John McAfee warned the cryptocurrency industry must “take security” seriously or potentially face a “nightmare” scenario.
“Cryptocurrencies are here to stay. They will not go away,” the cyber-security expert said during a talk at the Blockchain: Money event in London this week. “It is Pandora’s box for good, or ill, you will not shut this back in the box.”
McAfee called out the industry for not doing enough with regards to security, and the potential consequences if this continues.
“I see that it will become, if not Bitcoin, it will be some alt-currency, that will become the standard for the world. In its current state, we will have chaos, absolute chaos.”
“Not because we don't understand it, or we cannot understand the math, or it's not adopted properly. No, because there is no security whatsoever.”
He called the hacks of Bitcoin exchange Mt. Gox and the Dao fraud - which involved hundreds of millions of dollars’ worth of cryptocurrencies – “trivial” compared to what could happen in the future, and outlined two potential scenarios.
“What we have not seen yet - and that does not mean it has not happened - is we have not seen the individual users' wallets hacked,” McAfee said.
Referencing the inherent vulnerabilities of mobile phones – he called them “insecure devices designed to spy on you so that people can sell you shit” – McAfee warned that the high number of phones with spyware such as keyloggers and screen captures meant mobile Bitcoin wallets were dangerous as hackers could steal your seed keys without difficulty, and people should switch to hardware wallets instead.
“I promise you this: there will come one day where, simultaneously, everybody's wallets are emptied.”
From DDoS to mining
McAfee said he had re-written all of the Bitcoin mining software at his own facilities, “because what is out there now, I promise you, is the most insecure piece of software I have ever seen.”
“Bitcoin miners, you think perhaps you are immune to hacking because you are miner? No, absolutely not.”
Tying his talk in with recent events, he also warned how the IoT vulnerabilities and the recent Mirai DDoS attacks could be used to skew the cryptocurrency market.
“Half of America's internet simply disappeared. Do you know who hacked it?” he said. “A collection of printers, CCTV cameras, refrigerators, and routers.”
“My biggest fear right now is not that someone is going to hack into a mining company or an exchange or whatever and take a few hundred million. My biggest fear is that the people who created this software, called Mirai, say, “I’m not interested in that [DDoS attacks], I’m interested in mining bitcoins.”
Although hacking all these devices would be illegal, any Bitcoins gained would be hard to dispute, since Bitcoin’s Proof of Work doesn’t discriminate about how or where the problem solving is done.
“Mirai infects at a rate of about 50,000 new devices per day. I could own the Bitcoin world by sitting back in my room, paying no money, spend about a week recoding the Mirai bot and have everybody mining bitcoins for me.”
“What's that going to do? It's going to change the economy, isn't it?”
Taking security seriously vs nightmares
“This is not pie in the sky paranoid thinking,” the one-time Libertarian presidential runner told the crowd. “This is what all of you are going to have to be doing, otherwise you are opening yourselves up to a nightmare.”
He referenced the fall of infidelity-dating site, Ashley Madison, as an example of the cost of security failure.
“A $3 billion a year company is no longer here, you don't want to be that. You don't to wake up some morning, the world is fine and your margins are high and everybody's rolling in dough, and suddenly your company is gone. So is your reputation. And it has shaken, not just your company and reputation, but the entire Bitcoin community.”
“You have to take security seriously. You have to. It has to be the very first thing you think about, because we're living in a dangerous world.”
PREVIOUS ARTICLE«Oracle and NetSuite deal set fair to make waves in ERP
NEXT ARTICLEHas the US Election dampened technology lobbying?»
Adrian Schofield sheds light on tech in South Africa
Mark Chillingworth on IT leadership