We can’t take blockchain security as given, study shows
- Security is frequently touted as blockchain tech’s most attractive asset
- But with tens of billions of dollars lost to attacks last year, security is not a given
- Blockchain-linked attacks that happened last year accounted for almost a third of all-time hacks aimed at blockchain projects
Using cryptography to secure data ledgers, blockchain is often said to be the most secure transaction system in the world.
Security is regarded as a key selling point for businesses considering blockchain, among other benefits in traceability, transparency, and immutability – although these also fall under the umbrella of security.
Simply, blockchain is a digital ledger that uses cryptographic blocks to record and store data about transactions that have occurred using its system.
Commonly associated with cryptocurrencies such as Bitcoin, Ethereum, and others, it is not only a platform for digital money transactions. The technology has also been used for automating smart contracts, medical records and other data storage, humanitarian aid, and reduction of corruption in elections.
Why is blockchain considered secure?
With cryptography, each transaction is signed with a private key and can then be further verified with a public key – if transaction data changes, the signature becomes invalid.
Another aspect is decentralization; most blockchain networks are decentralized and distributed. A system without a single point of failure is harder to corrupt as a hack in one part of the system won’t affect others.
This advantage is reduced, however, in private blockchains where there are a limited number of nodes and a single point of control that restricts who can make changes to the ledger.
A rise of blockchain attacks
As everybody in the business tech circle will likely be aware, 2020 was a challenging year for cybersecurity, driven by a rise in opportunistic cybercrime seeking to take advantage of distracted individuals and jarred ways of working.
At the same time, it was a great year for cryptocurrency, with Bitcoin and other coins rising over the year, reaching new highs in early 2021, tied to an increase in large investors entering the space.
According to a new report by Atlas VPN, however, blockchain wasn’t immune from the spike in cybercrime despite its reputation, highlighting that robust security isn’t a benefit that can be taken for granted for any business adopting the technology.
Blockchain hackers stole nearly US$3.78 billion in 122 attacks throughout 2020. Blockchain-linked attacks that happened last year accounted for almost a third of all-time hacks aimed at blockchain projects.
Those figures were based on data provided by Slowmist Hacked, which aggregates information about disclosed attacks aimed at blockchain, projects, apps, and tokens.
According to the findings, decentralized apps, or DApps, built on the Ethereum blockchain were the most frequently breached blockchain targets. There were 47 successful attacks on DApps last year, amounting to some US$436 million in costs to victims, or close to US$10 million per hack.
Cryptocurrency exchanges, where cryptocurrencies are traded, were also victim to a high volume of attacks. In 2020, there were 28 cryptocurrency exchange breaches, amounting to US$300 million in losses.
The third most common targets were blockchain wallets, which allow holders of cryptocurrency to store their cryptocurrencies. Last year, hackers launched 27 successful attacks, costing owners a total of US$3 billion. These were the most profitable targets for attacks.
Finally, throughout the course of 2020, blockchains themselves were subject to 12 successful attacks.
MIT Tech Review notes that while “the whole point” of blockchain is to let people share valuable data in a secure, tamperproof way, those benefits can be more theoretical than successful in practice. Blockchains store data using sophisticated maths and innovative software rules making them incredibly difficult to manipulate, “But the security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy.”
Even when developers use proven cryptographic tools, it’s easy to deploy them in ways that aren’t secure. While established systems like Bitcoin work and act as true examples of secure blockchain technology, they are also some of the most thoroughly tested.
Other issues include “selfish miners”, or those who have found innovative ways to subvert blockchains by fooling other nodes into wasting time on already-solved crypto puzzles. Eclipse attacks, meanwhile, sees attackers taking control of nodes and manipulating them into accepting false data that appears to come from the rest of the network to confirm fake transactions or waste resources.
And while a blockchain might be tamperproof, it doesn’t exist in isolation. The system will connect with software and applications in the real world, opening up vulnerabilities in the supply chain.