1 April 2020
Can Bitcoin be Hacked?

One of Bitcoin’s most basic criticisms is that it can be ‘hacked’, which is quite a reasonable assumption to make upon first hearing about Bitcoin due to it’s digital nature. However when looking deeper into the underlying mechanics of the Bitcoin network, it becomes clear that this isn’t just a regular database or email address that someone can simply break into. Bitcoin has been around for 11 years now and is currently operating with a market capitalization of about $120 billion at the time of writing, so there is definitely a sizable reward for anybody who is able to break into it. The fundamental question is: can Bitoin be hacked?

Hacking is defined as the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator’s original objective. The fundamental question is: can Bitoin be hacked?The simple answer is yes, but no, and also it’s not worth it. It’s okay if you are a little confused, we will dive further into this shortly.

Bitcoin’s Long History of “Hacks”

It seems that every few months there are headlines of “Bitcoin hacked again!”, or “Thousands of Bitcoins stolen!”. The fundamental mistake that media articles make is that they propose that Bitcoin itself has been hacked, when in fact it is the exchange or custodial service. This is an important distinction to make, as there is a major difference between the Bitcoin network itself and the exchanges/custodial wallets which people trust to hold their Bitcoin. For example, consider a company that holds people’s gold. If an armed group of robbers break into the company and steal the gold, is it the gold itself that has been compromised? No, it is the company that was storing the gold which has failed to keep it safe.

Exchanges and custodial wallets have been getting hacked ever since their inception, the earliest and most notable being the infamous Mt Gox exchange where around 700,000 Bitcoins were stolen in 2014. Since then there have been numerous exchange hacks where people have lost fortunes, and the media headlines have spread the doom and gloom about Bitcoin’s flawed security model as a “digital” money which is so “easily stolen”. The fact of the matter is that these companies were flawed in that they were a centralized entity which held people’s Bitcoin without proper security precautions.


With the risks of centralized exchanges in mind, the majority of Bitcoin veterans choose to store their Bitcoin in “hard wallets” or “paper wallets”. This mitigates the risk of any hacker gaining access to their funds, since they are completely offline and unreachable.

At the end of the day, it can be said with 100% certainty that Bitcoin has never been hacked.

The 51% Attack

The first of two main potential “hacks” that will be discussed is called the 51% attack. Firstly, to understand this type of attack we need to cover one of the main functional areas of the Bitcoin network: mining. Simply put, Bitcoin is secured by an ever increasing number of “miners” that do work for a reward in Bitcoin. As the amount of mining work, or “hashrate” increases, the more secure Bitcoin becomes. As we can see below, the current hashrate is roughly 6 times larger than it was in 2017 (when the Bitcoin price was at an all time high).

new Bitcoin hashrate Chart showing Bitcoin's "hashrate", or mining work. Link

This hashrate is made up of thousands of computers, or “ASICs” all around the world, which work in unison to process transactions and add “blocks” to the blockchain. All miners are incentivised to do this correctly, as any miner who cheats or doesn’t follow the rules is easily picked up and essentially thrown out of the system. By this principle, they are all incentivised to follow the rules in order to not waste energy through being a bad-actor.

The 51% attack is founded on the idea that if somebody or some nation-state can put together enough mining power (51% of that current hashrate), they can take control of the network and execute what is known as a “double spend” since they would now be able to control what transactions are put into the blockchain. A double spend is when Bitcoin is spent twice, i.e. someone could send Bitcoin in one transaction, and then in the next block they could send someone else that same Bitcoin again.

A common misconception is that a 51% attack would completely destroy Bitcoin, however in reality the honest miners could simply continue mining their original chain and disregard the new “attacker” chain. Furthermore, another problem with executing a 51% attack is that it would require millions, if not billions, of dollars worth of computing power, electricity, and infrastructure to do this. If you could amass this amount of mining power, you are simply better off joining the network and mining/earning Bitcoin honestly.

The Brute-Force Attack

The brute force attack is quite an interesting one, as it requires an understanding of how private and public keys work, and also the strength of the encryption type that Bitcoin is built on. To be able to spend your actual Bitcoin on the blockchain layer, you need access to what is called a private key. Each private key is unique to a public key, and is the only way to unlock and move the coins.


Image taken from 99bitcions.com

The brute-force attack is a type of “hack” where to unlock a Bitcoin address and move the coins you have to correctly guess the private key through trying different combinations. Simple, right? Well it turns out that there is a little more to it than that. The encryption which these keys are based on is called SHA-256. Without going too much into detail, it essentially means that there are 2256 different combinations, which is in the same ballpark as the estimated number of atoms in the known universe (roughly 1078). If your Bitcoin address and private key is produced properly (ie. including enough randomness when generating it), then it should be just as hard to guess the key as it is to guess a random atom in the universe.

256 Screenshot taken from this video.

This number is so huge that it is actually impossible for the human mind to comprehend it due to its exponential nature. To put it in context, if you have 4 billion supercomputers operating for 4 billion years trying to guess the key, you would still be orders of magnitude short of the guesses it would take. If you want to learn more about SHA-256 and how truly strong it is, then a good video is here.

No amount of supercomputers or even quantum computers can currently handle the amount of possibilities generated by this style of encryption. For the purpose of securing Bitcoin, it is quite simply beyond the capabilities of anything we could ever conceive. One thing to keep in mind is the possibility of computers becoming so advanced in the future that they would be able to compute this, however at the rate at which we advancing this is quite unlikely in the forseeable future.

So, can it be hacked?

Yes. If you either have billions of dollars to spend on mining equipment to do a 51% attack, or billions of years to wait for SHA-256 to be cracked. So...also no. At the end of the day, the sheer amount of effort and coordination to successfully carry out a “hack” on Bitcoin is not worth the reward. If anyone were able to achieve the amount of computing power to do so, they are more incentivised to join the network and do work for a reward in Bitcoin, rather than using that energy to make the network worthless and end up with nothing. It can be said that there is no real economic incentive to destroy Bitcoin, as anyone who theoretically could destroy it would be better off joining the network to earn Bitcoin honestly.

Going forward, it will become increasingly important to practice safe methods of storing Bitcoin so that the risk of exchange hacks or custodial service breaches are not a problem. Furthermore, if you don’t have any Bitcoin and would like to add some to your portfolio, websites like Binancelite.com are easy and safe to use, or you could check out The Ultimate Guide to Buying Bitcoin in Australia.

In the words of Parker Lewis- The only winning move is to play.