Bitcoin is a trustless consensus system with no central authority. When you make a payment and it is confirmed into the blockchain, it is not feasible to have a "chargeback" unless the person you paid pays you back themselves. Over the years there have been many losses of money through hacks, scams, software failures and other incidents. (1.1) It is important that Bitcoin investors, users and developers understand these risks so they can be mitigated.

Investing Risks

Bitcoin

Bitcoin is a volatile asset. There is no promise that you won't lose all of your money when you buy bitcoin. In general, it is a good idea to understand something before you invest in it. In short, Bitcoin is a deflationary internet currency that requires a consensus system to work. This consensus system only works if a sufficient number of miners have the proper incentives to be honest. This means before buying bitcoins you should answer the following questions for yourself:

  • Is deflation problematic or not? Is it problematic to the point that it will cause Bitcoin to fail?
  • How does the Bitcoin consensus system work?
  • Are the incentives of Bitcoin miners and other users in the system sufficient for consensus?
  • Can Bitcoin gain sufficient merchants and users to sustain itself?
  • Is there some other reason Bitcoin might fail?

When buying bitcoin, one should be aware of the risks that come with someone else holding their money. To reduce risk, your bitcoins or dollars should be traded on an exchange that you have researched and trust. Ideally, fiat and bitcoin should be on the exchange for as little time as possible.

Being a pseudonymous currency where users have little recourse if their money is stolen, Bitcoin attracts scammers. There have been many scams and thefts involving Bitcoin. Before giving someone else your money consider whether the offer is too good to be true, whether you can trust the potential bitcoin recipient and what your counterparty risk is.

Some common scams or ripoffs are cloud mining, which usually only returns a fraction of what you pay them, and altcoins which often advertise themselves as being the "next big thing" and claim to solve some problem in Bitcoin, by breaking the security model. (4.1)

Use Risks

Once you have bought or earned Bitcoins, keeping them requires that no malicious party can spend the bitcoins in your wallet. If your computer is infected with malware then any time you decrypt your wallet the malware could potentially steal from you.

Wallet Types

Once you have chosen a wallet to use, you must create and use it securely. Bitcoin.org has a tool to view the security problems and benefits of many wallets.

Paper Wallets

A properly created Paper wallet removes the risk of theft-by-malware.

Centralized services

One of the main advantages of Bitcoin over traditional currencies is the lack of a requirement to trust someone else to own currency (trustlessness). When you give your money to a web wallet such as Coinbase, you are at risk of theft or some other form of loss. (8.1) Services like Coinbase own your bitcoins and display a balance for you, but you aren't guaranteed to be able to spend that balance, you are trusting them.

There are web wallets that don't store your private keys such as ?blockchain.info. However there are still many risks involved, the service could

  • withhold your private keys and extort you
  • send you malicious code that steals your money
  • lie about a payment to you costlessly
  • correlate your IP address with your transaction
  • have broken Javascript cryptography unintentionally

Blockchain.info is particularly bad in terms of security and ethics. It is strongly recommended that individuals and businesses don't use them. They have had large thefts (8.2) and vulnerabilities that allow attackers to lie about payments. (8.3)

Local Wallets

SPV thin clients allow you to have a secure wallet with the assumption that the majority of the mining power isn't malicious. These clients verify that a block exists and there was sufficient work done on it, but not that it was valid. Not verifying a block takes orders of magnitude less disk space, bandwidth and processing power, however if a miner has a significant portion of the network hashrate, they can send you an invalid blockchain that has had more work done on it than the valid mainchain. This invalid blockchain might contain an invalid transaction that pays you money that doesn't exist. It is expensive to use a large portion of the network hashrate to attack, so SPV clients may be considered to have a "good enough" level of security for small payments.

If you are handling a large amount of money, you should use a full-node client that verifies every block, such as Bitcoin Core. When a payment is made to you, it can be reversed with some probability by an attacking miner. As you receive more Confirmations it becomes exponentially more expensive for an attacker to reverse a payment to you. Unconfirmed transactions have no guarantee and can be doublespent for free.

If you use a full node with a consensus reimplementation such as btcd, there is a risk you will lose consensus with the rest of the network and be vulnerable to attacks cheaper than attacks on SPV clients.

Improper Handling Of Money

Address reuse should be avoided, addresses should be used as invoices. The use of "From addresses" (which don't actually exist (10.1)) cause confusion, there is no guarantee that a payer controls this address and paying back to it may cause loss of funds.

Anonymity

Bitcoin is not anonymous, it is pseudonymous. If you reuse addresses you will link your private payments together. If your software redeems multiple transactions paid to you to form a single transaction, as is it typically does, the redeemed transactions may be correlated.

Development Risks

Using the Testnet is recommended. The Bitcoins on this network are designed to be valueless and there is no risk of monetary loss if your software has unexpected behavior while testing. If none of the faucets are working you can ask for testnetcoins on Freenodes #bitcoin-dev.

Your software should NOT use the gettransaction API call to verify that payments are in the blockchain due to transaction malleability. Instead you can use listsinceblock.

Your businesses software should not handle others money in most cases. If you are planning on handling others bitcoins, the system should be developed by a professional developer with a strong understanding of cryptography and bitcoin.

References

1.1: List of events by BTC value lost
4.1: A Treatise On Altcoins
8.1: List of events by BTC value lost
8.2: GENTLEMAN HACKER RETURNS STOLEN BITCOINS TO BLOCKCHAIN.INFO
8.3: Blockchain.info Bug Took One Month to Fix
10.1: There Is No 'From' Address