Blockchain Security vs. Media Hype
Beware of the media hype, blockchain is secure. Blockchain does not get hacked as the media reports. As I’ve written previously, Bitcoin does not equal blockchain and just because a
Most cryptocurrencies, including the most popular brand’s Bitcoin and Ethereum, use public blockchain technology as the underlying means for creating additional coins and fostering all transactions involving each cyber currency. Both currently utilize a “mining” method known as proof of work. This means that large numbers of computers compete to solve complex mathematical problems and the winning system receives cryptocurrency as a reward. Having large numbers of disparate systems trying to solve the problem at the same time creates security via distributed processing and control among other key mechanisms. Laymen and experts alike must understand that cryptocurrency is NOT blockchain and that a weakness in
While criminals routinely target cryptocurrencies directly or via exchanges, the breaches most often discussed involve failures with implementation, weak keys, bugs, and user error, not a built-in failure of the blockchain technology itself. “[A]ttacks did not result from the vulnerabilities in the blockchain itself, but the ways it was implemented by a particular company or initiative”[. Cybercriminals target cryptocurrency due to valuation and liquidity benefits which have nothing to do with blockchain, it has to do with cryptocurrency. Failures of blockchain implementations are not weaknesses in the underlying technology.
An article published in Forbes at the start of 2019 states “Blockchain is …. just as hackable as any other piece of software – even more so because no one’s in charge of keeping it safe!”. The article refers to the infamous Mt. Gox hack, which was not a hack of blockchain at all, it involved credential theft from an auditor and then the theft of private keys from “hot wallets” that stored this critical information online. The author later states “Blockchain is highly susceptible to being hacked in a wide variety of ways“ and then lists three bullets with no evidence of this claim. This article, in a highly acclaimed business journal, epitomizes the media hype insecurity that does not exist.
Hackernoon wrote an article entitled “Learn Blockchain’s Top 25 Hacks in History” and described flaws with blockchain design and implementation, poor security mechanisms of individual exchanges and users, as well as bugs in
Coin Telegraph mentioned the “Blockchain Bandit” in the headline of their article discussing these Ethereum thefts. While they didn’t create that moniker, their using it exacerbates misinformation. This “bandit” utilized weaknesses in both Ethereum implementations related to a Remote Procedure Call (RPC) and weak key usage. The RPC penetration involved poor design and implementation by certain users, and it’s clearly stated that one should “never, ever allow access to the HTTP RPC API via the internet.” In addition to the RPC breach, the “bandit” identified and took advantage of weak keys in the Ethereum blockchain, “It is worth stressing that those keys were generated due to a faulty code and faulty random number generators.” Both implementation failures lead to the Ethereum theft. Neither impacted the Ethereum blockchain nor do they impugn the viability of security inside of the Ethereum blockchain implementation.
Coin Desk perpetuated the same falsehood with an article discussing “Blockchains 2017 Disasters” published at the end of that year. As with Hacknoon, this author listed seven (7) examples of hacks that he inferred show the weaknesses inside of blockchain. As shown above, this author also confuses blockchain implementations with the underlying technology. In this
Yes, cryptocurrency exchanges experience breaches. Yes, human error creates bugs in certain blockchain implementations. Yes, poor blockchain solutions, including certain cryptocurrency deployments, create weaknesses in the final product. These facts do not mean that blockchain is inherently insecure. “Blockchain, the ledger technology upon which bitcoin is based, is very safe and secure.[” For media outlets to routinely overreact and blame the underlying cryptocurrency technology does a disservice to blockchain implementations that impact the world and provide massive benefits in distribution, banking, and food safety. Every article mentioned here and many not listed all comingle cryptocurrency and blockchain, none of them talked about any other blockchain deployment. As I’ve published here before, Bitcoin does not equal blockchain and people need to look beyond the hype of cryptocurrency and see the real value blockchain solutions provide and deliver. Beware of the headlines, read deeper and understand the truth, not what an author wants to trick you into clicking on.
Disclaimer: “The comments and statements in this article are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”
Eric Jeffery has over 20 years’ experience with cyber security including tenure in healthcare, aerospace, DoD, and technology industries, among others. Eric not only has hands on experience with deep technology, he has developed and built operations centers assisting organizations to monitor, manage and maintain their infrastructure and security posture. Mr. Jeffery recently engaged deeply with Bitcoin, Blockchain and Cryptocurrencies where he is able to add his blend of business, economic and technical background to these topics. Eric works for IBM Security as a Managing Consultant and lives in Southern Colorado with his wife and has four children.