What if I told you that every form of cryptocurrency, every coin, and every token, has a core vulnerability that will forever make it insecure? Imagine it for a moment. One day you log in to Coinbase, and your entire portfolio simply isn’t there anymore. In full panic mode, you rush to find your offline cold wallets holding your secret stash or “for rainy day cryptos.” However, in a moment of abject terror, you realize that both your Trezor and Ledger hardware wallets are just as bankrupt as your accounts on Coinbase and Binance.
This is Crypto Zero Day, and this is the day your carefully hodl’d Bitcoin stash or whatever memecoin bags you have, say goodbye forever. Let me reiterate. Your exchange account has been so plundered that there isn’t any dust left. Your ultra-secure cold wallet that you splurged on a few hundred fiat back in the day is now just a paperweight. Likewise, any apps on your phone or tablet or computer, regardless of 2FA or biometric security, are now similarly destitute.
If you have any hope at all that any of your crypto portfolio is safe, it’s because you once squirreled away a few coins in a paper wallet. However, if you kept a copy of that paper wallet in a folder on your PC, you are still going to be one of the world’s worst financial losers come Crypto Zero Day. It might upset you to mentally visualize it. Make no mistake, though. Crypto Zero Day is coming.
When it does, the blame for the biggest financial hack in history will likely be laid at the door of the usual suspects. Think China, Iran, 4Chan, a rogue AI, or some messed-up teen nerds firing low-orbit iron cannons at the Internet from some grim Mr. Robot-like lair somewhere. In truth, though, the story of how Crypto Zero Day will really happen is a story almost as long as that of cryptocurrency itself.
Bitcoin Was Compromised Right From the Beginning
If we go back in time to 2008 and Satoshi Nakamoto publishing the original Bitcoin whitepaper, we also go back in time to an age when the best personal computers on the market were being shipped with dual-core processors manufactured by Intel. For gamers and businesses looking for a little more than 2.9 GHz of processing power, there was also the world’s first line of multi-core processors, such as the Core 2 Quad Q6600.
For all intents and purposes, these processors were just as secure as any basic Celeron or Pentium processor before them. This means that if you were worried about cybersecurity threats in 2008, the threats you were worried about were almost always going to be software-based. Security-conscious computer users could, therefore, rest assured that local data stored on their PCs was safe, providing they were using software tools like regularly updated antivirus applications.
It is of fundamental importance to also understand that this is the cybersecurity environment in which Satoshi Nakamoto, the creator of Bitcoin, envisioned Bitcoin operating in, as well as continuing to evolve in. There was just one problem. Within days of Satoshi Nakamoto publishing the Bitcoin whitepaper and chatter about Bitcoin starting to disseminate online, something that would forever change the nature of the cybersecurity landscape we live in happened.
Intel and the Intel Management Engine
Imagine having a computer inside your computer. One that you don’t even know is there. Better yet, imagine having a computer with its own operating system, Wi-Fi, and 3G capabilities, baked right into the same processor that your current machine uses. I’m talking about a literal second computer, one which you don’t know about and can’t access, but one which can, whenever it wants, access all your data and files, even when your machine is powered off or in sleep mode.
Most consumer PC and laptop users won’t be able to comprehend such a machine. However, this machine exists. It is called the Intel Management Engine, and it has been baked into almost every Intel-manufactured CPU since 2008.
To be as clear as possible about what this means, please note the following:
- The Intel Management Engine (IME) really is there in almost every post-2008 manufactured Intel CPU. This is not conspiracy theory; this is proven fact.
- The IME is designed to be undetectable by you and runs on closed-source, proprietary software. This means that unlike with Windows, Linux, etc., no third party can vet it for bugs or security loopholes.
- The IME has more system privileges than the operating system you use. This means that it boots before Windows or Linux, can see and access all your files in administrator mode, and can even change files and modify files and your system without you ever knowing.
- The IME has its own dedicated communication stack. This means that even if you use hardware switches to disable your Wi-Fi, Ethernet, or 3, 4, 5G network connectivity; it can still access the Internet.
- Lastly, and most importantly, the Intel Management Engine has already been compromised. This means that there are hackers and rogue agencies out there who already know how to use the IME against you to access, steal, and modify all your locally stored data and any data you may have stored on Intel-powered servers online.
It has also been discovered that agencies like the NSA have mandated Intel to completely disable the IME on any machines shipped to them. Why? Because they know just how dangerous having such a backdoor to any system is. To make everything so far discussed even simpler to digest, let's watch a short video.
The IME and Your Crypto
Why the Intel Management Engine should concern cryptocurrency hodlers, traders, and investors is simple. As already discussed, Satoshi Nakamoto simply couldn’t comprehend the kind of cybersecurity landscape we live in today. His core vision was one that envisioned every Bitcoin miner, holder, or investor having 100% control over the device storing their Bitcoin. As Satoshi saw it, your computer was going to be your bank.
However, if you store any cryptocurrency on any machine using a post-2008 Intel processor, your bank backdoor isn’t just wide open. It’s flapping wildly in the wind, just waiting for someone to come along and take a peek inside. There is also absolutely nothing you can do to try and bolt that backdoor shut.
What About AMD and Other Non-Intel CPUs? Are They Safe?
So, every Intel-based computer on the market has a fatal security flaw? If this is the case, can’t I just use a computer with a different CPU to keep my crypto safe? While this might seem like the easiest solution, this is also where things get a little complicated.
You see, AMD, Intel’s main competitor, has also had the wisdom to implement its own version of the IME into all its CPUs. In the case of AMD, all their newest CPUs ship with an inbuilt subsystem called the AMD Platform Security Processor (PSP). Like the IME, AMD’s PSP subsystem boots prior to the host operating system of your PC, has near-total administrator privileges, and is essentially the same beast as the IME.
AMD’s PSP just isn’t as infamous. This is due to the fact that unlike the Intel Management Engine, which Intel bakes into its CPUs, the PSP doesn’t have an independent network stack. It can’t, therefore, communicate with the outside world via Wi-Fi or 3, 4, or 5G when a machine is in a powered-off state. However, when a device is powered on, the AMD PSP can use the network controls of a machine with elevated administrator privileges.
Because Intel dominates the CPU market, there is also a case to be made that end-computer users are safer using an Intel CPU with IME than an AMD processor with PSP, as more security research has been dedicated to finding bugs and vulnerabilities in Intel’s IME than AMD’s equivalent subsystem. As the old saying goes, it really might be better the devil you know.
The Crypto Con
Just a few years ago, I was one of the best-selling freelance cryptocurrency writers for hire on freelance marketplaces like Fiverr. Being very cybersecurity-aware, it bugged me at the time how no crypto projects coming to market would ever discuss how future-proof they really were.
AI, quantum computing, neuromorphic computing, CPU backdoors, and a fervent push by world governments to mandate backdoors into the very cryptography standards upon which cryptocurrency depends to have any true worth don't pose a threat today. They already posed a threat 5+ years ago. However, few in the cryptocurrency community want to talk about such threats in case coin prices plummet.
This article is a sneak peek at the basics of just one fundamental flaw in crypto that 99% of investors today have absolutely no idea about, even though already exploited backdoors in the very chipsets we use in almost all our consumer electronics have been with us for two decades already.
It's time to talk about this and several other issues. The sooner we do, the safer you can really store, stake, and invest in cryptocurrency, and maybe even circumvent Crypto Zero Day completely.