How secure is cryptocurrency?
Did you know it’s possible to earn $32,000 by finding flaws in crypto platforms? This isn’t a scam though: white hat hackers were employed to fix these issues.
The likes of TRON, Brave and Coinbase have been busy fixing flaws. These companies, amongst others, paid security researchers between March 28 and May 16 across 30 public reports. The payments for these fixes ranged from £100 per fix to astonishing $10,000 given to one hacker, with Omise, the software developers behind OmiseGo paying for the most bug fixes altogether.
Perhaps the most important payment came from TRON, who awarded $3,100 to a hacker that found their network was open to malicious smart contracts that could have stopped its blockchain in its tracks.
Cryptocurrency hacks have been in the public eye of late. Crypto exchange Cryptopia lost almost all of its Etherium coins in January, after hackers attacked the company, before losing another $16 million in coins in an attack this year. Binance, another exchange, reported 7,000 Bitcoins stolen, with a reward of $100,000 to anyone who can fix the biggest holes in their systems.
[Hacking blockchain is] like solving a series of Rubik’s Cubes at once as opposed to just the one.
Sure, cryptocurrency is more unorthodox as an asset than traditional currency. Have things got so bad that exchanges have to work with the enemy now, though? Are these sums of money for securing blockchains essentially a ransom to keep exchanges from imploding?
Are blockchains and cryptocurrencies easy to hack?
Passwords and digital IDs are in essence, just puzzles. Some puzzles are easier to solve than others.
Blockchain itself cannot repel attacks. Blockchain is made of distributed ledger technology, meaning a blockchain is essentially a data structure holding records. Blockchains consist of a number of blocks, which represent transactions. Before it gets added to the chain, a block gets distributed to all the mining nodes on a network. This is so that they can each verify that a transaction is genuine.
It is actually quite easy to hack into a mining node and fake a transaction, but hacking a blockchain requires hacking every node simultaneously. It’s rather like solving a series of Rubik’s Cubes at once as opposed to just the one.
Despite this, hacking a blockchain isn’t impossible. The history of cryptocurrency is awash with instances in which hackers found loopholes and made away with vast quantities of coins. One of the most infamous incidents came in 2014 when cybercriminals stole $473 million worth of Bitcoin from MtGox users. It’s perhaps no surprise that at the time, this was a record.
What is transaction malleability?
MtGox was a victim of a transaction malleability attack. A transaction consists of input data – which includes signature data – output data and a transaction fee, which the miners collect from the transaction. Once data is added to the blockchain, it cannot be edited, corrupted or warped in any way.
However, hackers realised that they could hack the data before it entered the blockchain. A transaction malleability attack happens when hackers can alter the signature data from the input. The signature data can hide the fact that the transaction has even taken place.
So, suppose a friend sends you 10 BTC, but you alter the signature using transaction malleability to change the transaction ID: there’s no longer a record of you receiving your 10 BTC, so you can simply ask for it again. It’s the equivalent of claiming that a parcel hasn’t been delivered when it was left outside your house.
This is exactly what happened in the Mt. Gox hack. Around 7% of the world’s supply of bitcoins were stolen.
Should we trust cryptocurrency?
The pound sterling began life in precious metal.
In Anglo-Saxon England, trading coins literally meant exchanging silver; there was an intrinsic value to the money that people could recognise. Over the years, the materials we used to make our coins – and notes – changed, yet there was an inherent level of trust still, in the value of our currency.
What are blockchain and cryptocurrency worth to the world if they aren’t secure?
Compare this to the decade-old Bitcoin. It’s natural to have a suspicion of currencies that haven’t had centuries to build your trust. Cryptocurrencies are not regulated markets. The cryptocurrency world is deliberately anonymous. There are plenty of horror stories too about how easy it is to make off with millions worth of Bitcoins.
There is a risk of fraud with any financial transaction, though. The fact that money never passes through a bank is a sticking point for many people, but the decentralisation of cryptocurrency is one of its biggest draws. The negatives of cryptocurrency are heavily outweighed by the positives for many already implementing blockchain in their systems.
For businesses, there are plenty of ways to armour up against hackers. Designating a cybersecurity point person is the best start and establishing a security perimeter with multifactor authentication is key too. Training for employees and regularly backing up networks is important, too.
Perhaps the most reassuring thing about crypto security though lies in the fact that big companies are not naïve to the threats that hackers pose. With big firms dishing out thousands of dollars in repairs to their systems, this is a transparent problem. Really, an issue this big could threaten the future of the platform, and there’s too much invested – literally – in Bitcoin to lose. After all, what are blockchain and cryptocurrency worth to the world if they aren’t secure?
