Security is one of the pillars of any blockchain infrastructure. It is such a vital attribute that without it, blockchain wouldn’t exist.
The world news is very quick to announce hacks on any blockchain project. This in turn scares people from advancing towards blockchain technology.
However, as in any industry it is important to understand the realistic nature of such threats which are small compared with the benefits of this technology.
People via blockchain technology as unsafe because they read and listen to news. In addition, people are aware that the hacking of wallets and crypto-exchanges occurs frequently. People are even losing money because they are losing access to their own private keys.
Participating in this environment is not easy and any mistake can have irreversible consequences. This is also one of the main qualities of blockchain: immutability. In the case of software, we have several examples of exchanges and hot wallets being hacked. The ways to attack the systems can be varied and it is now known that transaction malleability and finding bugs in the code are some of the most used ways. Even if just a small part of the blockchain system is poorly designed, it can have disastrous consequences.
Moreover, the already famous 51% attack is an undeniable possibility. The ever-growing computing power is allowing for sophisticated hackers to gather enough strength to try to represent more than half of a given blockchain power. To achieve such a feat, cloud-computing or botnet are available options. In both cases, the purpose is to have one attacker being in control of several computers at the same time. In some cases, this is all done without the consent of the respective owners of these devices.
Furthermore, logic flaws in smart contracts can also contribute to vulnerabilities in the code that will make the whole contract prone to hacks. It is important to start by mentioning that the majority of smart contracts are built with Solidity, a new coding language that has its own specificities which by itself contributes to potential mistakes when coding.
Among those mistakes is the public visibility default option. This is basically an option that by default makes all the functions public, meaning, they can be called by any user. This is extremely dangerous in cases where the information is sensitive and should only be accessible to certain users inside the contract. In addition to this, reentrancy attacks are something to look out for. Skilled malicious users can take advantage of the fact that smart contracts retrieve information from other contracts. By creating a contract with malicious code, the hacker can take full control of the contract that is using his code and drain all the resources associated with it.
Finally, there is one last challenge that might be the most difficult to deal with: quantum computers. For now, experts are aware that one quantum computer might be enough to corrupt an entire blockchain. This includes a blockchain platform where the nodes are normal computers, as the quantum system can easily break the majority of the current cryptographic algorithms.
How Safe Is It?
For each of those people that say “blockchain is unreliable”, there is also one who advocates that “blockchain is unhackable”…
Cryptography is in the base of all blockchain reliability. For the system to work, all the “players” have to agree on a certain set of rules. Computer scientists are calling this the consensus protocol and it is the base of the most valuable feature of blockchain. Achieving a working state with no middlemen is the main innovation of this technology. By having all the data spreading across the world in several computers, makes the system incredibly hard to corrupt.
When making a new transaction there is an assignment to a block of transactions. All these blocks have a specific identifier, called a hash and this hash is what requires the immense computing power in a PoW consensus protocol. If one attacker wants to change one hash, he will have to change all the hashes. In addition this must happen while trying to generate new blocks.
Finally, we should also mention that, in extreme need, a blockchain can be permissioned, meaning that, it can require an invitation for users to have access to it, making it even harder to be tampered with.
The Wrap Up
Blockchain is safe. Just as anything else in the world, the fact it is safe and valuable, makes it attractive to dishonest people.
In Bitcoin’s case, it has, so far, survived the test of time. The valuation it reached was enough to entice evildoers, but without consequences for the blockchain itself.
However, it is extremely hard to believe that all blockchain projects have security as a priority. As we have seen, small vulnerabilities can have very big impacts and it can dictate the end of a project.