When it comes to digital theft, there is one aspect which is frequently misunderstood and miscommunicated.
Despite popular belief, a thief isn’t stealing an individual’s asset itself (SSN, phone number, money); rather, he or she is stealing the key to acquiring that SSN, phone number, and/or money, at least initially. The key unlocks the means by which to obtain that information.
When it comes to cryptocurrency theft, the same logic applies.
They’re Not Stealing Your Crypto, They’re Stealing Your Cryptographic Key
Whether we are talking Bitcoin, Litecoin, Ethereum, or any other virtual currency, the most important thing to remember is that they don’t physically exist. A virtual currency is nothing more than a digital ledger (think checkbook ledger or a Microsoft Excel spreadsheet) known as a blockchain. Similar to a checkbook ledger or other spreadsheet, the blockchain stores and manages an ever-growing list of addresses and the number of units of a currency there are at those specific addresses.
What you as an owner of cryptocurrency actually hold is a cryptographic key, not the unit of currency (BTC, LTC, ETC, etc.) itself, because it doesn’t actually exist. The key allows a holder to unlock the address where that unit is located. The value that attracts thieves and attackers is the open ledger itself, which you have access to with your cryptographic key.
The issue when it comes to cryptotheft is that attackers are coming after your key, and nothing more. As for the methods they use to acquire that key — well, that’s what you need to protect yourself from.
They’ve Unlocked The Door, But What’s On The Other Side?
“Only secrecy of the key provides security,” said Auguste Kerckhoffs, a 19th-century cryptographer. His fundamental principle was that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Once an attacker acquires one’s cryptographic key, however, he or she has access to everything behind the database. Kerckhoffs’s principle was reformulated by American mathematician Claude Shannon, who coined the principle the enemy knows the system.
The next stage to a theft is obtaining a platform on which to transfer the stolen cryptocurrency. Such platforms, mixers and tumblers, take the stolen coins and mix them with those of other users, creating a new transaction address. Consequently, the blockchain is unable to associate the stolen currency with the addresses from which they were taken. In other words, the blockchain is confused.
However, attackers are careful in regards to the tumblers and mixers they use in terms of delivering or accessing certain information.
Converting The Key Into Transferable Currency
Since the emergence of this new digital paradigm, many merchants are not yet sold on it. While the idea behind crypto is the decentralized market, willingness to accept cryptocurrency in lieu of other forms of payment is minimal. Thus, the need to convert one’s coin(s) to other currencies. This is done using Coinbase, Ripple, and other platforms. However, these platforms require one to provide sensitive information to open an account. Once accounts are created and the crypto converted, an attacker has completed the last stage of the theft.
But not all attackers clear up their digital footprints, and hence are still vulnerable to discovery.