Since its birth on November 1, 2008, Bitcoin, now valued at over $700 billion, has been running for 13 years, and its vigorous growth for the past years has pushed it to stardom. For average institutions, the probability of hacker attacks and the maintenance costs rise along with the increasing volume and data. But that seems not true for Bitcoin which is decentralized with open-source code. So how does it ensure its operation security? Who maintains the Bitcoin network? Has the Bitcoin network ever run into any security problems or hacks during its long track record?
01
Well now, let’s have a look at Bitcoin’s open-source code.
After the release of the Bitcoin White Paper on November 1, 2008, Satoshi Nakamoto began to develop software to implement the rules of the Bitcoin White Paper, and in January 2009, he packaged his first block and was rewarded with 50 bitcoins. Since then, the crypto has officially appeared as a cryptocurrency, and its network has started to draw public attention. To everyone’s surprise, however, in Nakamoto’s network, the source code can be modified, as can the parameters of the initial issuance reward. Well now, you may ask, doesn’t that mean the amount of Bitcoin can be falsified? And if the parameters can be changed, does it mean inflation is breaking loose anytime?
Then, why hasn’t anyone actually edited the number? Because such effort will go in vain!
Bitcoin and its network operation are based on a consensus mechanism, and only when everyone agrees to the founding rules can its price rise. Only based on the consensus of the constant issuance of 21 million bitcoins, will miners be willing to put in the effort to mining blocks. If the rules change, a new consensus needs to be reached. If no one accepts the new rules and no one mines under the new rules, the cryptocurrency will have no value.
Now you may ask, in the history of Bitcoin, have there been any proposed changes to the rules that have reached consensus?
And in fact, there were. As Bitcoin has become more widely accepted, its block size limitation and the downside of being able to process only seven transactions per second become more evident with each passing day. In July 2017, two factions emerged to solve the problem of congestion on the Bitcoin network. One faction advocated retaining the 1M block size and adopting segregated witness, indirect expansion, and the Lightning Network to divert pressure, whereas the other advocated direct expansion of the block capacity. And as a result, the Bitcoin network followed the former approach, while the latter split off from Bitcoin to create Bitcoin Cash.
So, in theory, anyone can modify the code and rules, but in fact, if no one agrees to the changes, the modification will be illegitimate. And if the modification plan is only partially approved, the only way to continue with the scheme is to separate it from the Bitcoin network and create new chains and currencies. Therefore, although in theory, Bitcoin issuance parameters can be modified, no one can actually modify them.
02
Then, let’s discuss, has the Bitcoin network ever run into any security problems? And as there is no central control of Bitcoin, who maintains the security of its network?
While there is no central control of the Bitcoin network, its network security, code bug fixes, and updates are maintained by the Core development team. The Core development team is not a traditional centralized company but a non-profit organization composed of core developers and a Bitcoin-development community with many short-term contributors. There have actually been security vulnerabilities in the Bitcoin network, especially in the early days, but they were all fixed by this organization.
For example, Bitcoin suffered the most severe bug in the value overflow incident on August 15, 2010, when a developer discovered a Bitcoin block contained two transactions totaling 184.4 billion bitcoins, which had escaped the scrutiny of the original system. This staggering bug almost destroyed Bitcoin, as its total supply was only 21 million at the time. The extra 184.4 billion bitcoins out of nowhere smashed the trust foundation for Bitcoin. Should this bug remain unfixed, the value of Bitcoin would completely evaporate right away.
After the public disclosure of the bug, Core developers took immediate action. They erased the 184.4 billion transaction records, released Bitcoin 0.3.1, and fixed the bug through soft forking within just 5 hours. The updated rule has eliminated all value overflow incidents for good. Since then, we have seen some minor Bitcoin bugs, but they have all been fixed.
What makes Bitcoin capable of fixing bugs so quickly?
Apart from the quick spotting and fixing of bugs by the Core developers, another reason is the network’s space for repairs provided by the token’s rule of data confirmation, which is the Longest Chain Rule. That is, a node can get rewards only when its work is recognized by other nodes. The more recognition a node receives for its work, the longer a chain it will generate, and the more rewards there will be from mining on that chain. On the contrary, with less recognition, the chain gets shorter and the rewards decrease.
Bitcoin’s fix of bugs is a process where good chains grow into long chains with increasing recognition, and bad chains get cut into short chains and become discarded. Therefore, though the Bitcoin network code is open source, operation security is not a concern. It makes little difference as to who will change the rules or code because the key lies in recognition.
03
Here comes another question. Does the adoption of the Longest Chain Rule lay Bitcoin prone to a 51% attack? Can someone just fire attacks against the Bitcoin network and even destroy it as long as he has 51% hashrates?
Now let’s figure out what is a 51% attack. Imagine everyone mines on the same chain at the beginning. But when someone has more than 51% hashrates, he can start a new chain that will outpace the original one. Based on the Longest Chain Rule, the new chain will replace the old one to be the main chain, and all transaction records on the old chain will be invalid as a result.
How come this is an attack?
After spending all of their coins and having the expenses recorded on the old chain, individuals with 51% hashrates will restart mining on the new chain (the new chain does not have the record of the coins spent). The length of the new chain will exceed that of the old one, which will become invalid, and so do the expenses recorded in it. That means the coins spent are still there. This is the well-known “double spending attack”. Imagine the situation where others can repeatedly spend their coins, while your own coins always come and go. Will you stick to this cryptocurrency? Absolutely not.
Therefore, once a double-spending attack happens, the credibility of the cryptocurrency will be greatly impaired. And if there is an attack that cannot be prevented, it will be the end of the currency because it is not safe at all. Did Bitcoin suffer such a scary 51% attack anyway?
The answer is no. Why?
Bitcoin has developed into a behemoth. It will cost much to obtain 51% hashrates, while the gains will not be proportionate for an attack. Even if someone has 51% hashrates to launch an attack, he can only do two more things: 1) modify his own transaction records, such as double payment; 2) prevent the confirmation of part or all transactions. By doing so, he can neither generate Bitcoin out of nowhere, nor can he modify the number of bitcoins generated in each block. It will be a bad bargain anyway.
In addition, Bitcoin has a second layer of protection — full nodes.
That means even if there are malicious hashrates, it will be difficult to destroy the Bitcoin network. Once the Bitcoin network has rebellious hashrates that attempt to change the Bitcoin consensus, the Bitcoin network composed of full nodes can reject these transactions. Therefore, Bitcoin is almost immune from a 51% attack. The larger the Bitcoin network grows, the less likely the attack will happen.
In addition, Bitcoin is also faced with vulnerabilities such as malicious node stealing assets from the Lightning Network and Dos attacks. In the version update in 2019, the Lightning Network released a fraud punishment mechanism using the RSMC protocol to fix the vulnerabilities. Once a hacker is found to steal funds on the Lightning Network, he will lose not only the stolen funds but also all the funds in the relevant channels.
04
To sum up, what keeps the Bitcoin network stable for such a long time is neither the network itself, which is not perfect after all, nor the immunity from hacks, but its consensus mechanism, the Longest Chain Rule, full nodes, and the Bitcoin Core open source that supports the implementation of the Bitcoin network. These altogether have encouraged many developers to voluntarily repair the vulnerabilities to make the Bitcoin network self-healing and resistant to attacks.
