurrency has sent them digital tokens, and do so without that person’s consent. This means that many people must work together to achieve a form of consensus that prevents fraudulent entries from being added to the ledger.
On the surface, the concept of a digital ledger might not sound remarkable, but in theory, blockchain opens the possibility for decentralized bookkeeping outside of corruptible and inefficient institutions like banks. However, for such a vision to be possible, crypto and blockchain technology must be able to solve some problems better – and ideally more efficiently – than an existing solution does. If we must make it hard to perform transactions, we are already at a disadvantage compared to the old ways of doing things that optimize for efficiency.
So, what problems do crypto enthusiasts promise us their technology will solve? And is crypto moving towards the utopian vision that these enthusiasts promised us?
It’s decentralized, therefore it cannot be manipulated or devalued by a central authority
Many believe that when Bitcoin was invented and launched in 2008 and 2009, it was largely in response to the 2007-2008 financial crisis when the financial misdeeds of those trading in collateralized debt obligations (CDOs) and credit default swaps (CDS) caused a global recession. In response, governments began manipulating currencies and interest rates and even offered bailouts to financial institutions to attempt to minimize the damage that was done by some very greedy bankers.
Bitcoin certainly solves many of the concerns of libertarian-minded people who think that governments should not have this level of control. It is a public ledger, so no funny business. No one can “print” more Bitcoins; there is a limited number of them that can ever be “mined,” a process involving a competition to compute the solution to arbitrary, complex mathematical puzzles. As time passes and fewer Bitcoins are available to be mined, the complexity of the puzzles increases, slowing down the creation of additional tokens.
The price we pay for uncontrollable currencies
This is where the problems begin. The cost of mining a Bitcoin is exceptionally high. The Cambridge Bitcoin Electricity Consumption Index estimates that Bitcoin is now responsible for more than half of a percent of all global electricity consumption. That’s the equivalent of 7168 Hiroshima bomb explosions per year. The impact on the climate emergency is significant for the utility gained. Since mining is part of what records a transaction, this also means that transactions are very expensive and slow compared to those in traditional financial networks.
Of course, fraud is rampant. Thefts cannot be reversed as the blockchain is immutable and no one is in control. If a transaction is committed to the distributed ledger, there is no way to undo it. The only possible compensation would be to seize the money from the thief and send the money back to the victim. Even if this were possible, jurisdiction becomes a serious problem with something imaginary that doesn’t exist in any given place.
Enabling cybercrime and evasion of international sanctions
North Korea has demonstrated a strong preference for cryptocurrency theft as their go-to type of cybercrime. A report from Chainalysis shows a state-sponsored North Korean hacking group known as Lazarus Group had stolen more than $1.75 billion USD in cryptocurrency from 2017 to 2020. A theft of more than $600 million USD in April of 2022 was also attributed to the Lazarus Group. This is estimated to make up approximately 2% of North Korea’s GDP over the last few years, and an even higher percentage of its access to liquid currency.
In recent years, ransomware crime has been compared to an epidemic, but it wouldn’t really be possible without cryptocurrency. Can you imagine holding a company to ransom from half a world away for $2 million USD without it? How would you collect the money? That is a lot of gym bags full of $100 bills that are awfully difficult to retrieve without jail time. Emsisoft estimates the total costs globally imposed by ransomware to be approaching $75 billion USD per year.
While Bitcoins are not fully anonymized, they are certainly privacy-preserving to a degree. This has made them very popular with tax evaders and ransomware criminals. By using services known as tumblers, they can launder stolen tokens, and by moving between different cryptocurrencies they can achieve a deep level of anonymity.
Smart contracts will remove the middleman
A cryptocurrency called Ethereum can execute what are called smart contracts on its blockchain. What is a smart contract? It is a type of cryptocurrency transaction that is predicated upon a set of conditions being met. This “contract” is simply a computer program that will perform some action, presumably moving cryptocurrency from one wallet to another, but only if a particular condition is met.
Sounds good: If this thing happens, then I pay you. So how do I write one of these contracts? Well, you need to learn to code, and not in a programming language that is widely known, but rather some brand-new ones created just for this purpose.
What if I am not a programmer? Don’t worry, you can just hire someone to write the contract and take their word that it does what it says. What if it doesn’t? Sorry, you agreed to it, and it cannot be undone. There is no arbiter, and no judge can “fix” this contract. You’d better bone up on your computer coding skills if you want to benefit from smart contracts.
Electronic art, collectibles can finally compensate artists fairly
This brings us to non-fungible tokens (NFTs). “Non-fungible” simply means not interchangeable for an equivalent thing – or, in other words, unique. A Bitcoin is fungible as each one has the same value as every other. The uniqueness of NFTs is being sold to represent digital art and digital trading cards, so someone can own this unique token and potentially trade it to others as one does with such things in the real world.
NFTs are typically executed as smart contracts that can contain provisions to, say, share 10% of any resale proceeds with the original artist. Sounds pretty good, right?
The problem is that this leads people to believe that buying an NFT confers ownership of the art or trading card, but it does not. The copyright remains with the creator or owner of the actual digital art, and you are simply buying a token that represents that art with a pointer (typically a link to a web server hosting the art) and a unique cryptographic identifier proving that that specific piece of digital art is the one your token represents.
To verify it is the same art you bought, everyone who wants to know whether you in fact own it needs to have a copy of the art to do a cryptographic check to see whether it matches your token. See the problem here? You just bought a web link to a set of pictures for $24 million USD that everyone else in the world has a link to and can download as well. But hey, unlike you, they don’t own the token, right?
Crypto is a solution in search of a problem, yet more and more it looks like it is the problem
Does crypto enable currencies that are truly free from interference? Mostly, yes, but the question we have to ask is “at what cost?” To be able to view crypto as a net benefit, you have to set aside the harms it causes to the environment, fraud, money laundering, cybercrime, and its inability to seek justice when fraud or disagreements arise, not to mention its complexity, the slowness of transactions, and the lack of utility for any economic purpose other than speculation.
Are smart contracts a more efficient and equitable solution than traditional contracts with lawyers, courts, and all that? Maybe, if you can write a program with no bugs and want no ability to reverse, release or litigate any unwanted outcomes.
Are NFTs the way forward for digital art ownership? I suppose tokens are quite easily compared to baseball cards or similar, but of course, you have to give the NFT baseball card to anyone who wants to know you own it and you actually don’t own it; you just own a thing that points to it. Here’s hoping the link to the image of the thing you bought an NFT of stays online!
There isn’t room here to enumerate the other frauds and scams plaguing this ecosystem, the lack of decentralization in Web3 and NFTs, the cost of transacting it, or the myriad other issues afflicting crypto. On the basis of the above alone, it is easy for me to conclude that crypto is in fact a rebel without a cause.
Chester Wisniewski is a principal research scientist at enterprise security firm Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.
Chester analyzes massive amounts of attack data to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.