Security & Forensics

1. A network attack in which a single entity or coordinated group gains control of more than 50% of a blockchain network's mining hashrate (in Proof of Work) or staked tokens (in Proof of Stake), enabling them to manipulate the consensus process. A successful 51% attacker can double-spend transactions, reverse confirmed transactions, and prevent new transactions from being confirmed — but cannot steal funds from wallets they do not control or alter historical blocks beyond the reorganization depth.

2. The economic cost of executing a 51% attack scales with network size. For Bitcoin, acquiring 51% of hashrate would require billions of dollars in specialized ASIC hardware and ongoing electricity costs — making it economically irrational. Smaller Proof of Work networks are significantly more vulnerable; Ethereum Classic (ETC) suffered three 51% attacks in August 2020, with attackers double-spending over $5.6 million.

See also: Proof of Stake · Double Spend · The Vault — ETC Attack Post-Mortem

1. A method of storing cryptocurrency private keys in an environment that is completely disconnected from the internet and any networked device — eliminating the attack surface for remote exploitation. Cold storage solutions include hardware wallets (Ledger, Trezor), paper wallets (printed key pairs), metal seed backups (engraved mnemonic phrases), and air-gapped computers running signing software with no network interface.

2. Cold storage is the institutional standard for securing large cryptocurrency holdings. Regulated custodians (Coinbase Custody, BitGo, Anchorage) are required by regulators to maintain a defined percentage of client assets in cold storage — typically 95–98% — with only operational liquidity held in "hot" wallets connected to the internet.

See also: Private Key · Multi-Signature · Institutional Custody

1. The fraudulent act of spending the same cryptocurrency funds more than once by exploiting the time delay between transaction broadcast and final confirmation. In digital systems without a trusted central authority, preventing double spending is the fundamental problem that Bitcoin's proof-of-work consensus mechanism was specifically designed to solve — as articulated in Satoshi Nakamoto's 2008 whitepaper.

2. Double spend attacks take several forms: Race attacks — broadcasting two conflicting transactions simultaneously, hoping one confirms before the other; Finney attacks — a miner pre-mines a block containing a fraudulent transaction and releases it after receiving goods; 51% attacks — using majority hashrate to rewrite transaction history. Merchants accepting zero-confirmation transactions are most vulnerable.

See also: 51% Attack · Byzantine Fault Tolerance · UTXO

1. The comprehensive set of policies, procedures, and technical controls governing the generation, storage, distribution, rotation, and destruction of cryptographic private keys. In cryptocurrency systems, effective key management is the single most critical security discipline — the private key is the ultimate proof of ownership, and its compromise results in irreversible loss of all associated funds.

2. Enterprise key management systems (KMS) for cryptocurrency custody employ multiple layers of protection: Hardware Security Modules (HSMs) — tamper-resistant hardware that generates and stores keys without exposing them to software; Multi-Party Computation (MPC) — distributing key shards across multiple parties so no single party holds a complete key; Threshold Signature Schemes (TSS) — requiring a minimum number of signers to authorize transactions.

See also: Private Key · Cold Storage · Multi-Signature · Institutional Custody

1. A cryptographic security scheme requiring a minimum threshold of m signatures from a set of n authorized private keys to authorize a transaction — expressed as an m-of-n configuration. For example, a 2-of-3 multisig wallet requires any 2 of 3 designated keyholders to sign a transaction before it can be broadcast to the network. This eliminates single points of failure in key management.

2. Multisig is implemented natively in Bitcoin via P2SH (Pay-to-Script-Hash) and P2WSH (Pay-to-Witness-Script-Hash) transaction types, and in Ethereum via smart contract wallets (Gnosis Safe). Common configurations include: 2-of-3 (individual with backup), 3-of-5 (institutional treasury), and 5-of-7 (high-security exchange cold storage).

See also: Key Management · Cold Storage · DAO Treasury · The Vault — Ronin Bridge Post-Mortem

1. A 256-bit integer, generated from a cryptographically secure random number source, that serves as the ultimate proof of ownership and authorization in a public-key cryptography system. In Bitcoin and Ethereum, private keys are used with the Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve to generate a corresponding public key and wallet address, and to cryptographically sign transactions authorizing the movement of funds.

2. A private key is typically represented as a 64-character hexadecimal string or encoded in Wallet Import Format (WIF) for human readability. The corresponding public key is derived via elliptic curve point multiplication — a one-way mathematical operation that makes it computationally infeasible to reverse-engineer the private key from the public key, even with current quantum computing capabilities (though this assumption is threatened by sufficiently powerful quantum computers).

See also: Cold Storage · Key Management · Public Key Cryptography · Seed Phrase

1. A fraudulent exit scheme in which the developers or insiders of a cryptocurrency project abruptly withdraw all liquidity, abandon the project, and disappear with investor funds — typically after artificially inflating the token's price through marketing, social media manipulation, and coordinated buying. The term derives from the idiom "pulling the rug out" from under investors.

2. Rug pulls are classified into two primary categories: Hard rugs — sudden, complete withdrawal of liquidity pool funds via malicious smart contract functions (often hidden backdoors or admin mint functions); Soft rugs — gradual token dumping by insiders over time, disguised as normal market activity. Hard rugs are typically criminal fraud; soft rugs may exploit legal gray areas.

See also: The Vault — Rug Pull Case Files · Liquidity Pool · Securities Fraud

1. A network attack in which a single adversary creates and controls a large number of pseudonymous identities (nodes, accounts, or validators) to gain disproportionate influence over a peer-to-peer network. Named after the 1973 book about a patient with dissociative identity disorder, the attack exploits systems that treat each identity as an independent participant — allowing the attacker to subvert majority-based consensus, reputation systems, or voting mechanisms.

2. Blockchain networks resist Sybil attacks through Sybil resistance mechanisms that make identity creation costly: Proof of Work ties identity to computational expenditure; Proof of Stake ties identity to economic stake; Proof of Personhood systems (Worldcoin, BrightID) attempt to tie identity to verified human uniqueness. Without such mechanisms, a Sybil attacker can eclipse honest nodes and manipulate the network's view of transaction history.

See also: 51% Attack · Byzantine Fault Tolerance · Node Architecture