Bitcoins Make Bank Robbery Great Again
A bitcoin exchange in Hong Kong has been hit by hackers who stole $72 million worth of the cryptocurrency. Or at least, that’s what it was worth when the theft took place; once news of the hack broke, the market for bitcoins slumped, meaning that the hackers’ haul is now valued somewhat lower. The market slumped, quite understandably, because this highlighted one of bitcoin’s major vulnerabilities.
Not a software vulnerability, mind; the hackers didn’t hack bitcoin itself, but the exchange. But nonetheless, it illustrates that bitcoins are comparatively profitable to steal. Bitcoin may revolutionize finance in any number of ways, but it is retro in one way: It has made bank robbery great again.
Willie Sutton, when asked why he robbed banks, is supposed to have said, “Because that’s where the money is.” That may have made sense in the early years of the 20th century, but in this day and age, robbing banks is a spectacularly bad way to get money. For hourly return on investment, popping chicken tenders into the deep fry at Popeye’s is probably more lucrative.
Setting aside the difficult of actually robbing a bank, let's say you succeed. What are you going to do with those suitcases full of cash? Someone who paid cash for an expensive purchase in 1900 would not have attracted undue attention. But if you walk into a BMW dealership with a suitcase full of bills today, you can be sure that the sales staff will be speculating about the source of your funds. And if the police ask politely, the dealership will hand over your name, along with a nice photocopy of your driver’s license and car registration.
After stealing the money from one bank, I suppose you could deposit it into another. But depositing large sums will attract the attention of the IRS, which will want to know where you got the money. This is why criminal enterprises create rather elaborate sham cash businesses, to explain the source of their funds. Unfortunately, these businesses require quite a lot in the way of cash flow to be worth the cost of faking up an enterprise; it’s hardly worth opening a convenience store just to disguise the amount of money you might manage to seize out of a bank teller’s drawer.
But let's come back to reality for a moment. Most people who want to rob banks don't ever have to grapple with the problems that come with success. Banks have made robbery very unprofitable: the armed guards, the silent alarms, the bills with carefully noted serial numbers, the ones packed with packets of exploding dye that will render your hard-robbed cash unspendable. From a cost-benefit perspective, robbing banks is a very long run for an awfully short slide.
You might think that the answer, then, is to rob banks digitally, eschewing all the physical risks and grimy cash. This looks great in movies, where you can instantly move vast sums untraceably from bank to bank. In the real world, bank payment systems have quite elaborate cross-checking to make sure that digital money is only ever in one place at a time -- which is to say, that Citibank does not think that I have thousands of dollars available to spend, while Wells Fargo is also under the impression that that same money is in one of its accounts and available for withdrawal. That’s called the “double spending” problem, and banks solve it by verifying where they’re sending the money and who they’ve sent it to. (Bitcoin also solves this problem, through the blockchain ledger of transactions.)
The way banks verify transactions leaves a clear record of where the money was sent. That allows the bank that was robbed to call up whoever received it and say: “That money was sent illegally. Send it back.” This is what happened to the famous hack that ordered nearly a billion dollars transferred out of the central bank of Bangladesh; most of the transactions were canceled before they ever went through, and Sri Lanka obligingly sent the money back when asked. Only a fraction of the money went anywhere, and authorities seem to know exactly who ended up with it. That’s not any smarter than putting on a mask and jogging down to your local Chase branch, and hackers don't even get the benefit of a little aerobic exercise.
But bitcoin is still in the Wild West stage, when bank robbery can be quite profitable. Banks have spent more than a hundred years clamping down on theft, and if bitcoin wants to remain a viable currency, it will probably have to put similar safeguards in place. One reason that people prefer credit cards and checks to cash is that they are less likely to be robbed. The more vulnerable bitcoin is to theft, the less likely it will be to attract users who are not criminals.
It’s certainly feasible to imagine mechanisms that could be used to make these thefts unprofitable -- a virtual “exploding dye pack,” if you will, but maybe even better, because the rightful owner could “undye” the money once it was recovered. Ethereum, which has a similar architecture to bitcoin, recently considered such a mechanism after a massive theft.
The question is whether customers would accept such systems; after all, bitcoin users are people who like the idea of living in the monetary Wild West. Any attempt to enact some sort of safeguard against theft is sure to be met with a fierce outcry; Ethereum users split the community over the solution that was eventually implemented. But without new ways to deter theft, exchanges will remain vulnerable to an even bigger problem, which is flagging demand from people worried that their carefully assembled hoard might suddenly vanish into the ether.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Megan McArdle at firstname.lastname@example.org
To contact the editor responsible for this story:
Philip Gray at email@example.com