Blockchain: a Question of Its Security

Security Concerns in Blockchains

Although blockchains have been applauded as effective replacements of traditional systems data storage systems, through their transparency approach, they have introduced a new variety of security risks as will be demonstrated in this section. Blockchains’ transparency is one example of these risks. One of the most obvious security vulnerability that Bitcoin, a currency implementation of blockchain, presents is the unencrypted nature of its wallet. This is since the nature of its openness could attract malicious individuals with the resources to hack the wallet.

However implausible it seems, an implementation of blockchain similar to Bitcoin known as Ether was targeted in 2016 and defrauded of $50 million (ENISA). Moreover, data wallets can be accessed through a backup of the wallet’s older version (Kiviat). The use of Apple Time Machine, a facility that allows such backups can drain current data wallets through the use of backups, allows hackers to acquire personal data in a blockchain implementation. This is since change of a wallet’s password does not reflect the annulling of previous passwords (Sompolinsky and Zohar). Moreover, Interpol in 2015 also demonstrated how Bitcoin could be subverted through introduction of unrelated data into an existing transaction (Zyskind and Nathan)

Another security concern presented by blockchains is consensus hijacking, which is also referred to as the Sybil attack. Blockchains prevent monopolistic control of the network so as to add security measures. However, an attacker using the Sybil attack and with more than half the network’s power can modify the blockchains’ transactions through make it seem as if the transactions are valid (Bissias, Ozisik and Levine) (ENISA). With such monopolistic control, the attacker may have the power to reverse his sent transactions exposing other users to the risk of double spending attacks. He may even prevent the confirmation of user’s transactions thereby curtailing their power to access their preferred data. Once connected to the attacker, the users can be trapped connecting only to the Sybil nodes, thus predisposing them to attacks such as double-spending.

Blockchains’ sidechains present the other source of security vulnerability in the technology. Sidechains are vulnerable when used for pegging (ENISA). That is when information between one section of a blockchain and another is exchanged through a proxy address that carries the actual address of the transacting section. If a user on a chain exchanges information with a fraudulent proxy address of an inexistent blockchain section, there is no way to retrieve the information (Kiviat). Moreover, other users transacting with the fraudulent sidechain will realize its malice and dump their information on the parent chain thereby stressing the entire system.

Another security issue concerns permissioned chains. In such regulated chains, the regulator of the blockchain can be manipulated into inadvertently directing a hack. This is because the regulator has extra capabilities in the network. In such scenarios, the security risks of the chain are equivalent to networks with centralized administration (ENISA). Another security issue would be the relevance of distributed denial of service attacks since the blockchains themselves are merely distributed ledgers. There is a significant possibility that a bot in a singular ledger may flood the blockchain with spam transaction thereby denying service and creating a diversion for malicious transactions to occur. Bitcoin once experienced such an attack in 2016, where lots of resources were spent in trying to identify the rogue ledger.

The management of smart contracts is also a security issue for blockchains. This is because the smart contract’s security specifications rest within the contract’s author coding ability (Kiviat). Thereby, if a malicious coder were to craft a sophisticated smart contract and pass it as a legitimate blockchain program, no one would suspect of any malicious intent until an attack has been perpetrated. Such an attack was performed in Dao, a blockchain implementation similar to Bitcoin, in June 2016 where an attacker posed a bot as a smart contract in the Ethereum framework (Zerohedge). Blockchains are also subject to attacks such as hacked keys. In this attack, a malicious user may broadcast an inexistent transaction and wait to capture other unwitting user’s offer. This could happen if the user has a working key to the blockchain. Due to the confidence that blockchains inspire, users may trust the attacker.

The last security issue that blockchains are exposed to is the current incapacity to prohibit fraud and money laundering activities through the use of cryptocurrency. Implementations of blockchains such as Bitcoin let users on the chain to see all types of transactions. However, fraudulent transactions are only flagged after they happen. There is no guideline as to how to prevent them from happening (ENISA). An example of such a transaction is double spending, where a fraud may engage in a transaction but also send another to cancel the first transaction. Therefore, before the system can confirm the validity of the transaction, parties on either side run the risk of being defrauded. Therefore, even with the many security leaps that blockchains have presented, these emerging concerns in its security vulnerability should be considered before implementation of a blockchain system.