Vulnerabilities of Blockchain, Wallets and Exchanges
In 2019, enterprises are finally moving from blockchain testing to installations. Goldman Sachs, formerly skeptical of the blockchain, has launched a crypto-investing product for their clients. Beyond investing and finance, major blockchain projects have been released in many other industries including cybersecurity, healthcare and agriculture.
Enterprises no longer question blockchain value and are now proactively seeking new ways of incorporating blockchain in their legacy systems. Henri Arslanian, head of fintech and crypto department at PwC, said that 2019 will be the year when big players enter the crypto world. Large companies have signed off new partnerships with blockchain startups in early 2019 including ING Bank and R3; invested in blockchain projects (Nasdaq and Symbiont); and new consortium partnerships emerged (Wall Street Blockchain Alliance and R3).
We should see more enterprise-level decentralized ledger technologies (DLTs) emerging on the market in 2019 as well. Amazon, IBM and Oracle now offer enterprise-grade blockchain solutions. With the advent of enterprise blockchain, now quantum-level security is of prime importance and Quantum Finance is leading the way with the most advanced quantum secure blockchain solutions in the world.
Blockchain works by storing multiple copies of all transactions within distributed architecture. The blockchain is built around nodes. These nodes provide redundancy in confirming the validity of transactions before they go through. The nodes also compete to package new, valid transactions into blocks, and add them to the blockchain. “Miners,” or individuals who win the bid to add new blocks to the chain are rewarded, since the computation time to perform this operation is extensive, and the operation is extremely mathematically complex.
Blockchain is perceived (falsely) to be secure because:
A unique “hash” is associated with each block in the blockchain. If a block is modified, a new hash is generated. Since all other nodes check that the hash matches its block before adding this block to their copies of the chain, there is robust validation process to guard against tampering.
The chain itself is complicated to modify. If someone were to make a change to a block further upstream in the chain, new hashes would need to be generated for each subsequent block, faster than the speed at which other nodes add new blocks. Moreover, other nodes would recognize the difference between their chains and the compromised chain, and would reject that change.
However, there are ways in which the blockchain can be attacked and breached. Techniques used to breach blockchain vary significantly and so far have typically focused on: breaching identities of wallet owners, exchange administrators, communication channels, and data mining. For example, one node can trick other nodes into spending valuable computation time on irrelevant or already-solved problems, effectively buying it time to make changes upstream in the blockchain. Additionally, someone can take over communications for a node and hack it to verify fake transactions. Finally, hackers can access internet-connected data storage to steal wallet keys or subvert automated transactions. Especially for blockchain-based applications, the onus of encrypting sensitive data is on the user, and many hackers capitalize on this security flaw to algorithmically decrypt this data via the end user.
In 2018, within 9 months, hackers stole over $927 million from exchanges and other cryptocurrency platforms. All these exchanges and platforms operated on public blockchains. Some significant hacks include:
A breach at the beginning of 2018, in which $500 million in cryptocurrency was stolen from a Japanese exchange called Coincheck Inc. The alleged reason was that customer assets were being kept in a “hot wallet,” which is connected to other networks, and that there was no multi-factor authentication in place to approve removal of funds.
Zaif, a Japanese cryptocurrency exchange, had $60 million stolen from its hot wallets in September 2018. Other Japanese exchanges have been similarly vulnerable.
A 51% hack of the Ethereum Classic, a cryptocurrency on Coinbase’s exchange. A 51% hack means that one user was able to control over 50% of mining power, which could allow them to prevent new transactions, reverse transactions, and use their coins to double spend. In this particular instance, the hacker was able to spend over $1.1 million in this way.
The first two examples are related to the issue of “hot wallets” being accessible over multiple networks, while the third example is based on illegal ownership and asset control associated with control of node communications. Blockchain has already proven to be vulnerable in these ways, and it has the potential to be subverted in many other creative ways. The aforementioned examples, along with many others documented online, necessitate immediate preventative action in blockchain security. The hacks discussed thus far can be conducted by classical computers. Unfortunately, quantum computers and quantum algorithms threaten blockchain security in an even more nefarious way.
The end result is that your wallet and associated blockchain are not secure. If they were, the breaches above would not have occurred. It is imperative to add significant quantum resilient security to the entire wallet-blockchain system in order to ensure the most protection for coin holders and blockchain users.