· 3 min read

Once Hailed as Unhackable, Blockchains are Now Being Hacked

John Winchcombe
John Winchcombe · Editor
Once Hailed as Unhackable, Blockchains are Now Being Hacked

As the use of Distributed Ledger Technology (DLT) based on blockchain grows, it is worth returning to an old story reported in an MIT Technology Review in February 2019.

It reported a hack of Ethereum Classic, a cryptocurrency traded on Coinbase’s exchange platform. The attackers had gained control of over half the network’s computing power and were trying to rewrite the transaction history. The aim was to be able to send the same cryptocurrency more than once.

On that occasion no currency was stolen, but the article lays out the seldom talked about vulnerabilities of blockchain and DLT. Whether a cryptocurrency, another asset type or a Central Bank Digital Currency, the security challenge is significant and real.

Vulnerabilities

The first potential weakness lies in the nodes. There is a risk that the node operators might attack the network for personal gain rather than working to secure it. To stop that, a mixture of cryptography, game theory and economics is used to incentivise them to protect it.

The protocols are designed to make it hard, and expensive, to add false transactions but reasonably straightforward to verify valid transactions. The challenge amongst all the layers of complexity is not to make a mistake when they are set up.

Whether trading cryptocurrency or running a node, it is necessary to run a software client. These are another opportunity for the criminal to find weaknesses. There are a number of examples where poor basic security practices have allowed criminal attacks.

The Ethereum Classic attack at the start of this article, also known as a 51% attack, saw a miner gaining control of the network’s mining power so that they can send other users payments, but also create an alternative version of the blockchain where the payment never happened.

In this sort of attack, the attacker seeks to make the new version of the database the authoritative version so that they can spend the cryptocurrency again. It has been extremely expensive to get hold of enough computing power to do this but there is now a secondary market where people rent out their computing power, hashrate marketplaces. This has lowered the cost significantly.

Smart contracts are used to enact legal contracts or to set up complicated financial transactions. Unfortunately, if a bug can be introduced into the programme fraud can happen but, because transactions on a blockchain cannot be undone, the consequences are hard to unravel.

One approach is to write a new contract to interact with the existing contract. It is also possible to build in the ability to stop all activity if a hack is discovered. It is also possible, of course, to create a fork that rewrites history, to go back to the moment before the attack happened, but everybody on the network has to agree to use it.

Final thought

It is easy to regard blockchain and DLT as mysteriously secure and wonderful. This MIT Technology article is clear that it is vulnerable in a large number of places. The weaknesses may be unintentional or not, but there are a lot of ‘moving parts’ interacting together which have to be aligned to be secure.

Given the sums of money involved, the global nature of the systems and the ability quickly to move and change the cryptocurrency into other forms of value, the only certainty is that the criminals will be active and there is much evidence that his is happening.

www.technologyreview.com/2019/02/19/239592/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/

Subscriber content

Read the full article

Full access to Cash & Payment News articles, newsletters and archives.

Sign Up to Cash & Payment News Weekly

Receive regular updates on the latest news and articles posted on our website.