This spring, Bitmain caused a minor uproar when a developer found a “backdoor,” called Antbleed, in the firmware of Bitmain’s S9 Antminers. The backdoor could have been used by the company to track the location of its machines and shut them down remotely. While no computer purchaser would find such a vulnerability acceptable, it’s particularly troubling for Bitcoin.
The use of bitcoin by criminals has attracted the attention of financial regulators, legislative bodies, law enforcement, and the media. The FBI prepared an intelligence assessment, the SEC has issued a pointed warning about investment schemes using virtual currencies, and the U.S. Senate held a hearing on virtual currencies in November 2013. Nobel-prize winning economist Joseph Stiglitz says that bitcoin's anonymity encourages money laundering and other crimes, "If you open up a hole like bitcoin, then all the nefarious activity will go through that hole, and no government can allow that."[disputed – discuss] He's also said that if "you regulate it so you couldn’t engage in money laundering and all these other [crimes], there will be no demand for Bitcoin. By regulating the abuses, you are going to regulate it out of existence. It exists because of the abuses."[disputed – discuss]
To heighten financial privacy, a new bitcoin address can be generated for each transaction. For example, hierarchical deterministic wallets generate pseudorandom "rolling addresses" for every transaction from a single seed, while only requiring a single passphrase to be remembered to recover all corresponding private keys. Researchers at Stanford and Concordia universities have also shown that bitcoin exchanges and other entities can prove assets, liabilities, and solvency without revealing their addresses using zero-knowledge proofs. "Bulletproofs," a version of Confidential Transactions proposed by Greg Maxwell, have been tested by Professor Dan Boneh of Stanford. Other solutions such Merkelized Abstract Syntax Trees (MAST), pay-to-script-hash (P2SH) with MERKLE-BRANCH-VERIFY, and "Tail Call Execution Semantics", have also been proposed to support private smart contracts.
Exchanges, however, are a different story. Perhaps the most notable Bitcoin exchange hack was the Tokyo-based MtGox hack in 2014, where 850,000 bitcoins with a value of over $350 million suddenly disappeared from the platform. This doesn’t mean that Bitcoin itself was hacked; it just means that the exchange platform was hacked. Imagine a bank in Iowa is robbed: the USD didn’t get robbed, the bank did.
Security Risk: Bitcoin exchanges are entirely digital and, as with any virtual system, are at risk from hackers, malware and operational glitches. If a thief gains access to a Bitcoin owner's computer hard drive and steals his private encryption key, he could transfer the stolen Bitcoins to another account. (Users can prevent this only if bitcoins are stored on a computer which is not connected to the internet, or else by choosing to use a paper wallet – printing out the Bitcoin private keys and addresses, and not keeping them on a computer at all.) Hackers can also target Bitcoin exchanges, gaining access to thousands of accounts and digital wallets where bitcoins are stored. One especially notorious hacking incident took place in 2014, when Mt. Gox, a Bitcoin exchange in Japan, was forced to close down after millions of dollars worth of bitcoins were stolen.
In January 2009, the bitcoin network was created when Nakamoto mined the first block of the chain, known as the genesis block. Embedded in the coinbase of this block was the following text: "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." This note has been interpreted as both a timestamp and a comment on the instability caused by fractional-reserve banking.:18