Blockchain: Breakable Or Unbreakable? Here’s All You Need To Know
Industries as outer as real estate and diamond sales have grasped blockchain without knowing it entirely as to what it is or how its features might not succeed or have inadvertent consequences.
Blockchain guarantees users that once the data is recorded, it can never be deleted or forged. It means that people in the SCM of a product believe that they can analyze its provenance without any fear that falsity has been slipped in along the way.
Blockchain promises not only complete data security but also something that will never be conned. Is it essential that we analyze what’s under the hood?
The truth is that it is not safe, and its features can rebound in unfortunate ways. In research at MIT Sloan (CAMS) initiative, 72 breaches were reported between 2011 and 2018.
These breaches cost users a total of more than two billion dollars. Many of these breaches were done because blockchain technology is vulnerable in the same ways that conventional, centralized record-keeping systems are.
The rest is even more troubling because bad actors were able to exploit the very features that make blockchain revolutionary: transparency, distributed control, anonymity, and immutability.
Old-Fashioned Chinks in Blockchain’s Armor
Blockchain is widely viewed as unbreakable because advanced cryptographic techniques are used to encode the data and ensure that it is not altered. But there are vulnerabilities to be exploited. Let’s focus first on the ones that have long been present in more conventional systems as well.
Private keys. Much like traditional passwords, private keys must be written down, whether on paper or in a digital wallet, because they are such large numbers. Once they’re written down, of course, they can be found.
Software flaws. The blockchain itself is mostly a database system. To insert information to the blockchain or make use of the already available information requires software code — and, like any software, it can have flaws. It often has more flaws than you would usually expect to encounter.
The early applications of blockchain, such as Bitcoin, were relatively simple, mostly involving the transfer of funds. The open-source code was stable for long periods. Users didn’t need to be professional software developers — they just needed to know how to download the open-source system.
New Weaknesses Specific to Blockchain
Some of the things that make blockchain so interesting also make it vulnerable.
Blockchain’s transparency may have made matters worse during the race against the clock. There was an active public blog, mostly used by smart contract developers, where suspicions about possible flaws were posted for over a month.
The blog probably aided the attacker in learning about the suspected defect and how to exploit it; furthermore, by monitoring posts, the attacker knew when the hack had been discovered and, hence, when it was time to disappear. In the end, about $50 million was stolen.
In a centralized system, the hierarchy makes it clear who is in charge of security. As for a decentralized network like blockchain, it’s useful to keep in mind that the Wild West was also decentralized.
Blockchains use cryptography that pairs a publicly available key and a private one. Public keys are widely distributed, while private keys are kept secret. One result of that presumed anonymity is that blockchain systems, such as Bitcoin, are famous for illegal transactions, such as ransomware payments, making them effectively untraceable.
To the extent that blockchain systems provide anonymity, another downside is worth considering: If you lose your private key, you’ve lost access to your account forever. When bank patrons misplace the keys to their safety deposit boxes, banks can resort to a master key, a locksmith, or a crowbar. There is no such override on your blockchain account.
Data in a blockchain can never be removed or altered. But what happens if and when a system is used to record something a person would instead not have to follow them until the end of time? What if a blockchain were used for criminal records and someone wanted their record expunged? It would be impossible.
Thanks to the European Union’s General Data Protection Regulation, anyone living in the EU has the right to appeal that information about themselves have vanished once it is no longer needed. In a blockchain world, they couldn’t exercise that right.
How To Reduce Risk
In several cases, we assume that because the cryptographic techniques used in conjunction with blockchain systems are unbreakable, there is no need for any concerns about security.
However, it is possible to mitigate the following risks:
The development of blockchain system software must be treated with the same level of care that professional software developers have established for conventional systems. Managers everywhere must insist on this before using a blockchain system in their businesses.
Reducing the number of software flaws is a start. But other approaches could make extreme clarity less problematic.
Some form of an on-off switch could be incorporated into the blockchain’s software. It would require the willingness to be flexible about the traditional “never stop” principle of blockchains.
There are at the most two issues here: How can the owner and the private key be recorded safely, and how can we ensure that a private key is never lost? Solving these problems would mean that users have somewhat less anonymity, which might be in order in any case since regulators already worry about blockchain abuses like money laundering.
Here’s a stab at a solution: Anyone seeking to use a given blockchain (and to be assigned public/private keys) must be vetted first, and a record of the owner and the private key must be kept in a secure location. If a system like this were put in place, lost keys could be recovered even in the case of a CEO’s unforeseen death. Alternatively, management could require that all passwords be stored in a company safe. If the owner of that digital wallet were unavailable, the password could be retrieved.
Ideally, managers could agree on how and when data could be removed from a blockchain, though this is likely to be a hard sell given that users regard immutability as an almost sacred principle. A slightly less effective solution would be to prevent undesirable content from getting onto the blockchain in the first place.
There are significant advantages to blockchain systems, but it would be a mistake to overlook their pitfalls. Managers must either minimize the likelihood of abuse or make a conscious decision that the risk of damage is remote enough to be tolerable.