Radoslav Kobus

A New Internet's Foundation or A Damp Squib: How can “Security's Game Changer” Be So Insecure?

Photo by AJ Yorio

Merely couple of years ago many people considered blockchain a geek thing, a fad or a bubble. Their opponents claimed it was a hack-proof technology that would solve all trust and security issues modern world had been struggling with.
It didn't take that much time to prove both sides wrong. Now it's quite clear that blockchain is about to become not only a foundation of so called New Internet, but also a massive game changer for the economy and banking systems as well as vast majority of businesses, industry and commerce sectors.
It has its vulnerabilities, though, and knowing them is essential for implementing and using this technology for the greatest benefit.
Both fiery acclaimers and non-believers might have been misled by blockchain's complexity that its rapid development and updating speed makes it quite hard to master or even fully understand.
This very same complexity may be considered as a factor providing more security.
On the other hand it allows to see blockchain as a well-mixed set of tools and disciplines (such as computer software, cryptography, game theory and distributed networks) that are vulnerable within themselves and thus separately create weak spots in the whole system.
A can of bugs
It could be such simple thing, known very well since the very beginning of the internet, as flaws in the code. The more a blockchain is complex, the harder it is to set it up correctly, without any bugs being the lowest-hanging fruit for the hackers.
It's the problem with the execution and not with the technology itself, of course, but still quite common since many lines of code deployed on live blockchains are insufficiently tested.
Probably the most (in)famous case of this threat is the DAO case. DAO first made history by setting the record for the largest crowdfunding campaign ever and raising $150 million.
And then again, shortly after, by being attacked by a hacker who found out that the code allowed to transfer tokens from the same account for, like, 40 times before updating the account’s balance.
Nobody knows why the hacker enriched himself with 'only' $55 million in cryptocurrency this way before deciding to abort his mission, but surely this story brought up some serious security questions.
And some answers as well.
Importance of code reviews, penetration testing and smart contract audits
One of the solutions to avoid this kind of exploit may be, for example, subjecting the smart- contract code not only to heavy peer review before deployment but also to audits conducted by professionals.
Companies that specialize in this started emerging not that long ago, yet are already known to have prevented attacks similar to the one described above (e.g. Petar Tsankov's ChainSecurity saved Ethereum from the DAO-like catastrophe that would probably have taken place after a major software upgrade earlier this year).
Kamil Górski from Blockhunters points out to two main reasons why the service his team provides might be extremely useful. First: the source code is usually visible on the blockchain due to its open-to-public nature.
So if there is a bug, the hackers are more likely to find it than they would be in the 'old world'.
Only between February 13 th and March 13 th over 40 bugs have been found in blockchain platforms and the research was conducted by so called white hat hackers, that is 'the good guys' who got payed for it much less than they could 'earn' by using their powers for evil (you can read more about it here).
And no team, even consisting of the best devs, is immune to bugs hackers pray on - mainly because the developer's job differs substantially from security experts / white hat hacker's job (more about suprises security audit may bring in Górski's post).
source: https://thenextweb.com/hardfork/2019/03/14/blockchain-cryptocurrency-vulnerability-bug/
Second thing is another key difference between blockchain and traditional software. In the latter, you can fix a bug with a patch but as far as the smart-contract code is concerned, you can't. A transaction on a blockchain cannot be undone.
You can only 'upgrade' some contracts with additional contracts that interact with them or use a kill switch that stops all activity after a hack detection. But once the money is lost, it's lost forever, unless you get back to the point before the attack and create a so called hard fork to a new blockchain.
Basically: create an alternative reality and have everyone agree that from now on we're gonna live in the new one. Not that easy to manage and even more controversial. But again, this was the Ethereum case after the DAO thing.
Except a part of the network did not 'agree' and stuck with the original chain, called now Ethereum Classic.
51% attacks
Let's stick with the Ethereum Classic as well for a moment for it has recently become an example of yet another problem. This time, it was not the code being the issue but rather the unique structure of blockchain itself. As Mike Orcutt neatly put it in his article in MIT Technical Review,
'a blockchain is a cryptographic database maintained by a network of computers, each of which stores a copy of the most up-to-date version. A blockchain protocol is a set of rules that dictate how the computers in the network, called nodes, should verify new transactions and add them to the database.'
source: https://hackernoon.com/ethereum-classic-attacked-how-does-the-51-attack-occur-a5f3fa5d852e
To prove that they are trustworthy to do so, the nodes use great amounts of computing power in the process called mining. This Proof-of-Work protocol is utilized in most blockchains that cryptocurrencies exchange platforms are running on, which makes them susceptible to famous (mostly due to the HBO Sillicon Valley series) 51% attacks.
Performing such an attack means gaining control of a majority of the network's mining power, which allows the hacker to create a mentioned above fork after sending other users payments that never happen in the new, alternative and authoritative version of the blockchain.
And this lets him spend the same cryptocurrency more than once (so called double-spend).
The smaller the blockchain is, the less computing power you need, so the whole process is easier and cheaper. That's why it's usually smaller coins falling prey to such practices. To attack Bitcoin, for example, one would have to spend over $260,000 per hour for renting enough mining power (according to the Crypto51 website).
Ethereum Classic was just the first among top-20 cryptocurrencies being successfully attacked. The attacker got away with more than $1,1 million out of over $20 million taken altogether in the last year alone due to this blockchain security issue.
The 51% attacks are said to become soon both more common and severe, partly because of the 'hashrate marketplaces' where one can rent enough computing power. This calls for the exchganging platforms being more picky about which cryptocurrencies they support. And 'if your blockchain utilizes a Proof-of-Work [...] consensus mechanism, you need to have security measures in place to prevent a 51% attack,' writes Ajay Chandhok in his blog post , coming up with some piece of advice: 'Being vigilant of mining pools, implementing merged mining on a blockchain with a higher hashrate, or switching to a different consensus mechanism are all viable options.'
Other vulnerabilities
Please don't forget that many security threats concern not the blockchains themselves but their endpoints where they're accessed by the humans. The latter use for this purpose various keys and passwords that are nearly impossible to crack.
And this is why they are rather stolen. The stealing methods have been well known for decades and haven't changed that much whatsoever (e.g. malware, phishing). There are also many Web 3.0 scammers ready to empty crypto wallets of the most gullible blockchain users.
One could come up with other possible security threats, such as hacking the random number generator that creates keys and thus weakening the encryption, or even performing a creative denial of service attack against a particular blockchain or whatever is using it. And many more, yet to be known, will surely emerge as the technology evolves. In fact, its growth can become an issue itself. As Rick Martin wrote in his blog post:
'[…] we are approaching unknown territory with every gigabyte of expansion. The limited experience of the [...] industry means limited experience identifying and responding to problems. As with every technology, from airplanes to autonomous cars, experience comes at a price. The price for a blockchain security failure has not yet been high enough to require a major change to the system […]'.
And it is worth remembering that despite all the problems outlined above, blockchain still remains the most secure technology ever invented, far more secure than what it's about to replace.
Companies, governments and institutions willing to use this technology and benefit from it only have to make sure that their smart contracts are well-designed and that they stay up-to- date with the latest preventative security measures addressing the arising security issues.

Tags

More by Radoslav Kobus

Topics of interest