Yes, Anyone Can Hack The Blockchain
In today’s ever evolving and interconnected world, the concern over the security and privacy of digitized data has never been higher. The idea of being secure on the web is fought for, but in many cases not expected. More often than not, news of data breaches reach public eyes and it is not pretty. Those that we have trusted with our data make errors, and those errors by the few have a momentous impact on consumers. Centralized systems have gotten us this far, but they will not be enough to protect us moving forward into the future.
Blockchain technology solves these problems by removing the trust involved in the storage, access, and transference of digital content. Instead of having the power in one place, the power is spread out and cryptographically secured across the entire network. Cryptography ensures that every piece of data protected by specific code-based-protocols. Blockchain puts the power in the consumers hands.
As powerful as blockchain technology may be, they are not immune to cyber-attacks. Since the beginning of the internet, technological systems have had exploits, glitches, and points of weakness. Blockchain is no exception. Let’s talk about what causes these weakness.
Users on a blockchain
If we want to understand how a blockchain can be compromised, we need to know who is using the network. There are three kinds of participants on a blockchain network. On a blockchain you have peers, nodes, and miners.
Peers are the people transacting on the network. These peers could be transacting data, records, signatures, or even Bitcoin. A node is a complete copy of the blockchain. This copy contains all transactions since the creation of the network. A miner, on the other hand, creates blocks in the chain, which then the nodes make a record of.
Basically, the miner works on transactions by coming up with the answer to a math problem, which is referred to as a hash. How do they find the hash? By guessing at random. The system makes it impossible to predict what the hash will be, so miners guess and check. For example on the Bitcoin Blockchain, Miners spend about 10 minutes working on the equation. Once solved, the nodes record it and then miners move to the next block. In return for keeping the blockchain up and running, miners are paid in Block rewards. The first miner to solve a block is payed newly minted cryptocurrency.
The 51% Attack
The security of a blockchain is heavily dependent on the computing power supporting it. The blockchain will always be secure as long as a majority of participants in the network collectively control more computing power than any cooperating group of attackers. There is always the threat of an attacker gaining control over a majority of the computing power on the network. If an attacker manages to acquire more than 51% of computing power on the network, they will be able to mine blocks faster than the rest of the network. This is where double-spending comes in.
Double-spending is hacking the blockchain. When an attacker double-spends, they will submit transactions to the blockchain, receive the funds that transaction pays for, and subsequently using the majority computing power to create a new version of the blockchain at a point prior to the transaction. This basically erases that particular transaction from the chain’s history, allowing the attacker to transact with the same coins a second time.
By gaining a majority of the computing power, an attacker would not be able to create new coins, access addresses, or compromise the blockchain in any other way. The biggest impact with having a 51% attack is the loss of confidence in the network. Due to the double-spend, the particular currency being transacted with on the network would also plummet in value due to sudden supply inflation.
Here’s why a 51% attack rarely happens
This sort of attack is extremely expensive. Major blockchains like Bitcoin or Ethereum have little to fear from a majority attack due to that fact that any attacker with the vast majority of computing power would have more incentive to simply use the power to mine all of the blocks and receive Bitcoin as the block rewards. As of July 6th, the hardware cost to compromise the Bitcoin blockchain totals to $6,184,569,984. After hardware costs, the attack would then consume 85,037,837 KWh per day($4,251,891 per day). So it is possible.
Through some badly written code, this hack is so infamous that it haunts the Ethereum project to this day. The DAO (Decentralized Autonomous Organization) was a leaderless organization built using Ethereum smart contracts.
Wait, what is a smart contract?
Let’s say you rent an apartment from Sally. You can do this through the blockchain by paying in cryptocurrency. You get a receipt which is held in a virtual contract between you and Sally (Smart Contract); Sally gives you the digital entry key which comes to you by a specified date. If the key doesn’t come on time, the blockchain releases a refund. If Sally sends the key before the rental date, the function holds it releasing both the fee and key to you and Sally respectively when the date arrives. The system works on the If-Then premise and is witnessed by hundreds of people on the network. If Sally gives you the key, Sally is sure to be paid. If you send a certain amount in bitcoins, you receive the key. The document is automatically canceled after the time, and the code cannot be interfered by either of you or Sally without the other knowing since all participants are simultaneously alerted.
Back to the DAO
The idea of the DAO was to give anyone the ability to invest in a company and vote on projects they wanted to be funded, all managed securely and autonomously through the DAO smart contract code. A hacker ended up seeing an exploit in the system, which enabled them to siphon $50million worth of Ethereum of the DAO and into a separate smart contract controlled only by the attacker. This resulted in a rollback of the blockchain before the hack began, and has been infamous ever since.
While not a security risk, a blockchain’s backlog can be exploited. In the form of a DDOS(Dedicated Denial of Service), the blockchain can be attacked with spam transactions.
In June 2015. Coinwallet.eu(a former cryptocurrency wallet company), conducted a stress test of the Bitcoin blockchain by sending thousands of small transactions to the network. A month later, 80,000 tiny transactions were sent on the Bitcoin network simultaneously. This created a massive backlog. Although the network may be slow during these times of congestion, it will still be up and running.
While the attacks outlined above are mostly theoretical and are being defended against, the glaring hole in security of Bitcoin and other cryptocurrency is the fact that humans aren’t the best at paying attention. Compromising passwords, falling victim to phishing, careless website surfers continue to be the single most dangerous point of failure when it comes to the health of blockchain. The next attacked may come from huge powers. Governments and corporations will set out on controlling these promising new means of transferring value. In the long term, these attacks will only act to strengthen the technology. But there is still much work to be done. As long as one accidentally shared password can mean the loss of an entire life savings, we can’t enter a world built on blockchain.
“Cost of a 51% Attack - GoBitcoin.” GoBitcoin.io, gobitcoin.io/tools/cost-51-attack/.
Nakamoto, Satoshi. “Bitcoin White Paper.” Bitcoin.org, Bitcoin.org.
“The DAO Attacked: Code Issue Leads to $60 Million Ether Theft.” CoinDesk, CoinDesk, 18 June 2016, www.coindesk.com/dao-attacked-code-issue-leads-60-million-ether-theft/.
“Blockchain Hack, What's It All about and What Can You Do to Prevent It?” Draglet, 1 Feb. 2018, www.draglet.com/blockchain-applications-hack/.