If you are considering investing in Bitcoin, you undoubtedly have questions about the soundness of the system. And rightly so. You will soon learn that the security and risks depend not only on the technology but also on the user: you. Together, you and Bitcoin are the bank. If Bitcoin is the vault, you are the one who keeps the keys. How secure are you, as a team?

First, a few facts about the security of the "vault" itself.

• Since 2009, no one has been able to crack Bitcoin. All this despite that a reward of hundreds of billions is waiting for the hacker. In over thirteen years, the collective intelligence of all hackers, both well-intentioned and malicious, has not caused a crack in the network. You sometimes hear that coins were seized by the authorities. This is not about cracking the network but about confiscating the private keys.
• Does Bitcoin ever fail? Since the introduction of Bitcoin, the network has been up and running about 99% of the time. The last time Bitcoin was down for several hours was in March 2013. Not even Fedwire, the interbank system, can boast these numbers.

Can Bitcoins get lost?

Where are these Bitcoins actually stored? Practically speaking, that's two places. First, on the Bitcoin blockchain. That's where the coins (officially: transaction outputs) are stored. But to keep access to your coins, you need your private keys. How secure is the storage of both?

The security of the coins
The secure storage of coins depends on the robustness of the blockchain. The proof-of-work principle, a key ingredient of Bitcoins consensus mechanism, ensures that the transaction history is set in stone. Once a transaction is done and several blocks have passed, there is no way to reverse it. Because the transactions are on a publicly available database (the blockchain) that has copies on tens of thousands of nodes worldwide - no one can deny that you own your Bitcoin.

The security of your private keys
As mentioned, in a sense, you and Bitcoin are a bank together. Your private keys give you control over what happens to your Bitcoin. Your private keys are like your PIN number. You keep them in your wallet. So a wallet is more like a keychain: it doesn't contain coins, it contains digital keys to access your coins. There are hardware wallets - a kind of USB stick with its own software - and software wallets: apps or browser extensions.

Most Bitcoin wallets - and wallets for other crypto - use a password in the form of a seed phrase or mnemonic phrase of 12 or 24 words. As long as you safeguard this password, you will always have access to your coins. Even if you lose your wallet, you can always regain access to your coins and your transaction history.

Can't a hacker guess your private keys just by trying lots of times? It is... difficult. A private key is basically a number between 1 and 2 to the power of 256 (2^256). I guess that's a eh.... big number, right? Indeed it is. It is 2^32 multiplied eight times by itself. In our decimal system, that's about 4 billion x 4 billion and that eight times. Even if you gave every grain of sand on earth the computing power of all the Bitcoin miners combined, those grains of sand together would still have to calculate (much) longer than the lifetime of the universe to guess a private key.

Learn more in this video: How secure is 256 bit security?

But what about quantum computers?
Quantum computing promises to exceed the maximum computational speeds of existing techniques by many orders of magnitude. Right now, quantum computing is nowhere near powerful enough to figure out a private key based on a public signature. Let's say that in ten or twenty years it can. Is that an existential threat to Bitcoin? Not really. By then, Bitcoin's signature algorithm can be changed. Bitcoin is just evolving along with its adversaries (by the way, Bitcoin has already changed its signature algorithm once, when Taproot went live).

By the way, a successful attack of quantum computing would compromise all kinds of domains where encryption plays a role - not just Bitcoin. So also communication between banks and the encryption of state secrets. Someone with a "quantum weapon" is unlikely to choose Bitcoin as their first target. To do so would be to immediately show their hand. For many hacks, alternative explanations can be found. But for a hack of Bitcoin's private keys, all signs point to the encryption having been cracked.

Read more: Can quantum computers crack Bitcoin?

Conclusion
There are actually no realistic scenarios of someone else obtaining your Bitcoin by hacking the protocol itself. The biggest risk is how you handle the private keys. If you deposit them with an exchange or broker, you run the risk of that party being hacked or going bankrupt. If you keep them yourself, you run the risk of loss, theft, fire, etc. How you cover yourself against those risks is by far the most important thing you should be concerned about. It's worth a separate article.

Do transactions even get through?

Many people making their first Bitcoin transaction are nervous. You copy-paste an alphanumeric code of 30 characters or so and hit Send. Are you sure? Yes, I'm sure. And then you wait. Because the block time of Bitcoin blockchain is about ten minutes - and because many wallets don't confirm a transaction until after six blocks, it can take an hour or more for the transaction to show up (by the way, with Lightning it can be done within seconds but that protocol is not used for large amounts).

Sometimes, transactions get through slow. In busy times, the mempool (queue of transactions) is large and it can take hours for your transaction to be included. Especially if you have chosen to pay low transaction fees. These are the lubricant that encourages miners to take your transaction.

Still, you don't need to worry. There is NO risk of losing your coins. Either your transaction will eventually be confirmed, or it will be removed from the mempool after a certain time. Then you will see the amount reappear at the address you had sent it from.

In the meantime, you have a number of options to speed up your transaction. For example, you can opt for a Replace By Fee transaction (RBF transaction). The nodes that see the transaction will then know that it is not a double spend but a new version of the same transaction.

Volatility (price movement)

Of a completely different order is the question of whether Bitcoin will retain its value. That depends on the adoption curve. If no one uses Bitcoin, it will lose its value. The number of users of Bitcoin has increased rapidly over the past decade but, of course, there is no guarantee that this will continue. Many people see Bitcoin as a better alternative for storing value than fiat money or even than gold. If that group of people continues to grow in number, Bitcoin will continue to increase in value.

Precisely because Bitcoin is still a young, experimental form of value storage, there are greater price fluctuations than with gold, for example. The world in which Bitcoin could survive and can succeed is constantly changing. So the answer to whether Bitcoin can become successful has a slightly different answer from day to day, so to speak. That leads to a considerably moving price. You have to be able to deal with the fact that the value of your Bitcoin in dollars or euros can vary a lot from month to month. You could say: 1 Bitcoin is always 1 Bitcoin. But that might be of little comfort if that Bitcoin has lost 50% of its value.

Risk of centralization and a big short
The risk of price movements also exists because not everyone is a fan of Bitcoin. For example, countries may suddenly decide to ban Bitcoin mining, as China did in the spring of 2021. This does not help adoption by the general public and it causes a (temporary) price drop.

Another issue is that of the possible centralization of miners in mining pools and/or in certain regions. What if these turn malicious? Of course, miners benefit from a high price of Bitcoin. The game theory behind mining pushes miners toward good behavior. But in principle, anyone with a large enough amount of capital can make the markets move in the direction they want. And these players can also take advantage of price declines: that's called shorting the price. It is not inconceivable that a large mining pool excecutes a 51% attack on the BTC network. It is conceivable that this is done by a country or a large hedge fund by controlling a mining pool. A hedge fund could take advantage of the resulting market panic with a 'big short'. This will not kill Bitcoin but will cause a temporary crash in the price, and a dent in confidence.

Final thought

The biggest risks in Bitcoin have to do with the safeguarding of your private keys and price stability. Those risks are real. But don't forget that alternative ways of storing or investing money also carry risks. Money in a bank is a risk, (hyper)inflation of fiat money is a risk. A strategy for investing stems from a consideration of all those risks.