The recent Baltic Honeybadger 2017 conference in Riga, Latvia featured an all star panel of Bitcoin developers and security experts on the second day of the event. During this panel, the participants were asked to explain what kinds of possible issues with Bitcoin keep them up at night.

In their responses, the panel of Ciphrex CEO and Bitcoin Core contributor Eric Lombrozo, Blockstream CEO Adam Back, JoinMarket developer Adam Gibson, applied cryptography consultant and sometimes Bitcoin Core contributor Peter Todd, SatoshiLabs CTO Pavol Rusnak, and Libbitcoin lead maintainer Eric Voskuil discussed the issues with the recent phenomenon of spinoff coins, a lack of understanding as to why Bitcoin is useful, and the fact that some of them sleep better today than they did in the early days of this new technology.

Spinoff Coins are the Key Issue of Today

A few of the panelists talked about the recent proliferation of spinoff coins when asked what keeps them up at night. Lombrozo referred to them as initial fork offerings (IFOs), which is a play on the initial coin offering (ICO) hysteria that has also taken place this year.

These spin-off coins are basically new altcoins that have been created at a certain block height of the Bitcoin blockchain. Everyone who held bitcoin at that block height also gets access to the new altcoin.

“I’m a little bit concerned because it means there’s all this supposed value that people have in their wallets that they don’t really know how to access, can’t access, can’t access securely, have to sacrifice privacy [to access], or [deal with] tax liabilities potentially,” said Lombrozo.

This had led Lombrozo to work on a project known as Chainsplit, which will focus on making it as easy as possible to trade coins that are made available through these various Bitcoin spin-offs, which should help improve price discovery.

“It’s basically a denial of service attack on developers,” Lombrozo added in terms of the effect of spin-off coins on the Bitcoin development community.

In Lombrozo’s view, it would be nice if it were easier to add support for these spin-off coins in various wallets and exchanges without compromising user security.

Building on Lombrozo’s points, Back said the risky part about Bitcoin involves connecting to the internet, and in his view, these new forks open up new security vulnerabilities because they usually require users to download new software to access the coins.

“It’s a window of vulnerability that’s advertised in advance, so it’s a time to be very careful about what you’re downloading,” said Back “Unfortunately, that means there’s a real risk that’s attached to the forks. There are certainly people out there who have old coins that are not interested to collect these spin-offs for security and privacy reasons.”

To Back’s point, more than $3 million worth of bitcoin was recently stolen via a malicious Bitcoin Gold wallet that was linked on the official Bitcoin Gold website, according to CoinDesk.

Todd also discussed the problems associated with possibly-malicious software that is not audited by those who are running it in his remarks, although he focused on a different part of the ecosystem.

“[What worries me is] people holding bitcoins for other people at exchanges and so forth where their entire build system is, for instance, a bunch of Docker containers, and [for] every Docker container, the build process starts with things like, Wget some random, unauthenticated website,’” said Todd. “Realistically, that’s going to be a vulnerability.”

As a specific example of this issue of bitcoin custodians or other important players in the ecosystem not verifying the code they’re using for critical processes, Todd pointed to his own participation in the ZCash trusted setup where he famously went the extra mile (literally) and drove across Canada with a faraday cage and multiple cameras.

“The reality is: All that went to waste because their build process for the Zcash software was trivially backdoorable,” said Todd. “The whole thing was built off an Alpine Linux distribution and Rust compiler that were built earlier that month — in the case of the Rust compiler, the day before. And no one new exactly what went into that software. No deterministic builds, no nothing.”

The Root Cause of Forks is a Misunderstanding of Bitcoin

While the recent spin-off tokens were the main topic of conversation on the surface, some developers also pointed out that the root cause of this new issue is a lack of understanding in terms of Bitcoin’s useful properties.

“I’m worried that people don’t understand what Bitcoin is, and that’s kind of the root of all of this, including all the forks,” said Gibson. “The developers, the people who work on the technology, are delivering what I think Bitcoin realistically is, but people want kind of unicorns and they want like kind of free transactions and a billion transactions a second. And that’s, I think, where all this is coming from.”

Todd also hit on this point during his own remarks, where he referred to the social problems that are caused by the lack of scalability seen in Bitcoin today.

“Bitcoin forces us to make these terrible tradeoffs between cost and security,” said Todd. “I think, at the social level, that’s a security problem because we keep getting attacks driven by people who just want transactions to be cheaper in exchange for the system to be less secure.”

From Voskuil’s perspective, the scalability, privacy, and other issues in Bitcoin will eventually be worked out, but it’s going to take longer than it should because of this, in his view, misunderstanding of how Bitcoin works.

“What bothers me is there’s a lot of misapprehension about how Bitcoin actually secures itself, which means how it works,” said Voskuil.

Still Sleeping Better Than Before

It should be noted that two developers on the panel, Lombrozo and Rusnak, pointed out that they sleep better today than they did a few years ago, mainly due to the progress made in private key management.

“I’d say I’m sleeping pretty well now,” said Lombrozo, whose company Ciphrex is built around secure private key management. “A couple of years ago, maybe not so much.”

For Rusnak, the main thing that keeps him up at night is all of the people asking for SatoshiLabs to support random altcoins in the Trezor hardware wallet.