Breaks in the “Unbreakable” blockchain

Breaks in the “Unbreakable” blockchain

If data is the most prized sword today, Blockchain is said to be its cover. The Blockchain technology powers and supports the digital currency universe. Cryptocurrencies of all kinds make use of distributed ledger technology known as blockchain. The technology acts like a decentralized system (open to all peers on the network) for recording and documenting transactions involving a particular digital currency like Bitcoin and Ethereum. The biggest selling point of Blockchain has been its secured network. Often called ‘unbreakable’, the technology has a ‘distributed ledger’ program that allows people to record their transactions in secured cryptic ‘blocks’ and then add them up in a sequential manner, thus, the term ‘blockchain’. The ledger is distributed across all channels of the network and that makes the technology ‘safest’ to use. The transactions are recorded online anonymously, without identifying user data, doing away with the risk of divulging one’s identity and transactions conducted online. Along with its ‘cryptographic fingerprint’ and ‘consensus protocol’, hackers cannot break in the theoretically unbreakable vault.[1]

The technology is currently worth $1.2 billion and its growth is predicted to increase by 69% by 2025 with an estimated worth of $ 57 billion. [2] Taking into account the World Economic Forum’s survey prediction, 10% of the global GDP by 2027 will be contributed to by blockchain technology.[3]

However, in recent times, the myth around the technology’s strong encryption, it being the safest and smoothest way to transact has been broken. The largest Bitcoin exchange at the time, Mt. Gox, witnessed a half-billion dollar robbery in 2014. In 2016, $60 million worth of Ether (value token) was stolen and redirected to a hacker’s account. In 2017, the Bitcoin industry saw the second largest money heist ($ 72 million) at the Hong Kong based cryptocurrency exchange platform, Bitfinex. And in 2019, the digital currency market hit headlines with a loss of $1.1 million on the Ethereum Classic blockchain. [4]

These big corporate frauds have caused a major misconception to run in the market that the entire blockchain has been hacked. When in reality, parts of the system that are vulnerable to attack (like digital wallets) have caused major losses to the industry. Accenture has identified security threats within a blockchain ecosystem into three main categories: endpoint vulnerabilities, untested code and third-party risks.

In 2017, when hackers took off with $500 million from the Tokyo-based cryptocurrency exchange Coincheck Inc., the company admitted of having kept customer assets in a hot wallet, which is connected to external networks. [3] Digital wallets like devices or the client-side of application where humans and technology meet are part of endpoint vulnerabilities; the easiest way to attack any technology. Any attack on them means compromising user’s password, or physical access to their phone and customer. With access to the user’s account the fraud can be committed without setting off any external alarms, and the public permission less blockchains’ permanence makes it difficult to correct the breach if and when found out. While hot wallets are connected to internet for storing private cryptographic keys, cold wallets are not connected to the net, making them difficult to hack into. Cold wallets are further secured with the use of HSMs (hardware security models). It is not completely possible to secure endpoint vulnerabilities as real-life events like phishing, theft or kidnapping can make such attacks palpable.

The $60 million robbery of value token Ether (2016) happened because of a code that was not tested enough to be foolproof. Even when the code was identified, it was not fixed in time and the DAO program of the Ethereum network suffered a massive loss. While the original blockchain code by Satoshi Nakamoto has to this day been unbreakable despite a theoretical bounty of $220 billion; as newer technologies compete to launch applications in the market, developers fail to test the code properly resulting in creating a loose-end in the blockchain ecosystem.

Similarly, the Bitfinex hack of Hong Kong suffered because of the third general security flaw; third-party risks. It was poor architectural security flaw on the part of the cryptocurrency exchange that despite storing assets in cold assets BitGo (a storage wallet service), $72 million was lost when hackers made requests to BitGo wallets to send those assets to their private wallets.

As technology advances, there has also been a buzz around the threat that quantum computing can pose to blockchain and date security. Quantum computers, using quantum mechanics, can solve equations that a regular computer will take years to do. Blockchain exists on the very premise of cryptography to keep its data safe as computers have not the power to resolve such complex numbers quickly. When these computers come into being is still distant in future even though major tech companies and governments have started to work on quantum-resilience, there are many variables that can always be looked into when designing a security system to protect the entire blockchain stack. Positioning security simply as a standard operating procedure will only be harmful for the digital currency market that estimates to grow by leaps and bounds in the near future.

1. https://born2invest.com/articles/secured-unbreakable-blockchain/
2. https://www.techtimes.com/articles/246148/20191122/can-quantum-computing-break-the-blockchain.htm
3. https://www.coindesk.com/world-economic-forum-governments-blockchain/
4. https://www.accenture.com/_acnmedia/pdf-96/accenture-blockchain-technology-security-pov-digital.pdf