Despite early hype, hackers find holes

Blockchain emerged as the foundation for a new generation of secure transactions. While supporters positioned the technology as hacker proof, holes have emerged. Consequently, consumers and businesses need to ensure that security checks are in place whenever they use the technology.

Blockchain has strong security attributes, which is one reason why it is becoming more popular. Market research firm International Data Corp. expects that blockchain spending will grow from $1.5 billion in 2018 to $12.4 billion in 2022, a compound annual growth rate (CAGR) of 76.0%.

Why is there so much interest in blockchain?

A problem with traditional system design is their central focal point. They were built when computers relied on central processors, typically housed in one server. For the bad guys, breaking into one system was straightforward.

Nowadays, servers work in a distributed fashion, with many microprocessors tied together via network connections to provide tremendous processing power. Despite the recent shift in hardware, application development continues to take a centralized approach, which is easy to compromise.

Enter blockchain, which was built from the ground up in a distributed fashion. Because updates must occur on multiple systems, altering code becomes more challenging.

As a result, blockchain is less vulnerable to traditional attacks, like Denial of Service and routing attacks, as legacy solutions.

Making new inroads

However, new hacking techniques have emerged, and some use blockchain’s distributed design against it. Blockchain is built on a model where a community determines what changes are made to the infrastructure.

  • Blockchains become susceptible to fraud

A seeming majority of participants can conspire against the minority, a shortcoming is known by names like a majority attack or the 51% problem. For instance, recursive calling occurs when hackers create multiple events, some of which cancel others out. A number of cases have arisen.

In 2015, Coinwallet.eu, a wallet cryptocurrency company, demonstrated a large scale spam attack. The company sent tens of thousands of tiny transactions simultaneously at the Bitcoin network and created a massive backlog.

  • Double spending is a way to defraud cryptocurrencies

Here, a criminal submits multiple transactions to the chain. They reset a blockchain to a point prior to their withdrawal, erasing their debit from the transaction history. The attacker then uses the coins again.

In the second half of 2016, a group known as the 51 Crew tried to use the technique to blackmail Ethereum cryptocurrency companies. In June 2016, DAO, a venture capital fund operating through a decentralized blockchain, lost about $60 million in digital currency, or about 1/3 of its value, through a code exploit. The hacker replicated its money about 40 times.

Design flaws: quick look into cases

In other cases, holes stem from flaws in a supplier’s security checkpoints.

  • Coindash, a bitcoin payment supplier, was compromised. A hacker changed the address and rerouted donations to a third party.
  • Parity Issues, a United Kingdom cryptocurrency wallet provider, encountered a few problems. A vulnerability in its multi-signature software enabled third parties to take money from user accounts. Another bug froze hundreds of millions of dollars in cryptocurrency before it was remediated.
  • Blockchain Enigma encountered a few security problems: Its marketing materials, website, mailing list, and administrator account, were compromised. Hackers also launched a fake token pre-sale, defrauding potential investors of more than 1,500 others.

Emerging potential with siginificant holes

Blockchain is an emerging technology, one with tremendous potential because of its modern, distributed design. The early supporters oversold the system’s security by touting it as impenetrable. Yet, blockchain has holes and users need to be aware of them by taking steps to protect themselves and their assets.