The Blockchain is the only technology since the dawn of the Internet to enable a transfer of digital assets from one user to the other while simultaneously solving the issues of trust and security. It is being described as a possible solution to cyber risk and challenges in data security. In this era of unparalleled data breaches and a tiring internet architecture that is finding it very difficult to keep ahead of hackers, it seems like the best solution. A World Economic Forum report had in 2017 predicted that by 2025, 10 percent of global GDP will be stored on blockchains.
Another report in the Harvard Business Review alluded that blockchain is capable of creating new socio-economic frontiers. The Blockchain was developed to decentralize data and give back control over data privacy to users. Especially in an age where data breaches have been severally blamed on the failure of personnel entrusted with such duties and the porosity of security network. However, the blockchain has been described as a feasible solution to some if not all of these challenges by empowering users with the right to determine who accesses their information.
Blockchain is the structure on which the integrity of cryptocurrency transactions are based, it is a digital log file that is cryptographically protected and does not have a central server. It operates as a distributed ledger where a network of personal computers execute transactions, store data and the accuracy of the data verified when miners provide a solution to some complex mathematical equations. Each personal computer serves as a node with its own copy of the digital ledger, implying that every transaction carried out on a network is transparent, unalterable and irreversible. Many financial experts have with a wave of the hand dismissed the value, acceptability, and legitimacy of cryptocurrencies as a bubble, but no one is disputing the impact blockchain is going to make.
Fallibility of Blockchains
Blockchains like other systems has weaknesses and has in fact been successfully hacked. The vulnerabilities of this technology have not been blamed on the core technology but on its accessory technologies or method of implementation. The possible scenarios through which blockchain can be hacked range from the use of third-party developer applications alongside the technology to outright head-on attack on its technical protocols. In several attempts, however, the self-healing features have proved enough to beat back attacks aimed at the technology’s core
Third Party Applications
Applications added by external developers have resulted in the technical protocol being compromised making it susceptible to hacking. This is the reason $60 million worth of Bitcoin got stolen from Bitfinex – a Finance Exchange in August of 2016 costing investors heavy losses. Investigators later discovered the hack was possible because of the exchange’s own encryption, this additional protection have been fingered as the weak points in the blockchain network, and not the core technology itself. Another well-documented incidence is the one involving Ethereum’s smart contract, that resulted in financial losses and exposed how poorly drafted the DOA was. These incidents did not only raise questions on the capability of blockchain but have also dampened hopes that blockchain can do better than current technologies.
Theft of Private Keys
Every blockchain user has a private key which corresponds to a public key, without which access to the network would be denied. Since blockchain cannot recognize or tell one user from the other except through some keys (in the network, users are basically alphanumeric codes), hackers have made stealing private keys through social engineering one of their strategies. Users can protect themselves by refusing to be exploited emotionally through a desire for trust by means of enlightenment and awareness.
Sybil attack occurs when a significant number of nodes are in the possession of a single individual, entity or cooperate body who then tries to overwhelm the security architecture of a network by exploiting a networks transaction relay system or via the use of a deluge of harmful transactions ultimately to gain control of the network. This form of attack requires a sheer number of nodes, although this has not been done so far due to protocols like the proof-of-work algorithm where resources must be spent in the form of energy before receiving Bitcoin (for example). Blockchains are built in such a way that makes pulling of this type of attack very expensive in terms of energy and processing power. However, recent advances in quantum computing has made Sybil attacks more than theoretical possibilities, they are now tangible threats.
Currently, nodes are connected mainly by services provided by Internet Service Providers (ISPs). Reports from a study done by ETHZurich showed that 30 percent of the Bitcoin network is hosted on 13 ISPs while 60 percent of all transactions are accomplished on just 3 ISPs. This agglomeration of connections forms a type of centralized system that can be a sweet spot for target by hackers especially when insider activity is involved. Hackers can target the traffic generated on ISPSs and intercept the interaction between a few invaluable independent nodes, and divide the network into manageable mini-networks that can be easily manipulated. A small unit of very valuable nodes would be an easier target since it would require less time, energy and computing power. The mini-network can then be subjected to double spending attacks since it is temporarily unable to connect to the network for validation of transactions before the ISPs are able to rebuff the attack and reconnect all nodes. Since blockchains verify every transaction on its network, the mini-network subjected to manipulations can be outrightly rejected and deleted by the network since the transactions are unverifiable. This type of attack happens on other financial systems and blockchains can become a target with time.
Majority attacks also known as 51 percent attack can occur when more than 50 percent of the hash power on a network is owned by a malicious entity. This entity (a single individual or a group of hackers) can leverage on this sheer power to mine blocks faster than the rest of the network combined, thereby opening up the network to double spending. In double spending, a user makes request to the network, receives what is requested for and then kind-of overrides the network to prevent a validation of such a transaction by way of superior processing power. When this is done, the networks has no record of such a transaction, allowing the user to transact with same coins on the same network; it is simply buying goods without any records or payment.
Direct Service Denial
Servers, websites and nodes can be flooded with illegitimate, small yet frequent request, thus increasing traffic and preventing valid request and transactions from being accomplished. This is a common form of attack launched by hackers or ill-intending firms on competitors, if these hacks are not successful, they slow network activity, increase downtime and prevent valid request from being attended to.
As with all human systems, the real threat is not the weakness of the systems but the greed and avarice of human operators. Blockchains are robust , promising and have successfully beaten back and continue to fend off many of the aforementioned attacks. However, as the greed and avarice in human operators die-hard, these human operators study, research and continue to look for weak spots or loopholes through which networks can be compromised and manipulated. Compromised networks lead to huge losses – in terms of finance and more importantly reputation. Any more questions arising over the ability of blockchains to mitigate hacks and improve on current cyber security would severely affect its acceptance.