Explainers

Blockchain Hacking: Is Your Security at Risk?

1
can you hack blockchain feature
Image Credit: @badgerblack

Bitcoin and blockchain security remain a hot topic. The loss of Bitcoin through theft and fraud is a painful experience. In the past, Bitcoin exchange hacks have caused the loss of hundreds of thousands of Bitcoin. At other times, crypto wallet app vulnerabilities have allowed hackers to steal Bitcoins from unsuspecting users.

Hackers and thieves can steal Bitcoin and other cryptocurrencies. That’s without a doubt. But what about the blockchain? Can you hack a blockchain? Or could you store malware on a blockchain? 

Can A Blockchain Be Hacked?

Blockchain technology is touted as a replacement for everything from banking to passport control, manufacturing supply chain tracking to cross-border customs checks and much more. While blockchain tech could help in those situations, it is by no means a panacea or magic wand. In each of those hypothetical use cases, there is an important joining factor: security.

Before companies, governments, and other organizations begin implementing blockchain technology and cryptocurrencies, the security of the technology needs close examination. 

For a long time, blockchains were thought to be unhackable. The only situation where you could hack a blockchain was using a 51% attack. And performing a 51% attack was thought to be difficult.

How Does a 51% Attack Work?

The security of a blockchain lies in network verification. The blockchain remains secure as each miner validates the hash of blocks. If the blocks are tampered with, the block hash does not match and the cryptocurrency miners and network can reject the block. 

What Is a 51% Attack? Explained for beginners

The strength of a blockchain comes from decentralization. The miners verifying the blocks do not control the network directly. But they play a vital role in ensuring the network functions correctly.

The network remains secure so long as a single entity does not control over 50% of the active nodes. If a single entity controls over 50% of the network, they can prevent new transactions from processing, halt payments altogether, and potentially engage in cryptocurrency double-spend.

However, one common 51% attack misconception is that the attack could create new Bitcoin (or the cryptocurrency native to the blockchain under attack). Furthermore, it is highly unlikely (read: almost impossible) the attacker could alter previously verified blocks.

A 51% attack sounds difficult to pull-off. Controlling over 50% of the nodes for a single network should take time and resources. Unfortunately, it isn’t as difficult as you might think. Check out a short and recent history of 51% attacks to see how often this type of blockchain hack occurs.

Exploiting Blockchain Vulnerabilities

The 51% attack isn’t the only issue facing blockchain technology. The complexity of blockchain technology means that, at times, developers bake vulnerabilities into the blockchain directly. When a vulnerability exists in a blockchain, it is only a matter of time before someone discovers it. 

In February 2019, the Zcash development team revealed that it had fixed a “subtle cryptographic flaw” in the Zcash protocol. While no hacker exploited the Zcash vulnerability, an attacker could have used it to create unlimited amounts of counterfeit Zcash tokens.

Can You Rollback the Blockchain?

There are other examples of blockchain and cryptocurrency developers introducing vulnerabilities into their platforms, such as the DAO hack (which caused an Ethereum network rollback) and the non-successful Bitcoin integer hack (which caused a Bitcoin network rollback after a hacker created 92 billion Bitcoin).

In early 2019, the Ethereum network was planning a major update. Just before releasing the update, the smart contract security firm, ChainSecurity, told the Ethereum development team that the update could have catastrophic consequences. The planned update would leave existing smart contracts on the Ethereum blockchain open to the same type of bug that led to the DAO hack. 

In the early days of cryptocurrency, rolling back the network was difficult but could achieve an easier consensus between network nodes and other participants. The examples of Bitcoin and Ethereum blockchains serve as prime examples. 

More recently, the idea of rolling back a blockchain to counteract a hack has been met with resistance. In mid-2019, the Binance exchange suffered a hack, losing over $40 million worth of tokens in the process. Binance CEO, Changpeng Zhao, publicly discussed a Bitcoin network rollback to counteract the theft, returning the funds in the process.

While a rollback presents a significant issue for major networks like Bitcoin and Ethereum, smaller blockchains have rolled back successfully following a blockchain hack. 

In July 2014, the MintPal exchange suffered a breach. Around 8 million Vericoin were stolen during the hack, amounting to around 30% of the entire Vericoin supply. Given the implications of a single hacker holding that amount of stolen cryptocurrency, the Vericoin development team opted to rollback the blockchain for a hard-fork. (As opposed to a soft-fork, which doesn’t split the blockchain.)

Is There Malware on the Blockchain?

Cryptocurrency hacks that target the blockchain specifically are rare. Blockchain technology is considered secure as it implements a wide range of security protocols and cryptographic primitives. The Vericoin rollback was costly—but it was not an attack on the blockchain itself. Rather, an exchange whose transactions record to the blockchain created an issue which the Vericoin developers fixed using a blockchain rollback and hard-fork.

Distributing malware through the blockchain is difficult, for a number of reasons. The size of a blockchain transaction is very small, usually in the tens of kilobytes. Therefore, any malware would have to conform to the size restrictions of the blockchain, making malware development difficult. 

Distributing malware using the blockchain is difficult, then. However, blockchain tech has other uses for malware. The Glupteba malware uses the Bitcoin blockchain to receive updates and commands, allowing its developers to quickly react to any command and control server takedowns. Instead of reconfiguring the entire malware control structure, the malware developer simply updates a script. 

gupteb-malware-micro-trends

The Trend Micro blog post elaborates on how the Glupteba variant uses Bitcoin transactions to evade security software.

Can You Hack a Blockchain?

Back to the original question: can you hack a blockchain? Blockchain technology has vulnerabilities, as does any other major technology. And, like other technologies, the majority of vulnerabilities that expose blockchain tech come from human error.

Hacking the blockchain isn’t the only way criminals and malware are affecting cryptocurrency. Cryptojacking malware steals your CPU power to mine crypto, while criminals are using Bitcoin to launder their ransomware profits.

We earn commission if you purchase items using an affiliate link. We only recommend products we trust. See our affiliate disclosure.

Gavin Phillips
Gavin is the SEO Manager and a Senior Writer for Blocks Decoded. He’s been invested in Bitcoin since 2010 and has contributed to several crypto and blockchain publications, including Envilope. Gavin loves real-world applications of blockchain technology, such as Civic and uPort, and how blockchain technology can help protect privacy. Gavin is also a Senior Writer for MakeUseOf.
Advertisement

1 Comment

  1. Thank you Gavin for this article. I total agree with you. Everyone should be very carefully while choosing any hardware wallet. Because nowadays, fraud & theft in blockchain is increasing.

    I am also looking for hardware wallet. Can you please help me Gavin to choose best hardware wallet?

    Recently I checked ELLIPAL and heard about its air gapped security feature from many friends. If you have any information about ELLIPAL wallet. Please share with me.

Leave a reply

Your email address will not be published. Required fields are marked *

You may also like

Advertisement