Enhancing security in large-scale networks is paramount to remaining safe and secure online. Blockchain is the future, however, it doesn't come without those willing to take advantage of its revolutionary technology.
What should you be aware of when delving into Blockchain?
Countless attacks have been made against several crypto exchanges which, in aggregate, have cost people over $1.7 billion. These attacks were usually perpetrated against exchanges’ cyber-apparatus. For example, hackers target exchanges’ ‘hot wallets’ (internet-connected applications used to store customers’ private keys). For hackers, these touchpoints between blockchains and real-life utility are chinks in the armour of blockchain.
Poorly designed blockchains might also be vulnerable to ‘Sybil attacks’. If a network relies on a numerical majority of nodes, it can be overpowered by an attacker using spoof nodes such that they outvote the honest nodes. The attackers can decline to transmit or receive blocks, stopping others from participating in the network.
Hackers have also targeted smart contracts encoded onto blockchains. In 2016, hackers stole around 3.6 million Ether, exploiting an overlooked vulnerability in a smart contract on the Ethereum blockchain. Ethereum’s software engineers ‘reclaimed’ the stolen Ether by rewriting the blockchain so that the Ether was never stolen. In other words, they ‘hard forked’ − a controversial move, to say the least.
Similarly, where contracts can be self-executing, such as a smart contract, a more simplified code may be used which leaves it more vulnerable to attack as no human intervention is required to complete a transaction.
Blockchain technology may not be a good fit for small-scale systems designed to use little processing power, since an uneconomical amount of processing power might be expended in making it secure. This potentially precludes a significant chunk of the Internet of Things from exploiting blockchain technology’s cybersecurity features.
Financial markets infrastructure:
On a related note, the findings of De Nederlandsche Bank’s recent experiments with blockchain technology could indicate that blockchain is not yet fully capable of responding to the needs of financial markets infrastructure. It found that the most significant limitations are inadequate capacity and excessive energy consumption. Nevertheless, the findings did indicate that financial markets infrastructure would be less exposed to cyber-attacks through the integration of blockchain technology.
Most cybersecurity systems use a trusted, centralised authority to verify data; but, as explained, blockchains are decentralised and do not need the trust or authorisation of any one member, because every member has a copy of the history of the chain and information is added only via consensus. There is no single point of failure – the cryptographic security of each block is verified by the network, rendering it difficult to hack.
Centralised cybersecurity systems are at higher risk because hackers can concentrate their efforts on the one rather than the many. Also, using a majority of identities following the Bitcoin protocol leaves the blockchain open to Sybil attacks because it is easy to create fake identities.
Despite the potential dangers of using Blockchain, it should be made apparent that Blockchain is a growing success within the crypto industry. Whilst we should be made aware of the negative consequences, we can celebrate and advocate the many benefits it brings such as immutability, security and traceability.
This blog was written by Derek Stinson.
For all questions regarding the topics raised in this blog, please contact a member of our team of digital asset legal experts.