It might come as a blow to Facebook’s plans for its new Libra cryptocurrency, but a recent MIT Technology Review article explores how blockchain technology, one of the key USPs of which has been claims it is ‘unhackable’ is increasingly being hacked. It should be theoretically impossible to hack a blockchain as their peer-to-peer node networks mean that changing any data, such as who owns a unit of cryptocurrency, needs the approval of at least 51% of network participants.
However, early this year someone, or someones, managed to gain control of 51% of the Ethereum Classic blockchain and rewrite its transactional history. This allowed the hackers to ‘double spend’ Ethereum Classic cryptocurrency units that belonged to others – which they did to the tune of $1.1 million. It’s reported than this has not been a one-off and since the beginning of 2017, around $2 billion of cryptocurrencies has been stolen by hackers.
That doesn’t sound very ‘unhackable’ and could call into question one of the fundamental selling points of cryptocurrencies as a technology. The crisis is intensified by the fact that once a blockchain’s transactional history has been written, or rewritten, it can’t be reversed – a major plus for cybercriminals.
Bitcoin also found a flaw in the software client its networks’ nodes run, which, if not spotted and patched in time, would have meant miners exploiting it could have ‘minted’ more new Bitcoin units than the blockchain is supposed to allow.
So far, most of the thefts have been the result of not hacks on cryptocurrency blockchains themselves but on exchanges. But the Ethereum Classic hack marked a change in that status quo. Shortly after that incident, the company that runs Zcash, a cryptocurrency that uses extremely complicated math to let users transact in private “revealed that it had secretly fixed a “subtle cryptographic flaw” accidentally baked into the protocol. An attacker could have exploited it to make unlimited counterfeit Zcash”.
The larger a cryptocurrency, the larger its peer-2-peer network, and the harder it is to mount a ‘51% attack’. And the more expensive. However, the prize for cyber criminals who succeed is also significantly bigger.
A new industry is now springing up around stress testing blockchains for vulnerabilities that could let hackers in. But the reality is that under certain conditions, blockchain technology, touted for its security, has been proven to actually be quite vulnerable. And when a blockchain is successfully hacked, undoing the damage is hugely difficult.
New, improved versions of blockchain technology, like that Facebook says Libra will be built on, will learn from these mistakes, which have been the result of sometimes poor execution, software bugs or complicated interactions between the code of smart contracts. But will they manage to completely cut out any vulnerabilities hackers might exploit? If they don’t, the consequences will be severe for a technology whose core claim is that it cuts out the need for central authorities with potentially vested interest to regulate and control currencies.