BlockX Labs

@blockxlabs

Hacking a Blockchain vs. Hacking a DApp: A Response to Mike Orcutt’s MIT Article

By: Jesse Abramowitz & Laura Marissa Cullell

Last week, MIT Technology Review released an article titled “Once hailed as unhackable, blockchains are now getting hacked” authored by Mike Orcutt which has been making the rounds around blockchain/crypto Twitter.

We wanted to provide a response because we felt that it lacked context and a proper explanation to what a blockchain hack actually means and what it entails.

1. “Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they can be in the traditional financial system”.

This is one actual inaccuracy in the article:

Ethereum Classic itself was created because of a fraudulent transaction that was reversed which happened on the Ethereum chain. A lot of money that was locked up in the DAO (a Decentralized Autonomous Organization) that relied on smart contracts to govern its decisions was hacked. After long debate amongst the community, the chain was forked, the hacked transaction was rewritten, and the Ethereum chain split in two. One chain where the DAO hack never happened and one chain (Ethereum Classic) which it did.

The 51% attack that was described earlier in the article involves rewriting transactions on a blockchain. This is when a rogue party can gain a majority of the compute power of the network and rewrite past transactions.

The crucial point here is as follows:

51% attacks rely solely on a blockchain’s hash strength.

Ethereum Classic’s hash rate is under 9 trillion hashes per second, in comparison Bitcoin’s hash rate is closer to 4.27e19 which is around 4747007 factors larger.

That would be like me saying “Oh nice! I ran a 5km today, that means I can run to the moon and back no problem.”

Although Orcutt does mention this later in the article we wanted to point out how large the chasm is between the two blockchains.

It is also important to note that blockchains seem to be moving away from the proof-of-work model that creates this vulnerability to a proof-of-stake model which gives this type of attack (mass coordination between large parts of the network) a different paradigm.

To learn more about 51% attacks we’ve covered it in detail in this article.

2. “Hacking” a blockchain

First, it is important to note:

Hacking an application on the Blockchain is like a bank robber robbing a bank.

Hacking the Blockchain itself would be like a foreign government destabilizing another government’s monetary system.

The differences are night and day.

If a bank robber robs my bank then the money in my pocket and my neighbour’s pocket is still worth the same.

Nobody is going to say “Wow the monetary system of our country sucks!”.

However, if a foreign entity destabilizes our currency then everyone trading in that currency is affected.

The recent successful known hack to a blockchain which Orcutt brings up in his article is a poor example. Mr. Orcutt mainly talks about hacking applications on the blockchain and fails to separate the two accurately.

This really comes down to the crux of the bad taste left in my mouth by this article.

When talking to people who aren’t experienced in blockchain it is important to separate the idea of hacking a blockchain and hacking an application built on the blockchain.

3. Bugs in the Core Software

Orcutt does bring up two examples of bugs in core software problems:

“Earlier this month, the company in charge of Zcash — a cryptocurrency that uses extremely complicated math to let users transact in private — revealed that it had secretly fixed a “subtle cryptographic flaw” accidentally baked into the protocol.”

and this one:

“In September, developers of Bitcoin’s main client, called Bitcoin Core, had to scramble to fix a bug (also in secret) that could have let attackers mint more bitcoins than the system is supposed to allow.”

Each of these software bugs were fixed and not exploited.

These fixes may be considered a strength not a weakness due to the open nature of bitcoin and cryptocurrencies as a whole means that all day everyday the code is under review by both nefarious and genuine people from every corner of the world with different perspectives.

In the end we believe that will make for a strong system.

Conclusion

We want to stress that nothing was factually incorrect in this article. However, it did feel it to be misleading. Although Orcutt brings up the points we’ve made in this article, they seem more of an afterthought leading to a very unbalanced article.

Blockchain hacks may make for a great article title but are not necessarily accurate, genuine or cover the entire story.

— -

Jesse Abramowitz is a Blockchain Developer at BlockX Labs. He has worked on multiple DApps, projects, and Blockchain Networks. Currently, he is also a professor at George Brown College in Toronto. He is always looking to help, teach and build on the blockchain. You can reach him at: jesse@blockxlabs.com

BlockX Labs specializes in building developer tools and solutions for blockchain ecosystems.We aim to sift through the noise to bring some sense and clarity into the Blockchain space. Our accomplishments include AIWA — a wallet and DApp interaction tool for the Aion Network, and Universal Faucet — a test token faucet for Ethereum, Aion, and Tron.

Follow Us on Twitter: @BlockXLabs

More by BlockX Labs

Topics of interest

More Related Stories