Blockchain has become a fundamentally new technology that has changed ideas about security and control over transactions. Unfortunately, no technology has yet proved to be 100% secure, and blockchain is no exception. Attacks on distributed databases differ in the way they are hacked: the target is the consensus mechanism, which allows changing the information that is entered into the registry.
Transparency is one of the blockchain security tools
Transactions carried out in the blockchain are copied and distributed in such a way that each participant has information about a new transaction carried out in the system. The transparency of the system eliminates the possibility of substitution or destruction of data on the movement of assets.
Decentralization further complicates blockchain hacking
Besides transparency, another feature of the blockchain is decentralization. The security of the technology lies in its decentralized structure - blockchain operates on various servers or nodes located in different parts of the globe. New transactions can be added to the system only if all users approve this operation.
To delete data about a transaction, you will have to erase it immediately on all computers connected to the network. For example, to take over the Bitcoin blockchain network, you will need to hack 150,000 servers at once. This is almost impossible to do. Whereas with a centralized system, erasing data is quite feasible if the main storage – the head server – is hacked.
The cryptographic algorithm strengthens the security
The security of the Bitcoin network is ensured by the SHA-256 cryptographic algorithm, which was developed by the US National Security Agency (NSA). This defense is based on the simple idea that modern electronic computers are unable to crack it quickly enough. Quantum computers, which do not yet exist, have a much better chance.
Each Bitcoin transaction is confirmed by miners on the network and then added to the blockchain - a register of ownership of digital assets. During the confirmation procedure, each transaction is assigned a cryptographic key, and breaking it would allow an attacker to take possession of the corresponding Bitcoins.
The emergence of quantum computers poses a threat
Scientists at the University of Sussex (UK) published the results of a study in which they tried to determine what quantum computer is needed to crack Bitcoin (the key). It turned out that a system would be required millions of times larger than any existing one. Such computers can theoretically break all public key encryption algorithms.
Scientists have calculated that breaking the encryption of a Bitcoin key in 10 minutes would require a quantum computer with 1.9 billion qubits. If we increase the hacking time to 1 hour, then 317 million qubits would be enough. If you set aside a whole day for hacking, you will need a system with 13 million qubits. Thus, crypto card owners have no tangible reasons for concern yet: IBM reported the creation of a quantum computer Eagle with 127 qubits, and in Germany, they launched a system with more than 5 thousand qubits, which is far from what is required.
There is also a dangerous “51 Attack”
In August 2016, the Ethereum, Krypton and Shift blockchains were subject to a 51% attack. Millions of coins were stolen using double-spending. After the attack, the developers strengthened the protection of the networks; for example, in Krypton, the number of confirmations required for a transaction was increased to one thousand. These are not the only instances of such attacks.
It is associated with the unification of a critical number of network participants in order to branch chains in a direction convenient for attackers. “Attack-51” is becoming more and more real in today’s difficult realities of the geopolitical climate, when a significant number of participants can unite for the purpose of “friendship against someone.”
Experts are particularly concerned about the centralization of mining in China, where entire mining farms are engaged in the extraction of cryptocurrencies. Experts who study blockchain consensus also wonder whether the consolidation of power in the hands of a few wealthy holders could create problems for it in the future. On the other hand, a huge amount of crypto-power that has fallen into private hands may force the authorities to change the existing paradigms of crypto-protection of information radically.
Vulnerabilities of cryptographic functions are another gateway
Cybersecurity experts all agree that the most vulnerable point in any system is a human, and hackers take advantage of this. Another consequence of the human factor is errors in the code, which, if discovered, can allow an attacker to hack the entire network. As an example, on the Ethereum network, a fraudster discovered a vulnerability in the source code and embezzled about $50 million in project coins, which amounted to approximately 30% of the total coin volume.
Hacking instances show gaps in blockchain security
Unfortunately, the “unhackable blockchain” was hacked multiple times using different methods, which could not all be described here. As the blockchain is successfully hacked, new technologies are being developed, and shortcomings and weak points are being eliminated. Developers constantly test and implement protective mechanisms into systems, upgrade software, and monitor possible attacks.
For instance, to meet the evolving security requirements, the CoinDepo platform, one of the leading financial services providers in the digital asset industry, uses the MPC-CMP private key protection layer. This way, the private key is never concentrated on a single device at any given moment, eliminating the single point of compromise from both insider hackers and outside hackers. There are also several other layers of security, including the storage of keys in SGX, where they cannot be recovered, even if malware is installed or a hacker gains control of the server's operating system. Thus, CoinDepo provides its customers with the opportunity to safely deposit and store digital assets in Compound Interest Accounts that generate high-yield and stable passive income from crypto and stablecoins.
When it comes to the “51-Attack”, the problem is the proof-of-work protocol, which is used by projects such as Bitcoin, Litecoin, Monero, and others. Thus, other protocols are being created by different platforms, closing this shortcoming of the blockchain.
For example, Monash Blockchain Technology Center (MBTC) researchers are hard at work finding ways to make blockchain more secure. With innovations like RepuCoin, a proof-of-work cryptocurrency immune to 51% of attacks, they are attempting to improve the trust structure of blockchain technology. The proof-of-work protocol is still widely used, giving hackers a chance to exploit it.
Many hidden vulnerabilities and threats are not yet visible; they will be revealed in the future and can lead to catastrophic consequences if the scope of the technology becomes wider.