In whatever place we look at we always read the same story: how Blockchain is a new technology offering trust and security due to the way it is structured. But is that so? Is blockchain really so hacker proof as it praises itself to be?
When we look at the nitty-gritty facts of blockchain put into practice in real case scenarios, we actually realise how this innovative technology is still subject to security breaches. Blockchain does bring something new, which is extra layers of security, more fit to cope with our increasingly complex world. But hackers wanting to crack the system, just need to find some little flaws in it, to produce damage. Its entry doors can be fissures within the nodes, flaws in the proof-of-work protocols or in the blocks which are part of the blockchain.
What is blockchain?
In order to better understand its security problems, it is worth reviewing what is blockchain. The blockchain is a computational system that keeps track of all kinds of transactions and modifications, made in a particular system. Similarly to the way an accounting ledger operates, everything that happens in the blockchain system is kept in a ledger, which is then stored in every computer (called the nodes) that is part of the network.
In simple terms, we can say how blockchain is a distributed accounting ledger shared among a network of computers. However, the particularity within the blockchain lies in all the processes that a given transaction has to go through to become written in that ledger. To start with, every modification (or transaction) has to be approved by all members (or computers, as the operation is quite automated) within the blockchain platform, which means by all the nodes of the network. If these validate the intended change, this modification becomes a block and it is added up to the existing ledger. The ledger keeps growing, transaction after transaction, and thus it becomes a chain.
Blockchain abides by its decentralization scheme or consensus protocol: only after all members of the network validate any given modification to the network, will the modification be added to the blockchain. When that modification has been validated and added, by using complex-maths based cryptographic encryption to do so, it leaves a fingerprint called hash, which is again summed up to all the blocks before it. So every single block that is part of the chain contains this fingerprint or hash, for all past and future modifications made in the network. This process is called proof-of-work and it was firstly used by Bitcoin.
The way security works in a blockchain is due to:
1. confidentiality (trustless principles to avoid undesired eyes watching)
2. integrity (the consensus protocol)
3. availability (all members of the network share the records and hashes for all transactions completed and validated)
Is Blockchain that safe?
Unfortunately, nothing is truly completely safe in computing systems. As we have seen in past years, hackers have been quick to find ways to exploit bugs and other glitches in blockchain networks.
This shouldn’t come as a surprise, as blockchain is still in its infancy, and its inconsistencies can be exploited in all kinds of ways by hackers. Emin Gün Sirer, a former professor of Cornell University, found a way to cheat a blockchain platform when he and his colleagues discovered how an actor in the network – what they called a selfish miner – could trick every node in the network by fooling them into wasting time on already-solved crypto-puzzles. The wasted time would give this selfish miner a critical advantage in solving the mathematical equations leading to new blocks.
Other ways to trick blockchain networks are what is called eclipse attack. Nodes on the blockchain must remain in constant communication in order to compare data. An attacker who manages to take control of one node’s communications and fool it into accepting false data that appears to come from the rest of the network can trick it into wasting resources or confirming fake transactions.
Finally, It is important to note that even though blockchain is decentralized, the number of nodes which are part of a given network is very small. Take the example of Bitcoin: hold by a really small number of nodes (with hundreds of computers farming these digital coins). This has raised controversy regarding the proof-of-work scheme, previously explained, which has been argued to give too much power to miners, the ones entitled to mine new coins, in the case of bitcoin.
You can read more about the major issues blockchain has to face, in terms of its security here.