!css

Hacking the blockchain

09/09/2019

Considered as one of the greatest innovations since the Internet, blockchain celebrated its 10th birthday in February 2019 and is at the epicenter of the revolution. According to the World Economic Forum, it could account for as much as 10% of global GDP (gross domestic product) by 2027*.

By definition, blockchain is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.

Its promise of security is one that warrants further focus, however. What could be controversial is that the number of hacks has never decreased? Security is crucial if the entire financial industry wants to benefit from the technology and meet its obligations in terms of investor and banking protection.

If blockchain cannot be hacked, why can crypto currencies be stolen?

There is often a confusion between the technology blockchain and the use of the underlying crypto currency or crypto asset.
A crypto currency is defined as a digital currency stored in a blockchain. The biggest hack in terms of value occurred in its infancy with Mt Gox in 2014 (value of €700m in 2014) and more recently with Coincheck in Japan in January 2018. Every day, individuals are hacked in crypto exchanges and with wallets.

Crypto currencies introduce new concepts with the public / private keys pair and this requires special attention in terms of security.

Education is crucial to prevent hacking and dedicated solutions to store digital assets with cold storage are already in the market. The security of the crypto exchanges is an important element in the choice to store digital assets.

If a financial company moves assets to a blockchain, is there a risk of being hacked? What are the different possibilities and sophisticated techniques?

Since 2009, we have witnessed the creation of many blockchains using different protocols like "proof of work" which is the most known but also "proof of stake" or "proof of authority".

In the case of a public blockchain, transactions are verified and validated by at least 51% of the so-called miners (more than 10,000 nodes in bitcoin2). The "51% attack" or "The Gold Finger" consists in gathering more than 50% of the computing network. A pool of mining in China has already reached 42% of bitcoin computing power3. The potential impact could be to freeze the validation of transactions and to process double spending (buy a transaction and delete a transaction). This method requires huge investment and the community closely monitors such processes, even if an instance of double spending occurred in Ethereum Classic as recently as January 20194.

The potential failure of the smart contract

The smart contract is a piece of computer code running on top of the blockchain allowing the execution of automatic actions. When pre-defined rules are met, the agreement is automatically enforced. From a security perspective, a smart contract cannot be hacked. What could occur however is a failure in the drafting of the smart contract. A recent study5 found around 3%- 4% of smart contracts to be faulty by only checking via an algorithm for the most common exploit possibilities. “The DAO” (decentralized autonomous organization) is one of the key symbol of a fund which has been hacked following the vulnerability of a smart contract for more than US$50M6. The audit of smart contracts before going into production is crucial to secure the process.

...and what about Quantum Computing? 

Quantum computing is based on the principles of quantum theory to perform computation. This will be the era of the modern super computer. Blockchain technology is based on asymmetric cryptography. Quantum development could make the blockchain more vulnerable and more at risk from a security perspective. Quantum is still a nascent technology, but its impact could surpass blockchain technology.

In our digitalized world, security is not optional. Even if we consider that Blockchain is secure enough, nascent emerging technologies and the fast pace of change will remain challenging in the coming years.

 

[*] www3.weforum.org/docs/WEF_GAC15_Technological_Tipping_Points_report_2015.pdf
[2] bitnodes.earn.com/nodes/
[3] www.coindesk.com/bitcoin-miners-ditch-ghash-io-pool-51-attack
[4] cointelegraph.com/news/ethereum-classic-51-attack-the-reality-of-proof-of-work
[5] arxiv.org/pdf/1802.06038.pdf
[6] https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/

 

Find out more about SGSS' solutions