Blockchain is hackable but it’s often an expensive and time-consuming process. A blockchain can be hacked via three main avenues: on protocol, in exchanges and via people’s wallets through phishing and other classic online scams.
The news is filled with stories of people having their crypto stolen. Is that because blockchain isn’t as secure as everyone thinks, or is there something else going on? We explore below.
It’s a great question and one with many parts. That’s why we’ve broken it down into categories to better explain the security vulnerabilities at the heart of this new technology.
The consensus protocol is essentially a set of rules that tells a cryptocurrency how to operate. Because different networks have different protocols, the vulnerabilities may vary, and some hacks aren’t applicable to all cryptocurrencies. However, the below are the four most widely discussed.
A Sybil attack occurs when a large number of nodes are controlled by one party and uses that power to flood the network with bad or fraudulent transactions. Luckily, most cryptocurrencies are designed to prevent this sort of hack from taking place. On Bitcoin, its proof-of-work algorithm would make it incredibly expensive for one hacker to carry out such an attack. Thus far, no one has successfully managed to perform a Sybil attack on a major cryptocurrency.
Did you know?
A Sybil attack is named after the subject of a famous psychology book published in 1973 with the same name. The title refers to the pseudonym given to a woman who had a complex personality disorder.
Cryptocurrencies use the internet, and Internet Service Providers (ISPs) are the gatekeepers by which most of the world’s online traffic passes through.
In a routing attack, a hacker intercepts data as its sent to an ISP. Once they're in, a hacker can split the network into partitions.
Did you know?
According to research carried out by ETHZurich, just 13 ISPs host 30% of the Bitcoin network and 3 ISPs route 60% of all traffic across the network
By creating a partition, the blockchain network assumes the other nodes have logged off and continues to operate. However, the hacker can create large amounts of fraudulent transactions on one side of the partition so that when the partition comes down, the shorter chain (the one with the truthful transactions) would be rejected by the network effectively legitimizing the fake ones.
These attacks are common on the internet, but so far no known attacks of this nature have occured on blockchain.
Most commonly found on the internet at large, Direct Denial of Service, or DDoS attacks flood a server or node with huge volumes of traffic, preventing legitimate requests from being able to retrieve information, effectively crashing the service.
In cryptocurrency, an actor could attempt to take down a node by creating thousands of fake transactions. However, the Bitcoin network is fairly well protected when it comes to DDoS attacks.
In order for a hacker to create enough transactions it would have to pay the mining fees for each one, making it incredibly expensive. As Bitcoin was the first blockchain, many other networks have adopted similar security protocols making this increasingly difficult to do.
A 51% Majority attack occurs when a miner controls 51% of all the hashing power on the network. That means it could allow the attacker to carry out double spending attacks, meaning a user could spend their crypto twice without the network knowing.
However, these sorts of attacks are more likely on smaller networks, where the cost of taking over is more affordable than on a larger network like Bitcoin.
Exchanges are places where users buy and sell their crypto. At present, the world’s largest exchanges are centralized. That makes them especially vulnerable to attack as a hacker only needs to bypass a few layers of security to gain access to the entire database where people's crypto is held.
Did you know?
The majority of crypto-theft occurs at exchanges. In 2017, according to crypto security firm CipherTrace, $266 million was stolen from exchanges. In the first half of 2018, that number was more than $700 million.
Decentralized exchanges offer a more secure option to centralized ones, but have yet to reach the same levels of adoption as their centralized counterparts.
Wallets, the pieces of software crypto owners use to hold cryptocurrencies can be susceptible to attack. However, the majority of losses occur due to human error than hackers targeting wallets specifically.
Like with any new technology, blockchain has its vulnerabilities. However, blockchain’s security issues are being actively addressed by the communities that help develop them.
Blockchain’s vulnerability is more to do with how humans use it than how its built. As we all get better at protecting our information, so the security of the network should increase.