Hacking the blockchain

April 27, 2016 01:00 PM

The use of ledgers to record transfers between parties is as old as money. The need for transactional recording mechanisms emerged as money became a means of exchange in ancient Mesopotamia. The ledgers of Mesopotamia were kept in temples, the banks of that time.

In 2008, a mysterious, and still unknown, man named Satoshi Nakamoto posted a research paper to a cryptography forum that described his design for a new digital currency called Bitcoin. Bitcoin is a decentralized networked currency that does not require a central authority, such as a bank, to maintain a real-time ledger of transactions. With Bitcoin, every time there’s a transaction between two parties within the network, it’s verified and validated. Bitcoin miners use specialty software and computer processing to verify each transaction within the network. Every so often, a snapshot is taken of the transactions. This snapshot is called a block, which is a record of all of transactions that have occurred over the network within the last 10 minutes.  In order to verify and validate a block, the miners need substantial computational processing power to provide assurances to all members of the network that each transaction recorded is unique and timestamped. Then each block is linked, using complicated mathematics, to the preceding block of transactions, ensuring that there is a running stream of transactions carried out by every party within the network. These linked blocks are referred to as a blockchain. This blockchain protocol enables the creation of a digital banking ledger with the potential to scale as large as computationally possible.

Every major financial institution, and even government entities, are looking at blockchain and experimenting with this innovative technology. Almost 
$930 million in venture capital has been invested in blockchain-based technologies, half of it in 2015. It has been suggested that blockchain will change our existing financial system radically. Applications could address payment systems, settlements and clearing systems. The true power of blockchain comes from having a distributed ledger that is collaboratively managed and outside of the control of one central organization. 

The use of blockchain is a hacker’s dream and it may completely disrupt the financial sector. But there are substantial risks involved with widespread adoption of this technology. Three huge risks, especially, are associated with the proliferation of blockchain technology.

Blockchain technology is software-based: Bugs in software code will always exist and poorly written software is especially vulnerable to malicious activity. As software gets more complicated and interconnected, its reliability goes down while the number of bugs goes up. Although we have made huge and rapid advancements in technology, software is written by humans and is therefore imperfect. Blockchain is no different. Additionally, the integrity of the software and network are fundamentally important in the evaluation of blockchain as an infrastructure technology. If the technology permeates every major financial system worldwide, the impact of a glitch or hack could be catastrophic.

Few people understand the technology: One of the biggest operational risks with blockchain is that relatively few people understand how it works. Coders and hackers have the expertise to write the software, understand the basic functions and make it work. We should be quite concerned about deploying software when we are unaware of the unknown unknowns. Recently, German automobile manufacturer Volkswagen admitted that software created by its coders made the emissions of its vehicles appear lower than they actually were. This sparked an international outcry and the chief executive was forced to step down. Currently, we simply do not have enough understanding of blockchain technology to grasp its implications.

Blockchain is decentralized: The decentralized nature of a network decreases the chances that all participants could be attacked simultaneously. However, a developer with intricate knowledge of the network’s inner workings could push malicious code to any connected parties, infecting them. This form of blockchain poisoning could cause a major disruption in the network. Of course, it would also require substantial computing power and the attacker would need to control a substantial portion of the network.

The risks associated with blockchain are not showstoppers, but they are nail biters. The only person who truly understands what we are getting into is the one that created it and no one knows who he, or they, are. And that should make everyone a little nervous.

About the Author

Timothy C. Summers, Ph.D. is the CEO of Summers & Company, LLC and specializes in organizational design and cyber strategy. He is also a professor and Director of Innovation, Entrepreneurship, and Engagement at the College of Information Studies at the University of Maryland College Park. @HowHackersThink