Current blockchain technologies expose institutions to security risks that plague current business processes and much more. Early demonstrations of vulnerabilities in blockchain implementations have helped us compile the following list of security risks.
While blockchain does provide integrity, it does not, however, entirely prevent the possibility of unrelated data being added to the blockchain. The phrase ‘ holds true in a blockchain system of records, just as is with a centralized database. This trustless nature of blockchain could be leveraged to buy and sell malware between anonymous persons. At Black Hat Asia 2015, Interpol demonstrated a proof of concept malware that subverted the underlying blockchain of Bitcoin. In another instance, researchers from the University of Newcastle also introduced a botnet command and control to send messages to bots on the Bitcoin network.
One might argue that there are several processes that enable specific transactions to be verified by specific nodes (validators) in a blockchain network, thereby uploading the integrity of the transaction and the trustful nature of the Blockchain. However, such processes seem to have inherent flaws. For instance,
- Sharding: a process that requires the use of transaction receipts for one shard to communicate with the next can introduce significant faults (i.e. reversion of subsequent transactions) if a specific subset of validators was to wrongly validate transactions to which other members of the same blockchain refer to.
- Blockchain pruning: a process that involves downloading block headers (a hashed version of past data) and the underlying data of the most recent blocks and then cross-referencing them with other nodes (rather than downloading the entire database) has some serious security challenges – if an attacker were to convince a user/node that the fraudulent block headers they verify are genuine, the malicious header would then become part of the Blockchain network and hence, all subsequent transactions can/would be corrupted.
The caveat with blockchains is that their pseudo-anonymous nature can help protect the identity of malicious persons as well. Furthermore, blockchains, if designed to be a public, some data (public keys used by the persons involved in the transaction, personal data, etc.) on the blockchain are made available for the public to glean information and determine the identity of a person. In addition, blockchain data being foremost in the functioning of smart contracts provided they are not designed or implemented as per the best security practices, stand to pose the potential risk of sensitive data leakage as well.
Smart Contract Risks
Smart contracts are essentially programs that run on the distributed ledger. As is with any software, the more complex a smart contract, the more prone it is to errors. Generally, the function and the security of smart contracts code depends on the coder’s abilities. A review by Peter Vessenes found that large numbers of template contracts available on the web for the Ethereum scripting system contained significant vulnerabilities. In June 2016, approximately US$50 million in assets was drained from a newly formed digital venture capital fund, the DAO, due to an unintentional flaw in its smart contract code.
The distributed nature of blockchain architecture makes it difficult to shut down a malicious program. An instance of this is the presence of rogue wallets (a very large number of malicious wallets) that push large amounts of spam transactions to the blockchain network. This increases the processing time, resulting in a potential denial of service (nodes will be checking the validity of the fraudulent transactions)
The security of the blockchain is limited to the strength of the cryptographic algorithms used and implemented. For instance, blockchains (Bitcoin) are known to use ECSDA as one of their underlying cryptographic algorithms, however, ECSDA is vulnerable to fault attacks. Furthermore, some blockchain implementations rely on software solutions to generate and manage cryptographic keys. However, software solutions tend to have weakened random number generators, making them susceptible to brute force attacks
In foresight, it can be stated that blockchains face quantum computing risks as well. Quantum computing is being advocated to threaten the very premise of asymmetric cryptography. Popular security algorithms that are used for securing information through a complicated challenge (e.g. RSA, ElGamal) is said to be resolved in a shorter period of time through the use of quantum computing. Thereby incentivizing attackers who otherwise would have refrained from breaking a cryptographic algorithm.
Some consensus protocols are slow to compute, providing a window of opportunity for an attacker to creep into the network. Few other protocols do not have the concept of penalties to the participating nodes, making it easier for a malicious user to attack. There is also the possibility of Consensus Hijack or the 51% attack – if more than half of the computers working as nodes to service the network tell a lie, the lie will become the truth.
‘51% attack’ was highlighted by Satoshi Nakamoto when he launched Bitcoin. This enables a group of attackers to achieve consensus in their favor. Another consequence of such an attack is in the perspective of adoption. Any chain coming under attack might see an outflow of participants, leading to the question of which chain should be considered as the “main” one to follow (due to the potential fork of the “main” chain) as well as potentially crippling the value of that chain.
This risk is associated with upgrading the blockchain software. Nodes which do not get upgraded in a timely manner run the risk of working on an outdated chain, resulting in an ordinary chain to be forked into two chains (new and old chains). This, however, could be mitigated by implementing a fixed-time notice period prior to regulator-issued major protocol updates being made effective.
Sidechains (mechanism that allows tokens from one blockchain to be securely used within a completely separate blockchain but still moved back to the original chain if necessary), in certain cases, pose the risk of a user not contributing the relevant mining power to secure that chain because the user no longer has an interest in tracking the data and maintaining the operation of a sidechain. Furthermore, there is also the potential risk of a sidechain gateway, a mechanism used to transfer assets and messages between chains, being invalidated. An instance of this can be illustrated in the case of a Bitcoin sidechain where a user will “lock” Bitcoins in an address on the main Bitcoin Blockchain and then issue proxy tokens for these on the sidechain, allowing users to exchange sidechain tokens for the original token and also transact with others on that sidechain (this mechanism is called a 2-way peg). If, however, the initial “locking” transaction is later considered invalid, then subsequent proxy-token transactions would also be affected. Additionally, owners of proxy tokens that had been affected would not be able to convert these back to the original asset via the pegging mechanism.
A benefit, however, is that fraudulent transactions or attacks on a sidechain do not affect the validity of data held in the parent chain. But, in the event that a sidechain was to be put out of service, the benefit becomes an unmanageable bane on the parent chain, subjecting it to high-stress levels as the sidechain users migrate their transaction volumes to the parent chain.
Error in logic and poor implementation of blockchain, smart contracts, or identity management enables attackers to obtain access to the blockchain and steal personally identifiable information. It can also result in fraudulent transactions such as:
- Double-spending: This involves sending two transactions, one of which will cancel the other.
- Hacked key: This type of transaction is broadcast to the network but has not been conducted by the true owner. This happens when a third party obtains unauthorized access to a key.
- Non-compliant transaction: This type of transaction is mainly applicable to permissioned, regulated networks. It involves broadcasting a message either from an unauthorized address or against predefined business rules (Note: Hyperledger solves this issue with a blend of enrolment (authorization) certificates and single-use transaction certificates to allow transactions).
Furthermore, misconfigurations or absence of patches can help attackers compromise security vulnerabilities in the code that operates the Blockchain or the application built on Blockchain. There have been several instances of these reported over the years – In August 2016, the Hong Kong-based Bitfinex cryptocurrencies exchange suffered a breach when security vulnerabilities within individual organizations and service providers were exploited. In this attack, almost 120,000 Bitcoin were removed from customer accounts and similarly, in November 2017, a single user involuntarily triggered a software flaw that froze roughly 70 crypto-purses worldwide.
From the hoard of security risks posed by blockchain technology, it would be a misstep to state that “Blockchain s are inherently secure.” They do pose the risks and threats associated with traditional software solutions and do require a comprehensive framework to identify and respond to security threats and risks related to any blockchain implementation.
- 51% attack: I. Eyal, E. Sirer, Majority is not Enough: Bitcoin Mining is not Vulnerable, November 1st, 2013
- Distributed Ledger Technology & Cybersecurity Improving information security in the financial sector, ENISA
- https://www.rsaconference.com/writable/presentations/file_upload/fon4-t11_hacking_Blockchain .pdf