Two billion individuals personal information such as Private ID numbers, credit cards, emails and much more, were hacked in just the top three attacks of 2018. In India, Aadhar, was hacked and the private information of 1.1 billion Indian citizens was compromised. Additionally, the Marriott Star Hotels which operate globally were also hacked over the last 4 years and in 2018 they realized that over 500 million pieces of confidential customer’s information had become vulnerable due to this ongoing breach. Finally in the top three category of hacks, Exactis, was breached with 340 million identities of individuals and businesses compromised. The threat of cyber breaches is not going away and will only grow in both the near and long term.
There are many misconceptions when we speak about cyber security, matter of a fact we hear the word, “immutable” all the time in connection with blockchain technology and thereby think that blockchains can’t be hacked since no information is erasable. This sort of opinion is a fallacy spread by blockchain enthusiasts who neither know the inner workings of blockchain technology nor work in the field. Immutability refers to information being written onto the blockchain and permanently being inscribed there. While this is true, the ability to actually attack the blockchain exists.
When referring to the possibility of hacking the blockchain, we often think of the 51% Attack, which can be described as miners controlling more than 50% of the network’s mining hashrate, or computing power. Through this control our “hackers” could control the ability of new transactions from receiving confirmations and thus halting new payments. There would also be the threat of reversing transactions and double spending. Numerous articles have been written on this sort of attack, and in actuality, smaller cryptocurrencies such as, Monacoin, bitcoin gold, zencash, verge and now, litecoin cash have already been hacked by a 51% attack.
Generally speaking, the problem isn’t the blockchain technology that is hackable as we saw above. The cryptography behind blockchain is solid and while nothing that is put on the blockchain can be changed or destroyed there is a weakness, and that weakness resides with how people interact with it, and write code for it without taking security risks into consideration. Poorly written smart contracts can be very simple to hijack by professional hackers and stealing peoples accounts/password can be done with any number of attacks (against the individual, not against the blockchain). Furthermore, it is a terrible idea to store cryptocurrency in exchanges because they’re likely to get hacked too. While the blockchain itself can’t lose the data, it can be transferred to different owners if you bypass controls set by the platform you’re interacting with the blockchain through.
In order to solve this problem, there needs to be a two prong approach. The first is leading penetration testing companies, such as, FireEye, Synack, Specterops and Bloom Cyber Defense will have to dedicate Red Team resources into specific blockchain testing, for common hacking tools like NMAP and SQL Map were built for websites and applications, and they were not constructed with blockchain’s infrastructure in mind. The second approach is that individuals need to learn new architecture/languages such as Rholang and tools that are specific for blockchain applications. Trying to translate programming language and norms from one to the other is not as it sounds. This will have to be built on formal and structured curriculum. For the wider the understanding (instead of individuals creating their own random courses) and grasp on technology, the easier it will be to safeguard blockchains in the future.
In the end, cyber security and safeguarding against hacking of the blockchain will only become a reality when we transform our thinking and technology towards the specific field of technology that we are talking about. It is time to construct a coordinated answer to the threats of the future. This construction will only come about when both private and public companies come together and partner in the advancement of blockchain cyber programming. For only an integrated approach will fend off the hackers of the future.