An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

The Cyber Defense Review

Virtual Currency in a Cashless Society: A Potential Window into Economic Cyberwarfare

By 2LT Hugh Harsono | February 26, 2018

Science and technology have been an enormous part of America’s economic success since its formation. In the modern age, innovation lends itself to cyberspace, and more specifically, to financial technology (fintech). Global trade and investment are now increasingly tied to nation-state actors, with fintech playing a massive role in this connection through influential tools such as mobile banking systems and virtual currency1. This growing virtual interdependency is driving economic growth with the immense expansion of Internet-era technology companies such as Amazon and Apple, causing fintech buy-in from organizations traditionally hesitant to change, to include banks, retailers, and government agencies2.

Fintech has been so successful that a majority of Americans believe that people under the age of 18 will not use cash in the next decade3. The White House’s Adrienne Harris released a statement in 2016 that fintech is “changing the way consumers and business owners relate to their finances, and the way institutions function in our financial systems.”4 However, the consolidation of economic markets into the virtual realm does pose a certain amount of risk, with the virtual arena presenting itself as a single point of failure. In a cashless world, a cyberattack targeting the US economy could have devastating global effects.5

America’s Future as a Cashless Society

The US is positioned to become a cashless society,6 with existing technologies structured for the eventuality of eliminating cash as a transactional tool. The US is already a nation that can become cashless given its implementation of both fintech hardware and software. Other factors encouraging this transition include the high cost of maintaining cash as a physical asset, as well as potential governmental incentives for a cashless America.

The very nature of fintech encourages the US to become cashless, which encompasses merging both finance and technology, to include digital payment systems and digital currencies. The digital payment systems eliminates the use of cash by merging transactional payments directly to consumer cards or accounts, which have been adopted in the US for many years now with PayPal one of the earliest examples7 along with current platforms Venmo and ApplePay. In fact, a Bank of America survey shows that over 60% of Americans favor using emerging payment methods over cash, with high popularity in peer-to-peer transactions and mobile wallets.8 Additionally, the popularity of both near-field communication (NFC) and quick response (QR) codes meet hardware requirements for a transition to a cashless society.9 NFC protocols, which found traction in social networking applications, and QR codes that are popular in delivering additional information to consumers, can implement cashless payment platforms.10 PayPal and ApplePay both enable users to conduct physical transactions with merchants using NFC technology,11 while businesses such as Chase Pay and Starbucks allow transactions to occur through their use of QR codes.12 The explosion of digital currency usage in the US is also indicative of a cashless society on the horizon, with Bitcoin, Ethereum, and other cryptocurrencies reducing the use of cash and further encouraging a cashless America.13

The concept of a cashless society is also fueled by the fact that cash is costly to maintain, with Tufts University Senior Associate Dean Bhaskar Chakravorti finding that the US government spends billions annually to keep cash in circulation.14 While cash has always been expensive to maintain, many businesses today simply conduct transactions online, reducing the need for cash as a transactional payment method for goods and services.15 Additional business incentives for a cashless America would be reduced logistical costs to secure and store cash, and consumer incentives of reduced ATM fees and quicker checkout times.

Moving to a cashless society would allow the US government to increase its tax base by curbing tax evasion efforts, reducing fraud, and downsizing the underground economy;16 recent estimates putting the underground economy at 10% of total US GDP.17 Reducing the underground economy has further benefits beyond simple taxation, with members of the U.S. Special Operations Command already taking note of the virtual cash flow between terrorist groups. The Department of Defense’s Threat Finance Working Group is to addressing the virtual methods that “terror organizations and other entities raise and spend money” in the online space.18 Another governmental benefit of a cashless America includes the ability to set negative interest rates in response to large deflationary shocks, something that could be necessary given today’s increasingly low and stable interest rates.19

It is only a matter of time before the US abandons cash as a transactional asset and fully embraces a cashless society. Government and industry leaders must identify and address shortcomings with virtual currency, ensuring only optimum systems and procedures are in place when the US makes this transition.

Cyberwarfare Effects on Economic Functions

Any item in cyberspace is vulnerable to cyberattack, particularly if a device is connected to the Internet. Table 1 provides examples of large-scale attacks that impacted entire economic sectors:

Table 1: Large scale cyber-attacks against institutional actors

Date Event Name Compromised Asset Result
2011 Mt. Gox Hack20 Virtual Currency Price of Bitcoin fell from $17.50 to $0.01 per unit, and would take over eighteen months to return to pre-Mt.Gox levels.
2012 Shamoon cirus/Saudi Aramco hack21 Computer Networks Saudi Aramco, the largest oil producer in the world, was forced to shut down its internal network for over a week.
2013 South Koreas cyberattack22 Banking systems Over 30,00 computers in South Korea's banking system were unable to process transactions
2014 Sony Pictures Hack23 Data/information Personal details belonging to Sony employees and confidential business documents were compromised, resulting in a movie theater premier cancellation and a shutdown of central IT systems
2016 SWIFT banking hack24 Banking systems Over $80 million in funds stolen and the entire SWIFT banking network compromised
2016 Bitfinex hack25 Virtual Currency Confidence in Bitcoin fell 23%, marking the Bitfinex hack the second largest breach of a Bitcoin exchange platform
2017 NHS cyber attacks26 Medical service systems England's National Health Service IT system was hacked, costing taxpayers millions in canceled operations and appointments

The data in Table 1 demonstrate how a concentrated cyberattack can disrupt an economic sector. In 2011, the Mt. Gox hack decreased the price of Bitcoin so much that it took over eighteen months to return to pre-Mt. Gox levels, with expert Michael Ashton noting that Mt. Gox was merely a Bitcoin exchange, as it “wasn’t issuing bitcoins or guaranteeing bitcoins, just trading them”.27 Similar disruptions occurred with the Shamoon virus affecting the oil industry, the SWIFT and South Korean cyberattacks wreaking havoc on the banking industry, the Sony Pictures hack damaging the film industry, and the NHS cyberattack injuring the UK’s medical industry.28 These virtual attacks targeted specific IT systems and had overarching industry effects on particular economic sectors for a period of time, with indirect consequences of loss of consumer confidence far outlasting the initial effects of these attacks. Cyberattacks are a critical component of cyberwarfare that can profoundly impact procedures and systems with crippling results to an economic sector. For nations that rely on a specific sector for their economic vitality, this could dramatically impact not only the overall economy but also international relations.

Cyberwarfare can not only steal information but also drastically affect a country’s economic outlook. These implications showcase how virtual currency must be protected, particularly in the inevitable environment where it would be the sole method of conducting transactions.

Under the Gun: Virtual Currency

Virtual currency in a cashless society, with its many advantages, is currently susceptible to dedicated cyberattacks. These fears would be greatly amplified when the US goes cashless, with these same concerns being echoed by Sweden, which has already begun its transition to a cashless society.29 There are several ways that virtual currency could be attacked, and some scenarios identified in this paper include striking the blockchain, crashing the system, and market manipulation.

Attacking the Public Blockchain

The public blockchain is a distributed database of records and a crucial piece of the virtual currency system. With an inevitable spike in virtual currency users when the US decides to go cashless, hardening the public blockchain is a priority to protect consumer assets. The blockchain is essentially a shared public ledger that records all transactions,30 relying on peer-to-peer (P2P) self-regulation in the decentralized digital currency environment.

The public blockchain primarily poses a problem because of its P2P regulatory system, and its current speed in execution. Allison Berke, Stanford Cyber Initiative Executive Director, states that the P2P network verifies transactions by drawing from a pool of other members to solve a transaction problem, specifically by following “an algorithm that verifies transactions . . . to solving a problem by brute force”,31 which further contributes to the next problem to be solved.32 This gives China a significant advantage in the ability to disrupt transactions due to established mining pools, which could be used to verify fraudulent transactions or reject legitimate ones. China’s mining pools are popular in virtual currency communities because of the immense amounts of power and specialized hardware/software to mine virtual coins.3 Computer hardware/software is easily accessible in China as is cheap power, with average electricity prices being at least a third less expensive than in the US.34 Additionally, no transactions on the blockchain are deemed complete until the new chain and its hash value has been verified by other members in the P2P network, with this process taking ten minutes, as opposed to the near-instant deposit and verification of cash into a traditional consumer banking account. Additionally, the public blockchain does not fully verify the transaction until nearly one to two hours after initial verification, opening the window for hostile actors to wreak havoc,35 through manipulating transactions that seem verified, but are not. This would be especially troublesome during large transactions such as initial public offerings (IPO) or industry mergers, with the negative fallout from the exploitation of this lag potentially causing industry disruption and decreased consumer confidence in a specific sector.

While the blockchain is being steadily improved in the face of cybersecurity threats, the current speed of P2P regulation, along with the very basis of the P2P verification system, opens the possibilities for a cyberattack. These attacks could potentially wreak havoc on whole industries, causing economic downturn, and creating conditions for future cyber and economic conflict.

Crashing the System

Given the interconnected nature of a future cashless society, crashing a virtual currency would involve the partial or full takedown of one or multiple virtual currencies, which would disrupt the economic flow of a cashless America. One avenue of intrusion would involve disabling system access to virtual currency, thereby attacking the virtual money pipeline. With virtual currency almost exclusively based on a strong P2P network, this would result in a currency crash as a whole. Two of the largest examples include the 2011 Mt. Gox and 2016 Bitfinex hack. Both of these attacks stole from and crashed Bitcoin-specific currency exchanges, lost investors hundreds of millions of dollars, and resulted in a significant decrease in Bitcoin consumer confidence,36 and not to mention the consequences to the virtual currency market.

Virtual currency, if not carefully safeguarded and developed, has the potential to be crashed with ease. With such a heavy reliance on Bitcoin exchanges to trade and value in virtual currency, a cashless society would need to ensure multiple points of security to prevent a catastrophic crash.37 A Defense Advanced Research Projects Agency (DARPA) Program Manager, Dr. Joshua Baron, defines a variety of tiered attacks that would affect virtual currency participants, ranging from denial-of-service events to zero-day exploits, and even the corruption of special-purpose hardware and software.38 An inability to access funds, no matter the length of time, would create profound economic effects. This would have the potential to crash the stock market and cause virtual currency exchange runs, with capital flight triggering a multitude of negative economic developments, and ultimately, this would debilitate the US economy.

Crashing the virtual currency system would spark a series of events that would most likely contribute to the failure of specific economic sectors, if not the whole economy, in just several days. As a form of economic warfare, this act would have devastating effects, preventing a nation from ensuring trade, investment, and the conduct of foreign policy.

Market Manipulation

Market manipulation of virtual currency in a cashless society under its current framework would have enormous impacts on US ability to conduct foreign trade and investment. With a large part of US power stemming from its robust economy, this action would also have adverse foreign policy effects.

The concept of virtual currency relies on a decentralized P2P model to conduct transactions. However, in its current state, this practice may not necessarily be the most conducive for virtual currency as the primary means of transaction in a cashless society. A well-positioned private actor could potentially possess the ability to alter a currency’s value, whether this ability is real or perceived, with noted economics professor Neil Gandal pointing out that such “manipulations can have important real effects”.39 Trading events surrounding Mt. Gox in 2013, with Mt. Gox handling over 70% of all total Bitcoin transactions at the time.40 In this specific case, a trader nicknamed Markus was able to credit himself with Bitcoins by duplicating previously completed transactions, resulting in the loss of over $76 million to legitimate users. A second trader, nicknamed Willy, was able to single-handedly inflate the price of Bitcoin by over 500%.41 This actor utilized multiple accounts to purchase over $111 million worth in Bitcoin,42 thus inflating demand in the market and causing a significant Bitcoin bubble. The current decentralized nature of virtual currency is also troubling, further adding to the potentiality of market manipulation. With no centralized authority to guarantee investor confidence, the market for virtual currency under its current framework would negatively impact the US economy.

Emphasis on Steps Ahead

Whether detractors and commentators agree or not, the US is ultimately becoming a cash-free society. The advancement of fintech in the US, alongside consumer, institutional, and governmental buy-in are all driving to this eventuality, with virtual currency playing an important role in this transition. However, a virtual currency must undergo a variety of overhauls before it becomes a mainstream part of American culture, particularly given its current vulnerabilities. Virtual currencies such as Bitcoin and Ethereum currently rely on an extremely decentralized P2P network, with a significant emphasis on the blockchain. While capable at a lower level, this system is prone to scalability and vulnerability issues, and no centralized point of control. Cybersecurity concerns are also prevalent, with some estimates putting over $950 million lost in Bitcoin hacks alone, not including other virtual currencies.43 On the military front, the recently-established U.S. Cyber Command must quickly establish security measures to combat economic cyberwarfare, particularly given the “escalating threat of cyberattacks and intrusions from other nation states, terrorist groups, and hackers.”44 Therefore, all experts, particularly in the financial and cybersecurity community, must take a close look at the current virtual currency framework, especially with a cashless society on the horizon.

Conclusion

It is inevitable that the US will transition to a cashless society, with virtual currency as the primary medium of transaction in this new environment. The growth of fintech and virtual currency in the past several years has made this transition a near certainty. However, virtual currency still has to mature, particularly with its current vulnerabilities. The potential failure of a virtual currency system would devastate a cashless America.

Biography

Hugh Harsono is currently the Signal Detachment Commander in 1st Battalion, 1st Special Forces Group (Airborne) in Okinawa, Japan. His previous military assignments have taken him to Kuwait, Iraq, and Australia, where he served as a Platoon Leader and Executive Officer. He holds a B.A. from the University of California, Berkeley, with a major in economics. Prior to commissioning at the United States Army Officer Candidate School in Ft. Benning, Georgia, Hugh worked in finance for Monsanto.





NOTES
1Bank of America, ed, Trends in Consumer Mobility Report 2016, Charlotte, NC: Bank of America, 2016.
2Accenture, ed., Digital Payments Transformation, Publication, Accenture Payment Services, NYC, NY: Accenture, 2015.
3Bank of America, 14.
4Adrienne Harris, "The Future of Finance is Now," National Archives and Records Administration, June 10, 2016, accessed January 2, 2018. https://obamawhitehouse.archives.gov/blog/2016/06/10/future-finance-now.
5Daniel Oppermann, "Virtual attacks and the problem of responsibility," 2017, MS, International Charter, Brazilian Association of International Relations (ABRI), Rio de Janeiro.
6Maria LaMagna, "Here’s what would happen if America totally abandoned cash," MarketWatch. June 5, 2016, accessed December 18, 2017. http://www.marketwatch.com/story/how-the-us-and-china-could-benefit-from-going-cashless-2016-06-03.
7Monica Adractas, Philip Bruno, Olivier Denecker, Viken Gazarian, Kiyoshi Miura, and Kausik Rajgopal. The road to mobile payments services. McKinsey & Company Report, Washington DC: McKinsey & Company, 2011.
8Bank of America, 15.
9Bank of America, 13.
10Accenture, 7.
11Adractas, 47.
12Accenture, 7.
13Bank of America, 15.
14LaMagna.
15Bank of America, 15.
16Accenture, 17.
17Kenneth Rogoff, "Costs and benefits to phasing out paper currency," Boston: Harvard University, 2014.
18Jim Urquhart, "U.S. Military Probing Digital Currencies in Terror Fight." NBCNews.com September 26, 2014, Accessed December 3, 2017, https://www.nbcnews.com/storyline/isis-terror/u-s-military-probing-digital-currencies-terror-fight-n212371.
19Rogoff, 2.
20Michael Ashton, What's Wrong with Money?: The Biggest Bubble of All, Hoboken, NJ: Wiley, 2016.
21Nicole Perlroth, "In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back" The New York Times, October 23, 2012, http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html, accessed November 15, 2017.
22Jethro Mullen, "South Korea blames the North for cyberattacks that hit banks," CNN, April 10, 2013, www.cnn.com/2013/04/10/world/asia/south-korea-cyberattacks/, accessed November 18, 2017.
23Michael Cieply and Brooks Barnes, "Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm, " The New York Times, December 30, 2014, https://www.nytimes.com/2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html, accessed July 23, 2017.
24Tom Bergin and Jim Finkle, "Exclusive: SWIFT confirms new cyber thefts, hacking tactics." Reuters News Agency, December 12, 2016, http://www.reuters.com/article/us-usa-cyber-swift-exclusive-idUSKBN1412NT, accessed December 17, 2017.
25Reuters, "Bitcoin Worth $72M Was Stolen in Bitfinex Exchange Hack in Hong Kong." Technology News August 3, 2016, http://fortune.com/2016/08/03/bitcoin-stolen-bitfinex-hack-hong-kong/, accessed July 24, 2017.
26Henry Bodkin, Barney Henderson, Laura Donnelly, and Robert Mendick. "Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms." The Telegraph. May 12, 2017, http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/, accessed October 23, 2017.
27Ashton, 42.
28See Table 1.
29Kiklas Arvidsson, "The Route Towards a Cashless Society (The Case of Sweden)," Lecture, Lindstedsvägen, Stockholm, March 17, 2016.
30Sloane Brakeville and Bhargav Perepa, "Blockchain basics: Introduction to distributed ledgers." DeveloperWorks. December 15, 2016, https://www.ibm.com/developerworks/cloud/library/cl-blockchain-basics-intro-bluemix-trs/, accessed January 2, 2018.
31Berke.
32Allison Berke, How Safe Are Blockchains? It Depends. Report. Harvard University. Boston, MA: Harvard Business Review. Harvard Business Review, 2017.
33Joshua William Barron, National security implications of virtual currency: examining the potential for non-state actor deployment. Santa Monica, CA: RAND Corporation, 2015.
34Jordan Tuwiner, "Bitcoin Mining in China." China. June 13, 2017, https://www.buybitcoinworldwide.com/mining/china/, accessed July 24, 2017.
35LaMagna.
36See Table 1.
37Baron, 34.
38Baron, 56.
39Neil Gandal, JT Hamrick, Tyler Moore, and Tali Oberman, Price Manipulation in the Bitcoin Ecosystem, Report, Cyber Research Center, Tel Aviv University, Tel Aviv, IL: Tel Aviv University, 2017.
40Ashton, 43.
41Gandal, 8.
42Gandal, 8.
43Berke.
44Steve Liewer, "Cyber Command now independent." Omaha World-Herald. August 19, 2017, http://www.omaha.com/eedition/sunrise/articles/cyber-command-now-independent/article_fee7e423-5b8b-5ef6-b3c3-e9d8bfb77989.html, accessed January 2, 2018.


US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.