Why are we so confident putting the word “secure” near blockchain? Do we even know what it means?
There is no denying that blockchain is frequently portrayed as an ultimately secure solution in many industries, starting from money transaction, ending with marketing automation. Is blockchain really that reliable? Or could it be that, due to a relatively young age of technology, we haven’t explored all the possible threats?
While tech companies and entrepreneurs debate on what makes blockchain a secure alternative to existing competition solutions, news publishes some interesting stories. Some of them lead us to question blockchain reliability at its very core.
Just recently CoinDesk has published a story about Chinese mining malware that mined cryptocurrency of a general value of $2 million over two years. On 9, July police has arrested 20 suspects. After two years of regular blockchain hacking. Rather late, don’t you find?
Same things happen in the US. When the state of Michigan introduced a bill to punish manipulating blockchain data, they made the first legal attempt to protecting data stored and transmitted through distributed systems. This legislation didn’t just appear out of the blue. Considering the attacks on Verge cryptocurrency and Bitcoin Gold, it only seems logical to take actions to legally punish such attempts.
This leads to a question. If the technology needs to be protected legally, what do we mean by saying that blockchain is secure? Let’s consider 10 reasons of why blockchain community needs a better understanding of a term ‘security’ here.
Reason #1 — Decentralized systems might not be as secure as they seem
The strong case in favor of blockchain technology is that with copies of blockchain being kept on a widely distributed network, there is no one weak point for hackers to target. Such theory might work for smaller systems that don’t rely on mining as much. If everyone can join the network, how do we make sure the safety is not in jeopardy?
The solution here can be a permissioned system, where potential members will be verified. This, however, creates more questions than answers. Who is in charge of determining whether the participants are secure? Who deserves to have that kind of power? Even if it can be implemented, wouldn’t it ruin the beauty of free decentralized systems? There is no clear answer to that just yet.
Reason #2 — Attacks on marketplaces
On December 2017, Nice Hash, one of the largest Bitcoin marketplaces got hacked, resulting in $60 million in losses. It raised an important issue of blockchain operations safety. Technically, it was not the fault of the technology since it was not Bitcoin’s vulnerability that made the attack possible. The weakness in the marketplace itself cost a lot to Bitcoin’s investors.
As blockchain gets more popular, so do third-party marketplaces and distributors but not all of them are safe. They might not be as secure as users or investors would like to think — and the Nice Hash attack just proved it.
Reason #3 — Smart contracts can malfunction
If implemented right, smart contracts can truly answer many of the existing issues in current marketing, sales, investment, development processes (and the list goes on). However, if the contract has a small bug, it can put the signed parties in jeopardy. In 2016, it happened with an Ethereum contract, worth $80 million. Luckily, Ethereum community was able to resolve the issue by making it look as nothing has happened. Developers have written a new version of history where the attack was deleted. As nothing ever happened.
However effective Ethereum’s community measure was, it’s yet controversial. If any transaction can be rewritten this way, couldn’t it negatively impact the value of the cryptocurrency? Such quick-and-dirty fixes might solve a one-time crisis but as to a permanent solution, we need something more transparent and reliable. Ideally, we need to make sure blockchain contracts won’t glitch.
Reason #4 — ‘51’ attack
When the blockchain transaction is made, miners who hold at least 50% of computing power have to verify the attack. If they did, the transaction can pass. Now imagine the situation in which one person or a group of people could concentrate in their hands 51% of mining power. This owner automatically becomes the game changer, acquiring possibilities to pass transactions with that same coin twice, or as many times as needed. This breaks all the rules.
This will never happen, one could think. The history says otherwise. In 2014, Ghash.io pool got close to controlling 51% of mining power which caused many miners to leave the pool — and fear for the integrity of blockchain systems. We’ve seen it almost happening once, there is no indication that the same situation couldn’t repeat.
Luckily, Ghash situation got blockchain community talking about the vivid possibility of such an attack and forced to look into possible solutions. Right now, 51 attack looks unrealistic because cryptocurrency owners learnet to immediately notice abnormal additions to hash rate and neutralize them by adding more power. If someone gets anywhere close even to 40%, it will be definitely noticed and result with more power added.
Is it possible to remove the threat altogether? Not for big cryptocurrencies, like Bitcoin. For smaller ones, there is an entirely different story.
ZenCash has recently suffered the 51% attack and paid a lot for that. Just take a look.
Try researching 51% attack closely and you’ll see that many people don’t believe in the possibility of it happening. Considering that it had already happened more than once, caution doesn’t hurt.
What can be done? It’s crucial to constantly monitor hashing power leaps and jumps to prevent the concentration of 51% in one place.
Reason #5 — The size and complexity of a blockchain network
We’ve already covered that small systems constantly face great chances of 51 attack since miners need less resources to execute it. Bigger networks are safer in that regard but insecure in many others.
Let’s take Bitcoin, for instance. Growing fast, the network becomes considerably bigger every day and not each miner is fully aware of possible threats and technology weaknesses. By sharing cryptographic keys — a mistake inexperienced miners often make, they put themselves at risk — and compromise the entire system.
We have to remember as well that running a huge distributed system requires powerful hardware. If a network grows too fast, infrastructure can fail to support it properly.
So what do we mean by saying that blockchain is secure?
There are massive security issues that yet need to be tackled. Yet there is no denial that blockchain is about as transparent and reliable as technology ever gets. We can either protect our networks from being attacked by controlling hash-power and cooperating with proven third-party distributors or become a cause of an attack.
The best (and the worst) part about blockchain security is its constant growth. As technology develops, it becomes more attractive for hackers. The stikes rise higher, and there is nothing we can do with it. However, we can learn the threats and prevent them with testing and monitoring.
Is blockchain fully secure? No. No technology is.
Can blockchain be secured better? Perhaps. There always are going to be new attacks and new ways to stop them. But as far as technology gets, blockchain really is the definition of security.
And the last thing
Follow our blog to read more materials on blockchain security and development tendencies.