Author: Paul Gillin
Blockchain security is so good that the distributed ledger technology has been hailed as being almost impervious to attack. But while blockchain is highly secure, any time humans and software are involved there is the potential for things to go wrong.
What is blockchain?
A blockchain is a cryptographic database maintained across a network of distributed computers. Each computer stores a copy of the latest version of records in the chain. Changes made to the ledger are only confirmed when every computer on the network accepts them, an approach that avoids the risk of creating a single point of failure. That, plus the use of strong cryptography, is what makes blockchain so secure.
The technology is best known for underpinning cryptocurrencies like Bitcoin, but there are many other uses outside of the financial sphere. For example, blockchain can be used by parties in a contractual arrangement to ensure the integrity of documents and transactions without the use of intermediaries such as banks and government agencies. It can enable consumers to exert fine-grained control over their personal information, releasing details to third parties selectively in exchange for something of value. It's even being used in IT scenarios to scatter fragments of data across a network to reduce storage costs and improve blockchain security.
Blockchain and cyber security challenges
No technology is 100% reliable, however, and blockchain-based security is no exception. One inherent weakness of the protocol is that the technology is open, meaning that anyone can create a blockchain. Humans make mistakes, which means that any given blockchain may have vulnerabilities that are unique to that version. Popular chains such as Bitcoin, Ethereum and Litecoin are widely used and have been well-vetted for blockchain security holes. Nevertheless, even networks based on those protocols can be vulnerable to exploits outside the technology's domain.
For example, in a "51% attack," a bad actor who manages to gain control over more than half of the machines in a blockchain network could theoretically alter transactions to send payments twice. Distributed denial-of-service (DDoS) attacks, which are not limited to blockchain, may also be able to disrupt networks and thus delay transaction confirmations long enough to enable attackers to introduce phony payments.
There is no comprehensive list of blockchain security weaknesses, which is a problem in itself, but the Cloud Security Alliance has documented more than 200 and maintains a frequently updated list. Many of these bugs are considered impractical to exploit, but bad actors are constantly innovating new attacks.
Ensuring blockchain security
This does not mean blockchain-based products and services should be avoided, but it helps to keep some basic protections in mind. Attackers focus mainly on stealing cryptocurrency because that is where the money is. There have been few reports of attacks on contractual, identity management, intellectual property or other non-cash applications of the technology.
Cryptocurrency is also based on open protocols, and more than 4,000 different versions have been created. Dabbling in little-used digital coins is riskier than using more established currencies like Bitcoin.
Regardless of the application, blockchain and cyber security are subject to good fundamental practices. Individual user accounts are the weakest link in a blockchain network, and attackers use tried-and-true techniques such as phishing emails to trick users into giving up their credentials.
On the other hand, too much blockchain security can be a bad thing. The New York Times recently reported that about $140 billion worth of cryptocurrencies appear to be lost because owners of the personal virtual "wallets" that store the coins have lost or forgotten their passwords.
See how Verizon ID can help you harness distributed ledger technology for identity security.