Blockchain Hacks are on the Rise Despite the Technology Being Hailed as Unhackable
Blockchain was once hailed as unhackable, and hack scenarios were only theoretical. However, this year we’ve already seen some infamous hacks. For example, in early January, the security team at Coinbase noticed that the blockchain for Ethereum Classic, one of the cryptocurrencies listed on Coinbase’s popular exchange platform, was under attack.
Someone had somehow overtaken more than half of the network’s computing power and was using it to rewrite the transaction history, making it possible to spend the same cryptocurrency more than once — which is called “double spends.” The hacker was able to hack in and spend $1.1 million in cryptocurrency. However, Coinbasestated that no currency was actually stolen from any of their accounts.
Another infamous example happened to the popular exchange, Gate.io, where approximately $200,000 in real crypto funds was stolen from their accounts. Strangely, the hacker returned half of it days later.
In fact, since the start of 2017 hackers have stolen almost $2 billion worth of cryptocurrency, the majority of which comes from exchanges. Chainalysis, an analytics firm recently announced that two groups of organized cybercriminals, both of which seem to be active still, may have stolen a total of $1 billion from crypto exchanges.
Fraudulent transactions can’t be reversed on the blockchain like they can with traditional financial systems, which is why blockchain hacking is so attractive to thieves.
So, how does one hack into a blockchain?
First, let’s define a blockchain.
A blockchain is a decentralized, distributed and public digital ledger maintained by a network of computers. Each computer records transactions so that any record cannot be altered once it is on the blockchain. This network of computers follows a blockchain protocol which dictates how the computers in the network should confirm new transactions and add them to the chain. Usually, more than 50% of the computers on the network must agree that a transaction is valid for it to be verified. The protocol uses a mix of cryptography, game theory, and economics to form incentives for the computers to keep the network secure instead of attacking it for personal gain. If the network is set up properly, the system can make it very tough and very costly to add false transactions although it’s relatively simple to verify the valid transactions.
However, when setting up complex blockchain systems, there is much more room for error. For one, the protocol needs to be secure, but if you want to trade cryptocurrency by yourself, or run a network of computers, you also need to run a software client, which might have vulnerabilities. For example, in September, developers for Bitcoin Core had to repair a bug in secret that could have allowed hackers to mine more bitcoins than the system is supposed to enable.
Most of the recent attacks weren’t hacks on the blockchains themselves, but on exchanges, which are the websites where people can purchase, trade, and store their cryptocurrency. Plus, many of those hacks were only possible due to poor basic security practices.
Except when it comes to the January 51% attack on Ethereum Classic.
Most cryptocurrencies are inherently susceptible to 51% attacks since most are based on blockchains that use proof of work to verify transactions. This process, also called mining, means that networks of computers use massive amounts of computing power to show that they can be trustworthy enough to add information about new transactions to the database. If a miner somehow gains control of the majority of the network’s mining power they can send other users a payment and then create an alternative version of the blockchain where these payments never took place. This is known as a fork. The hacker, who has control over most of the mining power, can make the fork the official version of the blockchain and then spend the same cryptocurrency over and over again.
But it can be an expensive endeavour. Crypto51.com reported that renting enough mining power to hack Bitcoinwould cost over $260,000 per hour. But if you want to attack smaller, less known cryptocurrencies, it becomes much cheaper.
In 2018, hackers began using the 51% attack on several less popular cryptocurrencies such as Verge, Monacoin, and Bitcoin Gold, stealing about $20 million in total. And hackers stole approximately $100,000 with a series of attacks on a coin known as Vertcoin. The 51% attack on Ethereum Classic was the first one to target a top-20 cryptocurrency.
David Vorick, the co-founder of a file storage platform based on blockchain called Sia, predicts that 51% attacks will only continue to happen at a growing and more severe rate and that exchanges will bare the brunt of the damage that double-spends can cause.
So what is being done to stop the hackers?
Many startups are looking at solving this issue. For example, AnChain.ai is a startup that was founded to help stop the threat of blockchain hacking. It uses artificial intelligence to track transactions and identify suspicious activity while scanning smart-contract code for vulnerabilities.
Another example is Tsankov’s ChainSecurity, which is working on auditing services based on an established computer science technique known as formal verification. Their objective is to prove that a contract’s code will actually do what its supposed to do through math. These auditings have helped the creators of smart-contracts get rid of many of the bugs that were easy to exploit, according to Tsankov. However, the process can be costly and time-consuming.
Another way to fight off attackers is to use additional smart contracts to set up blockchain-based “bug bounties,” which would prompt people to report flaws in exchange for a cryptocurrency reward, stated Philip Daian, a researcher at Cornell University’s Initiative for Cryptocurrencies and Contracts.
Although blockchain technology has long been celebrated for its security, under certain conditions, it can be hacked. Sometimes it’s due to poor execution or unknown software bugs. Other times it can be more complicated such as the result of interactions between the code, the economics of the blockchain, or just because humans are always looking for a way to game the system.
Learn more on Asgardia.Space
