Bitcoin Will Be Successfully Attacked

DISCLAIMER: At the time of writing, I own bitcoin. I don’t approve of or condone attacks on the Bitcoin network. I am not a financial advisor and this is not financial advice. Do your own research and consult with a qualified professional before investing.

TLDR

I think that the odds that Bitcoin will be successfully attacked are exceedingly high. My argument is very simple:

  • the Bitcoin core software has to continue changing indefinitely
  • each change adds a non-zero chance of catastrophic failure
  • after enough changes, the probability of an exploitable bug approaches 100%; it is now ~99.5% even under conservative assumptions

To The Moon

to the moon reddit meme

Back in 2013 someone posted an image (above) of Bitcoin’s rising price on Reddit with a title of “To the moon”. It stuck, and since then the phrase “to the moon” has become an extremely well-known idiom in the cryptocurrency community. It means, roughly, “hooray, price increases!”

Though at the time the phrase was meant to just be funny/silly, it recently struck me how oddly fitting it is.

The Bitcoin project is a whole lot like the NASA project, Apollo, that sent men to the moon.

Each attempted something novel, audacious, even crazy: a man on the moon, trustless money. Each pushed the limits of its respective science and technology. Each has had (or looks to have) important, positive political ramifications.

But they are also similar in other ways – ways that I think have important implications for the future of Bitcoin, and digital currencies generally.

Critical Decisions

When you are trying to send someone to the moon, you need to make a large number of critical decisions. Decisions like:

  • what fuel to use
  • how much oxygen to send
  • how to insulate the cabin
  • what weather to launch in
  • what trajectories to take
  • what orbit to occupy
  • what material to re-enter with
  • what computers to install
  • what programs to write

And so on. Just to give an obvious, off-the-cuff, high-level list.

All of these are critical decisions, meaning that each has the potential to sink the project. Get just one of them wrong – send too little oxygen, insufficiently insulate your cabin, cross your wiring, botch your orbitals, put a bug in your launch algorithms – and you have a catastrophic failure. The success of the mission depends on not one but on all of these things being right at the same time.

Devin Kipp, a Systems Engineer on NASA’s recent InSight mission, recently put this well:

We tested the radar by flying on a helicopter. We tested pieces of the heat shield by putting them in an arc-jet facility. We tested the parachute by testing it in a wind tunnel. And putting all that together in a very tightly controlled sequence where every single thing has to go right, we’ve never tested that, and the first time it’s going to happen is when you deliver us to Mars. [Ref]

Why does this matter?

Conjunction Rule of Probability

The Restricted Conjunction Rule of Probability says that the probability that a set of independent events a, b, c, … , n will all occur can be expressed as follows:

Pr(a & b & c & … n) = Pr(a) x Pr(b) x Pr(c) x … x Pr(n)

Thus, the probability of success of a space mission is no greater than the product of the probability of each of its critical decisions. If the probability that your wiring is correct is only 50%, then at best the probability that the entire mission will succeed is 50%. Even if you have 100% confidence that each of the other ten thousand critical decisions has been made correctly (which you won’t), the mission would still be a 50:50 operation. A coin toss.

Put another way: suppose you had 99% confidence that each of 200 critical decisions you made on a project were correct. What would be the probability that the project on the whole would be successful? Well, using the formula above:

Pr(project success) = 0.99 x 0.99 x … (repeat 197 times) … x 0.99

Or, more simply:

Pr(project success) = 0.99 200 = 0.133979675

In other words, you would still only have a 13.4% chance of success.

Bitcoin Decisions

The same holds true for Bitcoin. Decisions constantly need to be made by the core developers. Decisions about how to:

  • fix bugs
  • improve performance
  • tighten security
  • support new hardware
  • support new operating systems
  • enable scalability
  • patch existing vulnerabilities
  • update dependencies

And so on. And, insofar as each of these changes could introduce a fatal bug into the system, they each constitute a critical decision.

The success of Bitcoin, then, is likewise dependent on not one but on all of a long series of difficult decisions being right in perfect succession, and without exception.

How many difficult decisions? At the time I am writing this, Github – where bitcoin has been versioned since 2009 – lists 6,886 merged pull requests on the project. Obviously not all of these represent critical changes. Filtering out changes tagged as tests, questions, help, and docs, we’re left with 5,339.

Suppose we have 99.9% confidence that each of these 5,339 changes did not introduce a serious bug. This would be incredibly high confidence given the track record of most software developers (more on this below). Even so, by the formula above:

Pr(BTC does not contain a serious bug) = 0.999 5,339 = 0.004787862

That’s less than a 0.5% chance that BTC does not currently contain a serious bug. And that doesn’t even include the changes made before BTC was versioned on Github. Nor does it include any changes that made it onto master without merging, e.g. rebased PRs, branches that were merged without a PR, or commits directly to master. The point is: this is a conservative estimate.

Even worse: each time more changes are made, this number decreases.

This bears emphasizing, because Bitcoin cannot remain a static project: it has to continue to change in perpetuity, for as long as it exists.

The Inevitability of Change

It might not be obvious why Bitcoin has to continue to change. If it’s so risky to make changes, why couldn’t we just freeze the code at some point and halt development altogether?

Here are a few reasons.

  1. Performance. The network cannot currently handle anything close to the transaction volume needed for wide-spread use. More and more disc space is required to run a full node, which eventually will become prohibitively large. Issues like these, and others, will need to be resolved if Bitcoin is going to achieve its dream of wide-spread adoption and use.

  2. Security. New attack vectors are constantly being created. Very likely there are bugs in the core software that we just aren’t aware of. There may well be game-theoretic issues with Proof of Work that we can’t currently imagine, or vulnerabilities in the language C++ itself. Super-efficient mining chips might be developed that make a 51% attack achievable. Techniques might be invented to engineer SHA256 collisions and silently rewrite important blocks in the chain. Quantum computers might someday be able to brute force private keys from public keys.1 Etc.

  3. Change Elsewhere. Bitcoin core contains a lot of dependencies. As these dependencies themselves update (to fix bugs, improve compatibility, etc.) the core Bitcoin software will need to update as well. New operating systems will continue to be written that people will want to run nodes on. Etc.

For these reasons, the core Bitcoin software needs to be under active research and development forever. And inevitably this means research and development by fallible humans – the kind that routinely introduce bugs.

Eventually, everyone makes a mistake. Even the smartest people, even geniuses. Even when they are following best practices. Even when they are perfectly well-intentioned. Even when no one is trying to make them fail.

Probabilistic Time Bomb

This has been my argument so far:

  1. Bitcoin has to continue changing for as long as it is in existence.

  2. Each change to Bitcoin has a non-zero chance of introducing a serious bug that will be exploited.

  3. Hence, if Bitcoin is around for a long time, it is virtually certain that at some point a very serious bug will be introduced and exploited. [from 1, 2, by the Conjunction Rule of Probability]

Bitcoin is, in other words, a kind of probabilistic time bomb.

But wait: surely this can’t be right. Every system is like bitcoin in these respects: every system has to continue to change if it is going to continue working, and every change compounds its risk of failure. And yet, it doesn’t seem like these other long-running systems are blowing up all around us. So, why should we be concerned about Bitcoin?

Actually, other long-running systems absolutely are blowing up all around us. Serious bugs are deployed and exploited all the time. Just some recent examples:

Take a look at the names on that list: Google, Apple, Facebook, Twitter, Netflix, Yahoo, Ebay. These are the tech giants. They employ many of the best engineering minds in the world. They have obscene research budgets. And yet they release bug after bug after bug. For an even more complete list, see this.

And we’ve already seen serious bugs make it onto Bitcoin’s production network – bugs that could have been used to mint an unlimited supply of coins. That exploit was fortunately prevented before any bad actors discovered it. To date, we have not seen a successful exploit of the Bitcoin network (not since it has risen in value and prominence). But the point still stands: every day Bitcoin marches closer to its probabilistic destiny.


  1. From wikipedia: “As of 2018, [. . .] the most popular public-key algorithms [. . .] can be efficiently broken by a sufficiently strong hypothetical quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor’s algorithm.”