51% Attack Proves Blockchain Is ‘Unhackable’ The Way The Titanic Was ‘Unsinkable’
Hackers have figured out how to exploit the technology's vulnerabilities, because of course they have.
Join the DZone community and get the full member experience.Join For Free
Photo credit Flickr/Descryptive.com
Turns out, blockchain technology isn’t quite as foolproof as all the hype would have you believe. A new article from MIT Technology Review explains that as blockchain systems become increasingly complicated, the likelihood that they can – and most assuredly will – be hacked goes through the roof.
Just last month, a particularly devastating breach occurred when hackers pulled off a 51 percent attack against Ethereum Classic. Although this cryptocurrency’s website claims that its technology is “immutable” and “unstoppable,” this was rather ironically proven false when hackers gained control of more than 50 percent of its network and began rewriting transaction histories. $1.1 million dollars in “double spends” later, the attacker was finally shut down.
The theft itself is in no way an isolated incident. Since the beginning of 2017, as the article points out, nearly $2 billion in cryptocurrency have been stolen (that we know about). But what makes this particular breach so concerning is the method used to pull it off.
“Susceptibility to 51 percent attacks is inherent to most cryptocurriences,” the piece explains. “That’s because most are based on blockchains that use proof of work as their protocol for verifying transactions. In this process, also known as mining, nodes spend vast amounts of computing power to prove themselves trustworthy enough to add information about new transactions to the database. A miner who somehow gains control of a majority of the network's mining power can defraud other users by sending them payments and then creating an alternative version of the blockchain in which the payments never happened.”
While many acknowledged the theoretical possibility of this sort of attack against one of the larger, more popular blockchains – especially in light of its use against smaller networks over the course of the past year – it was generally acknowledged to be too expensive an endeavor for most hackers. We’re talking like $260,000 per hour expensive, an obviously prohibitive sum. That is, until now.
As if this Achilles heel wasn’t bad enough, there’s “a whole new level of blockchain security weaknesses whose implications researchers are just beginning to explore: smart-contract bugs.”
Smart contracts are computer programs that run on blockchain networks and are used to automate the movement of cryptocurrencies. Hackers have now figured out that much like any software, bugs can and likely will happen in smart contract programs, creating vulnerabilities that can be exploited for personal gain. This happened with Ethereum back in 2016 (poor Ethereum) when a hacker stole somewhere in the neighborhood of $60 million by manipulating such a bug.
These sorts of hijacks, though, are particularly worrisome when you remember that in the blockchain world, transactions cannot be undone. If a smart contract makes a mistake due to a coding flaw, “the only way to retrieve the money is, effectively, to rewrite history – to go back to the point on the blockchain before the attack happened, create a fork to a new blockchain, and have everyone on the network agree to use that one instead.”
Companies are now beginning to look into ways to protect blockchains from these inherent flaws, but there’s certainly a long way to go.
Opinions expressed by DZone contributors are their own.