A cryptocurrency primer for security professionals | #itsecurity | #infosec | #education | #technology | #infosec


It is hard to spend any time online without hearing about cryptocurrency and the people it is supposedly making rich. Enthusiasts often believe cryptocurrencies are destined to completely replace traditional physical money, credit cards and traditional banking systems. On the other side, some notable skeptics believe cryptocurrencies are an overhyped Ponzi scheme guaranteed to bankrupt the last people holding it. The future of cryptocurrencies is unlikely to be extreme.

What is a cryptocurrency, how does it differ from Bitcoin and blockchain and is it going to be something that most people use? This article will cover all those questions and more.

What Is Cryptocurrency?

There are many different definitions of cryptocurrency. The simple description you hear most often is that it is digital, online money, or something like that. Some financial analysts call it a new asset class (similar to stocks, bonds, debt, commodities, precious metals, etc.) which opens up new types of investments and applications. It is that as well. Some observers liken it to cash, as a financial medium involved in the transfer of value in online transactions. Others liken it to gold, better as a storage of value than used in individual transactions. All of these definitions are correct.

Technically, cryptocurrency is an agreed-upon digital measure of value that uses cryptographic algorithms to create, compute, store, transact and protect that value. There was other “online money” before cryptocurrencies came into existence, but cryptocurrencies have features and protections that other earlier predecessors did not. Those new features include:

  • Cryptographic creation and protection
  • Decentralized control
  • Decentralized, distributed, publicly viewable, ledger
  • Privacy

 Cryptocurrencies use cryptographic ciphers, hashes and digital signatures to create, protect and use. Cryptography makes it harder for specific types of misuse and crimes to occur, especially without detection. Unfortunately, cryptocurrencies are still often stolen and misused in ways the cryptography cannot protect.

Although many people have yet to buy or use cryptocurrencies, many millions of people use them. There are hundreds of varieties representing over a trillion dollars of value. Bitcoin, the most popular cryptocurrency by far, has a market cap, as of this writing, of over $817B (see www.bitcoin.info for the latest, up-to-date, value). You can see the names, values, and trading volumes of over 1,000 different cryptocurrencies here: https://cryptoreport.com/.

Anyone can create and distribute a cryptocurrency, unlike traditional money, where a particular government, say the United States government, controls the creation and flow. Even though anyone can create a new cryptocurrency, getting others to see it as a valid holder of value, and to buy, sell, use and trade it, is a lot more difficult. Many people hoping to become newly minted cryptocurrency billionaires struggle with this dilemma. Most newly created cryptocurrencies languish and fade away without ever becoming valuable, although many dozens of cryptocurrencies are valued at over a billion dollars according to their ledgers.

Online entities, known as exchanges, allow participants to buy, sell and hold cryptocurrencies. Participants can transfer regular currency into an exchange to buy cryptocurrency and exchange existing cryptocurrency into other cryptocurrencies or pull it out as traditional money. The exchange charges a fee for each transaction and controls when transactions can be conducted. Although cryptocurrency advocates often tout that cryptocurrencies can conduct low-cost transactions, especially as compared to the traditional banking system, cryptocurrency transaction fees are often many times higher, percentage-wise, than traditional money transactions.

Cryptocurrencies can only be used or transacted with participating vendors. The list of vendors who accept various cryptocurrencies changes every day, but vendor lists for the most popular cryptocurrencies often include well-known companies such as Microsoft and Tesla. Although many vendors immediately convert any received into traditional cash to avoid the wild valuation fluctuations which are inherent with many cryptocurrencies. Currently, many countries proactively accept cryptocurrencies (such as El Salvador and the Netherlands) and others prohibit one or more cryptocurrencies (such as in China). Most countries are still trying to figure out how to treat cryptocurrencies, although many are looking at additional regulations to cut down on crime. Most cryptocurrency transactions are between existing cryptocurrency holders for investment purposes and are not used to conduct transactions for goods or services.


The history of cryptocurrencies is closely intertwined with Bitcoin and blockchain. The concept of a cryptographically supported online currency was proposed in a few research papers and by a few people for years before it became a reality. In January 2009, an anonymous person or group, calling themselves Satoshi Nakamoto, created the first cryptocurrency, Bitcoin. Satoshi released a white paper detailing how Bitcoin was created, how more could be created (called mining) and how it was tracked. Satoshi also released a software program that could be used to create and transact in Bitcoin, along with the identifying information related to the first bitcoin transaction. Wikipedia has a great primer on Bitcoin (https://en.wikipedia.org/wiki/Bitcoin) and Satoshi (https://en.wikipedia.org/wiki/Satoshi_Nakamoto) if you want more details.

There have been many attempts to identify the person or persons claiming to be Satoshi, with many people claiming they are or are not Satoshi. To date, Satoshi’s identity has never been conclusively confirmed. Bitcoin has so far remained the most popular and valuable cryptocurrency to date, although a handful of others (e.g., Ethereum, Tether, Dogecoin, Ripple, etc.) are in a higher echelon, with vastly more popularity, value and use than the hundreds of others below them.


Bitcoin also introduced a tracking mechanism known as a blockchain. A blockchain is electronic, distributed, decentralized ledger (i.e., database or list of records) for tracking and verifying individual or collections of transactions. Transactions are validated using a cryptographic hash, which is an algorithm that represents and verifies unique content with a unique value (called a hash or hash result).

Each individual transaction tracked may be stored in a separate transaction “block,” or multiple transactions may be summarized or stored together within a single block. The number of transactions stored per block and what a transaction represents depends on the implementation. An individual block contains the transaction information (it can be any information as defined by the application, including just a hash of the required transaction information) and at least one cryptographic hash result, along with any other required information. The figure below crudely represents a common blockchain format.

Once a block is recorded and it’s hash stored in the next block, which is then itself hashed, it becomes increasingly difficult for anyone to make a change without causing the hash, and all subsequent hashes since, to be changed. An attacker would need to somehow update the hash of the impacted original transaction and all hashes and blocks since their targeted block. This is possible in some rare scenarios, but it becomes increasingly beyond difficult as the number of subsequent blocks, participants and transactions increases. Because of the inherent cryptographic protection provided by blockchains, most cryptocurrencies use one, although what cryptography they use and how they work often differ.

Any cryptocurrency participant can download all, or part, of the blockchain, to participate in or to view existing transactions. For example, to be directly involved with Bitcoin, a participant downloads a supporting Bitcoin client software program and downloads all or part of the Bitcoin blockchain. A participant can also participate indirectly by working with an exchange or some other entity that directly hosts the Bitcoin peer-to-peer network.

The blockchain is proving to be a revolutionary tracking tool and is being used in transaction scenarios that have nothing to do with cryptocurrencies. Many people believe that the concept and use of blockchains will become more important to society than cryptocurrencies, although both are impactful in their own right.


The cryptocurrency value of each participant is often stored in one or more electronic vaults or wallets.

A wallet is simply a program or mechanism that stores the participant’s unique identity (usually represented by the participant’s private asymmetric cryptographic key) along with cryptocurrency value and other related information. The wallet can be stored on an online computer or device or be stored, for increased security, offline, disconnected from the Internet. Online wallets are convenient for participants who want to quickly make cryptocurrency transactions, but if viewed or copied by an unauthorized party, can lead to the theft of the wallet (and the value it represents). Offline wallets are more difficult for an intruder to compromise but take additional steps to use for the legitimate participant. Most wallets are also protected by passwords or multifactor authentication, the latter of which has proven to be less protective than the participants were led to believe.

Cryptocurrency Benefits and Disadvantages Summary

There are many emotional arguments for the advantages and disadvantages of cryptocurrencies. Here are some of the supposed benefits and disadvantages of a cryptocurrency in summary form.


  • Anyone can create and use a cryptocurrency
  • Can be used anonymously and used to conduct anonymous transactions
  • Due to the blockchain, can be used to perfectly track a transaction flow between involved participants (by wallet identity)
  • Difficult to maliciously modify blockchain transaction ledger at a later date
  • Not normally under central control of one government or organization
  • Transaction fees can be nominal
  • Can be used to conduct new types of transactions and applications
  • Can be used to do “smart contracts,” which allow complex transactions with any moving parts and participants to be conducted much quicker and more securely
  • Not heavily regulated


  • Not very mature, not in existence for a long number of years
  • Not backed by the full faith and force of a government or law enforcement
  • Not heavily regulated
  • Widespread cybertheft (on a percentage-wise basis), and it can be more difficult to recover stolen value
  • Often used in illegal transactions
  • Not recognized by many countries and not accepted by most businesses
  • Many have large daily value swings
  • May have large daily value swings due to single celebrity participant’s random statements or actions
  • Many exchanges have evaporated taking all the user’s deposits
  • Many online scams
  • Many versions create environmental concerns due to energy or storage requirements
  • May be treated as an asset instead of currency for taxable or accounting purposes (which could be negative)
  • With most cryptocurrencies, large percentages are often owned by a small number of people or entities, which means their handling can drastically impact value
  • Sometimes a lack of transparency and accountability
  • Often large transaction costs, despite being touted as having low transaction costs

Many enthusiasts on both sides may disagree with these examples and make good arguments in their favor for removal or inclusion as a benefit or disadvantage, but in general, these are the most often touted advantages and disadvantages.

Summary Advice

Cryptocurrencies are cryptographically protected stores of value that can be used by participants to conduct trades and transactions. There are hundreds of cryptocurrencies worth collectively over a trillion dollars (as of the time of this writing). Many people routinely buy, sell and transact using cryptocurrencies. However, due to their evolving maturity and lack of agreed-upon government or law enforcement support, they are seen as a higher-risk asset by most financial observers. If you want to get involved with cryptocurrencies, the best advice is to proceed cautiously and never involve more value than you are willing to lose.

Cryptocurrencies have made many people “cryptocurrency billionaires,” and many people have made lots of money by using and investing in cryptocurrencies, but there are also many losers and people who have lost all value (which is the case with any high-risk asset). If you decide to get involved with cryptocurrencies, you can lower risk by using highly respected cryptocurrencies and exchanges with longer industry lives. Avoid newer entities, especially where not best protected by law.

With that said, cryptocurrencies are likely to evolve, mature and remain a part of our lives in the future. Cryptocurrencies could remain, as it is today, a value vehicle used by a minority of people and organizations or become something used by the majority of people. We do not yet know which way it will go and there will likely be many major beneficial and disadvantageous twists in the road as it matures.

About the author: Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 12 books and over 1,000 national magazine articles. He frequently consults with the world’s largest and smallest companies, and militaries, and he has seen what does and doesn’t work. Grimes was a weekly security columnist for InfoWorld and CSO magazines from 2005 – 2019. He regularly presents at national computer security conferences and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR’s All Things Considered. Roger is known for his often contrarian, fact-filled viewpoints. 



Source link