What if somebody steals a bitcoin?
Bitcoin has seen a lot of chaos in the last few months, including being banned in several countries, the fall of the Silk Road, and biggest of all, the collapse of Mt. Gox, which was for much of Bitcoin's early history, the largest (and only major) exchange between regular currencies and bitcoins. Most early "investors" in bitcoin bought there, and if they didn't move their coins out, they now greatly regret it.
I've been quite impressed by the ability of the bitcoin system to withstand these problems. Each has caused major "sell" days but it has bounced back each time. This is impressive because nothing underlies bitcoins other than the expectation that you will be able to use them into the future and that others will take them.
It is claimed (though doubted by some) that most of Mt.Gox's bitcoins -- 750,000 of them or over $400M -- were stolen in some way, either through thieves exploiting a bug or some other means. If true, this is one of the largest heists in history. There are several other stories of theft out there as well. Because bitcoin transactions can't be reversed, and there is no central organization to complain to, theft is a real issue for bitcoin. If you leave your bitcoin keys on your networked devices, and people get in, they can transfer all your coins away, and there is no recourse.
Or is there?
If you sell something and are paid in stolen money, there is bad news for you, the recipient of the money. If this is discovered, the original owner gets the money back. You are out of luck for having received stolen property. You might even be suspected of being involved, but even if you are entirely innocent, you still lose.
All bitcoin transactions are public, but the identities of the parties are obscured. If your bitcoins are stolen, you can stand up and declare they were stolen. More than that, unless the thief wiped all your backups, you can 99.9% prove that you were, at least in the past, the owner of the allegedly stolen coins. Should society accept bitcoins as money or property, you would be able to file a police report on the theft, and identify the exact coin fragments stolen, and prove they were yours, once. We would even know "where" they are today, or see every time they are spent and know who they went to, or rather, know the random number address that owns them now in the bitcoin system. You still own them, under the law, but in the system they are at some other address.
That random address is not inherently linked to this un-owner, but as the coins are spent and re-spent, they will probably find their way to a non-anonymous party, like a retailer, from whom you could claim them back. Retailers, exchanges and other legitimate parties would not want this, they don't want to take stolen coins and lose their money. (Clever recipients generate a new address for every transaction, but others use publicly known addresses.)
Tainted coin database?
It's possible, not even that difficult, to create a database of "tainted" coins. If such a database existed, people accepting coins could check if the source transaction coins are in that database. If there, they might reject the coins or even report the sender. I say "reject" because you normally don't know what coins you are getting until the transaction is published, and if the other party publishes it, the coins are now yours. You can refuse to do your end of the transaction (ie. not hand over the purchased goods) or even publish a transaction "refunding" the coins back to the sender. It's also possible to imagine that the miners could refuse to enter a transaction involving tainted coins into the blockchain. (For one thing, if the coins are stolen, they won't get their transaction fees.) However, as long as some miner comes along willing to enter it, it will be recorded, though other miners could refuse to accept that block as legit.
How would coins get into this database of tainted coins? At one level, anybody could declare any coins they once owned as tainted. If the database were widely used, this would destroy the value of those coins until the tainting was undone. This is unlikely to happen, as it's a lot of power to give to the senders of coins. People would not like the idea that they might accept coins and then learn that the person who owned them 10 transactions ago has tainted them on a whim. While tainting coins would not get your money back from a bad transaction, many people would still do it as revenge for defective products or even bad customer service. The bitcoin community strongly protects the pseudonym privacy concepts in the system, but allowing unidentified people to taint coins is unlikely to work.
It would also be possible to allow only police departments to taint coins, doing so only after a police report has been filed. Filing claims with police is not anonymous, and filing a false report is a serious offence. If it were known that coins had been reported stolen to the police, you can see merchants and even miners unwilling to touch those coins. Presuming the police accept bitcoins as property, you could file such a police report today, and it would give you the power to get your coins back if you ever identified a later owner, with or without a tainting database. The community might even want the database to avoid the risk of taking stolen coins. And most people would like it to not be productive to steal coins.
Such a system is still a tall order. The Bitcoin systems is proud of how it works outside the realm of governments, and the idea of an "official" ability to mark coins by police departments is at odds with many of those principles. In addition, bitcoins are trans-national. What does it mean in the Cayman Islands to receive a bitcoin reported stolen in Libya?
What if the police expanded their powers, and started tainting coins which are suspected of being used in illegal transactions such as drug purchases? Or money laundering? (White hat money laundering is common in the Bitcoin world, but the police don't see it that way.) Should the police taint coins used to pay kidnappers or extortionists?
A tainted coin database could also be run by trusted 3rd parties, who only enter coins when a victim comes to them and shows them a police report that meets the requirements. These parties would have to themselves be beyond the reach of governments wishing to control the Bitcoin system. (That's actually doable, you require all entries to be signed by agents residing in a diverse set of countries.) But again, the Bitcoin community is not keen on using the "trusted third party" approach.
Not a new suggestion
As you might expect, tainting databases and blacklists have been proposed before, and generally been rejected for a number of the reasons I have outlined above. (Mt.Gox at one point blacklisted accounts involved in alleged theft.) In addition to those reasons, in the natural course of heavy transaction flow, bitcoins are combined and mixed so that the coins in any given transaction come from many sources. Over time, transactions will consist of some fraction of tainted coin and some of clean. As the tainted fraction drops, the value in recovering it for the victim becomes less and less. Stores might not refuse a payment where 1% of the coin is allegedly stolen. After a while, the only clean coins might be the unspent original mining blocks.
Thieves, of course, can exploit this, deliberately mixing their stolen coin with clean coin as quickly as possible. Various bitcoin mixing "laundry" sites exist to make this easy -- not for thieves, but for people generally interested in protecting privacy of their transactions. In addition, regular transactions, particularly gambling, done before the theft is reported can leave the coins widely dispersed. Thefts would need to be reported very quickly to avoid this.
This could be "solved" with a system that just arbitrarily declares that in any transaction combining tainted and clean coins, the taint is distributed to the first component of the output. Thus if you took one clean coin and one tainted coin, and had 1.5 coins of output and 0.5 coins of change back to you, 1.5 would be 2/3 tainted and the 0.5 would be clean. (Or any other arbitrary rule.) This would make it more difficult to mash-up coins, and also possible to create "division" transactions would would result in one 100% tainted output and another 100% clean output.
However, the Bitcoin community has been resistant to these approaches. There is a strong sentiment that Bitcoin is not designed to make government action upon it, even law enforcement, easier. That's because while almost everybody doesn't want people stealing coins, they expect governments to wish to do far more than deter theft. They expect them to want to go after transactions for illegal goods, money laundering, tax evasion, currency control and more. There is also a strong devotion to the idea that the currency should be fungible -- that one coin is no different from another. A tainting database interferes with that.
But it is possible this might change with a theft of this scale -- over 6% of the entire bitcoin supply. (In fact that's so grand that if it had been done all at once, a restatement of the block chain by a majority of miners could be done. Such a restatement is extremely difficult, but not impossible in extreme situations.)
If nothing does happen
If there is no solution to theft in the Bitcoin system, the external world will still proceed as you might expect. Police reports will be filed. Databases of the 750,000 allegedly stolen coins and other thefts will be published. Watchers will watch these coins move through the system and keep track of what happens to them. Some people will notice they have fragments of the coins and have to decide what to do. They might say nothing or prefer ignorance. They might return them. They might spend them or launder them. They might launder them and then report them stolen: "Sorry, suckers." If this develops into a frequent event, the momentum for a tainting database might grow sufficiently large.
From a technical standpoint, a great place to put the tainted coin list would be the blockchain itself, but that's unlikely to happen. It could only work if most miners wanted to accept and enter tainting transactions. Of course, if the tainting transactions came with transaction fees (from clean coins) they might well do it.
The particular theft problem
As I alluded to at the start, there is a particular vulnerability to theft in Bitcoin because of its structure. If somebody breaks into the systems with your wallet, they can send your coins to an anonymous address. If you want it to be easy to spend coins from your computer or your phone -- and you do -- it means it's easy for anybody who can break into those devices to steal them. If you leave them offline, they are not easy to spend, and like cash in a mattress they can be stolen for good as well. If you encrypt them offline, you will need to maintain another path to the keys in case you forget the password or if you want the coins to be passed to your heirs after death. To escape these fates, you can put your coins in a bank-like institution, giving up some of the distributed system virtues of Bitcoin, and trusting that institution to protect them -- which Mt.Gox did not. This extra vulnerability to theft in Bitcoin may eventually call for it to have a system to deal with it.
I should note that while the alleged theft is huge, most of the bitcoins stolen were bought (and stolen) when the price of bitcoin was much lower. Even so the heist is huge. The only bigger ones have involved art, bearer bonds and the billions of US cash sent to Iraq. And those heists teach lessons about putting money in cash and bearer bonds. It is bad if this one teaches people to avoid digital money -- which may be the case if it's not corrected.
More details in this follow up post.