With the hype around Blockchain Technology, Blockchain Hacking has also been one of the hot topics since security is one of its unique features.
In this post, I will be explaining to the best of my knowledge everything you need to know about Blockchain Hacking.
So, let’s go.
Firstly, let’s talk about some basic concepts just to refresh our memories and help us understand why this topic is important to Blockchain Technology as a field.
How does Blockchain Work
The Blockchain is a Distributed Ledger Technology (DLT) that is used to store anything of value. With cryptocurrencies being its earliest applications, it has great potentials of achieving mainstream adoption because of its level of security.
You may ask why I am still talking about its security in a post on Blockchain Hacking; you’ll get to know.
Still on this, the Blockchain is a database that stores data in a decentralized, transparent, and immutable manner. It uses a Peer-to-Peer network model rather than the conventional Client-Server network model to achieve decentralization.
Thereby, having copies of the database distributed to the nodes (participants) on the network clustered all around the globe. What does this tell you? To falsify the Blockchain, you need to alter the individual copies of the database; it’s a bit easier than you think, but we’ll get to that.
So, in terms of transparency, taking the Bitcoin Blockchain for instance, which is the first and largest cryptocurrency in the world, to view the database, all you need to do is to become a node on the network or preferably go to the blockchain explorer where you can see all the transactions happening on the Bitcoin Blockchain.
Also, you could only see the transactions but not the identity of the initiator of the transaction. Thereby, making it both transparent and anonymous at the same time. Note that this is two-sided in terms of security, but we will get to that.
Lastly, Immutability which simply means it alterable; I guess that’s what you wanted to hear ever since because this is the attribute that directly affects security.
To better this understand let us move to the next topic.
What is Mining?
In this section, I would love to indulge your undivided attention because I will be explaining practically everything you need to know about mining, and what it has to do with immutability. Alright, let’s go.
Using the Bitcoin Blockchain, let’s assume John tries to send $1000 worth of Bitcoins from one exchange or wallet to Sofia in another.
When he clicks the send button on his wallet, this gets broadcasted on the Bitcoin network, passing through the nodes and notifying them about this transaction that is about to occur. Automatically, this transaction is stored in a transaction pool in an unconfirmed state. No action takes place until it gets to special nodes called miners.
Who is a miner? Or rather, what do miners do? A miner is a node that validates new transactions and adds them to the global ledger and this activity is called mining. Now, this where they come in.
Miners go to the transaction pool and look for unconfirmed transactions with high transaction fees. Once they find those transactions with high fees, they go on to confirm if the last block in the blockchain is valid. Then, race is to add the next block which will contain all the transactions they confirmed.
Still using the above assumption, let’s say the previous block was 1007, they race to add the next block which is 1008 called the candidate block. To add this block they have to solve a complex mathematical problem which is known as the proof-of-work. Now, let’s also assume that all the miners were able to solve this problem and have a proof-of-work, making it three candidate blocks; let’s call them 1008A, 1008B, 1008C.
Which of them will be added to the block? You may ask.
This will depend on the Longest chain rule. What is the longest chain rule? It states that depending on the processor speed of the miners who tried to add the above candidate blocks, other miners must have started adding new blocks to either 1008A, 1008B, 1008C. Thereby, making it the longest chain.
Now, let’s say the 1008B was the fastest, he gets the transaction fees and block fees attached to those transactions, then John and Sofia get confirmations of a successful transaction. So, what happens to the other two nodes? They go back to the beginning looking for new transactions to confirm.
I hope you get the gist. I’m doing this because this will help you understand why security is a major characteristic of Blockchain Technology.
So, what does this have to do with immutability? On successfully adding a block to the Blockchain, it is hashed to a somewhat meaningless string of values that represents that block. This hash contains the hash of the previous block thereby creating a chain.
It is practically impossible to reverse engineer this process, but theoretically, it is said that the computational power of Google as a company could do it. Think about it; is it worth it? I don’t think so.
This makes the blockchain immutable. Bring us to the next question.
Is Blockchain Hacking Possible?
This is where we explain the 0.01% remaining in the security of the Blockchain.
Theoretically, a large number of ways that could make Blockchain Hacking possible has been proposed but only a few have been practicalized. So, we deal with the practical ones.
The 51% Rule and Blockchain Hacking
Most Blockchains use the proof-of-work consensus protocol for verifying transactions. As explained earlier, this process is known as mining.
In order to mine for new cryptocurrencies, nodes spend a high amount of processing power to be able to solve the mathematical problems faster than other miners thereby proving themselves trustworthy enough to add new blocks to the Blockchain.
A miner who somehow gains control of 51% of the network mining power could defraud others by sending them payments and then creating an alternative version of the Blockchain in which the payments never happened. Just as we explained earlier if the miner who added the 1008B block had up to 51% he could decide to add fake transactions following his.
According to MIT Technology,
In 2019 the security team at coinbase noticed something going on the Ethereum classic, one of the cryptocurrencies people could buy and sell using coinbase popular exchanges platform. Its blockchain, the history of all its transaction was under attack.
An Attacker had somehow gained control of more than half of the network computing power and was using it to rewrite the transaction history. That made it possible to spend the cryptocurrency more than once – known as double-spending. The attacker was a spotter pulling this off to the time of $1.1 Million. Coinbase claims that no currency was actually stolen from any of its accounts. But, a second popular exchange Gate.io has admitted it wasn’t so lucky, losing around $200,000 to the attacker (who strangely returned half of it days later).
In the time past, these techniques seemed unreasonable and unprofitable because according to Crypto51, renting enough mining power to attack Bitcoin would currently cost more than $200,000 per hour. But, it gets much cheaper quickly as you move down the list of the more than 1,500 cryptocurrencies out there.
Most of the recent hot topics about Blockchain Hacking weren’t attacks on the Blockchain themselves but on the exchanges, the websites where people can buy, trade, and hold cryptocurrencies. Many of these hacks were based on poor basic security measures until the 51% attack on Ethereum classic in 2019.
Smart Contract Bugs
In 2016, the Ethereum community created DAO (Decentralized Autonomous Organization) to govern investment funds and help them better manage proposals using a smart contract.
A smart contract is a computer program that runs on the Blockchain. It is used to automate the movement of cryptocurrencies according to predefined rules and conditions.
Even though the Ethereum system protocol was working perfectly, the smart contract had a bug. The bug allowed a user to request money from the DAO account and not record it on the ledger.
Attackers got hold of it and took $60,000,000 from the network. After this incident, Ethereum developers decided to reset the Blockchain back to the time before the attack, urging the nodes to upvote so as to make this new blockchain valid. Most of the nodes accepted this, leaving a few nodes which are today’s Ethereum Classic. In technical terms, this is called a hard fork.
This can be said to have resulted from human errors and not the Blockchain.
Security Measures on Blockchain Hacking
AnChain.io is one of the recent startups created to address the blockchain hacking threats. It uses Artificial Intelligence to monitor transactions and detect suspicious activities, and it can scan smart contract codes for known vulnerabilities.
Also, ChainSecurity is developing auditing services based on established computer science techniques called formal verification. The goal is to prove mathematically that a contract’s code is bug-free by checking that it does what its creator intended.
Blockchain Hacking in Conclusion
In total, hackers have stolen nearly $2 Billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges. This is because exchanges are centralized in nature.
And, to trade cryptocurrencies on your own or run a node, you need to run a software client which can also contain vulnerabilities.
Truthfully, the number of cases of Blockchain Hacking would be multiplied by a million to get the number of hacks that have occurred on our conventional security systems.
In general, making sure your code clean and adhering to basic security measures would ensure the security of the Blockchain.
Lastly, I can still boldly tell you that the Blockchain the safest form of storage right now.
I hope this gives you an idea of blockchain hacking. If you have any suggestions or questions do well to drop that in the comment section below.
Also, follow me on Twitter for more content on Blockchain Technology.