Blockchain: Is It as Safe as You Think?
Blockchain is an encrypted electronic ledger that was developed about a decade ago to protect bitcoin transactions. The system records every key action or decision in a business transaction or process, in chronological order. Because the database has no centralized entry point and is distributed across a network of computers, many experts say it cannot be hacked. Its reputation for safety and security and its ability to streamline complex business processes and make them more transparent has brought blockchain to the attention of other industries, including manufacturing. Manufacturers are especially interested in using blockchain to manage the supply chain and protect themselves and their customers from counterfeit products.
For these reasons, many companies are investing millions of dollars to build their own blockchains. For example, in July 2018 the International Data Corporation reported that global spending on blockchain technology will exceed $11.7 billion by 2022.
This investment figure shows growing confidence in blockchain technology, but is it as safe as many experts claim?
The answer is no.
Hacks and theft in the bitcoin industry, which conducts business through blockchains, have been going on for years. For example, “a whopping $9 million is stolen from crypto wallets every day,” says George Waller, CEO of BlockSafe Technologies. “Even the best exchanges can’t protect themselves from being hacked. As of June 2018, $1.1 billion had already been stolen in cryptocurrencies in 2018.”
Although blockchain is still considered to be one of the most secure transactional systems available, hackers have become skilled at exploiting vulnerabilities within blockchains and the electronic devices we use to connect with blockchains. Hacking risk depends on multiple factors, including the size and complexity of the blockchain system, as well as the perceived value of what is being hijacked.
Below are four main vulnerabilities that hackers use to penetrate a blockchain system:
- Private keys. Authorized users access a blockchain with a private “key,” which is protected with a password, which may not be secure. Just as with a standard computer system, simple passwords can be hacked. “Reusing passwords, falling victim to phishing scams, careless website operators, and negligent employees continue to be the most dangerous points of failure,” says IT expert James Risberg on Coincentral.com.
- 51% attacks. If hackers control more than 50 percent of a blockchain’s network processing power, they can highjack the main blockchain, according to the McAfee Blockchain Threat report. These “majority” or “51-percent” attacks are easier to achieve with smaller, less complex blockchains, including those that are used to manage inventory or other critical data.
- Smart contracts. Smart contracts automate many blockchain tasks, but they are only as secure as the code that is written to protect them. If the code is easy to hack, cybercriminals can infiltrate the blockchain through the smart contract and steal or divert wealth. This risk is reflected by a study from the National University of Singapore and University College London that analyzed 3,759 contracts and found 3,686 were vulnerable to hacking.
- Malware. Hackers can attach malware to a blockchain transaction made by an authorized user, which then infects the blockchain and can monitor data transactions or steal information. One way to reduce the risk of malware is to install “content agents that scan everything entering the blockchain and prevent malware from making its way into the blockchain,” says Waller.
Keeping Up with the Bad Guys
Blockchain is a rapidly evolving technology. Most security vulnerabilities are patched up quickly. Even though blockchain platforms are fairly secure, “the platforms on which we keep the keys to high-value crypto-assets are nowhere near secure enough,” says Emin Gün Sirer, an associate professor in computer science at Cornell University.
This vulnerability, combined with the inadvertent exposure of sensitive information through careless security practices, makes human error the easiest point of entry for cybercriminals. Most attackers prefer to exploit the operational security failings of humans, rather than directly attack the blockchain. “Dutch and Singaporean researchers found that such ‘op-sec’ incidents represent two-thirds of publicly disclosed security breaches in their survey of blockchain security incidents,” states Sirer.
New and/or existing technologies must be deployed to improve the security of blockchains. For example, Sirer’s research group has developed “vaults” that better protect keys from hacking, which are already being adopted by second-generation blockchain platforms.
Sirer indicates that, to stay competitive, businesses must get serious about blockchain’s vulnerabilities and invest the necessary time and resources to secure their networks. Even with existing blockchain risks, “every technological company will have to use blockchains within 10 years,” he adds. “If not prepared, it will be an extinction-level event for many businesses.”