In recent weeks, bitcoin mania has led to everyone and their mum buying in to bitcoin. This has propelled the price to record highs and made Coinbase, an app that lets you buy, sell and store bitcoin, the most-downloaded iPhone app in Apple’s US app store.
There’s one problem. The people who are buying these bitcoin have no proof they own them — and converting that bitcoin back into regular currency (sometimes called fiat currency) might be harder than they expect.
Keeping bitcoin with Coinbase or any other third party is no different to giving a briefcase full of cash to someone on a street corner because they promise to look after it. There’s no way to prove it is yours
There’s a common phrase among the bitcoin faithful — if you don’t control the private keys, it’s not your bitcoin.
Coinbase, the app that has become the most popular way to get bitcoin, doesn’t let its uses hold their own so-called private keys.
What is a private bitcoin key?
A private key is a secret, alphanumeric 256-bit long password used to send your bitcoins to another address, created randomly along with a bitcoin wallet to store the bitcoin.
The idea of a cryptographic key to prove ownership of a digital asset is not one that began with bitcoin. The Pretty Good Privacy (PGP) is an encryption program — developed in 1991 — allows the people to encode and decrypt text and is still used widely today.
Both bitcoin and PGP use a private key and a public key. Anyone can know your public key — it’s the one you give to people to send you bitcoin and can be thought of as the one where the bitcoin is stored.
This is the first bitcoin public key (thought to be created and controlled by bitcoin’s mysterious creator Satoshi Nakamoto):
Private keys follow the same format and are used to make transactions. As long as it is kept secret someone can use the same bitcoin public and private keys repeatedly and anonymously.
Why is it important to hold your private keys?
The private key must remain secret at all times because revealing it to third parties is equivalent to giving them control over the bitcoins secured by that key. The private key must also be backed up and protected from accidental loss, because if it’s lost it cannot be recovered and the funds secured by it are forever lost, too — Andreas Antonopoulos, a bitcoin advocate and investor
The State of Technology This Week
Before Coinbase and before any of today’s major bitcoin exchanges there was MT.Gox — a bitcoin exchange that at the height of its power handled over 70 percent of all bitcoin transactions.
The exchange collapsed spectacularly in early 2014 after approximately 850,000 bitcoins belonging to customers and the company were found to be missing and likely stolen — valued at more than $450m.
At the time one bitcoin was worth less than $1,000 and it’s thought the MT.Gox episode wiped some 35 percent from the bitcoin market cap.
Before it collapsed MT.Gox halted all bitcoin withdrawals, something it could do as it controlled the private key to the wallets that bitcoin was being stored with.
Any bitcoin wallet provider or exchange that doesn’t allow the user the wallet’s private key runs the same risk as MT.Gox. With the value of bitcoin far higher than when MT.Gox users lost access to their bitcoin there are far more people who want to steal it.
While many of the desktop based wallets allow you to hold the private keys, most mobile app-based wallets do not.
Richard Levin, chair of the fintch and regulation practice at the law firm Polsinelli, told Verdict:
I think another major bitcoin platform will fail, as MT.Gox did. People will lose their bitcoin and that will result in more regulation.
Bitcoin has been moving along towards traditional regulation for years. Just today it took another step towards the financial mainstream, with the launch of its first derivative contracts in Chicago.
Interest in increased bitcoin regulation has gone up along with the price. Last week, it emerged that the UK Treasury was examining whether laws against money laundering should be updated to specifically cover virtual currencies.
It is unlikely however that this regulation will result in more people controlling their own private keys — it is more likely the opposite. Banks and financial institutions such as Coinbase will only be able to guarantee the safety of investments and meet anti-money laundering requirements if they hold to the bitcoin’s private keys.
Garrick Hileman, a research fellow at the University of Cambridge, told Verdict:
A lot of people like bitcoin because it removes the need for a financial middle man. Bitcoin was invented to avoid trusting a third party. A wallet or exchange that controls the bitcoin private key is acting as a trusted third party — similar to the traditional banking system.
Many of the companies offering bitcoin services are acting in a similar way to the traditional banking system, without the stringent consumer protection that has been built up over the years.
Coinbase, for example, says in its user agreement it can “suspend, restrict, or terminate your access to any or all of the Coinbase services, and/or deactivate or cancel your Coinbase account if” it is used for gambling or pornography.
If the company chooses to enforce this or many other restrictions on accounts (viewable here) retrieving your bitcoin will become more difficult.
Meanwhile, many bitcoin wallets and exchanges are international. How easy it is to retrieve money (either fiat or bitcoin) will depend on local laws and regulations.