Common questions include: What is the blockchain? How do you make coins? How do you verify a coin transaction? Are coins volatile?
Then there’s the battery of questions related to underlying security. Boil it down into a simple question: you might say – can the blockchain be hacked?
We’re not going to go into the whole history of cryptocurrencies here, but at the fundamental level, blockchain is an “immutable ledger” technology where transactions are verified and recorded through a decentralized system.
The idea is that the blockchain holds coins and ownership chains more securely because it is decentralized – in other words, data flow takes place “at the edges” of the network and is rigidly encrypted.
However, there are various security threats that are being taken very seriously by blockchain experts – here are some of the ways that security professionals are considering ways you can “hack the blockchain.” (Learn more about bitcoin and hacking in Hacking Activities Increase Along with Cryptocurrency Pricing.)
Lots of experts are pointing out that hacking the blockchain is not always the result of outside malicious actors trying to tap into the system – sometimes it’s a case of bad actors actually taking control of nodes and ownership stakes in a particular blockchain system.
A common example of this is the “Sybil attack” – where someone holding access to multiple nodes may trick the blockchain by establishing false identities.
“A Sybil attack is an attack in which a huge number of nodes on a single network are owned by the same party and attempt to disrupt network activity through flooding the network with bad transactions or manipulating the relaying of valid transactions,” writes James Risberg at CoinCentral, detailing this type of theoretical attack.
However, Risberg provides a key disclaimer: that coin systems are set up to anticipate Sybils.
“One of the fundamental design decisions made when developing a cryptocurrency system is how to prevent Sybil attacks,” Risberg writes. “Bitcoin prevents them through its proof-of-work algorithm, requiring nodes to spend resources … to receive coins, thereby making owning the vast majority of nodes very expensive. Different projects handle Sybil resistance differently, but nearly all handle it.”
Indeed, blockchain systems are constructed using detailed proof-of-work, proof-of-stake and proof-of-ownership algorithms that will sort out whether particular nodes should be trusted, and how their input should be evaluated. But in general, dishonest and unverified participation in blockchain systems remains one of the biggest security issues surrounding the blockchain.
The Blockchain Ecosystem
There’s also the idea that while the decentralized node system itself has rather good security, there’s not as good security in all of the auxiliary areas that cryptocurrency travels – for example, the exchange.
“While the security of most cryptocurrencies remains intact, the security of the wallets, exchanges, and accounts of third-party services around these cryptocurrencies remains almost laughably bad,” writes Risberg. “Millions upon millions of dollars worth of bitcoin and other cryptocurrencies have been stolen from the compromised accounts of individuals and exchanges over the years.” (Blockchain is used for more than just cryptocurrencies – learn more in Why Data Scientists Are Falling in Love with Blockchain Technology.)
Beating the Blockchain
As the blockchain community works to secure and validate blockchain systems, they’re going to pretty dramatic lengths to try to deal with unauthorized access or unverifiable activity.
Take a look at the “Byzantine generals” delegation algorithm – this interesting verification technique relies on metaphors of the past – particularly, the conjoined actions of various individual generals in battle.
In this type of game theory, experts talk about what the outcomes are from different player choices – generals agreeing to advance or retreat – to apply to real issues around the use of the blockchain.
“In a peer-to-peer system, nodes often replicate data for better security, availability etc.,” writes Medium user Ameya in a piece that breaks down this type of approach. “In order to replicate this data, it is important to place this data on unique/distinct nodes, with a majority of them being correct/honest/well-behaving nodes. But a local node cannot know if the remote node is honest or not. In addition, how would a local node know that the same remote node is not presenting multiple identities? … the central question is: In the absence of a central authority, can a correct node establish uniqueness of identities presented by another remote node? This remote node can be [a] correct/honest node or a faulty node i.e. for the correct functioning of the system, it is not desirable for a remote node to be able to present multiple identities.”
The paper talks about what happens when consensus is not reached.
In many ways, that’s the magic word – consensus. Lack of consensus ruins those ancient generals’ plans and gets the lord’s castles burned – and lack of consensus hurts blockchain participants because it jeopardizes security and questions validation.
In the end, security on the blockchain is as much about verifying cooperation as it is fending off the lone hacker clicking away in somebody’s basement. Other examples of concerns include the centralization of bitcoin mining pools in China, and other types of centralization problems that may relate to less sophisticated proof-of-ownership algorithms. Experts looking at blockchain consensus have wondered whether consolidating power in the hands of a few rich holders might pose challenges for blockchain systems in the future.
If you’re worried about blockchain security, be vigilant about where your cryptocurrency goes. Research vendors and exchanges, and figure out how to create your own secure pathways – and always keep an eye on volatility, which is also a major source of loss for investors. As for the general concept of blockchain security, the fintech community is working very hard to establish better and better systems that will do more to increase the speed, security and convenience of our peer-to-peer financial transactions in a globalized world.