There are two different ways to interpret the question “Can Bitcoin be hacked?”
First, can the entire bitcoin network be hacked?
The short answer to this question is: No!
Second, can someone’s bitcoin get stolen from them by hacking?
The short answer to this question is: Yes!
However, let’s dive even deeper to understand why.
Here we go!
To understand what it would take to hack the bitcoin network, we have to get a rough idea of how bitcoin is secured. It is a system that primarily relies on two forces: mining and validation.
Mining is performed by a large and diverse group of bitcoin miners across the globe performing an astronomical number of computations.
These computations are called hashes, which are relatively simple calculations, but redone many many times. A single bitcoin miner can do over 1 trillion hashes per second, called 1 terahash. Across the entire bitcoin network, the hash rate is getting close to 1 zetahash, which is 1 sextillion hashes per second.
That’s 1,000,000,000,000,000,000,000 hashes per second.
Since each new bitcoin block takes about 10 minutes on average, that means there are nearly 600 sextillion hashes performed for each new block. (600 seconds * 1 sextillion)
The other half of the bitcoin security equation is validation. That is, how do we know that miners are properly performing all this work to secure the network?
Hashes are designed such that it is extremely easy to verify that a certain amount of work has been done. This is where bitcoin nodes come in.
There are tens of thousands of bitcoin nodes (some estimates put it at over 100,000) across the world, very cheaply verifying that all of the transactions processed by the miners are valid, and that the miners are performing their work correctly.
These bitcoin nodes also ensure that any blocks created by the bitcoin miners follow all of bitcoin’s rules correctly. If they tried to cheat by moving someone else’s coins, or creating extra bitcoins for themselves, the nodes would reject that block, which means all their electricity and effort for that block would be wasted.
So, we now know that bitcoin miners need to expend a massive amount of computational power to produce a block to keep the bitcoin network going, and many bitcoin nodes check to make sure there is no funny business in those blocks.
Let’s imagine what it would take to break this system.
In order for someone to hack the bitcoin network, they would need to either get more computational power than the rest of the bitcoin miners put together, or convince more than half of the bitcoin miners to join in on the attack.
Even if they accomplished this, they would need to somehow convince the bitcoin nodes to respect their attack.
Since the vast majority of bitcoin node operators would not stand to gain from an entity taking over the bitcoin network, it is implausible that they would allow this to happen.
In this case, the extraordinary amount of money required to launch the mining attack would be wasted.
Such an attack may cause temporary confusion and delays on getting bitcoin transactions processed, but it would not allow the would-be attacker to steal your bitcoins through hacking.
For these reasons, it is not possible to hack the bitcoin network in the same way that it is possible to hack a server or company or laptop.
Even though it doesn’t make sense to expect the entire bitcoin network to be hacked, it absolutely is possible for an individual or company’s bitcoins to be stolen through hacking.
Bitcoins are generally kept secure through possession of a very large secret number called a private key.
This private key is used to generate bitcoin addresses and digital signatures, which are required for moving your bitcoins from one place to another - that is, to make a bitcoin transaction.
If a private key is stolen then whoever has that private key can generate their own signatures, which would allow them to move whatever bitcoins were sent to addresses from that private key.
In practice, this means that a large part of keeping one’s bitcoin secure means to ensure that no one else can steal your private key.
If your private key is kept on your phone or computer, and then someone hacks your phone or computer, then they can steal your bitcoins.
Do not store private keys on any internet-connected device.
In this way, you could think of your private key as the password to your wallet.
Therefore, if you have your bitcoins stored on a cryptocurrency exchange or other custodial service, you are trusting that they are properly securing your bitcoins.
If the exchange uses poor security practices and someone hacks them and steals their private keys, the hacker may be able to steal your Bitcoins as well.
There are a lot of ways to mediate this risk.
For example, storing your own coins using your own hardware wallet.
And if you do choose to use a custodial service, doing research to make sure they are using proper security practices can greatly reduce your risk of losing your bitcoins through hacking.
It can be hard to estimate this from the outside, but some good things to look out for include:
How long the company has been around and what their track record is. If they have been operating for 10 years without losing anyone’s coins, that’s a good sign, compared to some new local company that popped up 2 months ago with an unknown team.
Who is running the company - that includes their leadership, security team, VC backers, etc.
Whether or not they do proof-of-reserves
What storage practices they use, assuming they are open about it. Cold storage and reputable custodians are often a good sign.
Keep in mind though - there have been many exchanges that have checked all of the boxes above and still managed to lose everything. Sometimes through hacks (Binance) and sometimes through outright fraud (FTX).
From the typical bitcoin user’s perspective, when it comes to hacking bitcoin, you shouldn’t worry about the bitcoin network being hacked, but you should take precautions when it comes to your bitcoin being hacked.
The good news is that if you are careful and use sensible storage practices, this risk remains quite low.