Bitcoin Security

Key Takeaways

  1. Since its inception, the Bitcoin network's uptime has been 99.99%, and hackers have never broken into a single account.
  2. Proof-of-work ensures that miners have skin in the game and serves as a deterrent to adding invalid blocks to the chain.
  3. Bitcoin is decentralized. There's no single point of failure that hackers can attack.
  4. Large numbers protect Bitcoin accounts. The enormous energy and time needed to crack a Bitcoin address make it an economically infeasible proposition.

Bitcoin Security

It’s no secret that Bitcoin is secure. The network has operated with 99.99% uptime1 since its inception. Despite having a trillion-dollar target on its back, hackers have never broken into a single account.

Understanding why Bitcoin is so secure isn’t so simple. And understandably so. Bitcoin’s security model upends how we usually think about protection.

Typically, we think of security as gatekeeping. Banks defend your account by knowing who you are and expecting you to be able to prove it. On the other hand, Bitcoin doesn’t know your identity and doesn’t care to find out. A bank keeps your account balance confidential so as not to attract unwanted attention. As an open network, Bitcoin puts holdings on display for the world to see.

So just how does Bitcoin pull it off? When considering Bitcoin’s security, we’ll focus on three attributes: proof-of-work, decentralization, and the power of large numbers. Proof-of-work and decentralization protect Bitcoin at the network level. At the same time, large numbers are, crazy as it may seem, the solution to securing individual accounts.


A blockchain is nothing more than a means of sharing data in a way that is resistant to tampering. In the case of Bitcoin, it secures its ledger through proof-of-work.

Miners compete to add blocks of transactions to the chain in exchange for bitcoin payments. These payments include the block subsidy2 and transaction fees. But to add a block, Bitcoin’s protocol imposes what amounts to a toll on miners.

The toll comes in the form of requiring a valid proof-of-work for every block. In brief, miners collectively perform quadrillions3 of computations that generate random numbers. The first miner who generates a number belowa set target wins the block. Proof-of-work is the act of producing these random numbers until a miner finds a sufficient one.

Creating a valid proof-of-work requires specialized hardware and, more importantly, a lot of energy. Miners bear both of those costs. Furthermore, nodes reject blocks that include invalid transactions such as double spends. Therefore, a miner that tries to slip a bad block into the chain risks their effort going to waste. Consequently, proof-of-work is a deterrent to adding invalid blocks and ensures that miners have skin in the game.

As more miners compete to add new blocks, generating a valid proof-of-work becomes progressively more difficult. If a miner wanted to attack the blockchain by reordering blocks (that is changing the history of the ledger), they’d need to accumulate 51% or more of the network’s computational power, an almost unthinkable task at this point in Bitcoin’s evolution.


Unlike the overwhelming majority of websites, Bitcoin isn’t run on a centralized server. Instead, the Bitcoin network lives on computers, known as nodes, that its participants run voluntarily.

The implication is that hacking Bitcoin's software would mean accessing tens of thousands of individual machines. Of course, hackerscould attempt to corrupt any single device. However, thousands more would still hold the proper code and an accurate copy of the blockchain.

While Bitcoin's architecture is slower than a centralized network, it's nearly impossible to take down. If even asingle node were left unscathed from an attack, Bitcoin wouldn't skip a beat.

Large Numbers

Bitcoin doesn't hold any information about its users. Alternatively, Bitcoin secures accounts through private keys that are just huge numbers. Hard as it is to believe, the range of numbers is so vast that guessing just one tied to any bitcoin is physically impossible. A successful guess would theoretically require harnessing the power of a star and take more time than the expected life of the universe.4

For a sense of scale, consider the following. People often compare the amount of private key combinations to the number of atoms in the universe.5 The comparison isn't to galaxies, stars, or grains of sand, but atoms, the building blocks of all matter.

Quite simply, Bitcoin protects addresses through the immutable laws of physics. In a world of supercomputers, you might think it’d be possible to have a machine start at one and work its way up until it hit the jackpot. But physics makes such an act prohibitively expensive. Anyone who wanted to try that gambit would be better off, economically speaking at least, using all of that raw energy and processing power to just mine bitcoin.

The incomprehensibly low probability of randomly guessing a private key is the crux of why the Bitcoin network is as safe as it is. Anyone who would choose to attack the Bitcoin network would have to do so for reasons other than economic gain.


2 Currently, miners receive 6.25 new bitcoins for every block they add to the chain. This reward is cut inhalf every four years.





This report has been prepared solely for informational purposes and does not represent investment advice or provide an opinion regarding the fairness of any transaction to any and all parties nor does it constitute an offer, solicitation or a recommendation to buy or sell any particular security or instrument or to adopt any investment strategy. Charts and graphs provided herein are for illustrative purposes only. This report does not represent valuation judgments with respect to any financial instrument, issuer, security or sector that may be described or referenced herein and does not represent a formal or official view of New York Digital Investment Group or its affiliates (collectively, “NYDIG”). 

It should not be assumed that NYDIG will make investment recommendations in the future that are consistent with the views expressed herein, or use any or all of the techniques or methods of analysis described herein in managing client accounts. NYDIG may have positions (long or short) or engage in securities transactions that are not consistent with the information and views expressed in this report. 

The information provided herein is valid only for the purpose stated herein and as of the date hereof (or such other date as may be indicated herein) and no undertaking has been made to update the information, which may be superseded by subsequent market events or for other reasons. The information in this report may contain projections or other forward-looking statements regarding future events, targets, forecasts or expectations regarding the strategies, techniques or investment philosophies described herein. NYDIG neither assumes any duty to nor undertakes to update any forward-looking statements. There is no assurance that any forward-looking events or targets will be achieved, and actual outcomes may be significantly different from those shown herein. The information in this report, including statements concerning financial market trends, is based on current market conditions, which will fluctuate and may be superseded by subsequent market events or for other reasons. 

Information furnished by others, upon which all or portions of this report are based, are from sources believed to be reliable. However, NYDIG makes no representation as to the accuracy, adequacy or completeness of such information and has accepted the information without further verification. No warranty is given as to the accuracy, adequacy or completeness of such information. No responsibility is taken for changes in market conditions or laws or regulations and no obligation is assumed to revise this report to reflect changes, events or conditions that occur subsequent to the date hereof. 

Nothing contained herein constitutes investment, legal, tax or other advice nor is it to be relied on in making an investment or other decision. Legal advice can only be provided by legal counsel. NYDIG shall have no liability to any third party in respect of this report or any actions taken or decisions made as a consequence of the information set forth herein. By accepting this report in its entirety, the recipient acknowledges its understanding and acceptance of the foregoing terms.

Related Articles
See all articles
Right arrow