Mythbusting: SPV is not secure
There are still a lot of misconceptions out about SPV wallets, people make it seem like they are less useful than they are, and this is a shame.
SPV wallets are wallets with “Simplified Payment Verification”. A term that actually shows up in the original Bitcoin whitepaper from Satoshi Nakamoto.
SPV wallets do validate, but they validate less. In non-technical terms the difference is simple:
Miners and full-node running businesses validate everything. Each and every transaction on the chain.
SPV wallets validate that they are actually looking at the same chain as the miners.
The myth we hear is that this deferred checking is not safe. The idea that if you don't check 100% of the transactions, somehow people can take your money.
Tl;dr It is incorrect to say that there is trust in the miners. Instead the trust is in the coin itself being secure and the entire ecosystem of the coin being healthy.
What we know is that miners validate each and every transaction. They must because if they create a block that spends money twice, or creates money out of thin air, the result is that the rest of the world will reject their block. And if nobody accepts the block, they can't cash in their payment they received for making the block.
What naturally follows is that a healthy coin, and its chain, has an ecosystem surrounding it made up of plenty of people and companies. For starters a lot of exchanges and a thousands of miners. Those exchanges will reject any bad transactions in a chain because of purely selfish reasons. They could lose money if they don't check every single transaction on the chain, like miners do.
Then the SPV wallets will validate that they are following the full chain of their coin of choice. Since they don't check every transaction they trust that there are enough people, like those exchanges I mentioned above, who do fully check the chain.
The SPV wallets don't just trust miners, they trust every company observing those miners to have enough selfish reasons to keep the chain healthy and sane. Because the moment one of those 1000s of miners starts to cheat, it is cheaper to eject that one miner from the ecosystem than to just declare all your money in that chain lost due to the value and trust drop that would follow.
The world is full of selfish people that would rather tell someone to leave than to lose money by being complicit in their cheating. I would argue that this is the normal state of people and it is what builds societies. Because selfish people together can definitely create a lot of value. Bitcoin was smartly designed to make this the norm. Where it is more socially accepted to reject cheaters than in it is in society as a whole.
An SPV wallet owner, then, trusts in a coin's ecosystem. Which, frankly, is no different than any other company or person using that coin.
The only difference is one of risk. As we shown above, the risk is not about a single payment being stolen from you, the risk is about the entire chain becoming corrupted and losing value. A situation that is very easy to avoid by running a full node and running your business on it. As exchanges and companies like bitpay do. The only risk for an SPV wallet is when there are not enough people keeping miners in check.
For a chain like Bitcoin Cash this risk is currently laughable. Nobody worries about that. Other chains may have a different risk assessment of using SPV.
But for the Bitcoin Cash chain the myth is clearly busted as the ecosystem is healthy, very wide-spread and growing in numbers.
Myth busted: it is incorrect to say that there is trust in the miners. Instead the trust is in the coin itself being secure and the entire ecosystem of the coin being healthy.