One of the basic ideas behind cryptocurrencies like Bitcoin is that they provide a decentralized form of currency that ensures privacy and security. Events this week seem to point the other way, however, showing that cryptocurrencies aren't quite as decentralized as first thought and might well be a vehicle for user exploitation.
With a decentralized structure, no one group should be able to have undue influence or control over Bitcoin. That idea is now being tested as a pair of Cornell university researchers revealed that a Bitcoin mining collective called Ghash.io managed to represent 51 percent of Bitcoin mining power as of June 13. With Bitcoin, as with all cryptocurrencies, new coins are created through a computing-intensive process known as mining.
With 51 percent of mining power in the hands of a single group, the Cornell researchers see a real risk.
"Ghash is in a position to exercise complete control over which transactions appear on the blockchain and which miners reap mining rewards," the researchers wrote in a blog post. "Bitcoin is currently an expensive distributed database under the control of a single entity, albeit one whose maintenance requires constantly burning energy—worst of all worlds."
For its part, the Ghash.io mining pool has known since the beginning of the year that it would likely reach 51 percent of Bitcoin mining during the year. In a press release, the group stated it does not have any intentions to execute a 51 percent attack, as it would do serious damage to the Bitcoin community, of which it is a part.
"Our plans are to expand the bitcoin community as well as utilize the hashing power to develop a greater bitcoin economic structure," the group stated.
One of the biggest challenges for any one individual looking to mine Bitcoins today is that it is very computationally intensive and not easily done. In fact, the challenge of mining Bitcoins has led to the popularity of alternative cryptocoins, including the Dogecoin.
While mining for Dogecoin is easier than Bitcoin at this point, that hasn't stopped hackers from leveraging the power of a distributed botnet to pad their virtual wallets.
A report from Dell SecureWorks indicates that hackers installed mining malware on Synology network-attached storage (NAS) devices. The malware authors were able to assemble their own mining botnet that allegedly yielded $600,000 USD in revenue.
The Dogecoin botnet and the Ghash.io issues are both interesting in that they help raise doubts about the legitimacy of cryptocurrency. That said, "real" money like dollars (the paper kind) have the same types of risk too. Real money can also be used for crime and can also be amassed by the wealthy to exert control, so why should "virtual" money be any different?
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.