In the beginning, blockchain came to solve some significant trust issues created by centralization. Although decentralization is now possible, more and more blockchain security issues have come to the surface due to the events happening in the last few years.
And no matter how enthusiastic the crypto community is about distributed ledger technology, these issues must be acknowledged. In the end, that’s how technology improves. And the more these issues are outlined, the faster intelligent people will come up with solutions.
So, whether you are a technical person or not, in this article, you will find it easy to understand what makes blockchain secure, how it can be hacked, and what needs further development.
How Is Blockchain Secure?
Blockchain is considered secure because it’s decentralized, has no single point of failure, and its data is immutable.
As we know, blockchain is a continuously growing list of records organized in blocks. They are all linked and secured using cryptography. The system is maintained by multiple participants within a network responsible for ensuring the data. The fact that the participants are strangers to one another but share the same information makes the blockchain decentralized.
The immutability is achieved through the dependency between the data recorded in blocks. A cryptographic key secures all records contained in the blockchain. That key is generated as a formula that expresses everything contained in previous records, including previous keys. The longer a blockchain gets, the more information a key will contain.
So, even if an ill-intentioned individual manages to go back to a record and alter it, the chain won’t recognize the changes he makes.
How so? Well, the moment you change a past record, everything that follows will also change. Because the blockchain isn’t all stored in a single place, the databases will stick to the information most nodes recognize.
So, if altering some data from the middle of the blockchain is that hard, why not modify something from the latest block? Like spending twice the same cryptocurrency (e.g., double-spending).
Once a transaction happens, it is recorded in the blockchain history. If someone tries to trick the system into spending the same amount again for a different purpose, it will result in a fork. However, the miners add blocks on the longest chain. Since creating a new block requires solving the increasingly more complicated formula, a hacker who wants to outgrow the main chain will have to go against the whole network simultaneously. Because of the number of resources needed, the task will not be worth it.
You can find more details about the mechanism of the network in our article about how blockchain works.
Can Blockchain Be Hacked?
The answer is no, but yes.
Although blockchain is more secure than most of the centralized alternatives, people have found vulnerabilities that can be exploited.
While consensus mechanisms like Proof of Work, Proof of Stake, and Delegated Proof of Stake make attacks impractical, they don’t make them impossible.
As smaller networks fell targets to malicious attacks, significant cryptocurrencies like Bitcoin and Ethereum proved resistant to direct attacks over time.
Although smart contract issues are a reality, what users should fear is not direct attacks on the network but watching out for the endpoints.
The most vulnerable endpoints for blockchain are the places where the users interact with different services related to their assets. That includes:
- Wallets;
- Exchanges;
- Personal email;
- Social media;
- Websites;
- Various apps and dApps.
What Are the Main Blockchain Security Threats?
51% Attacks
The most well-known attack related to the blockchain is the 51% attack. This happens when an individual or a group manages to get 51% of the hashing power on a network and imposes his version of the truth.
In fault-tolerant systems like Bitcoin, when the network is presented with two different versions of the truth in the form of two distinct chains, the network will choose the longest one. The longest chain will hold the most difficulty.
A miner with 51% of the hashing power can mine faster than the rest of the miners. This miner would theoretically be able to mine his blocks without announcing the rest of the network.
The malicious miner can exchange 100 BTC for USD and include the transaction in the public blockchain but not in the private blockchain he mines. After completing the transaction, he can retain the funds by simply announcing the private chain to the network. And because it holds the most difficulty, the network will accept it.
This way, the miner gets the USD he exchanged and keeps his Bitcoins as well.
Sybil Attacks
A Sybil attack is when someone tries to take over a network by creating multiple accounts or nodes. By way of explanation, an attacker corrupts the service’s reputation system by creating many pseudonymous identities and using them to gain a disproportionately wide influence. With enough nodes, a hacker can refuse, receive, or transmit transactions from other persons.
In large-scale Sybil attacks, an attacker can even get hold of the majority of the hashing power from the network and perform a 51% attack.
Dusting Attacks
A Dusting attack is a method to analyze blockchain transactions and find out users’ identities.
Because Bitcoin is open and decentralized, anyone can join the network and set up a wallet without providing personal information. The wallet will provide its user with an address that will work like a pseudonym.
All blockchain-recorded Bitcoin transactions will be associated with the provided addresses and will be open for anyone to see.
An attacker can attempt to break through a blockchain’s privacy by simply sending dust transactions to users’ wallets. In this case, dust is represented by very small amounts of cryptocurrency that won’t even be noticed.
So, after sending these small amounts to multiple addresses, the attacker can perform a combined analysis to see which addresses belong to what wallets, then try to find out to whom those wallets belong.
The end goal of a dust attack is to expose the identity of cryptocurrency users eventually and, in the worst-case scenario, to blackmail them.
Phishing Attacks
Another attack that targets especially the end-users of a cryptocurrency is the Phishing attack.
Phishing is a method to gather personal information through links, apps, websites, and emails.
For Bitcoin, an attacker can try to imitate wallets, exchanges, and official websites and wait for BTC users to access their fake platforms. Through these platforms, he can gather public and private keys, credentials, and other types of personal information that can be used to steal cryptocurrency funds.
Routing Attacks
Routing attacks are another primary concern for blockchain technology’s security and privacy.
Basically, blockchain networks and applications confide in the massive data transfer volume in real-time. Nowadays, hackers can easily intercept this data during transmission to internet service providers, the threat being the exposure/leak of confidential data or extraction currency without the user’s grasp.
Therefore, it is pretty apparent that routing attacks can be hurtful as they could impose extensive blows before detection.
Major Incidents
Bitcoin Gold 51% Attack
In May 2018, the Bitcoin Gold blockchain suffered a 51% attack in which it lost more than $18 million. The malicious miner targeted several exchanges to extract his money. He waited for his transactions to be confirmed and then removed blocks to double-spend his funds.
Also, in January 2020, the situation repeated itself. The network suffered another set of 51% attacks, and roughly 29 blocks were removed in two deep blockchain reorganizations. More than 7,000 BTG ($70,000) were double-spent.
Although the BTG initiator wanted to create a truly decentralized network by employing the Equihash algorithm (Equihash 144, 5, or “Zhash”), which can be mined with a GPU, they only became an easier target for ill-intended parties.
Ethereum Classic Coinbase
In January 2019, the US-based cryptocurrency exchange and wallet service Coinbase detected a 51% attack within Ethereum Classic, then stopped all ETC transactions.
Coinbase had identified 15 reorganizations, from which 12 contained double-spendings. The loss for ETC was approximated to 219,500 ETC (~$1.1M).
Following Coinbase, other exchanges like Coincheck and BitFlyer halted ETC transactions.
Phishing through Google Chrome Wallet Extensions
In April 2020, Harry Denley, director of security at wallet provider MyCrypto, identified 49 fake wallet extensions pretending to be well-known crypto wallets inside Chrome Web Store.
The fake extensions leaked personal information inputted by users to the hacker to drain their balances.
Among the brands impersonated by the fake extensions were Ledger, Trezor, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.
Key Takeaways
Blockchain is considered secure because it’s decentralized, has no single point of failure, and its data is immutable.
Although blockchain is more secure than most centralized alternatives, people have found vulnerabilities that can be exploited.
Some blockchain security threats are the 51% attacks, the Sybil Attacks, the Dusting attacks, the Phishing attacks, and the Routing attacks.